Exploration Accessing WAN Semester 4

Services in a Converged
WAN
Accessing the WAN – Chapter 1
ITE I Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Objectives
Describe how the Cisco Enterprise Composite
Model (ECNM) provides integrated services
over an Enterprise network.
Describe the key WAN technology concepts.
Identify the appropriate WAN technologies to
use when matching ECNM best practices with
typical enterprise requirements for WAN
communications.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Describe How ECNM Provides Integrated
Services over an Enterprise Network
Explain the purpose and function of WANs
Describe the stages of business growth, the
corresponding business requirements for services and
how those requirements are reflected in the
Enterprise’s changing network topology
Describe the problems with the Hierarchical Design
Model that Cisco's Enterprise Composite Model has
been designed to address
Explain the purpose of Cisco Enterprise Architectures
Describe the Key WAN Technology
Concepts
Describe WAN functions in terms of the OSI Reference
Model
Concepts
Describe the key WAN physical layer concepts for
network and Internet communications
Concepts
Describe the key WAN data link layer protocols used in
today’s Enterprise WAN networks
Concepts
Describe the switching technologies used for WANs in
an Enterprise setting
Select the Appropriate WAN Technology to meet
ECNM Requirements
List the various options for connecting subscribers to
the WAN
ECNM Requirements
Describe how Enterprises use leased line services to
provide a WAN connection
ECNM Requirements
Describe the circuit switching options available to
ECNM Requirements
Describe the packet switching options available to
ECNM Requirements
List factors to consider when selecting a WAN
connection
Summary
A WAN is defined as
A data communications network that operates beyond the
geographic scope of a LAN
WAN primarily operate on layer 1 & 2 of the OSI model

WAN technologies include
–Leased line
–ISDN
–Frame relay
–X.25
–ATM
Summary
Cisco Enterprise Architecture
–This is an expansion of the hierarchical model that further
divides the enterprise network into
•Physical areas
•Logical areas
•Functional areas
Selecting the appropriate WAN technology requires

considering some of the following:
–WAN’s purpose
–Geographic scope of WAN
–Traffic requirements
–If WAN uses a public or private infrastructure
Point-to-Point Protocol
(PPP)
Objectives
Describe the fundamental concepts of point-to-point serial
communication including TDM, demarcation point, DTE-DCE
functions, HDLC encapsulation, and serial interface
troubleshooting.
Describe PPP concepts including PPP layered architecture, PPP
frame structure, PPP session establishment, multiprotocol
encapsulation support, link control protocol (LCP), network
control protocol (NCP), and Internet Protocol Control Protocol
(IPCP).
Configure PPP on a serial interface including enabling PPP
encapsulation, verifying the PPP connection and troubleshooting
encapsulation problems.
Configure PPP authentication including explaining PAP and
CHAP authentication protocols, configuring PPP authentication
using PAP and CHAP, and troubleshooting PPP authentication
problems.
Describe the Fundamental Concepts of
Point-to-Point Serial Communication
Describe the concept of serial communication as the
basis of WAN technologies
Explain how two or more data streams are transported
across a single physical connection using TDM
Define the location of the demarcation point relative to
customer and service provider networks
Explain the terms DTE and DCE with relative to the
location of devices in a network
Describe how high-level data link control (HDLC) uses
one of three frame types to encapsulate data
Explain when and how to configure HDLC
encapsulation on a router
Describe the procedure to follow when troubleshooting
a serial connection
Describe Point-to-Point Concepts
Describe PPP in terms of its use in WAN links
Describe the general function of each layer of PPP
architecture
Describe the purpose and format of each of the fields in
a PPP frame
Define the three phases of PPP session establishment
Explain the role of the LCP in PPP
Describe the characteristics of NCP
Configure PPP on a Serial Interface
Describe how configuration options are communicated
in the LCP frame
Explain the purpose of the commands used to
configure and verify PPP connections
Explain the output of the show interfaces serial
command
Explain the output of the debug ppp command
Configuring PPP with Authentication
Differentiate between PAP and CHAP
Describe how to use PAP to authenticate a PPP
connection
Describe how to use CHAP to authenticate a PPP
connection
Outline the PPP encapsulation and authentication
process on a flow chart
Explain how to configure a PPP connection with
authentication
Explain the output of the debug ppp authentication
command
Summary
PPP is a widely used WAN protocol

PPP provides multi-protocol LAN to WAN connections
PPP session establishment – 4 phases
Link establishment
Link quality determination
Network layer protocol configuration negotiation
Link termination
WAN Encapsulation
–HDLC default encapsulation
–PPP
Summary
PPP authentication
–PAP
•2 way handshake
–CHAP
•3 way handshake
–Use debug ppp authentication to confirm authentication
configuration
PPP configuration
–Done on a serial interface
After PPP configuration, use show interfaces command

to display:
–LCP state
–NCP state
Frame Relay
Objectives
Describe the fundamental concepts of Frame Relay technology
in terms of Enterprise WAN services including Frame Relay
operation, Frame Relay implementation requirements, Frame
Relay maps, and LMI operation.
Configure a basic Frame Relay PVC including configuring and
troubleshooting Frame Relay on a router serial interface and
configuring a static Frame Relay map.
Describe advanced concepts of Frame Relay technology in
terms of Enterprise WAN services including Frame Relay sub-
interfaces, Frame Relay bandwidth and flow control.
Configure an advanced Frame Relay PVC including solving
reachability issues, configuring Frame Relay sub-interfaces,
verifying and troubleshooting Frame Relay configuration.
Describe the Fundamental Concepts of Frame
Relay Technology
Describe how Frame Relay is used to provide WAN
services to the Enterprise
Relay Technology
Describe how Frame Relay uses virtual circuits to carry
packets from one DTE to another
Relay Technology
Explain how Frame Relay encapsulation works
Relay Technology
Describe the types of topologies that are used for
implementing Frame Relay in different environments
Relay Technology
Describe how a router attached to a Frame Relay
network uses LMI status messages and inverse ARP
queries to map VCs to layer 3 network IP Addresses
Configure a Basic Frame Relay PVC
Configure a basic Frame Relay PVC on a router serial
interface
Configure a Basic Frame Relay PVC
Configure a static Frame Relay map
Describe Advanced Concepts of Frame Relay
Technology
Explain the reachability issues associated with the
Frame Relay NBMA topology
Technology
Describe how to implement bandwidth control in the
Frame Relay technology
Technology
Describe how to implement flow control in Frame Relay
technology
Configure an Advanced Frame Relay PVC
Explain the steps to configure point-to-point
subinterfaces on a physical interface
Describe the commands used for verifying Frame Relay
operation
Describe the steps for troubleshooting a Frame Relay
configuration
Summary
Frame relay is the most widely used WAN technology
because it:
–Provides greater bandwidth than leased line
–Reduces cost because it uses less equipment
–Easy to implement
Frame relay is associated with layer 2 of the OSI model

and encapsulates data packets in a frame relay frame
Frame relay is configured on virtual circuits
–These virtual circuits may be identified by a DLCI
Frame relay uses inverse ARP to map DLCI to IP

addresses
Summary
Configuring frame relay requires

–Enable frame relay encapsulation
–Configuring either static or dynamic mapping
–Considering split horizon problems that develop when multiple
VCs are placed on a single physical interface
Factor affecting frame relay configuration
–How service provider has their charging scheme set up
Frame relay flow control
–DE
–FECN
–BECN
Summary
The following commands can be used to help verify

frame relay configuration
–Show interfaces
–Show frame-relay lmi
–Show frame-relay pvc ###
–Show frame-relay map
Use the following command to help troubleshoot a

frame relay configuration
–Debug frame-relay lmi
Enterprise Network
Security
Objectives
Describe the general methods used to mitigate
security threats to Enterprise networks
Configure Basic Router Security
Explain how to disable unused Cisco router network
services and interfaces
Explain how to use Cisco SDM
Manage Cisco IOS devices
Describe the General Methods used to Mitigate
Security Threats to Enterprise Networks
Explain how sophisticated attack tools and open
networks have created an increased need for network
security and dynamic security policies
Describe the most common security threats and how
they impact enterprises
Describe the most common types of network attacks
and how they impact enterprises
Describe the common mitigation techniques that
enterprises use to protect themselves against threats
Explain the concept of the Network Security Wheel
Explain the goals of a comprehensive security policy in
an organization
Explain why the security of routers and their
configuration settings is vital to network operation
Describe the recommended approach to applying Cisco
IOS security features on network routers
Describe the basic security measures needed to secure
Cisco routers
Explain How to Disable Unused Cisco
Router Network Services and Interfaces
Describe the router services and interfaces that are
vulnerable to network attack
Explain the vulnerabilities posed by commonly
configured management services
Explain how to secure a router with the command-line
interface (CLI) auto secure command
Explain How to Use Cisco SDM
Provide an overview of Cisco SDM
Explain the steps to configure a router to use Cisco
SDM
Explain the steps you follow to start SDM
Describe the Cisco SDM Interface
Describe the commonly used Cisco SDM wizards
Explain how to use Cisco SDM for locking down your
router
Manage Cisco IOS Devices
Describe the file systems used by a Cisco router
Describe how to backup and upgrade a Cisco IOS
image
Explain how to back up and upgrade Cisco IOS
software images using a network server
Explain how to recover a Cisco IOS software image
Compare the use of the show and debug commands
when troubleshooting Cisco router configurations
Explain how to recover the enable password and the
enable secret passwords
Summary
Security Threats to an Enterprise network include:
–Unstructured threats
–Structured threats
–External threats
–Internal threats
Methods to lessen security threats consist of:

–Device hardening
–Use of antivirus software
–Firewalls
–Download security updates
Summary
Basic router security involves the following:
–Physical security
–Update and backup IOS
–Backup configuration files
–Password configuration
–Logging router activity
Disable unused router interfaces & services to minimize

their exploitation by intruders
Cisco SDM
–A web based management tool for configuring security
measures on Cisco routers
Summary
Cisco IOS Integrated File System (IFS)

–Allows for the creation, navigation & manipulation of
directories on a cisco device
Access Control Lists
Objectives
Explain how ACLs are used to secure a medium-size
Enterprise branch office network.
Configure standard ACLs in a medium-size Enterprise
branch office network.
Configure extended ACLs in a medium-size
Enterprise branch office network.
Describe complex ACLs in a medium-size Enterprise
branch office network.
Implement, verify and troubleshoot ACLs in an
enterprise network environment.
Explain How ACLs are Used to Secure a
Medium-Size Enterprise Branch Office Network
Describe the steps that occur in a complete TCP
conversation
Explain how a packet filter allows or blocks traffic
Describe how ACLs control access to networks
Use a flow chart to show how ACLs operate
Describe the types and formats of ACLs
Explain how Cisco ACLs can be identified using
standardized numbering or names
Describe where ACLs should be placed in a network
Explain the considerations for creating ACLs
Configure Standard ACLs in a Medium-
Size Enterprise Branch Office Network
Explain why the order in which criteria statements are
entered into an ACL is important
Explain how to configure a standard ACL
Describe how to use wildcard masks with ACLs
Describe how to apply a standard ACL to an interface
Explain the process for editing numbered ACLs
Explain how to create a named ACL
Describe how to monitor and verify ACLs
Explain the process for editing named ACLs
Configure Extended ACLs in a Medium-
Explain how an extended ACL provides more filtering
then a standard ACL
Describe how to configure extended ACLs
Describe how to apply an extended ACL to an interface
Describe how to create named extended ACLs
Describe Complex ACLs in a Medium-Size
Enterprise Branch Office Network
List the three types of complex ACLs
Explain how and when to use dynamic ACLs
Explain how and when to use reflexive ACLs
Explain how and when to use time-based ACLs
Describe how to troubleshoot common ACL problems
Implement, Verify and Troubleshoot ACLs
in an Enterprise Network Environment
Create, place and verify a standard/ extended ACL and
verify its placement.
Verify ACL’s functionality and troubleshoot as needed.
Summary
An Access List (ACL) is:
A series of permit and deny statements that are used to filter
traffic
Standard ACL
–Identified by numbers 1 - 99 and 1300 - 1999
–Filter traffic based on source IP address
Extended ACL
–Identified by number 100 -199 & 2000 - 2699
–Filter traffic based on
•Source IP address
•Destination IP address
•Protocol
•Port number
Summary
Named ACL
–Used with IOS 11.2 and above
–Can be used for either standard or extended ACL
ACL’s use Wildcard Masks (WCM)

–Described as the inverse of a subnet mask
•Reason
–0 Æ check the bit
–1 Æ ignore the bit
Summary
Implementing ACLs
–1st create the ACL
–2nd place the ACL on an interface
•Standard ACL are placed nearest the destination
•Extended ACL are placed nearest the source
Use the following commands for verifying &

troubleshooting an ACL
–Show access-list
–Show interfaces
–Show run
Summary
Complex ACL
–Dynamic ACL
–Reflexive ACL
–Time based ACL
Providing Teleworker
Services
Objectives
Describe the enterprise requirements for providing
teleworker services
Explain how broadband services extend Enterprise
Networks including DSL, cable, and wireless
Describe how VPN technology provides secure
teleworker services in an Enterprise setting
Describe the Enterprise Requirements for
Providing Teleworker Services
Describe the benefits of teleworkers for business,
society and the environment.
List remote connection technologies and describe
scenarios in which each would be implemented.
Describe the key differences between private and
public network infrastructures
Explain How Broadband Services extend
Enterprise Networks
Briefly describe how broadband services allow
teleworkers to use the Internet to connect to the
Enterprise WAN
Enterprise Networks
Describe how Enterprises use cable connectivity to
extend their reach
Enterprise Networks
Describe how Enterprises use DSL connectivity to
extend their reach
Enterprise Networks
Describe how Enterprises use broadband wireless
connectivity to extend their reach
Enterprise Networks
Describe how Enterprises defend themselves from
threats to wireless network security
Describe How VPN Technology Provides Secure
Teleworker Services in an Enterprise Setting
Explain the importance and benefits of VPN technology
Compare site-to-site VPNs to remote-access VPNs
Describe the hardware and software components that
typically make up a VPN
Describe the characteristics of secure VPNs
Describe the concept of VPN tunneling
Describe the concept of VPN encryption
Describe the concept of IPsec Protocols
Summary
Requirements for providing teleworker services are:

–Maintains continuity of operations
–Provides for increased services
–Secure & reliable access to information
–Cost effective
–Scalable
Components needed for a teleworker to connect to an

organization’s network are:
–Home components
–Corporate components
Summary
Broadband services used
–Cable
• transmits signal in either direction simultaneously
–DSL
• requires minimal changes to existing telephone
infrastructure
• delivers high bandwidth data rates to customers
–Wireless
• increases mobility
• wireless availability via:
» municipal WiFi
» WiMax
» satellite internet
Summary
Securing teleworker services

–VPN security achieved through using
•Advanced encryption techniques
•Tunneling
–Characteristics of a secure VPN
•Data confidentiality
•Data integrity
•authentication
Implementing IP
Addressing Services
Objectives
Configure DHCP in an enterprise branch network
Configure NAT on a Cisco router
Configure new generation RIP (RIPng) to use IPv6
Configure DHCP in an Enterprise Branch
Network
Describe the function of DHCP in a network
Network
Describe how DHCP dynamically assigns an IP
address to a client
Network
Describe the differences between BOOTP and DHCP
Network
Describe how to configure a DHCP server
Network
Describe how to configure a Cisco router as a DHCP
client
Network
Explain how DHCP Relay can be used to configure a
router to relay DHCP messages when the server and
the client are not on the same segment
Network
Describe how to configure a Cisco router as a DHCP
client using SDM
Network
Describe how to troubleshoot a DHCP configuration
Configure NAT on a Cisco Router
Describe the operation and benefits of using private
and public IP addressing
Explain the key features of NAT and NAT overload
Explain the advantages and disadvantages of NAT
Describe how to configure static NAT to conserve IP
address space in a network
Describe how to configure dynamic NAT to conserve IP
address space in a network
Describe how to configure NAT Overload to conserve
IP address space in a network
Describe how to configure port forwarding
Describe how to verify and troubleshoot NAT and NAT
overload configurations
Configure New Generation RIP (RIPng) to
use IPv6
Explain the need for IPv6 to provide a long-term
solution to the depletion problem of IP address
use IPv6
Describe the format of the IPv6 addresses and the
appropriate methods for abbreviating them
use IPv6
Explain the various methods of assigning IPv6
addresses to a device
use IPv6
Describe the transition strategies for implementing IPv6
use IPv6
Describe how Cisco IOS dual stack enables IPv6 to run
concurrently with IPv4 in a network
use IPv6
Describe the concept of IPv6 tunneling
use IPv6
Describe how IPv6 affects common routing protocols,
and how these protocols are modified to support IPv6
use IPv6
Explain how to configure a router to use IPv6
use IPv6
Explain how to configure and verify RIPng for IPv6
use IPv6
Explain how to verify and troubleshoot IPv6
Summary
Dynamic Host Control Protocol (DHCP)

This is a means of assigning IP address and other configuration
information automatically.
DHCP operation
–3 different allocation methods
•Manual
•Automatic
•Dynamic
–Steps to configure DHCP
•Define range of addresses
•Create DHCP pool
•Configure DHCP pool specifics
Summary
DHCP Relay
Concept of using a router configured to listen for DHCP
messages from DHCP clients and then forwards those
messages to servers on different subnets
Troubleshooting DHCP
–Most problems arise due to configuration errors
–Commands to aid troubleshooting
•Show ip dhcp
•Show run
•debug
Summary
Private IP addresses
–Class A = 10.x.x.x
–Class B = 172.16.x.x – 172.31.x.x
–Class C = 192.168.x.x
Network Address Translation (NAT)

–A means of translating private IP addresses to public IP
addresses
–Type s of NAT
•Static
•Dynamic
–Some commands used for troubleshooting
•Show ip nat translations
•Show ip nat statistics
•Debug ip nat
Summary
IPv6
–A 128 bit address that uses colons to separate entries
–Normally written as 8 groups of 4 hexadecimal digits
Cisco IOS Dual Stack

–A way of permitting a node to have connectivity to an IPv4 &
IP v6 network simultaneously
IPv6 Tunneling
–An IPV6 packet is encapsulated within another protocol
Summary
Configuring RIPng with IPv6

1st globally enable IPv6
2nd enable IPv6 on interfaces on which IPv6 is to be enabled
3rd enable RIPng using either
ipv6 rotuer rip name
ipv6 router name enable
Network
Troubleshooting
Objectives
Establish a network baseline
Describe troubleshooting methodologies and
troubleshooting tools
Describe the common issues that occur during WAN
implementation
Troubleshoot enterprise network implementation
issues
Establish a Network Baseline
Explain the importance of network documentation
Describe the stages of the network documentation
process
Explain the purpose for measuring normal network
performance when creating a baseline
Describe the steps for establishing a network baseline
Describe Troubleshooting Methodologies
and Troubleshooting Tools
Explain why a systematic method is the generally the
best approach to troubleshooting
Describe how layered models, such as the OSI
reference model or TCP/IP model, are used for
troubleshooting
Describe the three stages of the general
troubleshooting process
Describe the three main methods for troubleshooting
network problems
Describe the stages for gathering symptoms for
troubleshooting a network problem
Describe the types of software and hardware tools that
are commonly used when troubleshooting networks
Describe the Common Issues that Occur
During WAN Implementation
Describe the fundamentals in WAN design and
communication
Describe the steps for designing or modifying a WAN
Describe the considerations for analyzing WAN traffic
Describe the considerations for designing a WAN
topology
Describe common WAN implementation issues
Describe the recommended steps for troubleshooting a
WAN
Troubleshoot Enterprise Network
Implementation Issues
Explain how network diagrams are used for
troubleshooting
Describe how to troubleshoot network problems
occurring at the physical layer
occurring at the data link layer
occurring at the network layer
occurring at the transport layer
occurring in the application layers
Summary
Network Baseline
How a network is expected to perform under normal conditions
Network documentation should include:

– Network configuration table
– End-system configuration table
– Network topology diagram
Planning for the 1st baseline

– Determine what type of data to collect
– Identify devices and ports of interest
– Determine baseline duration
Summary
3 stages of the troubleshooting process

–Gather symptoms
–Isolate problem
–Correct problem
3 main methods for troubleshooting a network

–Bottom up
–Top down
–Divide & conquer
Summary
Software troubleshooting tools

–Cisco view
–Solar winds
–HP Open view
Hardware troubleshooting tools

–Network analysis mode
–Digital multi-meters
–Cable testers
–Network analyzer
Summary
Common WAN implementation issues include

–QoS
–Reliability
–Security
–Latency
–Confidentiality
–Public or Private
Using a layered approach to troubleshooting aids in

isolating and solving the problem

Exploration Accessing WAN Semester 4

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Exploration Accessing WAN Semester 4

Enviado por

Direitos autorais:

Formatos disponíveis

Services in a Converged

Accessing the WAN – Chapter 1

 WAN primarily operate on layer 1 & 2 of the OSI model

 Selecting the appropriate WAN technology requires

Accessing the WAN – Chapter 2

 PPP is a widely used WAN protocol

 After PPP configuration, use show interfaces command

Accessing the WAN – Chapter 3

 Frame relay is associated with layer 2 of the OSI model

 Frame relay uses inverse ARP to map DLCI to IP

 Configuring frame relay requires

 The following commands can be used to help verify

 Use the following command to help troubleshoot a

Accessing the WAN – Chapter 4

 Methods to lessen security threats consist of:

 Disable unused router interfaces & services to minimize

 Cisco IOS Integrated File System (IFS)

Accessing the WAN – Chapter 5

 ACL’s use Wildcard Masks (WCM)

 Use the following commands for verifying &

Accessing the WAN – Chapter 6

 Requirements for providing teleworker services are:

 Components needed for a teleworker to connect to an

 Securing teleworker services

Accessing the WAN – Chapter 7

 Dynamic Host Control Protocol (DHCP)

 Network Address Translation (NAT)

 Cisco IOS Dual Stack

 Configuring RIPng with IPv6

Accessing the WAN – Chapter 8

 Network documentation should include:

 Planning for the 1st baseline

 3 stages of the troubleshooting process

 3 main methods for troubleshooting a network

 Software troubleshooting tools

 Hardware troubleshooting tools

 Common WAN implementation issues include

 Using a layered approach to troubleshooting aids in

Você também pode gostar

WAN primarily operate on layer 1 & 2 of the OSI model

Selecting the appropriate WAN technology requires

PPP is a widely used WAN protocol

After PPP configuration, use show interfaces command

Frame relay is associated with layer 2 of the OSI model

Frame relay uses inverse ARP to map DLCI to IP

Configuring frame relay requires

The following commands can be used to help verify

Use the following command to help troubleshoot a

Methods to lessen security threats consist of:

Disable unused router interfaces & services to minimize

Cisco IOS Integrated File System (IFS)

ACL’s use Wildcard Masks (WCM)

Use the following commands for verifying &

Requirements for providing teleworker services are:

Components needed for a teleworker to connect to an

Securing teleworker services

Dynamic Host Control Protocol (DHCP)

Network Address Translation (NAT)

Cisco IOS Dual Stack

Configuring RIPng with IPv6

Network documentation should include:

Planning for the 1st baseline

3 stages of the troubleshooting process

3 main methods for troubleshooting a network

Software troubleshooting tools

Hardware troubleshooting tools

Common WAN implementation issues include

Using a layered approach to troubleshooting aids in