Documente Academic
Documente Profesional
Documente Cultură
0
ACCESSING THE WAN
Prepared by
Cisco Learning Institute
Objectives
• Describe how the Cisco Enterprise Composite Model (ECNM) provides integrated
services over an Enterprise network.
• Describe the key WAN technology concepts.
• Identify the appropriate WAN technologies to use when matching ECNM best
practices with typical enterprise requirements for WAN communications.
Summary
• A WAN is defined as
o A data communications network that operates beyond the geographic scope of a
LAN
• WAN primarily operate on layer 1 & 2 of the OSI model
• WAN technologies include
o Leased line
o ISDN
o Frame relay
Objectives
• Describe the fundamental concepts of point-to-point serial communication including
TDM, demarcation point, DTE-DCE functions, HDLC encapsulation, and serial
interface troubleshooting.
• Describe PPP concepts including PPP layered architecture, PPP frame structure,
PPP session establishment, multiprotocol encapsulation support, link control
protocol (LCP), network control protocol (NCP), and Internet Protocol Control
Protocol (IPCP).
• Configure PPP on a serial interface including enabling PPP encapsulation, verifying
the PPP connection and troubleshooting encapsulation problems.
• Configure PPP authentication including explaining PAP and CHAP authentication
protocols, configuring PPP authentication using PAP and CHAP, and
troubleshooting PPP authentication problems.
Summary
• PPP is a widely used WAN protocol
• PPP provides multi-protocol LAN to WAN connections
• PPP session establishment – 4 phases
o Link establishment
o Link quality determination
o Network layer protocol configuration negotiation
o Link termination
• WAN Encapsulation
o HDLC default encapsulation
o PPP
• PPP authentication
o PAP
2 way handshake
o CHAP
3 way handshake
o Use debug ppp authentication to confirm authentication configuration
• PPP configuration
o Done on a serial interface
• After PPP configuration, use show interfaces command to display:
Objectives
• Describe the fundamental concepts of Frame Relay technology in terms of
Enterprise WAN services including Frame Relay operation, Frame Relay
implementation requirements, Frame Relay maps, and LMI operation.
• Configure a basic Frame Relay PVC including configuring and troubleshooting
Frame Relay on a router serial interface and configuring a static Frame Relay map.
• Describe advanced concepts of Frame Relay technology in terms of Enterprise WAN
services including Frame Relay sub-interfaces, Frame Relay bandwidth and flow
control.
• Configure an advanced Frame Relay PVC including solving reachability issues,
configuring Frame Relay sub-interfaces, verifying and troubleshooting Frame Relay
configuration.
Objectives
• Describe the general methods used to mitigate security threats to Enterprise
networks.
• Configure Basic Router Security.
• Explain how to disable unused Cisco router network services and interfaces.
• Explain how to use Cisco SDM.
• Manage Cisco IOS devices.
Explain How to Disable Unused Cisco Router Network Services and Interfaces
• Describe the router services and interfaces that are vulnerable to network attack
• Explain the vulnerabilities posed by commonly configured management services
• Explain how to secure a router with the command-line interface (CLI) auto secure
command
Objectives
• Explain how ACLs are used to secure a medium-size Enterprise branch office
network.
• Configure standard ACLs in a medium-size Enterprise branch office network.
• Configure extended ACLs in a medium-size Enterprise branch office network.
• Describe complex ACLs in a medium-size Enterprise branch office network.
• Implement, verify and troubleshoot ACLs in an enterprise network environment.
Explain How ACLs are Used to Secure a Medium-Size Enterprise Branch Office
Network
• Describe the steps that occur in a complete TCP conversation
• Explain how a packet filter allows or blocks traffic
• Describe how ACLs control access to networks
• Use a flow chart to show how ACLs operate
• Describe the types and formats of ACLs
Summary
• An Access List (ACL) is:
o A series of permit and deny statements that are used to filter traffic
• Standard ACL
o Identified by numbers 1 - 99 and 1300 - 1999
o Filter traffic based on source IP address
• Extended ACL
o Identified by number 100 -199 & 2000 - 2699
o Filter traffic based on
Source IP address
Destination IP address
Objectives
• Describe the enterprise requirements for providing teleworker services.
• Explain how broadband services extend Enterprise Networks including DSL, cable,
and wireless.
• Describe how VPN technology provides secure teleworker services in an Enterprise
setting.
Summary
• Requirements for providing teleworker services are:
o Maintains continuity of operations
o Provides for increased services
o Secure & reliable access to information
o Cost effective
o Scalable
• Components needed for a teleworker to connect to an organization’s network are:
o Home components
o Corporate components
• Broadband services used
o Cable
transmits signal in either direction simultaneously
o DSL
requires minimal changes to existing telephone infrastructure
delivers high bandwidth data rates to customers
o Wireless
increases mobility
wireless availability via:
– municipal WiFi
– WiMax
– satellite internet
• Securing teleworker services
o VPN security achieved through using
Advanced encryption techniques
Tunneling
o Characteristics of a secure VPN
Data confidentiality
June 23, 2008 Page 10
CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
Data integrity
authentication
Objectives
• Configure DHCP in an enterprise branch network.
• Configure NAT on a Cisco router.
• Configure new generation RIP (RIPng) to use IPv6.
Summary
• Dynamic Host Control Protocol (DHCP)
o This is a means of assigning IP address and other configuration information
automatically.
• DHCP operation
o 3 different allocation methods
Manual
Automatic
Dynamic
o Steps to configure DHCP
Define range of addresses
Create DHCP pool
Configure DHCP pool specifics
• DHCP Relay
o Concept of using a router configured to listen for DHCP messages from DHCP
clients and then forwards those messages to servers on different subnets
• Troubleshooting DHCP
o Most problems arise due to configuration errors
o Commands to aid troubleshooting
Show ip dhcp
Show run
debug
• Private IP addresses
o Class A = 10.x.x.x
o Class B = 172.16.x.x – 172.31.x.x
o Class C = 192.168.x.x
• Network Address Translation (NAT)
o A means of translating private IP addresses to public IP addresses
o Type s of NAT
Static
Dynamic
o Some commands used for troubleshooting
Show ip nat translations
Show ip nat statistics
Debug ip nat
• IPv6
o A 128 bit address that uses colons to separate entries
o Normally written as 8 groups of 4 hexadecimal digits
• Cisco IOS Dual Stack
Objectives
• Establish a network baseline
• Describe troubleshooting methodologies and troubleshooting tools
• Describe the common issues that occur during WAN implementation
• Troubleshoot enterprise network implementation issues
Summary
• Network Baseline
o How a network is expected to perform under normal conditions
• Network documentation should include:
o Network configuration table
o End-system configuration table
o Network topology diagram
• Planning for the 1st baseline
o Determine what type of data to collect
o Identify devices and ports of interest
o Determine baseline duration
• 3 stages of the troubleshooting process
o Gather symptoms
o Isolate problem
o Correct problem
• 3 main methods for troubleshooting a network
o Bottom up
o Top down
o Divide & conquer
• Software troubleshooting tools
o Cisco view
o Solar winds
o HP Open view
• Hardware troubleshooting tools
o Network analysis mode
o Digital multi-meters
o Cable testers
o Network analyzer
• Common WAN implementation issues include
o QoS
o Reliability
o Security
o Latency
June 23, 2008 Page 14
CISCO, INC.
ACCESSING THE WAN
POWERPOINT OBJECTIVES
o Confidentiality
o Public or Private
• Using a layered approach to troubleshooting aids in isolating and solving the
problem