CCNP 2: Remote Access Companion Guide (Cisco Networking Academy Program), 2nd Edition
- By Cisco Systems, Inc.
- Published Aug 13, 2004 by Cisco Press. Part of the Companion Guide series.
Book
- Sorry, this book is no longer in print.
- Copyright 2005
- Edition: 2nd
- Book
- ISBN-10: 1-58713-145-5
- ISBN-13: 978-1-58713-145-5
The only authorized textbook for the Cisco Networking Academy Program.
This book provides the following reference, study, and review tools:
- Each chapter has a list of objectives referencing the key concepts for focused study.
- Key terms are highlighted in color throughout the chapter where they are used in context. The definitions are provided in a comprehensive glossary to serve as a study aid.
- Check Your Understanding review questions, presented at the end of each chapter, act as a review and study guide. They reinforce the concepts introduced in the chapter and help test your understanding before you move on to a new chapter. The answers to the questions are provided in an appendix.
Throughout this book, you see references to the lab activities found in the Cisco Networking Academy Program CCNP 2: Remote Access Lab Companion, Second Edition. Completing these labs gives you hands-on experience so that you can apply theory to practice.
This Cisco authorized textbook is a portable desk reference designed to complement the CCNP 2: Remote Access course in the Cisco Networking Academy Program.
CCNP 2: Remote Access is one of four courses leading to the CCNP certification. CCNP 2 introduces you to the implementation of Cisco routers in WAN applications. The course focuses on selecting and implementing the appropriate Cisco IOS services required to build intranet remote-access links.
Cisco Networking Academy Program CCNP 2: Remote Access Companion Guide, Second Edition, contains all the information from the online curriculum, plus pedagogical aids to help you study. Use this Companion Guide to help prepare for the Building Cisco Remote Access Networks exam (BCRAN 642-821), which is one of the four required exams to obtain the CCNP certification.
You will develop skills with specific WAN technologies including analog dialup, ISDN BRI and PRI, Frame Relay, broadband, and VPN. In addition, the course details important remote-access techniques such as NAT, AAA, and queuing and compression.
With Cisco Networking Academy Program CCNP 2: Remote Access Companion Guide, Second Edition, you have access to the course information anytime, anywhere.
Companion Title:
Cisco Networking Academy Program
CCNP 2: Remote Access Lab Companion Second Edition
ISBN: 1-58713-146-3
Companion CD-ROM
The CD-ROM included with this book provides Interactive Media Activities referred to throughout the book, a test engine of more than 200 questions, and Study Guides for each chapter to enhance your learning experience.
This book is part of the Cisco Networking Academy Program Series from Cisco Press. The products in this series support and complement the Cisco Networking Academy Program.
Table of Contents
Foreword.
Introduction.
1.Wide-Area Networks.
Remote Access.
WAN Connection Types.
Dedicated Connections.
Circuit-Switched Connections.
Asynchronous Dialup Connections.
ISDN Connections.
Packet-Switched Networks.
WAN Protocols.
Selecting Appropriate WAN Technologies.
Choosing a WAN Connection.
Identifying Site Requirements and Solutions.
Central Site Considerations.
Branch Office Considerations.
Telecommuter Site Considerations.
Selecting Cisco Remote-Access Solutions.
Fixed Interfaces.
Modular Interfaces.
Selecting Site-Specific WAN Components.
Network Overview.
Central Site Router Equipment.
Branch Office Router Equipment.
Telecommuter Site Router Equipment.
Basic Router Configuration Lab Exercises.
Summary.
Key Terms.
Check Your Understanding.
2.Modems and Asynchronous Dialup Connections
Modem Functions.
Digital-to-Analog Conversion.
Role of the Modem.
Modem Signaling and Cabling.
The EIA/TIA-232-C Standard.
Modem Control Group.
Data Flow Control Group.
Data Transfer Group.
DTE Communication Termination.
Modem Cabling Components.
Connecting a Modem to a Router.
Connecting to the AUX Port.
Connecting to the Console Port.
Connecting to a Serial Interface.
Connecting a Modem to an Access Server—Async Lines.
Connecting a Modem to a PC.
Directly Connecting a DTE to Another DTE—Null Modem Cable.
Modem Modulation Standards.
Error Control and Data Compression.
Configuring Asynchronous Interfaces and Terminal Lines.
Connecting to the Modem—Reverse Telnet.
Line Types and Numbering.
Configuring Reverse Telnet.
Asynchronous Interfaces and Line Configuration.
Basic Terminal Line Configuration.
Basic Auxiliary Port Configuration.
Configuring the Console Port to Use a Modem.
Configuring a Serial Interface to Use a Modem.
Configuring Asynchronous Interfaces.
Asynchronous Interface Configuration Example.
Introduction to DDR—Dialer List.
Modem Configuration.
Modem Configuration Methods.
Manual Configuration of Modems with Standard Commands.
Manual Configuration of Modems with Nonstandard Modem Commands.
Modem Initialization Strings.
Automatic Configuration of Modems.
Modem Capability Database.
Modem Autodiscovery.
Modem Autoconfiguration.
Fine-Tuning Modem Autoconfiguration.
Chat Scripts for Async Lines.
Configuring Asynchronous Connections Between Remote Routers.
Verifying Modem Configuration.
Verifying and Debugging Modem Autoconfiguration.
Troubleshooting Modem Autoconfiguration.
Summary.
Key Terms.
Check Your Understanding.
3.PPP Overview.
PPP Overview.
Point-to-Point Links.
PPP Architecture.
Configuring PPP.
Dialup PPP versus Dialup EXEC Sessions.
Synchronous PPP Connection.
Asynchronous PPP Connection.
Configuring Dedicated PPP Sessions.
Configuring Interactive PPP Sessions.
Configuring the Interface Addressing Method for Local Devices.
Configuring the Interface Addressing Method for Remote Devices.
PPP LCP Options.
PPP Authentication.
PAP and CHAP Authentication.
PAP Is Not as Secure as CHAP.
Configuring PAP Authentication.
Configuring CHAP Authentication.
Configuring CHAP and PAP Authentication.
PPP Callback.
Dialup PPP Callback Overview.
PPP Callback Operation.
Configuring the Callback Server.
Configuring the Callback Client.
PPP Compression.
Data Compression.
Configuring Compression.
Verifying Compression.
Uncompressed Bytes.
Throughput Ratio.
Buffer Allocation.
Bytes Transmitted.
Bytes Received.
Interpreting the show compress Output.
PPP Multilink.
PPP Multilink Overview.
MLP Operation and Configuration.
Multilink PPP Example.
Verifying PPP Configuration.
Verifying and Troubleshooting PPP.
PPP Configuration Example.
Summary.
Key Terms.
Check Your Understanding.
4.ISDN and DDR
ISDN Architecture.
ISDN versus Asynchronous Dialup.
ISDN Services and Channelized E1 and T1.
BRI Call Processing.
BRI Functional Groups and Reference Points.
Physical Representation of BRI Reference Points.
PRI Reference Points.
ISDN Protocol Layers.
ISDN Layer 1.
ISDN Layer 2—Q.921.
ISDN Layer 3—Q.931.
ISDN Call Setup.
ISDN Call Teardown.
Configuring ISDN BRI.
ISDN BRI Configuration Overview.
Configuring the ISDN Switch Type.
Configuring the SPIDs.
Configuring the Encapsulation Protocol.
Configuring Dial-on-Demand Routing (DDR).
DDR Configuration Overview.
Defining Interesting Traffic.
Assigning the Dialer List to an Interface.
Defining Destination Parameters.
Defining Optional Call Parameters.
Static and Default Routing.
Use of Static and Default Routes.
Configuring Static Routes.
Configuring Default Routes.
Configuring Route Redistribution.
Deactivating Routing Updates.
Snapshot Routing.
Snapshot Routing Model.
Enabling Snapshot Routing.
Snapshot Routing Configuration Example.
Optional Configurations.
B Channel Aggregation.
Cisco Proprietary BOD.
Multilink PPP.
ISDN Caller Identification.
Called-Party Number Answering.
ISDN Rate Adaptation.
ISDN BRI Configuration Example.
Monitoring the ISDN Interface.
The show interface bri Command.
ISDN show Commands.
Verifying and Troubleshooting PPP Multilink.
ISDN debug Command.
Configuring ISDN PRI.
PRI Configuration Tasks.
Selecting the PRI Switch.
Configuring the T1/E1 Controller for PRI.
Additional ISDN PRI Configuration Parameters.
PRI Configuration Example.
ISDN BRI to PRI Connection Example Using DDR.
Summary.
Key Terms.
Check Your Understanding.
5.Dialer Profiles.
Legacy DDR.
Legacy DDR with a Single Destination.
Legacy DDR with Multiple Destinations.
Rotary Group Overview.
Using Rotary Groups.
Configuring Rotary Groups.
Configuring ISDN for Rotary Groups.
Asynchronous Interface Groups.
Legacy DDR Limitations.
Dialer Profiles.
Overview of Dialer Profiles.
Configuring Dialer Profiles.
Dialer Pools.
Placing Calls with Dialer Profiles.
Receiving Calls with Dialer Profiles.
Using Dialer Profiles with ISDN B Channels.
Using Dialer Profiles with ISDN PRI.
Dialer Map Class.
Summary.
Key Terms.
Check Your Understanding.
6.Frame Relay.
Frame Relay Concepts.
Frame Relay Overview.
Frame Relay Devices.
Frame Relay Operation.
Frame Relay DLCIs.
Frame Relay LMI.
Inverse ARP.
Configuring Frame Relay.
Configuring Frame Relay Encapsulation.
Configuring Frame Relay Maps.
Configuring Encapsulation per PVC.
Verifying Frame Relay Interface Configuration.
Verifying Frame Relay Operation.
Frame Relay Topologies.
Frame Relay Topologies.
Reachability Issues with Routing Updates.
Solution for Split Horizon Issue—Subinterfaces.
Configuring Frame Relay Subinterfaces.
Summary.
Key Terms.
Check Your Understanding.
7.Managing Frame Relay Traffic.
Frame Relay Traffic Shaping.
Frame Relay Traffic Shaping Terminology.
Overview of Frame Relay Traffic Shaping.
Types of Frame Relay Traffic Management.
Configuring Traffic Shaping over Frame Relay.
Traffic Shaping Configuration Steps.
Traffic Shaping through Rate Enforcement.
Traffic Shaping through Rate Dynamic Enforcement.
Traffic Shaping with Queuing.
Verifying Frame Relay Traffic Shaping.
On Demand Routing.
ODR Overview.
Configuring ODR.
Summary.
Key Terms.
Check Your Understanding.
8.WAN Backup
Dial Backup.
Configuring Dial Backup.
Example of Dial Backup for Link Failure.
Activating a Dial Backup to Support Primary Line Traffic.
Example of Dial Backup for Excessive Traffic Load.
Backup Interface Operations.
Standby Mode.
Dialer Profiles as Backup Interfaces.
Configuring Dial Backups with Dialer Profiles.
Routing with the Load-Backup Feature.
Load Backup with OSPF.
Load Backup with IGRP and EIGRP.
Verifying Dial Backup Configuration.
show interface type slot/port Command.
Floating Static Routes.
Configuring Floating Static Routes as Backup.
Dialer Watch.
Dialer Watch Overview.
Configuring Dialer Watch.
Summary.
Key Terms.
Check Your Understanding.
9.Managing Network Performance with Queuing and Compression
Queuing.
Queuing Overview.
Effective Use of Traffic Prioritization.
Establishing a Queuing Policy.
Choosing a Cisco IOS Queuing Option. Configuring Weighted Fair Queuing.
WFQ Overview.
WFQ Operation.
Configuring WFQ.
Class-Based Weighted Fair Queuing.
Class-Based WFQ Overview.
CBWFQ versus Flow-Based WFQ.
CBWFQ and Tail Drops.
Weighted Random Early Detect.
Configuring CBWFQ—Step 1.
Configuring CBWFQ—Step 2.
Configuring CBWFQ with WRED—Step 2.
Configuring CBWFQ Default Class—Step 2.
Configuring CBWFQ—Step 3.
CBWFQ Queuing Examples.
Configuring Low-Latency Queuing.
LLQ.
Configuring LLQ.
Verifying Queuing Operation.
Verifying Queuing Operation Overview.
Queuing Comparison Summary.
Optimizing Traffic Flow with Data Compression.
Implementing Compression Overview.
Implementing Link Compression over a Point-to-Point Connection.
Implementing Payload Compression.
Using TCP/IP Header Compression.
Implementing MPPC.
Other Compression Considerations.
Configuring Data Compression.
Summary.
Key Terms.
Check Your Understanding.
10.Scaling IP Addresses with NAT.
NAT Overview.
NAT Topology.
Private Addressing.
NAT Terminology.
NAT Functions.
Configuring NAT.
Dynamic NAT.
Configuring Dynamic NAT.
Dynamic NAT Configuration Example.
Static NAT.
Configuring Static NAT.
NAT Overload.
Configuring NAT Overload.
TCP Load Distribution.
Configuring TCP Load Distribution.
TCP Load Distribution Configuration Example.
Overlapping Networks.
Verifying NAT Configuration.
Verifying NAT Translations.
Troubleshooting NAT Translations.
Clearing NAT Translations.
NAT Considerations.
NAT Advantages.
NAT Disadvantages.
Traffic Types Supported by Cisco.
Summary.
Key Terms.
Check Your Understanding.
11.Using AAA to Scale Access Control.
AAA Overview.
Introduction to AAA.
Security Protocols.
TACACS+.
RADIUS.
CiscoSecure Access Control Server.
Configuring AAA.
The aaa new-model Command.
Configuring TACACS+ and RADIUS Clients.
Configuring AAA Authentication.
Configuring Login Authentication.
Enabling Password Protection at the Privileged Level.
Configuring PPP Authentication Using AAA.
Configuring AAA Authorization.
IOS Command Privilege Levels.
Configuring Command Authorization.
Configuring AAA Accounting.
Summary.
Key Terms.
Check Your Understanding.
12.Broadband Connections
Broadband Overview.
Why Broadband?
Cable Options.
DSL Options.
Satellite Options.
Wireless Options.
Cable Technology.
The Original Cable Plant.
Data Over Cable.
Hybrid Fiber-Coaxial (HFC) Architecture.
Digital Signals over RF Channels.
Identifying Cable Technology Terms.
Cable Standards and Organizations.
RF Signaling Terms.
Putting Cable Technology All Together.
Process for Provisioning a Cable Modem.
DSL Technology.
What Is DSL?
Types of DSL.
DSL Limitations.
ADSL.
ADSL and POTS Coexistence.
ADSL Channels and Encoding.
Data over ADSL with Bridging.
Data Over ADSL: PPPoE.
How Does PPPoE Work?
Data over ADSL with PPPoA.
Configuring the CPE as the PPPoE Client.
Configuration Tasks for DSL.
Configure PPPoE in a VPDN Group.
Configuring a PPPoE Client.
Configure the PPPoE DSL Dialer Interface.
Configuring PAT.
PAT for Use with DSL Example.
Using DHCP to Scale DSL.
Configuring a Static Default Route.
Configuring DSL with PPPoA.
Configuration Tasks for DSL.
DSL Modulation Configuration.
Configure the DSL ATM Interface.
Configure the DSL Dialer Interface.
Troubleshooting DSL.
Determining the Layer to Troubleshoot.
Layer 1 Issues.
Cisco 827 xDSL Port Pinouts.
Is the ATM Interface in an Administratively Down State?
Is the Correct Power Supply Being Used?
Is the DSL Operating Mode Correct?
Layer 2 Issues.
Is Data Being Received from the ISP?
Is PPP Negotiating Properly?
Summary.
Key Terms.
Check Your Understanding.
13.Virtual Private Networks.
VPN Overview: Types, Tunnels, and Terms.
VPN Overview.
Tunneling and Encryption.
VPN Usage Scenarios.
Selecting VPN Technologies.
Layer 2 Tunneling Protocol (L2TP).
Cisco Generic Routing Encapsulation (GRE).
IP Security Protocol (IPSec).
Identifying VPN and IPSec Terms.
Cisco IOS Cryptosystem Overview.
Cryptosystem Overview.
Symmetric Encryption.
Asymmetric Encryption.
Key Exchange—Diffie-Hellman Algorithm.
Hashing.
IPSec Technologies.
IPSec.
Authentication Header.
Encapsulating Security Payload.
Tunnel versus Transport Mode.
Security Association.
Five Steps to IPSec.
How IPSec Uses IKE.
IKE and IPSec Flowchart.
Tasks to Configure IPSec.
Task 1—Prepare for IKE and IPSec.
Step 1—Determine IKE (IKE Phase 1) Policy.
IKE Phase 1 Policy Parameters.
Create IKE Policies for a Purpose.
Define IKE Policy Parameters.
IKE Policy Parameters.
Step 2—Determine IPSec (IKE Phase 2) Policy.
IPSec Transforms Supported in Cisco IOS Software.
Authentication Header.
Encapsulating Security Payload.
IPSec Policy Example.
Identify IPSec Peers.
Step 3—Check Current Configuration.
Step 4—Ensure the Network Works.
Step 5—Ensure ACLs Are Compatible with IPSec.
Task 2—Configure IKE.
Step 1—Enable IKE.
Step 2—Create IKE Policies.
Create IKE Policies with the crypto isakmp Command.
IKE Policy Negotiation.
Step 3—Configure ISAKMP Identity.
Step 4—Configure Preshared Keys.
Step 5—Verify IKE Configuration.
Task 3—Configure IPSec.
Step 1—Configure Transform Set Suites.
Transform Set Negotiation.
Step 2—Configure Global IPSec Security Association Lifetimes.
Purpose of Crypto ACLs.
Step 3—Create Crypto ACLs Using Extended Access Lists.
Configure Symmetrical Peer Crypto ACLs.
Purpose of Crypto Maps.
Crypto Map Parameters.
Step 4—Configure IPSec Crypto Maps.
Example crypto map Commands.
Step 5—Apply Crypto Maps to Interfaces.
IPSec Configuration Examples.
Task 4—Test and Verify IPSec.
The show crypto isakmp policy Command.
The show crypto ipsec transform-set Command.
The show crypto ipsec sa Command.
The show crypto map Command.
The clear Commands.
The debug crypto Commands.
Crypto System Error Messages for ISAKMP.
Summary.
Key Terms.
Check Your Understanding.
Appendix A: Glossary of Key Terms.
Appendix B: Check Your Understanding Answer Key.
Appendix C: Case Studies.
Index.