Cisco BCRAN -
Building Cisco Remote Access Networks
This study guide is developed
to provide you with an overview of the Cisco 505 BCRAN
subject. You are suggested to use this study guide to give
yourself a “bird eye view” of the exam.
Exam Objectives
According to Cisco, the Cisco
Remote Access exam includes topics on wide area network
concepts, configuration of an asynchronous interface on a
Cisco router, implementing Point-to-Point Protocol and various
authentication schemes, Dial-on-Demand Routing, and leased
lines.
Readings
Similar to most of the Cisco
exam, you must be familiar with concepts of TCP/IP and the OSI
model.
For a good tutorial on
TCP/IP, you may visit
http://www.3com.com/nsc/501302.html
In addition, you may learn
more about the OSI model at
http://www.rad.com/networks/1994/osi/intro.htm
This exam has a lot of WAN stuff. You should have solid
knowledge on ISDN, X.25 and Frame Relay
For information on ISDN:
http://www.ralphb.net/ISDN/
For tutorial on Frame Relay:
http://www.uswest.com/products/data/frame/tutorial/
For tutorial on X.25:
http://www.rad.com/networks/1996/x25/x25.htm
Tutorials on PPP:
http://cio.cisco.com/warp/public/779/smbiz/service/knowledge/wan/ppp_auth.htm
Commands for setting up X.25
and LAPB
Configuring Frame Relay:
http://www.cisco.com/warp/public/125/13.html
Configuring ISDN DDR
http://www.cisco.com/warp/public/793/access_dial/ddr_dialer_profile.html
Configuring ISDN line
Apart from WAN connectivity, you must also be familiar with
the various remote access authentication and security
technologies
Tutorials on PAP and CHAP: http://www.cisco.com/warp/public/474/9.html
Advanced traffic shaping
Outbound traffic queuing
RSVP
Tutorial on
RADIUS
Tutorial on TACACS
Introduction to VPN
NAT Configuration
=================================================================
Do NOT use this study guide
as your sole study resource. Successful completion of the 505
exam requires both practical experience as well as lots and
lots of reading.
On the actual exam you will
encounter questions on IOS commands as well as many terms. For
the commands, Cisco’s original documentation has very
detailed coverage.
=================================================================
WAN Connections
3 types of
connection
Considerations when choosing a WAN connection type
-
Amount of data transfer
-
Availability
-
Bandwidth
-
Cost
-
Management
-
QoS
-
Security
Comparison between the alternatives
Dedicated
Lease Line
|
Circuit-Switching
|
Packet-switching
|
|
-
Uses the phone
company networks
-
Mostly on as
needed basis
-
Lower cost (charge
based on usage)
|
-
Shared bandwidth
-
More efficient
than circuit switching and less costly than leased
line
-
Can go for 24 x 7
connection
-
Non-fixed path
-
Less control than
lease line
|
Site Considerations
-
Central Site
-
Must provide access to
multiple users from different sites
-
Must control the costs
-
Branch Site
-
Must be able to
connect to the central site
-
Telecommuter Site
-
Must be able to access
company information on demand
-
Request may be made
from various remote locations
You use the
Cisco Product Selection Tools to choose the appropriate
products for the connection types.
Cisco 700 series router is for
-
Telecommuter
-
Small office
-
Home office
Functions include
-
Networking
-
Routing
-
WAN Connectivity
-
ISDN
-
Telephony
Router Access Modes
Modem
-
Classified as Data
communications equipment DCE
-
Converts digital signals
to analog signals
-
Signaling
functions
-
TxD - Transmit data
-
RxD - Receive data
-
GRD - Grounding
-
Hardware flow
control
-
RTS - Request To Send
-
CTS - Clear To
Send
-
Modem
control
-
DTR - Data Terminal
Ready
-
CD - Carrier Detect
-
DSR - Data Set Ready
-
Modem Modulation ITU
Standards
-
V.22
: 1200 bps
-
V.22bis
: 2400 bps
-
V.32
: 9600 bps
-
V.32bis
: 14.4 kbps
-
V.34
: 28.8 kbps
-
V.34 annex 1201H
: 33.6 kbps
-
V.90
: 56 kbps
-
Error detection &
correction with Microcom Networking Protocol MNP
-
MNP 2–4 in public
domain
-
MNP 10 for cellular
-
Error detection &
correction with CCITT V.42
-
LAP-M
-
MNP 4
-
Data compression
-
MNP - 5: 2:1
compression ratio
-
V.42bis - 4:1
compression ratio
-
Modem autoconfiguration
-
Can configure the
modems without the need to use modem configuration
commands
-
Can auto-discover the
modems
-
Can reconfigure the
modems each time the AT commands are sent to match the
current line settings
PPP
-
Multiple protocol
encapsulations are done with NCP
-
Link setup and control are
done with LCP
-
Multiple protocols
supported
-
PPP PAP is a type of
authentication that uses clear text
-
Keep in mind that clear
text transfer is always insecure
-
PPP CHAP is a type of
authentication much more secure than PAP, as traffic is
encrypted
-
To enable CHAP, you need
to enable PPP encapsulation for the router interface, then
enable chap with ppp and finally set the usernames and
passwords
-
Provide callback when the
callback timer is stopped
-
Also provide callback
service when the PPP NCP negotiation is successful
Multilink PPP
-
Load balanced PPP
-
Controlled by adding a
sequencing header in the PPP frame
-
Can work with:
-
Asynchronous serial
interface
-
Synchronous serial
interface
-
BRI and PRI interfaces
-
Can work on a dialer
rotary group
LAPB
-
A serial encapsulation
method for private serial line
-
Work at the data link
layer
-
Enable orderly reliable
data exchange between DTE and DCE
-
Need to use one of the
X.25 packet-level encapsulations when this is attaching to
an X.25 network
-
2 types of
hosts
-
Data terminal
equipment DTE
-
Data
circuit-terminating equipment DCE
-
Router using LAPB can act
as a DTE or DCE at the protocol level
-
Provide greater throughput
than High-Level Data Link Control encapsulation in
congested environment
-
Router resends the missing
frame but not waiting for the higher layers to recover
-
Uses priority and custom
queueing to improve the responsiveness of a link to a
given type of traffic
-
Priority queueing assigns
packets to one of the 4 output queues: high, medium,
normal, or low priority
-
Custom queueing assigns
packets to one of the 10 output queues and controls the %
of the available bandwidth for the queue
ISDN
Description and Interfaces
TE1
- Has an ISDN Interface.
DS0=64Kbps=Digital Signal Level 0
TE2
- Does not have an ISDN interface;
requires a TA (Terminal Adapter). The TA is typically an ISDN
Modem. The TA converts the signal to ISDN standards.
DS0=64Kbps
ISDN PRI US T1
- Requires different
connectors. Uses DB15 and RJ48 connections. DS1=1.54Mbps
contains 24 DS0’s
ISDN PRI EUROPE E1
- Requires 4
connections DB15 before the CSU/DSU and 4 RJ45 and/or DB15
connections to the switch. 30 X DS0
In Europe, the ISDN service provider provides
the NT1. In the US, the customer supplies the NT1.
Logical Interfaces
RSTUV-Logical Reference Points
Rate Reference Point
- Located between
the NON ISDN router interface and the Terminal Adapter
(TA).
System Reference Point
- Is the reference
point between the router with an ISDN Interface and the NT2 or
TA and NT2. Non-US demarcation.
Terminal Reference Point
- The reference
point between the TE1 and NT1 and/or TA. If there is an NT2
(Customer Switching Equipment), the reference point is
included to the NT1 as well. This point is NON-US
demarcation.
User Reference Point
- This reference
point is a US demarcation. It references the point between the
NT1 and the LT.
V Reference Point -
Located between the
LT and the ET. Also referred to as the local exchange.
ISDN Protocols
- ITU-T Groups the
protocols, interfaces and addressing.
E-series
- describes telephone network
ex. E.164=International addressing for
ISDN.
I-series
- describes Interfaces &
Concepts ex. I.430=BRI Interface.
Q-series
- describes switching and signaling.
(e.g. Q.921=LAPD Link Access Procedure D channel, Q.931 DSS1
Digital Subscriber Signaling #1)
Configuring ISDN BRI
1. Select your switch type (provided by your
service provider)
Router2 (config)# isdn switch-type basic-5ess
(basic-5ess is the switch type) Router2 (config-if)# isdn switch-type basic-5ess
(basic-5ess is the switch type)
2. Configure the appropriate interface on the
router.
-
Router2 (config)# interface bri X
(x = the
interface you are going to configure)
-
For a TE1 non-ISDN interface use the interface serial
command.
-
Router2 (config)# interface serial X
(x = the
interface you are going to configure)
3. Set SPID's (Service Profile Identifiers). The
service provider assigns these numbers.
4. Set the appropriate protocol for
encapsulation and set the protocol for authentication. PPP or
HDLC can be used for encapsulation. CHAP or PAP can be used
for authentication. CHAP is encrypted; PAP sends information
in plain text.
Dial on Demand Routing (DDR)
DDR for ISDN
- Use DDR for connections
that do not need to be connected for long periods of time.
Determine what traffic is "interesting" and needs to be
routed. Use access lists to restrict broadcasts such as SAP
updates and permit traffic that needs to be forwarded. You can
also use the passive interface command to
prevent the forwarding of routing updates ex. IGRP, OSPF
dialer list
is the command used to
configure DDR. This command is used to first initiate the call
and used to control the protocol for dialing.
1. Define what traffic is interesting. An
access-list command can be used following this
dialer-list command to specify the appropriate
traffic to be forwarded.
2. Assign the dialer-list to the appropriate
interface.
3. Assign the destination. Use the dialer
map command to specify the destination parameters.
4. Determine which call options to use. To use
DDR successfully, you must specify the appropriate call
values.
-
Router2 (config-if)# dialer fast-idle 30
(if the
interface is busy and another call needs to be placed, 30
specifies to disconnect the call if the line is idle for over
30 seconds)
-
Router2 (config-if)# dialer idle-timeout 180
(tells
the interface to disconnect after idle for 180 seconds)
-
Router2 (config-if)# dialer load-threshold 128 either
(1-255 value tells the router at what level to make
another call to another destination)
Options can be inbound, outbound or
either.
Rate adaptation
- The data speed of an
ISDN line can be slowed down to 56K if necessary. Use the
speed option with the dialer map
command.
Router2 (config-if)# dialer map 10.180.0.3
router3 5125551092 speed 56 broadcast 5125551038
Backup Interfaces Load and Outage
This is important for fault tolerance and useful
when interfaces exceed the expected load. Follow these simple
steps to back up an interface:
For OUTAGE backup
1. Select the interface you want to use as a
backup.
2. Select the interface you want to backup.
3. Set when you want the backup line to come up.
Set on/off parameters.
For LOAD backup
Follow steps one and two above. Use the
backup load command to back up the primary line.
Values are based on percentages.
Set the bandwidth ON/OFF values for the backup
interface.
Router 2 (config-if)# backup load 50 10
(50 designates ON when bri2 exceeds 50% of bandwidth) (10
designates OFF after bri2 reaches within 10% of the total
bandwidth) 40% of line bri2
ISDN PRI
ISDN Protocols
- ISDN uses several
protocols; which protocol each channel uses is crucial to
understanding how ISDN works.
PRI Functional Groups and Reference Points -
Since an ISDN BRI requires the use of a CSU/DSU the
logical groups and reference points are much easier to
identify. Note that the above diagram is for PRI and BRI.
ISDN PRI can be configured in 5 very complicated
steps. SCFLC (Swami Can Fix Left-handed Clocks) can be used to
remember the steps. For PRI you configure Switch type,
Controller, Frame type, Linecode, and Clocksource.
Syntax to configure ISDN PRI
1. Select your switch type.
2. Choose the controller.
-
controller T1 slot/port
-
controller T1 2/1
3. Specify the frame type.
4. Specify the linecode.
5. Specify clocksource
ISDN PRI can accept incoming calls from analog
lines by using the following command:
isdn incoming-voice
modem
ISDN Physical Interfaces – SERIAL
EIA/TIA 232
EIA/TIA -449
EIA -530
X.21
BOD Bandwidth on Demand -
Can be used on
BRI or PRI channels to supply additional bandwidth once a
channel is connected. PPP Multilink must be enabled. The
traffic trigger can be set for inbound, outbound or either.
The value metric is 0-255. (255 equals 100%) Example:
Dallas2 (config)# interface bri 0
Dallas2 (config-if)# dialer load-threshold
128 either
(specifies at 50% load either direction bring
up additional line)
ISDN Caller ID Screening -
ISDN can also
be configured to only accept certain calls from certain
numbers. X's can be used as wildcards. Example:
Dallas2 (config-if)# isdn caller 1512555xxxx
(allows any inbound call from 512 are code with 555
exchange)
X.25
X.25
is a packet switched layer 2
protocol that operates at the Data Link Layer of the OSI
model. This protocol works by encapsulating the layer 3
protocols. The max speed for X.25 is 128K. X.25 was engineered
for strong error checking and flow control at layers 2 and 3.
X.25 uses LAPB and it is very reliable, it also uses sliding
windows (much like TCP/IP) for flow control. Options for flow
control on the interface must match the remote router. X.25
uses SVC's (Switched Virtual Circuits) and PVC's (Permanent
Virtual Circuits). PVC's are always connected. Use show
interface to view configuration.
Datagram Encapsulation
Network Function
- X.25 is highly
available and used worldwide.
PAD
- Is a Packet Assembler Deassembler
that can also be a router. It collects the data transmissions
from the terminals and gathers them into a X.25 data stream
and vice versa. PAD acts like a multiplexer for the terminals.
During configuration of the X.25 you specify whether the
interface will act as a DCE or DTE. When configured as a DCE
the router behaves as an X.25 switch.
X.121
- Is the addressing standard.
Static mappings must be made manually. X.25 does not support
ARP. The addressing standard is a 4-digit country code. The
following 8 to 11 digits are assigned by the X.25 service
provider:
To configure an X.25 interface for SVC
-
Define the encapsulation, assign the X.121 address and use map
statements to link the X.121 logical address with the IP
protocol or other addresses. Options for flow control must
match on both sides.
Steps to configure X.25 on an interface
SanAton2 (config)# interface serial 2
SanAton2 (config-if)# encapsulation
x25
SanAton2 (config-if)# x25 address
316012345678
(316 country code the whole # specifies the
x25 address)
SanAton2 (config-if)# ip address 10.98.98.25
255.255.255.0
(configures the IP address for the
interface)
SanAton2 (config-if)# x25 map ip 10.98.98.24
3160987654321 broadcast
(maps the target IP address to the
x121 address)
To configure an X.25 interface for PVC -
Is exactly the same as above except for the last step. You
use the pvc command instead of the
map command to establish the PVC.
SanAton2 (config-if)# x25 pvc 6 ip
10.98.98.24 3160987654321 broadcast
(maps the target IP
address to the x121 address #6 establishes virtual circuit
6)
Options for X.25
- Windows and packet
sizes must match on both sides of the connection. Use the
x25 ips command for incoming packet size and
x25 ops for outgoing packet size. Window size
uses a counter for when to send an acknowledgement. x25
win and x25 wout commands
are used. The module controls the size of the window, 8 or 128
is used to specify the number of packets.
Frame Relay
Frame Relay Interfaces
- Serial
interfaces use DB-60 connectors. Frame relay requires the use
of a CSU/DSU. Like X.25, frame relay uses SVC's and PVC's.
PVC's are used for frequent and long connection times. SVC's
are for sporadic infrequent traffic. List settings with
show interface command or show frame-relay
map command.
EIA/TIA232 EIA/TIA449 .V35 X.21 = Physical
interfaces
Frame Relay Bandwidth
- Max throughput is
2 Mbps to 56Kbps. Frame relay is a layer 2 protocol. It uses
the upper layer for error correction. It is faster than
x.25.
LMI
Line Management Interface is the
standard for signaling. There are 3 types:
-
Cisco LMI
-
ANSI LMI
-
q.933a LMI
Cisco is the default. Service provider will
specify the LMI in use.
-
LMI's control data keep alives and verify the dataflow.
-
Use multicast mechanism to provide network server the DCLI.
-
Use multicast addressing so DLCI has global significance.
-
Verifies the DLCI's in use and status to the local Frame
relay switch.
LMI Autoconfigure
A router with IOS
11.2 and newer does not need to be configured for the LMI. The
newer routers will send a signal to the FR switch to determine
the LMI in use.
DLCI
Data Link Connection Identifier
verifies the logical circuits in use and the status from the
CPE to the Frame Relay switch.
DLCI states are
Deleted
- No LMI signal being received
from switch or no service available from switch.
Active
- Lines are up; connections are
active. Routers are exchanging data.
Inactive
- Frame relay switch to local
connection is working. The remote routers' connection to the
frame switch is not working.
Encapsulation Types
- Are Cisco and IETF.
Cisco is the default. If the router is a non-Cisco router, use
IETF. This designation can be made per DLCI. Even if all the
routers are Cisco, you can communicate with a location with
non-Cisco router. Specify the IETF encapsulation and DLCI. You
can use this with the map command. In short,
encapsulation can be set per interface or per destination.
Example:
Dallas2 (config-if)# frame-relay map ip
10.98.98.24 25 broadcast IETF
(25 = the DLCI#)
Steps to configure frame relay:
1. Select the interface.
2. Assign an IP address to the interface.
3. Select the encapsulation mode.
4. Set the LMI (not necessary with IOS 11.2 and
up).
5. Map protocol.
Split Horizon and Routing Updates
Since
routing updates should not be sent out the same interface you
learned the update from (his causes routing loops), the
solution to fixing this problem is creating subinterfaces with
different DLCI's.
Example
Each subinterface has its own DLCI enable
multipoint connection. Routing updates will now work
properly.
Traffic Shaping -
Since the speed of the
frame relay circuits can vary, it is important to control how
much and which traffic is sent or received on an
interface.
Queuing
- Priority, weighted fair and
custom queuing allow for specialized control of the
traffic.
Rate Enforcement
- You can configure the
maximum amount of traffic to pass out the interface by setting
the transmission rate. Usually determined by the CIR
(Committed Information Rate). Use the following commands when
setting up the frame relay: (*Note: uses map classes)
Dallas2 (config-map-class)# frame-relay
traffic-rate 9600 33600
(9600 specifies the average, 33600
specifies the peek rate)
Dallas2 (config-if)# frame-relay
traffic-shaping
BECN/FECN Support
- Dynamic monitoring of
the congestion of the frame relay network. Requires Cisco IOS
11.2 or higher to support BECN monitoring.
FECN
– (Forward Explicit Congestion
Notification) When the frame relay switch becomes congested it
sends a FECN to the destination.
BECN
– (Backward Explicit Congestion
Notification) When the frame relay switch becomes congested it
sends a BECN to the source.
To use traffic shaping with the BECN support use
the following commands: *Note uses map classes.
Dallas2 (config-map-class)# frame-relay
adaptive-shaping becn
Dallas2 (config-if)# frame-relay
traffic-shaping
Modems Asych
Physical Interfaces
– (RJ11 or DB25) The
connection from the router is a DB60 connection.
Cable Signals
– DTR (Data Terminal Ready)
is controlled by a router or PC; used to verify the connection
and able to receive data.
DSR
– (Data Set Ready) Says modem is on
and ready for action. Usually sent on power on. Says DCE is
ready.
Hardware Flow Control
- RTS (Ready to
Send) tells modem to send data.
CTS
– (Clear to Send) from DCE tells
PC/router to send data.
Use DTE lock to avoid speed mismatch. Modem
often tries to match the inbound transfer rate of the modem to
the DTE.
LOCK DTE for speed conversion.
Asynch Configuration Commands
Line config
- Commands change the
physical attributes. See below.
-
Dallas2 (config)# line 20
-
Dallas2 (config-if)# login local
-
Dallas2 (config-if)# speed 115200
-
Dallas2 (config-if)#modem inout
(enables modem for
inbound and out calls)
-
Dallas2 (config-if)#modem dialin (default)
Interface asynch
- Commands
configure the protocols.
-
Dallas2 (config)# asynch 20
-
Dallas2 (config-if)#encapsulation ppp
-
Dallas2 (config-if)#ppp authentication local
Help for modem commands -
In a reverse
Telnet session, use these commands for help. AT$H or
AT$
Adding Modems to Router -
The router has
a built-in modem compatibility database (modemcap). Use the
following command to have the router search and configure the
new modem:
Dallas2 (config)# modemcap autoconfigure
discovery (autoconfigure)
Dallas2 (config)#show modemcap (displays
modems in database)
Edit the database to add a new entry or modify
and existing entry.
Dallas2 (config)#modemcap edit
new_modem_name attribute value
This command is used to debug the modem auto
configuration:
Dallas2 (config)# debug conf modem
Chat Scripts -
Can be triggered for DDR,
on startup, on connection, line activation and to reset
modems. Chat scripts are useful because they can reset modem
configurations, dial and remotely login to a host and detect
line failure. They can be used to initialize a modem attached
to a router, automatically dial out on a modem, login and
execute commands on another system or router.
Modem troubleshooting commands
show line
(shows the modems
physical config) as noted above the line command is for
physical attributes.
clear line
(returns the interface
to idle state)
Modem control commands CD (Carrier Detect) if
modem is not configured properly and the CD state is not
passed or recognized the session stays open. Someone can
connect to that session without having to authenticate.
Rotary Groups
Dialer map
- this command can be
used to call multiple areas with the same configuration.
Dialer interface
- is a logical
interface that can be applied to multiple interfaces.
Dialer rotary groups
- allows you
to apply a logical interface to multiple physical
interfaces.
How to configure a Rotary Hunt Group
:
Dallas2 (config)# interface bri 0
Dallas2 (config-if)# dialer
rotary-group2
Dallas2 (config)# interface bri 1
Dallas2 (config-if)# dialer
rotary-group2
Dallas2 (config)# interface bri 2
Dallas2 (config-if)# dialer
rotary-group2
Dallas2 (config)# interface dialer 1 (this
command creates the dialer rotary group)
With this setup, if an incoming line is busy the
next line is tried.
Dialer Hold Times
-
specifies the
amount of time the line is idle.
Dallas2 (config-if)# dialer idle-timeout x
(x= the number of seconds)
Analog lines take longer to make a connection,
so use the wait-for-carrier-time command to tell
the analog line to wait until a proper connection is made.
Example:
Dallas2 (config-if)# dialer wait-for
carrier-time x
(x=the number of seconds)
Dialer Profiles
Dialer Profiles
- Are logical interfaces
that can be used to control encapsulation, access list and
control features per call. The key to Dialer profiles is they
can take a physical interface and make connections to a
specific destination with specific call parameters.
Dialer Profile Components:
The Advantages of Using Dialer
Profiles:
-
ISDN channels can be split.
-
Different DDR settings can be made for each B-Channel.
-
BRI and PRI channels can be added to multiple dialing
pools.
-
B-Channels can be configured to call different locales
with different IP addresses and subnets.
-
An Interface can belong to multiple pools.
A dialer map (sets configuration) can be applied
to several dialer interfaces:
*Note Asynch5 belongs to both dialer pools
Adding interfaces to a dialer pool
- Use
the following command:
Dallas2 (config-if)# dialer pool member
x
(x= can equal a number 1-255)
PPP
PPP
- Is an encapsulation standard used
over Asynch serial, Synch serial and ISDN.
NCP
- Is a layer protocol of PPP;
encapsulates multiple protocols.
LCP
- Another component of PPP is
responsible for authentication, multilink, callback and
compression.
Setting the configuration to
autoselect allows login to adapt to
encapsulation in use. (SLIP or PPP)
Setting the configuration to asynch mode
dedicated dial in session is forced to use the
encapsulation specified.
Authentication
– (CHAP or PAP) CHAP is
encrypted, while PAP login and password information are sent
in plain text.
Addressing with PPP -
A router can be
used to assign a static IP address or have the dial-in user
specify an IP address. The router can also be used as a DHCP
server.
Static mapping on an interface:
Dallas2 (config-if)# ip address 10.98.98.24
255.255.255.0
(forces dial-in connection to use
10.98.98.24 as an IP address)
For point-to-point only, the ip
unnumbered command can be used. It uses the address of
the interface as the source of the packet. Example:
Dallas2 (config-if)#ip unnumbered
To assign an IP addresses or use DHCP and/or
pool of addresses use the peer default ip address
command. Example:
Dallas2 (config-if)# peer default ip address
dhcp
To allow the user or client dialing in to
specify an address use the async dynamic address
command. Example:
Dallas2 (config-if)#async dynamic
address
PPP Call Back Configuration
The configuration of the hold queue timer is
vital to the success of a PPP call back configuration. Hold
queue time out must be long enough to allow the call back
server to make the return call before the timeout limit is
hit.
Dallas2 (config-if)#dialer hold-queue 300
timeout 60
(specifies 300 packets are held on the queue
and it times out after 60 seconds)
Call back configuration sample
(Global Mode)
Dallas2 (config-if)# ppp callback
accept
Dallas2 (config)#username hackmi password
giforgot callback-dialstring 2145551234 callback-line 1
callback-rotary 2 (callback-dialstring = the number to
call back, callback-line = specifies the line to call back
on)
Line configuration mode
sample
Dallas2 (config-if)# ppp callback
accept
Dallas2 (config-if)# ppp callback
initiate
Dallas2 (config)# line1
Dallas2 (config-line)# callback forced-wait
10
(10=the number of seconds)
Dallas2 (config-line)# script callback callme
(callme is the name of the script)
The dialer callback-secure command
automatically disconnects any calls that are not explicitly
set up for callback.
To configure the callback server
Dallas2 (config)# interface s1 (select
interface)
Dallas2 (config-if)# 10.98.98.1 255.255.255.0
(specifies the IP address)
Dallas2 (config-if)# encapsulation
ppp
Dallas2 (config-if)# ppp callback
accept
Dallas2 (config-if)# dialer
callback-secure
Dallas2 (config-if)# dialer map ip 10.98.98.2
name Austin1 class dial 1512555134
(configures the dialer
map)
Dallas2 (config-if)# dialer group 2
(configures dialer group)
Dallas2 (config-if)# ppp callback accept
(sets PPP for callback)
Dallas2 (config-if)# ppp authentication
PAP
configure map-class
To configure the callback client
- use
the same basic configuration for callback and use the
PPP callback request command.
Compression for PPP
-
Predictor - looks for compressed data does not try to
compress.
-
Stacker - compression algorithm sends each data type once.
Works on Cisco 700.
-
TCP Header compression - used to compress headers; must be
enabled on both sides.
-
MPPC - Microsoft Point to Point Compression protocol
allows compressed data from Microsoft clients.
Passive mode for TCP Header compression will
send TCP header compressed if it receives them compressed.
TroubleShooting PPP
debug PPP negotiation
command is
used to troubleshoot LCP and NCP issues.
show dialer
command shows the
progress of calls. Used to troubleshoot PAP and CHAP
issues.
Multilink PPP
Multilink PPP
- also referred to as MP;
allows additional calls or channels to connect to a host for
additional bandwidth. In order to use Multilink with Brand X
routers, the routers must comply with RFC1990. Multilink is
configured on the interface.
LCP
controls multilink.
-
Works on Cisco 700 series routers
-
Works on routers running Cisco IOS
-
RFC 1900 allows for vendor compatibility
-
Allows packet fragmentation across channels
-
Sequences packets and performs load calculation on lines
or channels
Troubleshooting Multilink
debug ppp negotiation
is used to
troubleshoot LCP and NCP issues with Multilink.
debug dialer
may also be useful on
troubleshooting multilink. (Displays calling statistics)
debug ppp multilink
is used to
troubleshoot LCP and NCP issues with Multilink as well.
Queuing and Compression
Weighted Fair
- All traffic gets equal
priority. FTP gets balanced access. This is the default
setting.
Priority Queuing
- Critical traffic goes
through. Best for low bandwidth connections. Requires
configuration.
Custom Queuing
- Bandwidth is allocated.
Designed for higher speed connections.
Access List can also be used to filter traffic.
Access lists are read from top to bottom. If a filter has been
set to deny, you cannot set a permit statement lower in the
list.
Priority Queuing
- uses
priority-list command.
Example: Dallas2 (config)# priority-list 3
interface bri 0 medium
Compression
stacker
- compression based; repeated
data replaced with token. Processor intensive.
Predictor
- predicts the next sequence of
characters. Memory intensive.
MPPC
- Microsoft Point to Point
Compression protocol allows compressed data from Microsoft
clients.
Link compression
- USE FOR POINT TO
POINT ONLY- Leased, ISDN; compresses payload and header
information. The header will not be readable on WAN links on
the next hop.
Payload compression
- compresses the data
section of the packet.
Compression for WAN
- NO LINK
COMPRESSION - can use payload compression. You can use TCP
header compression and MPPC.
AAA
AAA
- stands for Accounting,
Authentication and Authorization. Both RADIUS and TACACS+
servers can be used.
Cisco Secure is software used for security
management and accounting. It uses 3 major components to
accomplish this:
AAA server
- interacts with RADIUS and
TACACS+ servers
Netscape Fastrack Server
- web
browser
RDBMS
- Relational Database Management
System
TACACS is enabled by specifying a host.
Example:
Dallas2 (config)# tacacs-server host
10.98.98.1
To use AAA authentication, use TACACS first,
then local authentication use the following syntax:
Dallas2 (config)# aaa authentication login
default tacacs+ local
NAT
Network Address Translation
- can be used
to merge two large networks without having to re-address the
whole network. Another function of NAT is overloading inside
global addresses, this process is several inside addresses
using a single IP address. NAT can also use a pool of
addresses or multiple interfaces. NAT uses PAT and a NAT table
to keep these translations.
Configuring NAT on the interfaces - for the
inside interface:
-
Specify the interface
-
Dallas1 (config)# interface ethernet0
-
Assign an ip address to interface
-
Dallas1 (config-if)# ip 172.16.10.0 255.255.255.0
-
Specify NAT direction
-
Dallas1 (config-if)# ip nat inside
For the outside interface
Dallas1 (config)# interface bri0
-
Assign an Internet IP address to interface
-
Dallas1 (config-if)# ip 192.169.0.12 255.255.255.0
-
Specify NAT direction
-
Dallas1 (config-if)# ip nat outside
Troubleshooting NAT
show ip nat translations
command
displays current translations.
clear ip nat translations
command
clears the entries in the NAT table.
debug ip nat
command per packet
output of translations.
show ip nat statistics
command
shows the values and timeout periods.
Routers
AS5X00
- are access servers for multiple
modems and ISDN interfaces. Considered central office
equipment.
LED's
- are located on the routers and
can be used to check activity on an interface and to ensure
the router has booted properly and hardware has been installed
correctly. EN light LED is on when a module has been installed
properly.
|