NOTES

NEWCR501 - IMPLEMENTING CONNECTIONS TO REMOTE SITE

LU 1: Plan and Design Remote connectivity

LU 2: Install, Configure and Troubleshoot WAN and VPN
LU 3: Document of the Work Done

LU 1: PLAN AND DESIGN REMOTE CONNECTIVITY

Learning Outcome1.1: Analyze network requirements

1. Network architecture

Network architecture is the design of a computer network. It is a framework for the

specification of a network's physical components and their functional organization and
configuration, its operational principles and procedures, as well as communication protocols
used.

In telecommunication, the specification of a network architecture may also include a detailed

description of products and services delivered via a communications network, as well as detailed
rate and billing structures under which services are compensated.

The network architecture of the Internet is predominantly expressed by its use of the Internet
Protocol Suite, rather than a specific model for interconnecting networks or nodes in the
network, or the usage of specific types of hardware links.

 Client-server
In Client-server architecture, architecture of a computer network in which many clients (remote
processors) request and receive service from a centralized server (host computer). Client
computers provide an interface to allow a computer user to request services of the server and to
display the results the server returns.
The client-server model describes how a server provides resources and services to one or more
clients. Examples of servers include web servers, mail servers, and file servers. Each of these

PREPARED BY CHARLES S. BERICKSON 1

servers provide resources to client devices, such as desktop computers, laptops, tablets, and
smart phones

Fig1: Client-server network architecture

 Peer-to-peer (P2P)
In a P2P network, the "peers" are computer systems which are connected to each other via the
Internet. Files can be shared directly between systems on the network without the need of a
central server. In other words, each computer on a P2P network becomes a file server as well as
a client.

Figure 2: peer to peer network

 Hybrid of client-server and P2P

The HCSA (Hybrid Client-Server Architecture), a flexible system layout that combines the
advantages of the traditional Client-Server Architecture (CSA) with those of the Shared Disk

PREPARED BY CHARLES S. BERICKSON 2

Architecture (SDA), is introduced. In HCSA, the traditional CSA-style I/O subsystem is
modified to give the clients network access to both the server and the server’s set of disks.
A hybrid P2P network is one that has an index server containing information on the locations of
resources at the center, and which uses the index server for search.

2. Network applications
 E-mail
Electronic mail is a method of exchanging messages between people using electronic devices.
Invented by Ray Tomlinson, email first entered limited use in the 1960s and by the mid-1970s
had taken the form now recognized as email. Email operates across computer networks, which
today is primarily the Internet
 Web
The World Wide Web, commonly known as the Web, is an information system where documents
and other web resources are identified by Uniform Resource Locators, which may be interlinked
by hypertext, and are accessible over the Internet
 Instant messaging
Instant messaging technology is a type of online chat that offers real-time text transmission over
the Internet. A LAN messenger operates in a similar way over a local area network. Short
messages are typically transmitted between two parties, when each user chooses to complete a
thought and select "send".
 Remote login
Rlogin (remote login) is a UNIX command that allows an authorized user to login to other
UNIX machines (hosts) on a network and to interact as if the user were physically at the host
computer. Rlogin is similar to the better known Telnet command.
 P2P file sharing
Peer-to-peer file sharing is the distribution and sharing of digital media using peer-to-peer
networking technology. P2P file sharing allows users to access data by using the following file
sharing application softwares Xunlei, Bittorrent, uTorrent, BitComet, Vuze and Transmission,
Azureus, Emule and eDonkey, Gnutella, LimeWire and Cabos, Flashget, Foxy, Goboogy,
Google Talk (file-transfer), Manolito, Msn (file-transfer), Mute, Neonet, Openft, Pando,
Peerenabler, Perfect-dark, Poco, Soribada, Yahoo-IM (file-transfer), etc.
PREPARED BY CHARLES S. BERICKSON 3
  Multi-user network games

Multi user games are games where you play online with other online gamers. For example you
can play your component online; you can be playing an opponent which is sitting on the other
side of the earth.
The future of multi-user networked games lies among others in networking mobile games.
Currently there exists a multi-player mobile network real time game called “Multi-User
Dungeon”, which is a text-based MUD story. This is a popular game used by over 50.000 users.
 Streaming stored video clips
Streaming video is content sent in compressed form over the Internet and displayed by the
viewer in real time. With streaming video or streaming media, a Web user does not have to
wait to download a file to play it.
 Internet telephone
Internet telephony is a type of communications technology that allows voice calls and other
telephony services like fax, SMS and other voice-messaging applications to be transmitted using
the Internet as a connection medium. Internet telephony is also called IP telephony or
broadband telephony.
While a traditional phone service uses outdated telephone lines, Internet phone uses the
Internet to connect your phone calls to the public phone network. Internet phone services
utilize a technology called "packet switching". First, your Internet phone has to convert your
voice into data packets with the ATA adapter.

PREPARED BY CHARLES S. BERICKSON 4

  Real-time video conference
Video conferencing is a visual communication session between two or more users regardless of
their location, featuring audio and video content transmission in real time.

 Massive parallel computing

In computing, massively parallel refers to the use of a large number of processors to perform a
set of coordinated computations in parallel.

Some best Screen Sharing and Remote Access Software

 Team Viewer
 Chrome Remote Desktop
 A beta version of Chrome Remote Desktop is available as a web app.
 Microsoft Remote Desktop
 AeroAdmin
 Seecreen
 Lite Manager
 AnyDesk

3. Network protocols

PREPARED BY CHARLES S. BERICKSON 5

There are several broad types of networking protocols, including: Network communication
protocols: Basic data communication protocols, such as TCP/IP and HTTP. Network security
protocols: Implement security over network communications and include HTTPS, SSL and
SFTP.
 Bluetooth protocol

Bluetooth is a standardized protocol for sending and receiving data via a 2.4GHz wireless link.
It's a secure protocol, and it's perfect for short-range, low-power, low-cost, wireless
transmissions between electronic devices. Some Bluetooth protocols are Logical link control and
adaptation protocol (L2CAP), Bluetooth network encapsulation protocol (BNEP), Radio
frequency communication (RFCOMM), Service discovery protocol (SDP), Telephony control
protocol (TCS), Audio/video control transport protocol (AVCTP)

 Fiber Channel network protocols

Fiber Channel Protocol (FCP) is the SCSI interface protocol utilizing an underlying Fiber
Channel connection.

The Fiber Channel standards define a high-speed data transfer mechanism that can be used
to connect workstations, mainframes, supercomputers, storage devices and displays.

Fiber Channel is designed to transport many protocols, such as FDDI, serial HIPPI, SCSI,
IPI, and many more that will be listed in the section describing the FC-4 layer. The transfer
rates of Fiber Channel are currently (133 Mbps,266 Mbps,530 Mbps, and 1 Gbps).

Fiber Distributed Data Interface, a set of ANSI protocols for sending digital data over
fiber optic cable. FDDI networks are token-passing networks, and support data rates of
up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as
backbones for wide-area networks.

PREPARED BY CHARLES S. BERICKSON 6

 HIPPI, short for High Performance Parallel Interface, is a computer bus for the
attachment of high speed storage devices to supercomputers, in a point-to-point link. It
was popular in the late 1980s and into the mid-to-late 1990s, but has since been replaced
by ever-faster standard interfaces like Fiber Channel and 10 Gigabit Ethernet.
SCSI Small Computer System Interface is a set of standards for physically connecting
and transferring data between computers and peripheral devices. The SCSI standards
define commands, protocols, and electrical, optical and logical interfaces.
IPI (Intelligent Peripheral Interface) is a high-bandwidth interface between a computer
and a hard disk or a tape device. Devices using IPI can transfer data between the hard
drive and RAM in the range between 3 and 25 megabytes per second.
 Internet Protocol Suite or TCP/IP model

The Internet protocol suite is the conceptual model and set of communications protocols
used in the Internet and similar computer networks. It is commonly known as TCP/IP because
the foundational protocols in the suite are the Transmission Control Protocol (TCP) and the
Internet Protocol (IP). It is occasionally known as the Department of Defense (DoD) model
because the development of the networking method was funded by the United States
Department of Defense through DARPA.

The Internet protocol suite provides end-to-end data communication specifying how data
should be packetized, addressed, transmitted, routed, and received. This functionality is
organized into four abstraction layers, which classify all related protocols according to the
scope of networking involved. From lowest to highest, the layers are the link layer, containing
communication methods for data that remains within a single network segment (link); the
internet layer, providing internetworking between independent networks; the transport layer,
handling host-to-host communication; and the application layer, providing process-to-process
data exchange for applications.

The technical standards underlying the Internet protocol suite and its constituent protocols are
maintained by the Internet Engineering Task Force (IETF). The Internet protocol suite

PREPARED BY CHARLES S. BERICKSON 7

predates the OSI model, a more comprehensive reference framework for general networking
systems.

 OSI protocols
The OSI protocol stack works on a hierarchical form, from the hardware physical layer to the
software application layer. There are a total of seven layers. Data and information are received
by each layer from an upper layer.

1. Layer 1, the Physical Layer: This layer deals with the hardware of networks such as
cabling. The major protocols used by this layer include Bluetooth, PON, OTN, DSL,
IEEE.802.11, IEEE.802.3, L431 and TIA 449.
2. Layer 2, the Data Link Layer: This layer receives data from the physical layer and
compiles it into a transform form called framing or frame. The protocols are used by the
Data Link Layer include: ARP, CSLIP, HDLC, IEEE.802.3, PPP, X-25, SLIP, ATM,
SDLS and PLIP.
3. Layer 3, the Network Layer: This is the most important layer of the OSI model, which
performs real time processing and transfers data from nodes to nodes. Routers and
switches are the devices used for this layer. The network layer assists the following
protocols: Internet Protocol (IPv4), Internet Protocol (IPv6), IPX, AppleTalk, ICMP,
IPSec and IGMP.
4. Layer 4, the Transport Layer: The transport layer works on two determined
communication modes: Connection oriented and connectionless. This layer transmits data
from source to destination node. It uses the most important protocols of OSI protocol
family, which are: Transmission Control Protocol (TCP), UDP, SPX, DCCP and SCTP.
5. Layer 5, the Session Layer: The session layer creates a session between the source and
the destination nodes and terminates sessions on completion of the communication
process. The protocols used are: PPTP, SAP, L2TP and NetBIOS.
6. Layer 6, the Presentation Layer: The functions of encryption and decryption are defined
on this layer. It converts data formats into a format readable by the application layer. The
following are the presentation layer protocols: XDR, TLS, SSL and MIME.

PREPARED BY CHARLES S. BERICKSON 8

 7. Layer 7, the Application Layer: This layer works at the user end to interact with user
applications. QoS (quality of service), file transfer and email are the major popular
services of the application layer. This layer uses following protocols: HTTP, SMTP,
DHCP, FTP, Telnet, SNMP and SMPP.

 Routing protocols

A routing protocol specifies how routers communicate with each other, distributing
information that enables them to select routes between any two nodes on a computer network.
Routers perform the "traffic directing" functions on the Internet; data packets are forwarded
through the networks of the internet from router to router until they reach their destination
computer
Examples of Routing Protocols are RIP (Routing Information Protocol), EIGRP (Enhanced
Interior Gateway Routing Protocol) and OSPF (Open Shortest Path First).
 VPN protocols

VPN is a Virtual Private Network that allows a user to connect to a private network over the
Internet securely and privately. VPN creates an encrypted connection, known as VPN tunnel, and
all Internet traffic and communication is passed through this secure tunnel. Thus, keeping the
user data secure and private.

There are two basic VPN types which are explained below

1. Remote Access VPN

Remote access VPN allows a user to connect to a private network and access its services and
resources remotely. The connection between the user and the private network happens through
the Internet and the connection is secure and private.

Remote Access VPN is useful for business users as well as home users.

A corporate employee, while traveling, uses a VPN to connect to his/her company’s private
network and remotely access files and resources on the private network.
PREPARED BY CHARLES S. BERICKSON 9
Home users, or private users of VPN, primarily use VPN services to bypass regional restrictions
on the Internet and access blocked websites. Users conscious of Internet security also use VPN
services to enhance their Internet security and privacy.

2. Site – to – Site VPN

A Site-to-Site VPN is also called as Router-to-Router VPN and is mostly used in the corporates.
Companies, with offices in different geographical locations, use Site-to-site VPN to connect the
network of one office location to the network at another office location.

When multiple offices of the same company are connected using Site-to-Site VPN type, it is
called as Intranet based VPN. When companies use Site-to-site VPN type to connect to the office
of another company, it is called as Extranet based VPN. Basically, Site-to-site VPN create a
virtual bridge between the networks at geographically distant offices and connect them through
the Internet and maintain a secure and private communication between the networks.

Since Site-to-site VPN is based on Router-to-Router communication, in this VPN type one router
acts as a VPN Client and another router as a VPN Server. The communication between the two
routers starts only after an authentication is validated between the two.

Types of VPN protocols

The above two VPN types are based on different VPN security protocols. Each of these VPN
protocols offer different features and levels of security, and are explained below:

1. Internet Protocol Security or IPSec:

Internet Protocol Security or IPSec is used to secure Internet communication across an IP

network. IPSec secures Internet Protocol communication by authenticating the session and
encrypts each data packet during the connection.

PREPARED BY CHARLES S. BERICKSON 10

IPSec operates in two modes, Transport mode and Tunneling mode, to protect data transfer
between two different networks. The transport mode encrypts the message in the data packet and
the tunneling mode encrypts the entire data packet. IPSec can also be used with other security
protocols to enhance the security system.

2. Layer 2 Tunneling Protocol (L2TP):

L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with
another VPN security protocol like IPSec to create a highly secure VPN connection. L2TP
creates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and
handles secure communication between the tunnel.

3. Point – to – Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet. It
uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one of
the most widely used VPN protocol and has been in use since the time of Windows 95. Apart
from Windows, PPTP is also supported on Mac and Linux.

4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS):

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where
the web browser acts as the client and user access is restricted to specific applications instead of
entire network. SSL and TLS protocol is most commonly used by online shopping websites and
service providers. Web browsers switch to SSL with ease and with almost no action required
from the user, since web browsers come integrated with SSL and TLS. SSL connections have
https in the beginning of the URL instead of http.

5. OpenVPN:

OpenVPN is an open source VPN that is useful for creating Point-to-Point and Site-to-Site
connections. It uses a custom security protocol based on SSL and TLS protocol.

PREPARED BY CHARLES S. BERICKSON 11

6. Secure Shell (SSH):

Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also
ensures that the tunnel is encrypted. SSH connections are created by a SSH client and data is
transferred from a local port on to the remote server through the encrypted tunnel.

 ADSL technologies

Asymmetric Digital Subscriber Line (ADSL) is a type of DSL broadband communications

technology used for connecting to the Internet. ADSL allows more data to be sent over existing
copper telephone lines (POTS), when compared to traditional modem lines. A special filter,
called a microfilter, is installed on a subscriber's telephone line to allow both ADSL and regular
voice (telephone) services to be used at the same time.

ADSL requires a special ADSL modem and subscribers must be in close geographical locations
to the provider's central office to receive ADSL service. Typically this distance is within a radius
of 2 to 2.5 miles. ADSL supports data rates of from 1.5 to 9 Mbps when receiving data (known
as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream
rate).

LEARNING OUTCOME 1.2: ANALYZE ENTERPRISE FACILITIES,

EXISTING WIFI &WIRED NETWORKS AND SITES

Enterprise facility and Existing networks analysis

1. Network Analysis

PREPARED BY CHARLES S. BERICKSON 12

A network, in the context of electronics, is a collection of interconnected components. Network
analysis is the process of finding the voltages across, and the currents through, all network
components. There are many techniques for calculating these values.
 Physical Design
Because physical network diagrams depict the entire topology of the physical network, they
can include a number of different components: Connections: connections are critical to a
physical network diagram. Connectors (aka connections) depict the physical cabling that
connects physical devices in a network.
 Logical Design
A logical network is one that appears to the user as a single, separate entity although it might in
fact be either an entity created from multiple networks or just a part of a larger network. A
logical network is defined by its IP addressing scheme.
 Wired network technologies
A wired network is a common type of wired configuration. Most wired networks use
Ethernet cables to transfer data between connected PCs. In a small wired network, a single
router may be used to connect all the computers. Larger networks often involve multiple routers
or switches that connect to each other.
 Wireless network technologies
Wireless networks are computer networks that are not connected by cables of any kind. The
use of a wireless network enables enterprises to avoid the costly process of introducing cables
into buildings or as a connection between different equipment locations.
Other examples of applications of radio wireless technology include GPS units, garage door
openers, wireless computer mouse, keyboards and headsets, headphones, radio receivers,
satellite television, broadcast television and cordless telephones.

 Networks devices
Networking hardware, also known as network equipment or computer networking devices, are
electronic devices which are required for communication and interaction between devices on a
computer network. Specifically, they mediate data transmission in a computer network.
PREPARED BY CHARLES S. BERICKSON 13
Examples are Hub, Switch, Router, Bridge, Gateway, Modem, Repeater, Access Point.

 Networks nodes
In a communications network, a network node is a connection point that can receive, create,
store or send data along distributed network routes.
LEARNING OUTCOME 1.3: IDENTIFY SECURITY REQUIREMENTS

Requirements for Secure Remote Access

 Give users easy access to business resources from any location or device
 Find a solution to minimize your cost of ownership
 Find a solution offering comprehensive and extensible endpoint analysis checks
 Find a vendor that can provide an integrated application delivery infrastructure
 Find a solution that supports granular authorization policies and true application-level
control
 Find a solution that overcomes the limitations of network access control
 Find a vendor with a staying power, a global reach and a strong vision

LEARNING OUTCOME 1.4: SELECTION OF WAN TECHNOLOGY, HARDWARE

AND SOFTWARE COMPONENTS

Network technology
 Communication devices
A portable communications device is a hand-held or wearable device. For example, the walkie-
talkie is a device that is hand-held when in use, and wearable when not in use. Portable
telephones are also carried, or worn, on a belt, or in a pocket. Portable devices have also become
usable when worn.
Below is a full listing of all the different types of communications devices you may
encounter when dealing with a computer.

 Bluetooth devices.
 Infrared devices.
 Modem (over phone line)
 Network card (using Ethernet)
 Smartphone.
 Wi-Fi devices (using a Wi-Fi router);

PREPARED BY CHARLES S. BERICKSON 14

  Intranet and Extranet
An intranet is a network where employees can create content, communicate, collaborate, get
stuff done, and develop the company culture.
An extranet is like an intranet, but also provides controlled access to authorized customers,
vendors, partners, or others outside the company
 Tools to communication

Communication tools can include:

 smart phones
 laptops
 tablets
 VOIP/Internet telephony
 intranet
 social networks
 forums
 messenger apps
 chatbots
 email
 blogs
 tracking software

PREPARED BY CHARLES S. BERICKSON 15

LEARNING OUTCOME 1.5: APPROPRIATE IDENTIFICATION OF TOOLS,
EQUIPMENT AND MATERIALS USED IN REMOTE CONNECTION
Remote connection tools
 Telnet: is a network protocol that allows a user on one computer to log into another
computer that is part of the same network.
The purpose of telnet is to provide a bidirectional interactive text-oriented
communications facility using a virtual terminal connection.
 SSH: Secure Shell (SSH) is a cryptographic network protocol for operating network services
securely over an unsecured network. Typical applications include remote command-line, login, and
remote command execution, but any network service can be secured with SSH. ... Windows 10 uses
OpenSSH as its default SSH client.
SSH is typically used to log into a remote machine and execute commands, but it also
supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using
the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the
client-server model.
The purpose of SSH is to support encrypted data transfer between two computers. It can
be used to support secure logins, file transfers or general purpose connects. Servers
maintained by ITS require SSH-based connections in most cases.
 Remote desktop: Remote desktop is a program or an operating system feature that allows a user to
connect to a computer in another location, see that computer's desktop and interact with it as if it were
local.
A remote computer is a computer to which a user does not have physical access, but
which he or she can access or manipulate via some kind
of computer network. Remote desktop software allows a person to control a remote
computer from another computer.

Equipment
 Router: A router is a networking device that forwards data packets between computer networks.
Routers perform the traffic directing functions on the Internet. Data sent through the internet, such as a
web page or email, is in the form of data packets.
 Switch: A network switch is networking hardware that connects devices on a computer network by
using packet switching to receive and forward data to the destination device. A network switch is a
multiport network bridge that uses MAC addresses to forward data at the data link layer of the OSI
model.
 Cables
 PC
 Server: In computing, a server is a computer program or a device that provides functionality for
other programs or devices, called "clients". This architecture is called the client–server model, and a
single overall computation is distributed across multiple processes or devices.

LEARNING OUTCOME 1.6: SYSTEMATIC DESIGN AND INTERPRETATION OF

NETWORK BLUEPRINT.
Network design principles
 Functionality: the quality of being suited to serve a purpose well; practicality.
PREPARED BY CHARLES S. BERICKSON 16
  Scalability: the capacity to be changed in size or scale.
 Adaptability: the quality of being able to adjust to new conditions.
 Manageability: capable of being managed or controlled.
 Cost effectiveness: the degree to which something is effective or productive in relation to its
cost.
Network design Tools
 eDraw: Edraw Max is a 2D business technical diagramming software which help create flowcharts,
organizational charts, mind map, network diagrams, floor plans, workflow diagrams, business charts,
and engineering diagrams.
 Concept Draw: Concept drawings or sketches are drawings, often freehand, that are used by
designers such as architects, engineers and interior designers as a quick and simple way of
exploring initial ideas for designs.

LU2: INSTALL, CONFIGURE AND TROUBLESHOOT WAN AND VPN

Learning Outcome 2.1: Configure and verify a serial WAN configuration

1. WAN Devices
 Router: A router is a networking device that forwards data packets between computer
networks. Routers perform the traffic directing functions on the Internet. Data sent
through the internet, such as a web page or email, is in the form of data packets.
 Switch: A network switch is networking hardware that connects devices on a computer
network by using packet switching to receive and forward data to the destination device.
A network switch is a multiport network bridge that uses MAC addresses to forward data
at the data link layer of the OSI model.
 Modem (CSU/DSU): A CSU/DSU (Channel Service Unit/Data Service Unit) is a
hardware device about the size of an external modem that converts a digital data frame
from the communications technology used on a local area network (LAN) into a frame
appropriate to a wide-area network (WAN) and vice versa.
2. WAN connections types
 Point-to-Point technologies
In telecommunications, a point-to-point connection refers to a communications
connection between two communication endpoints or nodes. An example is a telephone
call, in which one telephone is connected with one other, and what is said by one caller
can only be heard by the other. This is contrasted with a point-to-
multipoint or broadcast connection, in which many nodes can receive information
transmitted by one node. Other examples of point-to-point communications links
are leased lines, microwave radio relay and two-way radio.
The term is also used in computer networking and computer architecture to refer to a wire or
other connection that links only two computers or circuits, as opposed to other network
topologies such as buses or crossbar switches which can connect many communications devices.
Point-to-point is sometimes abbreviated as P2P. This usage of P2P is distinct
from P2P meaning peer-to-peer in the context of file sharing networks.
PREPARED BY CHARLES S. BERICKSON 17
  Circuit switched technologies: Circuit switching is a method of implementing a
telecommunications network in which two network nodes establish a dedicated
communications channel (circuit) through the network before the nodes may
communicate. ... The defining example of a circuit-switched network is the early analog
telephone network.
 Packet-switched technologies: Packet-switched describes the type of network in which
relatively small units of data called packets are routed through a network based on the destination
address contained within each packet. Breaking communication down into packets allows the
same data path to be shared among many users in the network.
3. Physical Parameters for WAN Connections
 Data communications equipment (DCE) and Data terminal equipment (DTE): Data
communications equipment (DCE) refers to computer hardware devices used to establish,
maintain and terminate communication network sessions between a data source and its
destination. DCE is connected to the data terminal equipment (DTE) and data
transmission circuit (DTC) to convert transmission signals.
A data circuit-terminating equipment is a device that sits between the data terminal equipment and a
data transmission circuit. It is also called data communication equipment and data carrier equipment.
Usually, the DTE device is the terminal, and the DCE is a modem.

Learning Outcome 2.2 Configure and verify WAN Protocols

SUB LU1
 Configuration of IP parameters: The IP Configuration window configures the Internet
Protocol parameters, allowing the device to receive and send IP packets. In its factory
default configuration, the switch operates as a multiport learning bridge with network
connectivity provided by the ports on the switch.
 Internet parameters configurations: Internet Config was an Internet preferences
manager and API for Mac OS Classic. ... Internet Config's purpose was to consolidate
what was, at the time, an unwieldy number of options and settings related to Internet use
that had not yet been integrated into the operating system's own control panel.
 Dynamic IP Configurations: A dynamic Internet Protocol address (dynamic
IP address) is a temporary IP address that is assigned to a computing device or node
when it's connected to a network. A dynamic IP address is an automatically
configured IP address assigned by a DHCP server to every new network node.
 Static IP Configurations: A static IP address is an IP address that was manually
configured for a device, versus one that was assigned by a DHCP server. It's
called static because it doesn't change. It's the exact opposite of a dynamic IP address,
which does change.
 WAN protocols and technologies
 HDLC: (High-level Data Link Control) is a group of protocols or rules for transmitting
data between network points (sometimes called nodes). ... HDLC is one of the most
commonly-used protocols in what is layer 2 of the industry communication reference
model called Open Systems Interconnection (OSI).

PREPARED BY CHARLES S. BERICKSON 18

 SDLC: The software development life cycle (SDLC) is a framework defining tasks
performed at each step in the software development process. SDLC is a structure
followed by a development team within the software organization. It consists of a
detailed plan describing how to develop, maintain and replace specific software.
 PPP: In computer networking, Point-to-Point Protocol (PPP) is a data link layer (layer
2) communications protocol between two routers directly without any host or any
other networking in between. It can provide connection authentication, transmission
encryption, and compression.

 LAPB: Link Access Procedure, Balanced implements the data link layer as defined in the
X.25 protocol suite. LAPB pronounced as LAP bee is a bit-oriented protocol derived
from HDLC that ensures that frames are error free and in the correct sequence.
 Frame-Relay: Frame relay is a packet-switching telecommunication service designed
for cost-efficient data transmission for intermittent traffic between local
area networks (LANs) and between endpoints in wide area networks (WANs).
 DSL: Digital subscriber line is a family of technologies that are used to transmit digital
data over telephone lines. In telecommunications marketing, the term DSL is widely
understood to mean asymmetric digital subscriber line, the most commonly installed DSL
technology, for Internet access.
 FTTH: Fiber to the home (FTTH), also called "fiber to the premises" (FTTP), is the
installation and use of optical fiber from a central point directly to individual buildings
such as residences, apartment buildings and businesses to provide unprecedented high-
speed Internet access.
 FTTP: Fiber To The Premises (FTTP) is a fiber optic cable delivery medium that
provides Internet access directly to a user or groups of users from an Internet service
provider (ISP).

 L2TP: In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling

protocol used to support virtual private networks (VPNs) or as part of the delivery of
services by ISPs. It does not provide any encryption or confidentiality by itself.

 PPTP: PPTP stands for Point-to-Point Tunneling Protocol, and it's a VPN protocol that
was introduced back in 1995, though it was in development ten years prior to that date.
PPTP improved on the previous PPP standard which lacked the tunneling feature. What
PREPARED BY CHARLES S. BERICKSON 19
 started out as a protocol implement in Windows systems quickly became a widespread
VPN protocol available on numerous platforms?
 ATM: An automated teller machine (ATM) is an electronic telecommunications device
that enables customers of financial institutions to perform financial transactions, such as
cash withdrawals, deposits, transfer funds, or obtaining account information, at any time
and without the need for direct interaction with bank staff.
 Testing WAN: If you need to know the true performance of your WAN, you must test it.
The WAN allows everyone to share resources, equipment, and information,
anything that makes an organization what it is. It’s obvious then that the WAN
must perform flawlessly.
 Testing WAN connections:
When testing WAN connections, consider the following:

 Bandwidth — The data transfer capacity, or speed of transmission, of a digital

communications system as measured in bits-per-second (bps).
 Latency — The time that is required for a request to travel from one point on a network
to another point.
 Network congestion - The condition of a network when the current load approaches or
exceeds the available resources and bandwidth that are designed to handle that load at a
particular location in the network. Packet loss and delays are associated with congestion.

The simplest method to test performance over WAN connections is to have a user at a
remote location connect to a SharePoint site and perform several user actions. For
example, you can host an online meeting, talk the user through the actions, and count the
number of seconds for actions to be completed. Or, you can connect to a computer
remotely and perform the tasks.

 Testing WAN speed: There are different WAN Testing tools. One of them is LAN
Speed Test. Despite its name LAN Speed Test from TotuSoft can very well be used to
test WAN connections. The tool was designed to be a simple but powerful tool for
measuring file transfer, hard drive, USB Drive, and network speeds. To test a WAN
connection, all you have to do is pick a destination on the site where you want to test the
WAN connection. Next, the tool will build a file in memory and transfer it both ways—
avoiding the misleading effects of Windows or Mac file caching—while keeping track of
the time it takes. It then does all the calculations for you.

Learning Outcome 2.3: Configure and verify a site to site VPN

 Configuration of VPN based

There are different methods to configure a VPN. Each device has its own steps differ from
another
1. Setting up a VPN App
2. Adding a VPN Connection on Windows

PREPARED BY CHARLES S. BERICKSON 20

 3. Adding a VPN Connection on Mac
4. Adding a VPN Connection on iPhone
5. Adding a VPN Connection on Android
For more details of how to configure a VPN on a router, refers to the page 29.

Adding a VPN Connection on Windows 10.

Step 1. Open Start Click the Windows logo in the bottom-left corner of the screen.

Step 2. Open Settings Click the gear-shaped icon in the lower-left side of the Start window.

Step 3. Click Network & Internet. It's in the middle of the Settings window

Step 4. Click VPN. This tab is on the left side of the Network & Internet menu.
PREPARED BY CHARLES S. BERICKSON 21
Step 5. Click ＋ Add a VPN connection. It's at the top of the page. A VPN form will open.
If you want to edit an existing VPN configuration, click the name of the VPN you want to
configure, click Advanced options, and click Edit in the middle of the page

Step 6. Configure your VPN's information. Enter or update any of the following information:
 VPN provider — Click this drop-down box, then click the name of the VPN you want to
use.
 Connection name — Add the name of the VPN on your computer.
 Server name or address — Enter or change the VPN's server address.
 VPN type — Enter or change the connection type.
 Type of sign-in info — Select a new type of sign-in (e.g., Password) if necessary.
 User name (optional) — If necessary, change the username that you use to sign into the
VPN.
 Password (optional) — If necessary, change the password that you use to sign into the
VPN.

PREPARED BY CHARLES S. BERICKSON 22

Step 7. Click Save. It's at the bottom of the page. Doing so will save your changes to the VPN
and apply them.

 Deployment classification
Site to Site VPN: A site-to-site VPN connection lets branch offices use the internet as a
conduit for accessing the main office's intranet. HowStuffWorks. A site-to-site VPN allows
offices in multiple fixed locations to establish secure connections with each other over a public
network such as the internet.
Remote Access VPN:
A remote-access VPN connection allows an individual user to connect to a private network from
a remote location using a laptop or desktop computer connected to the internet.

 Classification based on OSI layers

Layer 4/7 VPN – WebVPN:

PREPARED BY CHARLES S. BERICKSON 23

 Layer 4-7. The two layers in a network packet that identify its content (for details about layers, see TCP/IP
and OSI model). The bottom layers 1, 2 and 3 are the protocols that move a network packet from source to
destination. Layers 4 and 7 identify the application that created the packets as well as the
specifics of the request. For example, inspecting layer 4 can identify HTTP traffic
(Web traffic), but inspecting layer 7 can determine what the HTTP request is for.

Layer 3 VPN – IPSec:

Layer 3 VPN (L3VPN) is a type of VPN mode that is built and delivered on OSI layer
3 networking technologies. The entire communication from the core VPN infrastructure is
forwarded using layer 3 virtual routing and forwarding techniques. Layer 3 VPN is also known
as virtual private routed network (VPRN).

Layer 2 VPN - L2TP, PPTP:

Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol
(PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private
network (VPN) over the Internet.

 Classification based on trust level

Intranet VPN:
An intranet VPN links enterprise customer headquarters, remote offices, and branch offices to
an internal network over a shared infrastructure using dedicated connections. Intranet
VPNs differ from extranet VPNs in that they only allow access to the enterprise customer's
employees.

Extranet VPN:
Extranet VPNs link customers, suppliers, partners, or communities of interest to a corporate
intranet over a shared infrastructure using dedicated connections. In this example, the VPN is
often an alternative to fax, snail mail, or EDI. The extranet VPN facilitates e-commerce.

Remote VPN
A remote-access VPN connection allows an individual user to connect to a private network from
a remote location using a laptop or desktop computer connected to the internet. ... Those users
can access the secure resources on that network as if they were directly plugged in to the
network's servers.

 Customer point of view classifications:

Small companies taking the customers' point of view are customer-focused. That means they
keep the customer in mind when developing their products and services. Marketers also make it
easier or more convenient for customers to order.

 Traditional VPN:
Traditional VPN solution uses a local VPN router to connect through the internet, with a
secure VPN tunnel to a second remote VPN router or software client (Fig. ... There is no cloud

PREPARED BY CHARLES S. BERICKSON 24

server between the two devices with either method of connection: VPN router to VPN router,
or VPN router to VPN software.
The following protocols are used in traditional VPN:

Frame-relay (L2 VPN):

The Frame Relay over L2TPv3 feature enables Frame Relay switching over Layer 2
Tunnel Protocol Version 3 (L2TPv3).

ATM VPN (L2 VPN):

A L2 VPN is a method that Internet service providers use to segregate their network for their
customers, to allow them to transmit data over an IP network. Implementing a Layer 2 VPN on
a router is similar to implementing a VPN using a Layer 2 technology such as Asynchronous
Transfer Mode (ATM)

 CPE based VPN:

CPE-Based IP VPN is an IP VPN that initiates IPSec tunneling and encryption at the edge of
the customer's network for dedicated locations and on the remote user's PC for remote access
users.It uses the following protocols on layer 2-3.

L2TP and PPTP (Layer 2 VPN

The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private
networks. PPTP has many well known security issues. PPTP uses a TCP control channel and a
Generic Routing Encapsulation tunnel to encapsulate PPP packets.

IPSec VPN (Layer 3 VPN)

Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the
packets of data to provide secure encrypted communication between two computers over an
Internet Protocol network. It is used in virtual private networks.

 Provider Provisioned VPN

Provider Provisioned Virtual Private Networks (PPVPNs) are enterprise-level VPNs mainly
used by businesses to allow staff secure remote access to their corporate network. PPVPNs are
also used to securely connect physically separate sites and networks with each other across the
Internet. They use the following protocol on layer 2-3.

BGP/MPLS (L2/L3 VPN):

Border Gateway Protocol (BGP) is the routing protocol for the Internet. Much like the post
office processing mail, BGP picks the most effecient routes for delivering Internet traffic. ...
Border Gateway Protocol (BGP) is the postal service of the Internet.
And Multiprotocol Label Switching (MPLS): It is a mechanism for routing traffic within a
telecommunications network, as data travels from one network node to the next. MPLS can
provide applications including VPNs (Virtual Private Networks), traffic engineering (TE) and
Quality of Service (QoS).

 Session based VPN:

PREPARED BY CHARLES S. BERICKSON 25
In a session-level VPN, the end-to-end TCP connection can be split into two connections, one
over the wireline network and one over the wireless network. ... IP VPNs on the other hand, do
not allow for split TCP solutions since encryption is carried out at the network layer, making
TCP optimizations infeasible. The protocol we use is:

SSLVPN/WebVPN (L4/L7 VPN)

An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol --
or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web
browsers to provide secure, remote-access VPN capability. SSL VPN is often called Web VPN.

 VPN Verification: How to check if VPN is working

How do you know whether your VPN is doing its job? You may think your VPN is working
even while it leaks your identity and location. Leaks (= accidentally lose or admit contents,
especially liquid or gas, through a hole or crack.) can be hard to spot, so use these tips to see if
your VPN is really protecting you.

The most common VPN leaks

There are many reasons why your VPN might not be providing 100% security and exposing your
private information. Here are the most common ways that your VPN could be leaking:

1. IP leak

Your IP address says a lot about you, like your location or the websites you visit. A VPN
protects you from snoopers trying to access this information, so if your original IP leaks it
defeats the purpose of using a VPN. This usually happens due to two internet
protocols, IPv4 and IPv6 and their incompatibility.

2. DNS leak

Sometimes your IP might stay hidden while your DNS address secretly reveals your
location. The DNS server changes plain text URLs into numerical IP addresses. If you’re
not using a VPN, this process is handled by your ISP and their servers, which can see
who visited what websites. If your DNS leaks, then anyone snooping on your traffic will
be able to access this information too. It could even lead to a DNS hijacking attack.

3. WebRTC leak

Web Real-Time Communication (WebRTC) is built into most popular browsers (i.e., Firefox,
Opera, Chrome, and Brave). It enables real-time communications such as voice and video chat,
but it also presents another vulnerability for VPN users.

PREPARED BY CHARLES S. BERICKSON 26

Some websites can take advantage of WebRTC by inserting a few lines of code to see past your
VPN and discover your original IP. This is very useful for websites that provide or block content
based on your geo-location.

It’s possible to prevent these leaks, but first, you have to identify them. You can do so by
running some basic tests that anyone can do. WebRTC is a free, open-source project that provides web
browsers and mobile applications with real-time communication via simple application programming
interfaces.

How to check for IP and/or DNS leaks

1. You need to find out your original IP address given by your ISP.

2. Make a note of your real IP address.

3. Turn on your VPN and go back to the test website.

4. It should now show a different IP address and the country you connected your VPN to. If
the results show your original IP address, then, unfortunately, your VPN is leaking.

5. Sometimes IPLeak tests fail to detect DNS leaks, which can also reveal your identity. So
it’s advisable to check it on DNSLeakTest.

6. If your VPN is on, DNSLeakTest should show the location you’ve chosen and your new
IP.

7. Select Extended Test to dig even deeper. This test might take a few minutes.

8. If the results now show your new IP address and your chosen country, you are safe. Your
VPN isn’t leaking.

What to do if your IP and/or DNS is leaking

The easiest way is to change your VPN provider to one that has dedicated DNS Servers or
offers DNS leak protection, like NordVPN. Or you could manually turn IPv6 off on your device.
However, this might require some technical know-how.

How to check for WebRTC leaks (Web Real-Time Communication)

1. If you haven’t already, find out your original IP address on the IPLeak website. Make a
note of it.

PREPARED BY CHARLES S. BERICKSON 27

 2. Connect to your VPN and refresh the webpage (or go to its alternative dedicated
to WebRTC Testing). It should now show your new IP address and new location based
on the country you’ve chosen.

3. Under ‘Your IP addresses – WebRTC detection’ you should see a private IP that should
be different from your original public IP address. Note that the website showing your
private IP (usually begins with 10.xxx or 192.xxx or sometimes an alpha-numeric IPv6)
doesn’t mean that your WebRTC is leaking.

What to do if your WebRTC is leaking

This time, changing your VPN or tinkering with your settings won’t help. However, you can:

 Use a browser that doesn’t have WebRTC. You can find the full list of browsers that
exclude it on Wikipedia.

 Disable WebRTC by following these tips.

 Install browser extensions:

Eg: on Chrome: Install WebRTC Network Limiter.

My VPN is still not working

However, checking for various leaks might not be enough. There are other reasons why it might
seem that your VPN isn’t working, for example:

 Your browsing speed has dropped. This might happen for several reasons. For
example, you’ve chosen a server which is on the other side of the world, the server is
overloaded, or your ISP is throttling bandwidth. However, you can check your VPN
speed and increase it with a few simple tricks.

 Your ISP or your country is blocking VPN usage. In some countries, especially with
online censorship, VPN usage can be blocked or considered illegal. In China, for
example, only government-approved VPNs are legal.

 Your VPN connection has dropped. Most VPNs offer an automatic kill
switch (including NordVPN), which means that if your VPN connection drops, it will
terminate your internet connection ( application-level kill switches will only terminate
individual programs). The kill switch makes sure that you don’t access the internet
outside of the encrypted VPN tunnel and that your personal information isn’t exposed if
the connection drops.If your VPN connection dropped and activated your system-level
kill switch, you will not be able to access the internet until you connect back to a VPN
server.

PREPARED BY CHARLES S. BERICKSON 28

  VPN malware. Technology experts would never recommend using a free VPN. Not only
do most contain annoying ads, some actually contain malware. If you are using a free
VPN, you might already be exposing more personal information than you wanted to.

 You’ve been hacked. You might think that your VPN isn’t working because someone
has broken into it. In reality, it’s pretty difficult to do so. It’s more likely that you’ve
visited a malicious website or fell for a phishing attack and someone has taken control of
your device. Unfortunately, if someone hacks you, a VPN can’t do much to protect you.

 Test the VPN tunnel:

To verify that your VPN tunnel is working properly, it is necessary to ping the IP address of a
computer on the remote network. By pinging the remote network, you send data packets to the
remote network and the remote network replies that it has received the data packets.

 Test network connectivity

Ping is a network administration utility or tool used to test connectivity on an Internet Protocol
(IP) network. It also measures the latency or delay between two computers. To test network
connectivity with ping: Open the Command Prompt or Terminal.

 Test application connectivity

Before sending requests to Universal API, a ping request is recommended to ensure that there is
proper network connectivity and application operability.

 Verify that you can access a file server on the private network
There are many ways to make files available over the Internet. The real challenge here is finding
a secure, easy-to-use solution.
We recommend TeamViewer as the ideal solution for remotely accessing a PC, whether you’re
accessing your own PC or performing remote tech support. TeamViewer is most often used to
remotely access a PC’s desktop. However, it also has a remote file transfer feature you might not
have noticed. Just select the File transfer option when connecting to a remote PC.Another way is
to already have an SSH server running on your local network, you can use SSH tunneling to
access local network resources rather than setting up a VPN.

 Test and Verify IKE Configuration

IKEv2 stands for Internet key exchange version two, and IPSec refers to the Internet
protocol security suite. ... IKEv2/IPSec uses a Diffie–Hellman key exchange, has no known
vulnerabilities, allows Perfect Forward Secrecy, and supports fast VPN connections.

LEARNING OUTCOME 2.4: TROUBLESHOOT WAN NETWORK

PREPARED BY CHARLES S. BERICKSON 29

Troubleshooting is an important component to understanding and implementing any
technology. WAN connections can have signal problems, routing protocol issues, and other
challenges.

Steps for troubleshooting WAN Networks

 Use monitoring tools
Monitoring tools are used to continuously keep track of the status of the system in use, in order
to have the earliest warning of failures, defects or problems and to improve them. There
are monitoring tools for servers, networks, databases, security, performance, website and
internet usage, and applications.
Network monitoring systems make use of applications to monitor the network traffic, such as
the video stream monitoring, Voice over Internet Protocol (VoIP) monitoring and mail server
(POP3 server) monitoring.

 Monitoring WAN links

The WAN monitoring feature in OpManager monitors the availability of all your WAN links,
the Round Trip Time (RTT) and the traffic details. Detailed WAN performance dashboard
reports are provided and you can quickly navigate the dashboard to see the root cause of
poor WAN availability.

 Monitoring WAN latency

Latency. The time it takes in milliseconds for a data packet to travel across the WAN link.
High latency means data travels more slowly across the network, which can affect business
users. Typically, high latency is caused by network congestion over the WAN link.

 Check the settings and configurations of the WAN

WAN settings let you control how Google Wifi connects to the Internet. The type
of WAN connection you have is generally determined by your Internet Service Provider.
In WAN settings, you can choose from one of the WAN types below and configure their
respective settings: DHCP or Static IP.

 Restore the configuration of WAN devices to its factory default settings

If WAN device cannot be accessed from the web interface, the configuration can be restored to
factory defaults by using the Reset button. This kind of reset clears all configuration settings.

 Troubleshooting of IP configurations issues

The first step in the troubleshooting process is to check the TCP/IP configuration. The easiest
way to do this is to open a Command Prompt window and enter the IPCONFIG /ALL command.
Windows will then display the configuration results.

 Troubleshooting of WAN protocols issues

If the wide area network connection is working the way it should, you could still have problems
with the configuration of the protocols that are going over that wide area network. A good

PREPARED BY CHARLES S. BERICKSON 30

example of this is split horizon. This is a configuration you would set in the dynamic routing
protocols that you’re using across this wide area network link. This is ideally designed to prevent
any type of routing loop on the network.

 Troubleshooting of WAN connectivity issues

How do you troubleshoot WAN connectivity?
8 Easy-to-Do Ways to Troubleshoot Network Connection
1. Check Your Settings. First, check your Wi-Fi settings. ...
2. Check Your Access Points. Check your WAN (wide area network) and LAN (local area
network) connections. ...
3. Go Around Obstacles. ...
4. Restart the Router. ...
5. Check the Wi-Fi Name and Password. ...
6. Check DHCP Settings. ...
7. Update Windows. ...
8. Open Windows Network Diagnostics.
If you feel that there is some type of hardware problem, the wide area network provider can
loopback one of the connections, usually at the interface inside of your environment, and they
can test to see what the experience is like sending traffic to your location and having it loopback
to the provider. They can then see if they’re receiving the same information back and determine
if that line is working well or not. Then you can start troubleshooting even further to determine is
the problem with an interface inside of our building or cables between the wide area network
point of presence and our equipment inside of our location?

 Troubleshooting of WAN performance issues

How to troubleshoot slow network issues
1. Troubleshoot slow network problems with network traffic analysis
One of the most vague issues to land on any Network Administrators desk is users complaining
that the network is slow. In most cases, the network is not to blame, instead the user is
experiencing issues with a slow application or website. However, more than often it is the
responsibility of Network Administrators to troubleshoot slow network issues and prove that it is
not the network
2. Check overall traffic volumes.
If the user complaints are coming from a remote office, I would check traffic volumes on the link
first. We covered this topic in a previous post which looks at ways for generating reports
on WAN bandwidth utilization. If the complaints are coming from users on the local LAN, then I
would focus on all network activity.
3. Find out what are the top applications consuming bandwidth.
Next up, I would check for the most active applications. For most networks, activity like file
sharing, web or database activity ranks highest during business hours. If you see something like
PREPARED BY CHARLES S. BERICKSON 31
backup running during the day or large data replications between servers it can be the source of
network slowdowns.
4. Check for network broadcast issues.
A broadcast storm can slow down a network within seconds. All it takes is for one rogue device
to send out a few hundred megabytes of broadcast data and suddenly your LAN will be saturated
with broadcast packets. A quick way to look for this activity is to filter on network packets which
have ff:ff:ff:ff:ff:ff as a destination MAC address.
5. Watch out for excessive connection rates.
Firewalls and layer 3 devices such as routers, can struggle if connection rates increase
significantly on a network. If clients start disconnecting from web sites or services hosted on the
other side of routers, it is worth checking this metric.

Here are 10 reasons why your network might not be performing to its full potential:
1. Speed Mismatch
This occurs when multiple users try to make use of the same server. In result, this causes a digital
bottleneck which slows down the network’s speed.

2. Old Equipment
Sometimes the problem is that you are using old equipment to run new programs that require
more power and processing capacities than the old equipment can handle.

3. Malware
Unless you have an effective antivirus in operation that is protecting the network, you face a
strong possibility of some virus or malware entering the system and causing damage. This is
what will result in slower speeds.

4. Imperfect Design
When designing a network, make sure to take the amount of traffic it will need to handle on a
regular basis into account. If the servers cannot process the amount of data passing through the
system, then there will be a general slowdown of speed on all of the servers.

5. Misuse of Data Package

One thing that network users must remember is that the amount of data available to them every
month has a limit. Using the internet for non-work related purposes, such as browsing Youtube
or downloading internet content, will result in data getting consumed and server speeds being
slowed.

6. Malfunctioning Equipment

PREPARED BY CHARLES S. BERICKSON 32

A network adapter is responsible for communicating with other computers through the network.
If the adapter starts malfunctioning, then it can cause trouble for the entire network (by
broadcasting junk data packets). In the worst case scenario, it can bring down the entire network.

7. Poor Cable Choice

Cables are often overlooked when it comes to tracking network problems, because people
assume that their simple design rules will out the possibility of them not working properly.
However, even if the cable has not been cut or damaged, it can still cause problems, if the cable
is not large enough to handle higher network speeds.

8. Junk Software
These types of software are not considered to be malware, because they do not cause actual harm
to the network. However, they do pose a different kind of problem by using up precious amounts
of data for performing background activities that serve no useful purpose (which results in
slowing speeds).

9. Low Bandwidth
If you choose a low bandwidth in the beginning, but your online work increases over time, then
your old bandwidth will be unable to handle the new demand and cause a systems slowdown.

10. Network Configuration

In some cases, the settings for network connections on individual computers might be causing
problems for the entire network. This is due to blocking certain types of data usage options.

While these are some of the most common issues that can lead to poor network
performance there are other, more serious, problems that can be causing trouble as well. This is
why you want to contact an IT professional as soon as you notice and problem.

Learning Outcome 2.5: Configure and verify an ADSL connection

FGH Hardware Installation for external DSL modem

(FGH: From Good Homes ?????)

 Connect one end of the DSL modem to the phone jack (RJ11)
 Connect the other end of the DSL modem to a NIC installed in the computer
 RJ45 type of connection is often required
 Connect the power supply to the DSL modem

Provide supplied TCP/IP properties

 One static IP address
 Subnet mask
PREPARED BY CHARLES S. BERICKSON 33
  Gateway IP address
 Primary DNS server IP address
 Secondary DNS server IP address

DSL Network Installation

DSL is a wired transmission that uses traditional copper telephone lines already installed to
homes and businesses. When you connect to the Internet, you might connect through a
regular modem, through a local-area network connection in your office, through a cable
modem or through a digital subscriber line (DSL) connection. DSL is a very high-
speed connection that uses the same wires as a regular telephone line.

First install the Network Interface Card (NIC)

 Adapter
 Protocol (TCP/IP)
 Services (If required)
 Configure the protocol with the settings provided by the ISP

Installing on a Computer Already Connected to a LAN

 If the computer already is connected to a LAN, an additional NIC need to be installed
 The second NIC is connected to the DSL modem
 The TCP/IP protocol will be installed on the additional NIC and configured based on the
values provided by the ISP

Verification and troubleshooting

 Problem with Modem Powering ON
 Problem with the LAN LED
 Problem with LAN Interface
 Problem with the DSL LED
 Problem with the WAN Interface
 Problem with the Login Password
 Problem with WEB Configuration
 Problem with Internet Browsing
 Problem with the Wi-Fi Connectivity

CONFIGURING WAN AND VPN NETWORKS-STEPS BY STEPS.

1. Configuring WAN Settings for Your Internet Connection

PREPARED BY CHARLES S. BERICKSON 34

Use the Networking > WAN > WAN Settings to configure WAN settings by using the account
information provided by your ISP. If you have two ISP links, you can configure one for WAN1
and another for WAN2.

Proceed as needed:
• Release or renew a DHCP WAN connection
• Configure the primary WAN
• Configure a secondary WAN

Release or renew a DHCP WAN connection

If a WAN interface is configured to obtain an IP address from the ISP by using Dynamic Host
Configuration Protocol (DHCP), you can click the Release icon to release its IP address, or click
the Renew icon to obtain a new IP address.

Configure the primary WAN

To configure the settings for the primary WAN (WAN1), click the Edit (pencil) icon. Then use
the WAN - Add/Edit page to configure the connection. If you enabled IPv4/IPv6 routing mode,
complete both tabbed pages. Click OK to save your settings. Click Save to apply your settings to
the security appliance.

For IPv4 routing mode, enter the following information on the IPv4 tab:
• Physical Port: The physical port associated with the primary WAN.
• WAN Name: The name of the primary WAN (WAN1).
• IP Address Assignment: Depending on the requirements of your ISP, choose the
network addressing mode and complete the corresponding settings. The security
appliance supports DHCP Client, Static IP, PPPoE (Point-to-Point Protocol over
Ethernet), PPTP (Point-to-Point Tunneling Protocol), and L2TP (Layer 2 Tunneling
Protocol).
• DNS Server Source: DNS servers map Internet domain names to IP addresses. You
can get DNS server addresses automatically from your ISP or use ISP-specified
addresses.
– Get Dynamically from ISP: Choose this option if you have not been assigned a
static DNS IP address.
– Use these DNS Servers: Choose this option if you have assigned a static DNS IP
address. Also enter the addresses in the DNS1 and DNS2 fields.
• MAC Address Source: Specify the MAC (Media Access Control) address for the
primary WAN. Typically, you can use the unique 48-bit local Ethernet address of
the security appliance as your MAC address source.
– Use Default MAC Address: Choose this option to use the default MAC address.

PREPARED BY CHARLES S. BERICKSON 35

 – Use the following MAC address: If your ISP requires MAC authentication and
another MAC address has been previously registered with your ISP, choose this option
and enter the MAC address that your ISP requires for this connection.
• MAC Address: Enter the MAC address, for example 01:23:45:67:89:ab.
• Zone: Choose the default WAN zone or an untrusted zone for the primary WAN. You
can click the Create Zone link to view, edit, or add the zones on the security
appliance.

For IPv4/IPv6 routing mode, enter the following information on the IPv6 tab:
• IP Address Assignment: Choose Static IP if your ISP assigned a fixed (static or
permanent) IP address, or choose SLAAC if you were not assigned a static IP
address. By default, your security appliance is configured to be a DHCPv6 client of
the ISP, with stateless address auto-configuration (SLAAC).
– SLAAC: SLAAC provides a convenient method to assign IP addresses to IPv6
nodes. This method does not require any human intervention from an IPv6 user. If you
choose SLAAC, the security appliance can generate its own addresses using a
combination of locally available information and information advertised by routers.
– Static IP: If your ISP assigned a static IPv6 address, configure the IPv6 WAN
connection in the following fields:
IPv6 Address: Enter the static IP address that was provided by your ISP.
IPv6 Prefix Length: The IPv6 network (subnet) is identified by the initial bits of the
address called the prefix. All hosts in the network have the identical initial bits for
their IPv6 address. Enter the number of common initial bits in the network’s
addresses. The default prefix length is 64.
Default IPv6 Gateway: Enter the IPv6 address of the gateway for your ISP. This is
usually provided by the ISP or your network administrator.
Primary DNS Server: Enter a valid IP address of the primary DNS server.
Secondary DNS Server (Optional): Optionally, enter a valid IP address of the
secondary DNS server.

Configure a secondary WAN

To configure a secondary WAN (WAN2), click Add. Then use the WAN - Add/Edit page to
configure the connection. If you enabled IPv4/IPv6 routing mode, complete both tabbed pages,
as described for the primary WAN interface. Click OK to save your settings in the pop-up
window. Click Save to apply your settings to the security appliance. To determine how the two
ISP links are used, configure the WAN redundancy settings.

Network Addressing Mode

PREPARED BY CHARLES S. BERICKSON 36

The security appliance supports five types of network addressing modes. You need to specify the
network addressing mode for the primary WAN and the secondary WAN depending on your ISP
requirements.

Note Confirm that you have proper network information from your ISP or a peer router to
configure the security appliance to access the Internet.
Network Configuration
Addressing
Mode

DHCP Client Connection type often used with cable modems. Choose this option if
your ISP dynamically assigns an IP address on connection.

NOTE: Unless a change is required by your ISP, it is recommended

that the MTU values be left as is.
• MTU: The Maximum Transmission Unit is the size, in bytes,
of the largest packet that can be passed on. Choose Auto to
use the default MTU size, or choose Manual if you want to
specify another size.
• MTU Value: If you choose Manual, enter the custom MTU
size in bytes.

Static IP Choose this option if the ISP provides you with a static (permanent) IP
address and does not assign it dynamically. Use the corresponding
information from your ISP to complete the following fields:
• IP Address: Enter the IP address of the WAN port that can
be accessible from the Internet.
• Subnet Mask: Enter the IP address of the subnet mask.
• Gateway: Enter the IP address of default gateway.
• MTU: The Maximum Transmission Unit is the size, in bytes,
of the largest packet that can be passed on. Choose Auto to
use the default MTU size, or choose Manual if you want to
specify another size.
• MTU Value: If you choose Manual, enter the custom MTU
size in bytes.

PPPoE PPPoE uses Point to Point Protocol over Ethernet (PPPoE) to connect to
the Internet. Choose this option if your ISP provides you with client
software, username, and password. Use the necessary PPPoE
information from your ISP to complete the PPPoE configuration.
• User Name: Enter the username that is required to log into
the ISP.

PREPARED BY CHARLES S. BERICKSON 37

 • Password: Enter the password that is required to log into the
ISP.
• Authentication Type: Choose the authentication type
specified by your ISP.
• Connect Idle Time: Choose this option to let the security
appliance disconnect from the Internet after a specified
period of inactivity (Idle Time). This choice is
recommended if your ISP fees are based on the time that
you spend online.
• Keep alive: Choose this option to keep the connection always
on, regardless of the level of activity. This choice is
recommended if you pay a flat fee for your Internet service.
• MTU: Choose Auto to use the default MTU size, or
choose Manual if you want to specify another size.
• MTU Value: If you choose Manual, enter the custom MTU
size in bytes.
• Add VLAN Tag: Click Yes to support VLAN Tagging
(802.1q) over the WAN port, or click No to disable it.
• VLAN Tag ID: Specify the VLAN tag (ID) to the WAN port.
• Reset Timer: You can reset the PPPoE connection at a given
time of a day and day of a week. The reset events are
logged if you enable this feature. Choose one of the
following options from the Frequency drop-down list and
specify the corresponding settings:
– Never: Choose this option to disable this feature.
– Daily: Choose this option to reset the PPPoE
connection at a given time of a day. Specify the time
of a day in the Time fields.
– Weekly: Choose this option to reset the PPPoE
connection at a given day of a week. Then specify the
day of a week and the time of a day.

PPTP The PPTP protocol is typically used for VPN connection. Use the
necessary information from your ISP to complete
the PPTP configuration:
• IP Address: Enter the IP address of the WAN port that can
be accessible from the Internet.
• Subnet Mask: Enter the subnet mask.
• Gateway: Enter the IP address of default gateway.
• User Name: Enter the username that is required to log into
the PPTP server.
• Password: Enter the password that is required to log into the

PREPARED BY CHARLES S. BERICKSON 38

 PPTP server.
• PPTP Server IP Address: Enter the IP address of the PPTP
server.
• MPPE Encryption: Microsoft Point-to-Point Encryption
(MPPE) encrypts data in PPP-based dial-up connections or
PPTP VPN connections. Check this box to enable the
MPPE encryption to provide data security for the PPTP
connection that is between the VPN client and the VPN
server.
• Connect Idle Time: Choose this option to let the security
appliance disconnect from the Internet after a specified
period of inactivity (Idle Time). This choice is
recommended if your ISP fees are based on the time that
you spend online.
• Keep alive: Choose this option to keep the connection always
on, regardless of the level of activity. This choice is
recommended if you pay a flat fee for your Internet service.
• MTU: Choose Auto to use the default MTU size, or
choose Manual if you want to specify another size.
• MTU Value: If you choose Manual, enter the custom MTU
size in bytes.

L2TP Choose this option if you want to use IPsec to connect a L2TP (Layer 2
Tunneling Protocol) server and encrypt all data transmitted from the
client to the server. However, it does not encrypt network traffic to other
destinations. Use the necessary information from your ISP to complete
the L2TP configuration:
• IP Address: Enter the IP address of the WAN port that can
be accessible from the Internet.
• Subnet Mask: Enter the subnet mask.
• Gateway: Enter the IP address of default gateway.
• User Name: Enter the username that is required to log into
the L2TP server.
• Password: Enter the password that is required to log into the
L2TP server.
• L2TP Server IP Address: Enter the IP address of the L2TP
server.
• Secret (Optional): L2TP incorporates a simple, optional,
CHAP-like tunnel authentication system during control
connection establishment. Enter the secret for tunnel
authentication if necessary.
• Connect Idle Time: Choose this option to let the security
appliance disconnect from the Internet after a specified

PREPARED BY CHARLES S. BERICKSON 39

 period of inactivity (Idle Time). This choice is
recommended if your ISP fees are based on the time that
you spend online.
• Keep alive: Choose this option to keep the connection always
on, regardless of the level of activity. This choice is
recommended if you pay a flat fee for your Internet service.
• MTU: Choose Auto to use the default MTU size, or
choose Manual if you want to specify another size.
• MTU Value: If you choose Manual, enter the custom MTU
size in bytes.

PREPARED BY CHARLES S. BERICKSON 40

 2. Setting a Static WAN IP address on the TP-Link and DD-
WRT routers
Note: While these routers are no longer sold, some customers may still have this equipment.
This guide is meant for those older routers that need a Static WAN IP Address.
To begin setting a static WAN IP Address, make sure the client is connected to the router. This
can either be by a wireless connection through the Access Point (assuming it is online and
broadcasting) or through a direct ethernet connection to one of the TP-Link or DD-WRT
Router’s yellow LAN ports.

1. Open a Web Browser and type the router’s IP address into the Address Bar:

192.168.22.1

2. Once the Router page comes up, click the Setup tab in the upper left hand side of the
page:

PREPARED BY CHARLES S. BERICKSON 41

3. When prompted for a User Name and Password enter:
Name: admin
Password: revelrocks
4. Near the top of the page under WAN Setup/Wan Connection Type:
 Change the Connection Type using the drop-down from Automatic
Configuration - DHCP to Static IP:

PREPARED BY CHARLES S. BERICKSON 42

 Enter the WAN IP Address, Subnet Mask, and Gateway information as
provided by your ISP:

PREPARED BY CHARLES S. BERICKSON 43

 Scroll to the bottom of the page and click Save.
 Wait a few moments for the screen to reload and then click Apply Settings:

PREPARED BY CHARLES S. BERICKSON 44

 3. How to configure WAN settings (DHCP, PPPOE) on D-Link gaming
router (DGL-4100)?

This article teaches you how to set the D-Link gaming router to configure WAN settings, Include
PPPOE and DHCP .D-Link gaming router such as DGL-4100,DGL-4300 and DGL-4500.

1. DHCP Case (Dynamic Host Control Protocol)

Step 1 Open a web browser and type the IP address of the gaming router in the address bar
(default is 192.168.0.1). Press Enter.

Step 2 The default password is blank (nothing). Click Log In.

Step 3 Click WAN on the left side.

PREPARED BY CHARLES S. BERICKSON 45

 Step 4: In the Modes section configure the following:

 WAN Mode – Select DHCP

 Use these DNS Servers – Select this option to manually enter DNS servers. DNS servers
translate domain names (i.e. dlink.com) to IP addresses (i.e. 64.7.210.130).
 Primary DNS Server – If you selected Use these DNS Servers enter the domain name or
IP address of your primary DNS server.
 Secondary DNS Server – If you selected the Use these DNS Server enter the domain
name or IP address of your secondary DNS server (optional).

Step 5: Click Advanced and configure the following:

 MTU – The MTU (Maximum Transmission Unit) determines the largest packet size (in
bytes). Contact your ISP for your MTU. Typical values are 1500 bytes for an Ethernet
connection and 1492 bytes for a PPPoE connection. If the MTU is set too high, packets
will be fragmented downstream. If the MTU is set too low, the router will fragment
packets unnecessarily and in some cases may be unable to establish connections.
 Use the default MTU – Select this option to use the default MTU for your WAN
connection type.
 WAN Port Speed – It is recommended leaving this at the default value of Auto.
 Respond to WAN Ping – Select this option if you want the WAN interface to respond
to pings.
 MAC Cloning Enabled – Select this option if you want to clone the MAC address of
the WAN port with your computer.
 MAC Address – If you selected the MAC Cloning Enabled option enter the MAC
address or click Clone Your PC´s MAC Address to clone the MAC address of your PC.
Step 6: In the DHCP WAN Mode enter a Host name if this is required by your ISP.

Step 7: Click Save settings at the top to save the new settings.

PREPARED BY CHARLES S. BERICKSON 46

Step 8: Click Reboot Device.

Step 9: In the DHCP WAN Mode section click Renew next to DHCP Connection.

You should now be able to connect to the Internet.

2. PPPOE Case (Point to Point Protocol Over Ethernet)

Step 1 Open a web browser and type the IP address of the gaming router in the address bar
(default is 192.168.0.1). Press Enter.

Step 2 The default password is blank (nothing). Click Log In.

Step 3 Click WAN on the left side.

Step 4 In the Modes section configure the following:

PREPARED BY CHARLES S. BERICKSON 47

  WAN Mode – Select PPPoE
 Use these DNS Servers – Select this option to manually enter DNS servers. DNS servers
translate domain names (i.e. dlink.com) to IP addresses (i.e. 64.7.210.130).
 Primary DNS Server – If you selected Use these DNS Servers enter the domain name or
IP address of your primary DNS server.
 Secondary DNS Server – If you selected the Use these DNS Server enter the domain
name or IP address of your secondary DNS server (optional).

Step 5 Click Advanced and configure the following:

 MTU – The MTU (Maximum Transmission Unit) determines the largest packet size (in
bytes). Contact your ISP for your MTU. Typical values are 1500 bytes for an Ethernet
connection and 1492 bytes for a PPPoE connection. If the MTU is set too high, packets
will be fragmented downstream. If the MTU is set too low, the router will fragment
packets unnecessarily and in some cases may be unable to establish connections.
 Use the default MTU – Select this option to use the default MTU for your WAN
connection type.
 WAN Port Speed – It is recommended leaving this at the default value of Auto.

Step 6 In the PPPoE WAN Mode section configure the following. If you are unsure about any of
the below settings contact your ISP or network administrator.

PREPARED BY CHARLES S. BERICKSON 48

  Username – Enter your username
 Password – Enter your password
 Verify Password – Confirm your password
 Service Name – Enter a service name if required by your ISP
 Reconnect Mode – Select Always On to keep a connection to the Internet, On
demand to automatically connect whenever a request is sent to access the Internet,
or Manual to connect manually.
 Maximum Idle Time – Enter the maximum idle time (in minutes). The maximum idle
time is the amount of time when there is no activity in which the Internet connection will
disconnect. Enter 0 to always stay connected.

Step 7 Click Save Settings at the top to save the new settings.

Step 8 Click Reboot Device.

LU3: Document of the Work Done

Learning Outcome 3.1: Accurate documentation and submission of review process

 Technical journal
 Network diagram
A network diagram is a visual representation of a computer or telecommunications network. It
shows the components that make up a network and how they interact, including routers, devices,
hubs, firewalls, etc. This network diagram shows a local area network (LAN)

Importance of network diagrams

Network Diagrams aid in planning, organizing and controlling. Since all project activities are
shown in sequence with relevant interrelationships, the network diagram of a project will help
the project manager and team during planning and organizing.

PREPARED BY CHARLES S. BERICKSON 49

Here is our list of the best network diagram, mapping and topology tools:
1) SolarWinds Network Topology Mapper
2) Paessler PRTG Network Mapping Tools
3) ConceptDraw Pro
4) Lucidchart
5) Intermapper
6) CADE
7) Dia
8) eDraw
9) LanFlow
10) NetProbe
11) Network Notepad
12) Microsoft Visio
13) Ipswitch WhatsUp Gold
14) GoVisual Diagram Editor

 Configuration backup
IOS: iOS is a mobile operating system created and developed by Apple Inc. exclusively
for its hardware. It is the operating system that presently powers many of the company's
mobile devices, including the iPhone, and iPod Touch.
Configurations: a configuration of a system refers to the arrangement of each of its
functional units, according to their nature, number and chief characteristics.

Learning Outcome 3.2: Documentation of all logs issues and action taken for future
reference

 Report
 Logs issues:
An issue log is a documentation element of software project management that contains a list of
ongoing and closed issues of the project. While issue logs can be viewed as a way to track errors
in the project, the role it plays often extends further.

 Solution implementation
Solution Implementation involves the identification, adaptation, and implementation of new
and enhanced future-proof business and technical scenarios. It is designed to separate technical
installation from business innovation and uses SAP Solution Manager to implement innovation
within the system landscape.

 Description of materials used

Here you describe all materials and equipment to be used, whether or not shown on.
What are the components of a WAN?
Describe the Three basic components of Wide area networks are as follows:
1) Customer Premises Equipment (CPE):

PREPARED BY CHARLES S. BERICKSON 50

 Customer premises equipment acts like a border router to connect corporate sites to wired
access lines. Customer premises equipment refer to all devices like telephones, switches,
gateways.

2) Access links: it is used for connection of customer premises to the network core of
WAN. Wired access links are also prevalent.

3) Network core: it connects access links to other links. The carrier takes of network core
and takes care of it.

…………………….END………….

PREPARED BY CHARLES S. BERICKSON 51