Sybex CCNA 640-802

Chapter 16: Wide Area Networks

Instructor & Todd Lammle
Chapter 14 Objectives
The CCNA Topics Covered in this chapter
include:
Introduction to WANs
HDLC
PPP
Frame Relay
Introduction to VPNs

2
Defining WAN Terms
Customer Premises Equipment (CPE)
Demarcation (demarc)
Local loop
Central Office (CO)
Toll network
WAN Connection Bandwidth
Digital Signal 0 (DS0) This is the basic digital signaling rate of 64Kbps,
equivalent to one channel. Europe uses the E0 and Japan uses the J0 to
reference the same channel speed. Typically used in a T-carrier
transmission, this is the generic term used by several multiplexed digital
carrier systems. This is the smallest capacity digital circuit. 1 DS0 = 1
voice/data line.
T1 Also referred to as a DS1, this contains 24 DS0 circuits bundled
together with a total bandwidth of 1.544Mbps.
E1 European equivalent of the T1. Contains 30 DS0 circuits bundled
together with a bandwidth of 2.048Mbps.
T3 Referred to as a DS3, this has 28 DS1s bundled together, or 672
DS0s, with a bandwidth of 44.736Mbps.
OC-3 Optical Carrier (OC) 3, uses fiber, is made up of three DS3s
bundled together, and contains 2,016 DS0s with a total bandwidth of
155.52Mbps.
OC-12 Optical Carrier 12 is make up of four OC-3s bundled together and
contains 8,064 DS0s with a total bandwidth of 622.08Mbps.
OC-48 Optical Carrier 48 is made up of four OC12s bundled together
and contains 32,256 DS0s with a total bandwidth of 2488.32Mbps.
WAN Connection Types
WAN Support
Frame Relay
ISDN
LAPB
LAPD
HDLC
PPP
ATM
PPPoE
Cable
DSL
MPLS
DWDM

Cable and DSL
Comparisons
Speed
Security
Popularity
Customer satisfaction
Cable Terms
Headend
Distribution network
DOCSIS (Data Over Cable Service
Interface Specification)
Digital Subscriber Line (DSL)
Symmetrical DSL
Asymmetrical DSL
ADSL
PPPoE
RFC1483 Routing
PPPoA



PPPoE with ADSL
DTE-DCE-DTE
HDLC Protocol
Bit-oriented Data Link layer ISO
standard protocol
Specifies a data encapsulation
method
No authentication can be used
HDLC Frame Format
Point-to-Point Protocol (PPP)
Purpose:
Transport layer-3 packets across a
Data Link layer point-to-point link
Can be used over asynchronous
serial (dial-up) or synchronous
serial (ISDN) media
Uses Link Control Protocol (LCP)
Builds & maintains data-link
connections
Point-to-Point Protocol Stack
PPP Main Components
EIA/TIA-232-C
Intl. Std. for serial communications
HDLC
Serial link datagram encapsulation method
LCP
Used in P-t-P connections:
Establishing
Maintaining
Terminating
NCP
Method of establishing & configuring Network
Layer protocols
Allows simultaneous use of multiple Network
layer protocols
LCP Configuration Options
Authentication
PAP
CHAP
Compression
Stacker
Predictor
Error detection
Quality
Magic Number
Multilink
Splits the load for PPP over 2+ parallel
circuits; a bundle
PPP Session Establishment
Link-establishment phase

Authentication phase

Network-layer protocol phase
PPP Session Establishment
PPP Authentication Methods
Password Authentication
Protocol (PAP)
Passwords sent in clear text
Remote node returns username &
password
Challenge Authentication
Protocol (CHAP)
Done at start-up & periodically
Challenge & Reply
Remote router sends a one-way hash
~ MD5
Configuring PPP
on Router A to talk to Router B
Step #1: Configure PPP
RouterA#config t
RouterA(config)#int s0
RouterAconfig-if)#encapsulation ppp
RouterA(config-if)#^Z
Step #2: Define the username & password
RouterA(config)#username RouterB password
cisco
RouterB(config)#username RouterA password
cisco
NOTE: (1) Username maps to the remote router
(2) Passwords must match
Step #3: Choose Authentication type for each router;
CHAP/PAP
RouterA(Config)#int s0
RouterA(config-if)#ppp authentication chap
RouterA(config-if)#ppp authentication pap
RouterA(config-if)#^Z
PPP Example 1
PPP Example 2
PPP Example 3
PPP Example 4
Frame Relay
Background
High-performance WAN
encapsulation method
OSI Physical & data Link layer
Originally designed for use across
ISDN
Supported Protocols
IP, DECnet, AppleTalk, Xerox
Network Service (XNS), Novell IPX,
Banyan Vines, Transparent Bridging,
& ISO
Frame Relay
Purpose
Provide a communications
interface between DTE & DCE
equipment
Connection-oriented Data Link
layer communication
Via virtual circuits
Provides a complete path from the
source to destination before sending
the first frame
Before Frame Relay
After Frame Relay
Frame Relay Terminology
Committed Information Rate (CIR)
Access rate
Committed Information
Rate (CIR)
Definition: Provision allowing
customers to purchase amounts of
bandwidth lower than what they
might need
Cost savings
Good for bursty traffic
Not good for constant amounts of
data transmission
Frame Relay Encapsulation
Specified on serial interfaces
Encapsulation types:
Cisco (default encapsulation type)
IETF (used between Cisco & non-
Cisco devices)

RouterA(config)#int s0
RouterA(config-if)#encapsulation
frame-relay ?
ietf Use RFC1490
encapsulation
<cr>
Data Link Connection Identifiers
(DLCIs)
Frame Relay PVCs are identified by DLCIs
IP end devices are mapped to DLCIs
Mapped dynamically or mapped by IARP
Global Significance:
Advertised to all remote sites as the same PVC
Local Significance:
DLCIs do not need to be unique
Configuration
RouterA(config-if)#frame-relay interface-dlci ?
<16-1007> Define a DLCI as part of the current
subinterface
RouterA(config-if)#frame-relay interface-dlci 16
DLCIs are Locally Significant
Local Management
Interface (LMI)
Background
Purpose
LMI Messages
Keepalives
Multicasting
Multicast addressing
Status of virtual circuits
LMI Types
Configuration:
RouterA(config-if)#frame-relay lmi-type ?
cisco
ansi
q933a
Beginning with IOS ver 11.2+ the LMI
type is auto-sensed
Default type: cisco
Virtual circuit status:
Active
Inactive
Deleted
Congestion Control
Discard Eligibility (DE)

Forward-Explicit Congestion
Notification (FECN)

Backward-Explicit Congestion
Notification (BECN)
Frame Relay Implementation
Single Interface
Partial Meshed Networks
Sub-interfaces
Definition
Multiple virtual circuits on a single
serial interface
Enables the assignment of different
network-layer characteristics to each
sub-interface
IP routing on one sub-interface
IPX routing on another
Mitigates difficulties associated with:
Partial meshed Frame Relay networks
Split Horizon protocols
Creating Sub-interfaces
Configuration:
#1: Set the encapsulation on the serial interface
#2: Define the subinterface
RouterA(config)#int s0
RouterA(config)#encapsulation frame-relay
RouterA(config)#int s0.?
<0-4294967295> Serial interface number
RouterA(config)#int s0.16 ?
multipoint Treat as a multipoint link
point-to-point Treat as a point-to-point link

Mapping Frame Relay
Necessary to IP end devices to
communicate
Addresses must be mapped to
the DLCIs
Methods:
Frame Relay map command
Inverse-arp function
Using the map command
RouterA(config)#int s0
RouterA(config-if)#encap frame
RouterA(config-if)#int s0.16 point-to-point
RouterA(config-if)#no inverse-arp
RouterA(config-if)#ip address 172.16.30.1 255.255.255.0
RouterA(config-if)#frame-relay map ip 172.16.30.17 16
ietf broadcast
RouterA(config-if)#frame-relay map ip 172.16.30.18 17
broadcast
RouterA(config-if)#frame-relay map ip 172.16.30.19 18
Using the inverse arp
command
RouterA(config)#int s0.16 point-to-point
RouterA(config-if)#encap frame-relay ietf
RouterA(config-if)#ip address 172.16.30.1
255.255.255.0

Monitoring Frame Relay
RouterA>sho frame ?
ip show frame relay IP statistics
lmi show frame relay lmi statistics
map Frame-Relay map table
pvc show frame relay pvc statistics
route show frame relay route
traffic Frame-Relay protocol statistics

RouterA#sho int s0

RouterB#show frame map

Router#debug frame-relay lmi
Troubleshooting Frame Relay
Why cant RouterA talk to RouterB?
Troubleshooting Frame Relay
Why is RIP not sent across the PVC?
Introduction to VPNs
VPNs are used daily to give
remote users and disjointed
networks connectivity over a
public medium like the Internet
instead of using more
expensive permanent means.
49
Types of VPNs
REMOTE ACCESS VPNS
Remote access VPNs allow remote users like telecommuters to securely
access the corporate network wherever and whenever they need to.
SITE-TO-SITE VPNS
Site-to-site VPNs, or, intranet VPNs, allow a company to connect its remote
sites to the corporate backbone securely over a public medium like the
Internet instead of requiring more expensive WAN connections like Frame
Relay.
EXTRANET VPNS
Extranet VPNs allow an organizations suppliers, partners, and customers to
be connected to the corporate network in a limited way for business-to-
business (B2B) communications.
50
Cisco IOS IPsec
IPSec Transforms
specify a single security protocol with its
corresponding security algorithm
Security Protocols
Authentication Header (AH)
Encapsulating Security
Payload (ESP)


51
IpSec benefits
Confidentiality
Data origin authentication
and connectionless integrity
Anti-replay service
Traffic flow

52
Encryption

Symmetric encryption
Asymmetric Encryption
Private keys
Public keys

53
Written Labs and Review
Questions
Open your books and go through all the
written labs and the review questions.
Review the answers in class.
54