navgates on the way

tag:blogger.com,1999:blog-32606396419134238962011-04-21T19:18:45.497-07:00navgates on the waynavneethhttp://www.blogger.com/profile/16851292491381421470noreply@blogger.comBlogger31100tag:blogger.com,1999:blog-3260639641913423896.post-90611699226686855372007-12-03T23:14:00.000-08:002007-12-03T23:21:24.814-08:00CCNP remote access bookCisco Press 201 W 103rd Street Indianapolis, IN 46290 USA Cisco CCNP Remote Access Exam Certification Guide Brian Morgan, CCIE #4865, and Craig Dennis ii Cisco CCNP Remote Access Exam Certification Guide Brian Morgan, CCIE #4865, and Craig Dennis Copyright © 2001 Cisco Systems, Inc. Cisco Press logo is a trademark of Cisco Systems, Inc. Published by: Cisco Press 201 West 103rd Street Indianapolis, IN 46290 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 03 02 01 00 1st Printing November 2000 Library of Congress Cataloging-in-Publication Number: 00-105171 ISBN: 1-58720-003-1 Warning and Disclaimer This book is designed to provide information about the Cisco CCNP Remote Access Exam #640-505. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. iii Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at ciscopress@mcp.com. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Publisher John Wait Editor-In-Chief John Kane Cisco Systems Program Manager Bob Anstey Executive Editor Brett Bartow Acquisitions Editor Amy Lewis Managing Editor Patrick Kanouse Development Editor Christopher Cleveland Copy Editor Jill Batistick Technical Editors Jorge Aragon, Bill Wagner, Steve Wisniewski Team Coordinator Tammi Ross Book Designer Gina Rexrode Cover Designer Louisa Klucznik Production Team Octal Publishing, Inc. Indexer Tim Wright iv About the Authors Brian Morgan , CCIE #4865, is a CCSI for Mentor Technologies (formerly Chesapeake Network Solutions) teaching the ICRC, ACRC, ICND, BSCN, CVOICE, and CATM courses. Brian has been an instrutor for nearly four years and in the networking industry for over ten years. During that time he’s been teaching Cisco Dial Access Solutions boot camp classes for the Service Provider Solutions Tiger Team, the upper echelon of Cisco’s technical support structure. Prior to teaching, Brian spent a number of years with IBM in Network Services where he attained MCNE and MCSE certifications. He was involved with a number of larger LAN/WAN installations for many of IBM’s Fortune 500 clients. Brian is the proud father of five year-old fraternal twin girls (Emma and Amanda) and husband to Beth. His greatest hobby is spending time with the family. Craig Dennis is an instructor for Mentor Technologies and lives in Fairfax, Virginia. He is a CCSI and CCDP. Craig has taught CMTD and then BCRAN over the last two years. Craig is an avid, but not good, golfer and is currently working toward his CCIE certification. Craig worked for Texaco, Inc., in their Houston Research Lab for 11 years and as a consultant for the Marine Corps for four years as a Network Administrator. He spent about three years as an independent consultant and has taught Cisco classes for the last four years. About the Technical Reviewers Jorge Aragon , CCIE #5567, is a Network Engineer with Perot Systems Corporation (PSC) in Dallas, Texas. He holds a BS in Electrical Engineering from the National Polytechnic Institute in Mexico and a Master of Science in Telecommunications from the University of Pittsburgh. He also holds a MCSE certification and several Cisco specializations. Jorge is part of PSC Global Infrastructure Team where he designs, implements, and troubleshoots LAN/ WAN networks for clients in multiple industries across the globe. He enjoys spending time with his wife and children, reading, jogging, and practicing martial arts. Jorge can be reached at jorge.aragon@ps.net Bill Wagner works as a Cisco Certified System Instructor for Mentor Technologies. He has 22 years of computer programming and data communication experience. He has worked for corporations and companies such as Independent Computer Consultants, Numerax, Mc Graw-Hill/Numerax, and Standard and Poors. His teaching experience started with the Chubb institute, Protocol Interface, Inc., and Geotrain. Currently he teaches at Mentor Technologies. Steve Wisniewski is CCNP certified, has a Masters of Science in Telecommunications Management from Stevens Institute of Technology. Steve is a Senior Implementation Specialist for Lehman Brothers. Steve has authored a book titled Network Administration from Prentice Hall due to be released in October of 2000 and has edited several other Cisco Press books. Steve is married to wife Ellen and resides in East Brunswick, New Jersey. v Dedications Brian Morgan— This book is dedicated to Beth, Emma, and Amanda. Thank you for making me complete. Craig Dennis —This book is dedicated to my family, which is my most cherished treasure. Jacob, Sandy, Joseph, and David thank you again and again for being as understanding as you are when Dad has to ignore you while he’s at the keyboard. To Sharon, my wife, I thank you most of all for providing the glue that holds the family together while I’m on the road and buried in the latest endeavor. vi Acknowledgments Brian Morgan: I’d like to thank my wife, Beth, and kids, Emma and Amanda, for putting up with me during the time this book was being produced. It has taken me away from them more than I’d like to admit. Their patience in temporarily setting some things aside so I could get the book done has been incredible. I’d like to give special recognition to Bill Wagner for providing his expert technical knowledge in editing the book. As usual, he’s not afraid to tell you when you’re wrong. He’s also been as good a friend as anyone could hope to have. Thanks to Kale Wright for taking on additional workload to allow me to spend the necessary time writing and researching this book. A big “thank you” goes out to the production team for this book. John Kane, Amy Lewis, and Christopher Cleveland have been incredibly professional and a pleasure to work with. I couldn’t have asked for a finer team. Last, and possibly least (just kidding), I’d like to thank my co-author Craig Dennis. I approached him with this project at the very last minute and he’s worked very hard to keep the book on time, while not sacrificing technical depth or content. Craig Dennis: I want to thank Amy Lewis, John Kane, and Chris Cleveland from Cisco Press for keeping this whole thing on track. Amy, I really, really was almost on time with some of the stuff! Thanks also to Brian Morgan my co-author who always kept the project in focus and pushed me to keep the deadlines that we had. I should also thank all the technical and grammatical editors that took the pieces that were delivered and made a book out of it. Also, thanks go to my parents, as it will every time I accomplish anything. Through their guidance, encouragement, and love I managed to get an education and develop into a reasonable human being. Thank you Pearl and Rally. I can only hope that I can provide at least a reasonable facsimile of your guidance to my family. And last a thank you to my wife, Sharon, who kept reminding me of the project at hand and rearranging her schedule so I would have “quiet” times to work. As with all projects of this nature I almost feel guilty to have my name on the cover when, without so many others this book would have never been written. vii Contents at a Glance Introduction xxi Chapter 1 All About the Cisco Certi.ed Network and Design Professional Certi.cations 3 Chapter 2 Cisco Remote Connection Products 19 Chapter 3 Assembling and Cabling WAN Components 43 Chapter 4 Con.guring Asynchronous Connections with Modems 67 Chapter 5 Con.guring PPP and Controlling Network Access 97 Chapter 6 Using ISDN and DDR to Enhance Remote Connectivity 125 Chapter 7 Con.guring the Cisco 700 Series Router 193 Chapter 8 Establishing an X.25 Connection 221 Chapter 9 Establishing Frame Relay Connections and Controlling Traf.c Flow 251 Chapter 10 Managing Network Performance with Queuing and Compression 291 Chapter 11 Scaling IP Addresses with Network Address Translation 331 Chapter 12 Using AAA to Scale Access Control in an Expanding Network 367 Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 397 Index 445 viii Contents Introduction xxi Goals and Methods xxi Who Should Read This Book? xxi Strategies for Exam Preparation xxii How This Book Is Organized xxii Approach xxiv Icons Used in This Book xxv Command Syntax Conventions xxvi Chapter 1 All About the Cisco Certi.ed Network Professional and Design Professional Certi.cation 3 How This Book Can Help You Pass the CCNP Remote Access Exam 4 Overview of Cisco Certifications 5 The Remote Access Exam and the CCNP and CCDP Certifications 6 Exams Required for Certification 7 Other Cisco Certifications 8 What Is on the Remote Access Exam? 9 Topics on the Exam 9 Recommended Training Path for CCNP and CCDP 11 How to Use This Book to Pass the Exam 13 One Final Word of Advice 14 You Have Passed Other CCNP Exams and Are Preparing for the Remote Access Exam 14 Scenario 1: You Have Taken the BCRAN Course 14 Scenario 2: You Have NOT Taken the BCRAN Course 14 You Have Passed the CCNA and Are Preparing for the Remote Access Exam 15 Scenario 1: You Have Taken the BCRAN Course 15 Scenario 2: You Have NOT Taken the BCRAN Course 16 You Have Experience and Want to Skip the Classroom Experience and Take the Remote Access Exam 16 Scenario 1: You Have CCNA Certification 16 Scenario 2: You DO NOT Have a CCNA Certification 17 ix Chapter 2 Cisco Remote Connection Products 19 How to Best Use This Chapter 20 “Do I Know This Already?” Quiz 21 Foundation Topics 23 Router Selection Criteria for Remote Access Purposes 23 Selecting a WAN Connection Type for Remote Access Purposes 25 Determining the Site Requirements 26 Central Site Installations 26 Branch Office Installations 26 Remote Office or Home Office Installations 27 Hardware Selection 27 Product Families: Capabilities and Limitations 27 Foundation Summary 34 Q&A 36 Scenarios 39 Scenario 2-1 39 Scenario 2-2 39 Scenario Answers 40 Scenario 2-1 Answers 40 Scenario 2-2 Answers 40 Chapter 3 Assembling and Cabling the WAN Components 43 How to Best Use This Chapter 43 “Do I Know This Already?” Quiz 44 Foundation Topics 47 Choosing WAN Equipment 48 Central Site Router Selection 48 3600 Router Series 49 4000 Router Series 50 AS5X00 Router Series 50 7200 Router Series 51 Branch Office Router Selection 51 1600 Router Series 52 1700 Router Series 52 2500 Router Series 52 x 2600 Router Series 52 Small Office/Home Office (SOHO) Router Selection 53 700 Router Series 53 800 Router Series 53 1000 Router Series 53 Assembling and Cabling the Equipment 54 Available Connections 54 Verifying the Installation 55 Central Site Router Verification 56 3600 Router LEDs 56 Branch Office Router Verification 57 1600 Router LEDs 57 SOHO Router Verification 58 Foundation Summary 60 Q&A 61 Scenarios 63 Scenario 3-1 63 Scenario Answers 64 Scenario 3-1 Answers 64 Chapter 4 Con.guring Asynchronous Connections with Modems 67 How to Best Use This Chapter 67 “Do I Know This Already?” Quiz 68 Foundation Topics 72 Modem Signaling 72 Data Transfer 73 Data Flow Control 73 Modem Control 73 DTE Call Termination 74 DCE Call Termination 74 Modem Configuration Using Reverse Telnet 74 Router Line Numbering 75 Basic Asynchronous Configuration 78 Logical Considerations on the Router 79 Physical Considerations on the Router 80 Configuration of the Attached Modem 82 Modem Autoconfiguration and the Modem Capabilities Database 82 xi Chat Scripts to Control Modem Connections 84 Reasons for Using a Chat Script 85 Reasons for a Chat Script Starting 85 Using a Chat Script 85 Foundation Summary 87 Q&A 90 Scenarios 95 Chapter 5 Con.guring PPP and Controlling Network Access 97 How to Best Use This Chapter 97 “Do I Know This Already?” Quiz 98 Foundation Topics 101 PPP Background 101 PPP Architecture 101 PPP Components 102 PPP LCP 104 Dedicated and Interactive PPP Sessions 104 PPP Options 105 PPP Authentication 105 PAP 106 CHAP 107 PPP Callback 109 PPP Compression 111 Multilink PPP 112 PPP Troubleshooting 112 Foundation Summary 114 Q&A 115 Scenarios 118 Scenario 5-1 118 Scenarion 5-2 119 Scenario 5-3 119 Scenario Answers 120 Scenario 5-1 Answers 120 Scenario 5-2 Answers 121 Scenario 5-3 Answers 122 xii Chapter 6 Using ISDN and DDR Technologies 125 How to Best Use This Chapter 125 “Do I Know This Already?” Quiz 126 Foundation Topics 130 POTS Versus ISDN 130 BRI and PRI Basics 131 Basic Rate Interface 131 BRI Protocols 133 ISDN Layer 1 133 ISDN Layer 2 135 ISDN Layer 3 138 ISDN Call Setup 139 ISDN Call Release 141 Implementing Basic DDR 141 Step 1: Setting the ISDN Switch Type 142 Step 2: Specifying Interesting Traffic 143 Specifying Interesting Traffic with Access Lists 144 Step 3: Specifying Static Routes 145 Step 4: Defining the Interface Encapsulation and ISDN Addressing Parameters 146 Configuring ISDN Addressing 146 Step 5: Configuring Protocol Addressing 147 Step 6: Defining Additional Interface Information 148 SPIDs 148 Caller ID Screening 148 Configuring Additional Interface Information 148 Passive Interfaces 149 Static Route Redistribution 150 Default Routes 151 Rate Adaptation 152 Bandwidth on Demand 153 Multilink PPP 153 Troubleshooting Multilink PPP 155 Advanced DDR Operations 157 Using Dialer Profiles 157 Rotary Groups 159 Dial Backup 161 Alternative Backup 163 Dynamic Backup 163 Static Backup 164 xiii Snapshot Routing 165 Primary Rate Interface 166 ISDN Switch Type 167 T1/E1 Framing and Line Coding 167 T1 Framing 168 T1 Line Code 170 E1 Framing 171 E1 Line Code 172 PRI Layers 172 PRI Configuration 172 PRI Incoming Analog Calls on Digital Modems 174 Foundation Summary 177 Q&A 178 Scenarios 183 Scenario 6-1 183 Scenario 6-2 185 Scenario 6-3 185 Scenario 6-4 186 Scenario Answers 187 Scenario 6-1 Answers 187 Scenario 6-2 Answers 188 Scenario 6-3 Answers 189 Scenario 6-4 Answers 190 Chapter 7 Con.guring a Cisco 700 Series Router 193 How to Best Use This Chapter 193 “Do I Know This Already?” Quiz 194 Foundation Topics 197 Cisco 700 Series Router Key Features and Functions 197 Networking 197 Routing and WAN 198 ISDN and Telephony 198 Cisco 700 Series Router Profiles 198 LAN Profile 199 xiv Standard Profile 199 Internal Profile 199 System Profile 199 Profile Use Guidelines 199 Configuring the Cisco 700 Series Router for IP Routing 200 Profile Configuration Commands for the Cisco 700 Series Routers 203 Profile Management Commands for the Cisco 700 Series Routers 205 Routing with the Cisco 700 Series Router 205 DHCP Overview 207 Using the Cisco 700 Series Router as a DHCP Server and Relay Agent 208 Foundation Summary 210 Q&A 213 Scenarios 217 Scenario 7-1 217 Scenario Answers 218 Scenario 7-1 Answers 218 Chapter 8 Establishing an X.25 Connection 221 How to Best Use This Chapter 221 “Do I Know This Already?” Quiz 222 Foundation Topics 226 X.25 Basics 226 DTE and DCE 228 X.25 Layered Model 229 X.25 Layer 229 X.121 Addressing 231 LAPB Layer 232 X.25 Physical Layer 233 Configuring X.25 233 Step 1: Setting the Interface Encapsulation, Specifying DCE or DTE 234 Step 2: Configuring the X.121 Address 234 Step 3: Mapping the Appropriate Next Logical Hop Protocol Address to its X.121 Address 234 X.25 Configuration Examples 235 Additional Configuration Options 237 xv Configuring the Range of Virtual Circuits 237 Configuring Packet Size 238 Configuring Window Size 238 Configuring Window Modulus 239 X.25 Final Configuration 239 Foundation Summary 240 Q&A 241 Scenarios 245 Scenario 8-1: X.25 Initial Configuration 245 Scenario 8-2: X.25 Options 246 Scenario Answers 247 Scenario 8-1 Answers 247 Scenario 8-2 Answers 248 Chapter 9 Frame Relay Connection Controlling Traf.c Flow 251 How to Best Use This Chapter 251 “Do I Know This Already?” Quiz 252 Foundation Topics 257 Understanding Frame Relay 257 Device Roles 257 Frame Relay LMI 258 Frame Relay Topologies 259 Issues When Connecting Multiple Sites Through a Single Router Interface 260 Resolving Split Horizon Problems 261 Frame Relay Configuration 263 Step 1: Determine the Interface to Be Configured 263 Step 2: Configure Frame Relay Encapsulation 264 Step 3: Configure Protocol-Specific Parameters 264 Step 4: Configure Frame Relay Characteristics 264 Verifying Frame Relay Configuration 266 show frame-relay pvc Command 267 show frame-relay lmi Command 268 debug frame-relay lmi Command 268 show frame-relay map Command 269 Frame Relay Traffic Shaping 270 Frame Relay Traffic Parameters 270 xvi FECN and BECN 271 Using Frame Relay Traffic Shaping 272 Frame Relay Traffic Shaping Configuration 272 Foundation Summary 276 Q&A 279 Scenarios 284 Scenario 9-1 284 Scenario 9-2 285 Scenario 9-3 285 Scenario Answers 286 Scenario 9-1 Answers 286 Scenario 9-2 Answers 287 Scenario 9-3 Answers 287 Chapter 10 Managing Network Performance with Queuing and Compression 291 How to Best Use This Chapter 291 “Do I Know This Already?” Quiz 292 Foundation Topics 296 Queuing Overview 296 FIFO 298 Weighted Fair Queuing 298 Configuring WFQ 299 Priority Queuing 300 Configuring Priority Queuing 301 Custom Queuing 306 Configuring Custom Queuing 308 Verifying Custom Queuing 312 Compression Overview 312 Link Compression 314 STAC 314 Predictor 314 Payload Compression 315 TCP Header Compression 315 Compression Issues 316 Configuring Compression 316 xvii Foundation Summary 317 Q&A 319 Scenarios 324 Scenario 10-1 324 Scenario 10-2 325 Scenario 10-3 325 Scenario 10-4 326 Scenario Answers 327 Scenario 10-1 Answers 327 Scenario 10-2 Answers 327 Scenario 10-3 Answers 328 Scenario 10-4 Answers 329 Chapter 11 Scaling IP Addresses with NAT 331 How to Best Use This Chapter 331 “Do I Know This Already?” Quiz 332 Foundation Topics 336 Characteristics of NAT 336 Simple NAT Translation 338 Overloading 338 Overlapping Networks 339 TCP Load Distribution 340 NAT Definitions 342 NAT Configurations 343 Simple Dynamic NAT Configuration 344 Static NAT Configuration 345 NAT Overloading Configuration 346 NAT Overlapping Configuration 347 NAT TCP Load Distribution Configuration 349 Verification of NAT Translation 350 Port Address Translation 352 xviii Foundation Summary 355 Q&A 356 Scenarios 361 Scenario 11-1 361 Scenario 11-2 361 Scenario 11-3 362 Scenario Answers 363 Scenario 11-1 Answers 363 Scenario 11-2 Answers 364 Scenario 11-3 Answers 364 Chapter 12 Using AAA to Scale Access Control in an Expanding Network 367 How to Best Use This Chapter 367 “Do I Know This Already?” Quiz 368 Foundation Topics 372 AAA Overview 372 Authentication 372 Authorization 373 Accounting 373 Interface Types 373 AAA Configuration 374 Enabling AAA 374 AAA Authentication 375 AAA Authentication Login 376 AAA Authentication Enable 377 AAA Authentication ARAP 378 AAA Authentication PPP 379 AAA Authentication NASI 380 AAA Authorization 381 AAA Accounting 382 Virtual Profiles 385 Foundation Summary 387 Q&A 389 Scenarios 393 xix Scenario 12-1 393 Scenario Answers 394 Scenario 12-1 Answers 394 Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 397 Index 445 I N T R O D U C T I O N Professional certifications have been an important part of the computing industry for many years and will continue to become more important. Many reasons exist for these certifications, but the most popularly cited reason is that of credibility. All other considerations held equal, the certified employee/consultant/job candidate is considered more valuable than one who is not. Goals and Methods The most important and somewhat obvious goal of this book is to help you pass the Remote Access exam (#640- 505). In fact, if the primary objective of this book was different, then the book’s title would be misleading; however, the methods used in this book to help you pass the CCNP Remote Access exam are designed to also make you much more knowledgeable about how to do your job. While this book and the accompanying CD together have more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can. One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So this book does not try to help you pass by memorization but helps you truly learn and understand the topics. The Remote Access exam is just one of the foundation topics in the CCNP certification and the knowledge contained within is vitally important to consider yourself a truly skilled routing/ switching engineer or specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the Remote Access exam by using the following methods: • Helping you discover which test topics you have not mastered • Providing explanations and information to fill in your knowledge gaps • Supplying exercises and scenarios that enhance your ability to recall and deduce the answers to test questions • Providing practice exercises on the topics and the testing process via test questions on the CD Who Should Read This Book? This book is not designed to be a general networking topics book, although it can be used for that purpose. This book is intended to tremendously increase your chances of passing the CCNP Remote Access exam. Although other objectives can be achieved from using this book, the book is written with one goal in mind: to help you pass the exam. So why should you want to pass the CCNP Remote Access exam? Because it’s one of the milestones towards getting the CCNP certification; no small feat in itself. What would getting the CCNP mean to you? A raise, a promotion, recognition? How about to enhance your resume? To demonstrate that you are serious about continuing the learning process and that you’re not content to rest on your laurels. To please your reseller-employer, who needs more certified employees for a higher discount from Cisco. Or one of many other reasons. xxii Introduction Strategies for Exam Preparation The strategy you use for CCNP Remote Access might be slightly different than strategies used by other readers, mainly based on the skills, knowledge, and experience you already have obtained. For instance, if you have attended the BCRAN course, then you might take a different approach than someone who learned switching via on-the-job training. Chapter 1, “All About the Cisco Certified Network Professional and Design Professional Certification,” includes a strategy that should closely match your background. Regardless of the strategy you use or the background you have, the book is designed to help you get to the point where you can pass the exam with the least amount of time required. For instance, there is no need for you to practice or read about IP addressing and subnetting if you fully understand it already. However, many people like to make sure that they truly know a topic and thus read over material that they already know. Several book features will help you gain the confidence that you need to be convinced that you know some material already and to also help you know what topics you need to study more. How This Book Is Organized Although this book could be read cover-to-cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters to cover just the material that you need more work with. Chapter 1 provides an overview of the CCNP and CCDP certifications, and offers some strategies for how to prepare for the exams. Chapters 2 through 12 are the core chapters and can be covered in any order. If you do intend to read them all, the order in the book is an excellent sequence to use. The core chapters, Chapters 2 through 12, cover the following topics: • Chapter 2, “Cisco Remote Connection Products” —This chapter discusses analyzing criteria for placing a Cisco router in a network, selection of the WAN connection type for remote access purposes, determining site requirements in a central office, branch office and small/remote or home office, and selecting the proper Cisco network devices given a set of site requirements. • Chapter 3, “Assembling and Cabling WAN Components” —This chapter discusses the basic ideas behind selection of routers for specific deployments, covers some of the possible types of physical connections that may be necessary for individual deployments, and explains how to confirm the physical connectivity of the WAN devices. • Chapter 4, “Configuring Asynchronous Connections with Modems” —This chapter covers modem signaling, modem cofiguration using reverse Telnet, router line numbering, basic asynchronous configuration, configuration of the attached modem, and controlling modem connections with chat scripts. • Chapter 5, “Configuring PPP and Controlling Network Access” —This chapter examines the underlying technology of the Point-to-Point Protocol (PPP) and its components; how to configure various options available with PPP such as authentication, PPP Callback, compression and PPP Multilink; and troubleshooting with the show and debug commands to deal with issues arising with PPP . • Chapter 6, “Using ISDN and DDR to Enhance Remote Connectivity” —This chapter examines the underlying technology of ISDN and its components, the technologies relating to BRI specific implementation of ISDN technology, implementing basic DDR and advanced DDR options, as well as the concepts of and differences between T1 and E1 PRI-based implementations . • Chapter 7, “Configuring the Cisco 700 Series Router” —This chapter covers Cisco 700 router key features and functions, Cisco 700 router profiles, configuring the Cisco 700 router for IP routing, the 700 series capability to be used as a router in a very small network, Dynamic Host Configuration Services (DHCP) from the perspective of a 700 series router, and configuration of the 700 series router as a DHCP server or helper agent Introduction xxiii • Chapter 8, “Establishing an X.25 Connection”—This chapter covers the basics, layered model, and configuration options of X.25 technology. • Chapter 9, “Establishing Frame Relay Connections and Controlling Traffic Flow”—This chapter examines the underlying technology of Frame Relay and its components; explores some of the implementation options available in Frame Relay deployments; covers configuration of Frame Relay including basic configuration, subinterfaces, point-to-point and multipoint options; discusses rate enforcement and traffic behavior modification capabilities in Frame Relay; and covers covers the configuration of the traffic shaping options available for Frame Relay. • Chapter 10, “Managing Network Performance with Queuing and Compression”—This chapter discusses when to use queuing and assist in the decision of which queuing technique to use in the event that queuing is deemed necessary; examines Weighted Fair Queuing (WFQ), Custom Queuing, and Priority Queuing; and addresses the need for compression in today’s enterprise network. • Chapter 11, “Scaling IP Addresses with Network Address Translation”—This chapter covers the fundamentals of Network Address Translation (NAT); examines how a simple NAT translation replaces the outbound or inbound destination address with another address; discusses how to overload an address space with NAT, how to overlap networks using the same IP addresses, and how to do a simple TCP load distribution with NAT. In addition, this chapter defines the four NAT address classes, discusses four different NAT configurations and how to verify them, and concludes with a discussion of port address translation, which is a form of NAT that translates the port address as well as the network layer address. • Chapter 12, “Using AAA to Scale Access Control in an Expanding Network”—This chapter covers the fundamentals of and configuration of authentication, authorization, and accounting (AAA). More specifically, this chapter covers how to discriminate interface types which AAA must be able to discern to operate effectively. Also covered are virtual profiles, which are the next generation of a dialer profile. Example test questions and the testing engine on the CD allow simulated exams for final practice. Each of these chapters uses several features to help you make best use of your time in that chapter. The featrues are as follows: • “Do I Know This Already?” Quiz and Quizlets—Each chapter begins with a quiz that helps you determine the amount of time you need to spend studying that chapter. The quiz is broken into subdivisions, called “quizlets,” that correspond to a section of the chapter. Following the directions at the beginning of each chapter, the “Do I Know This Already?” quiz will direct you to study all or particular parts of the chapter. • Foundation Topics—This is the core section of each chapter that explains the protocols, concepts, and configuration for the topics in the chapter. • Foundation Summary—Near the end of each chapter, a summary collects the most important tables and figures from the chapter. The “Foundation Summary” section is designed to help you review the key concepts in the chapter if you score well on the “Do I Know This Already?” quiz, and they are excellent tools for last-minute review. • Q&A—These end-of-the-chapter questions focus on recall, covering topics in the “Foundation Topics” section by using several types of questions. And because the “Do” I Know This Already?” quiz questions can help increase your recall as well, they are restated in the Q&A sections. Restating these questions, along with new questions, provides a larger set of practice questions for when you finish a chapter and for final review when your exam date is approaching. • Scenarios—Located at the end of most chapters, the scenarios allow a much more in-depth examination of a network implementation. Rather than posing a simple question asking for a single fact, the scenarios let you design and build networks (at least on paper) without the clues inherent in a multiple-choice quiz format. xxiv Introduction • CD-based practice exam—The companion CD contains a large number of questions not included in the text of the book. You can answer these questions by using the simulated exam feature, or by using the topical review feature. This is the best tool for helping you prepare for the test-taking process. Approach Retention and recall are the two features of human memory most closely related to performance on tests. This exam preparation guide focuses on increasing both retention and recall of the topics on the exam. The other human characteristic involved in successfully passing the exam is intelligence; this book does not address that issue! Adult retention is typically less than that of children. For example, it is common for four-year-olds to pick up basic language skills in a new country faster than their parents. Children retain facts as an end unto itself; adults typically either need a stronger reason to remember a fact or must have a reason to think about that fact several times to retain it in memory. For these reasons, a student who attends a typical Cisco course and retains 50 percent of the material is actually quite an amazing student. Memory recall is based on connectors to the information that needs to be recalled—the greater the number of connectors to a piece of information, the better chance and better speed of recall. Recall and retention work together. If you do not retain the knowledge, it will be difficult to recall it. This book is designed with features to help you increase retention and recall. It does this in the following ways: • By providing succinct and complete methods of helping you decide what you recall easily and what you do not recall at all. • By giving references to the exact passages in the book that review those concepts you did not recall so that you can quickly be reminded about a fact or concept. Repeating information that connects to another concept helps retention, and describing the same concept in several ways throughout a chapter increases the number of connectors to the same pices of information. • By including exercise questions that supply fewer connectors than multiple-choice questions. This helps you exercise recall and avoids giving you a false sense of confidence, as an exercise with only multiple-choice questions might do. For example, fill-in-the-blank questions require you to have better recall than multiple-choice questions. • Finally, accompanying this book is a CD-ROM that has exam-like, multiple-choice questions. These are useful for you to practice taking the exam and to get accustomed to the time restrictions imposed during the exam. Introduction xxv Icons Used in This Book Router Gateway Hub Access server ATM switch Bridge DSU/CSU ISDN switch Communication server Catalyst switch Multilayer switch PC PC with software Sun Workstation Mac Terminal File server Web server CiscoWorks Workstation Printer Laptop IBM mainframe Front End Processor Cluster Controller/ 3274 or 3174 xxvi Introduction Command Syntax Conventions The conventions used to present command syntax in this book are the same conventoins used in the IOS Command Reference. The Command Reference describes these conventions as follows: • Vertical bars (|) separate alternative, mutually exclusive elements. • Square brackets [ ] indicate optional elements. • Braces { } indicate a required choice. • Braces within brackets [{ }] indicate a required choice within an optional element. • Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command). • Italics indicate arguments for which you supply actual values. Line: Ethernet Line: Serial Line: Switched Serial Frame Relay Virtual Circuit Token Ring FDDI Network Cloud C H A P T E R 1 All About the Cisco Certified Network Professional and Design Professional Certification The Cisco Certified Network Professional (CCNP) and the Cisco Certified Design Professional (CCDP) certifications prove that an individual has completed rigorous testing in the network arena. In addition, the CCNP and CCDP certifications are becoming more important than ever because Cisco is providing greater and greater incentives to their partners that have employees with CCNP- and CCDP-level expertise. The CCNP and CCDP tracks require the candidate to be comfortable with advance routing techniques, switching techniques, and dial-up or Remote Access Server (RAS) technology. On top of those areas, the CCNP must be able to, without a book, configure and troubleshoot a routed and switched network. In addition, the CCDP must digest a vast quantity of user requirements and prepare a scalable design that fits the customer needs and requirements. The CCNP is a hands-on certification that requires a candidate to pass the Cisco Internetwork Troubleshooting exam, which is also called the Support exam. The emphasis in the exam is on troubleshooting the router if the configuration for it has failed. CCNP is currently one of the most sought after certifications, short of the Cisco Certified Internetworking Expert (CCIE). The CCDP track focuses on designing scaleable networks using routing and switching technologies. The exam places heavy emphasis on the interplay between routed and routing protocols. This track has a more theoretical final exam—the Cisco Internetwork Design (CID) exam. This certification is very important to the pre-sales engineer and the design engineer who want to prepare a network on paper, but who do not want to focus on the minor details of the syntax within the router. Because both the CCNP and CCDP certifications are the same except for the final test, it should not be suprising that a CCNP can produce a solid, scalable design and that a CCDP can configure a router. The core issue between the certifications is the focus that the candidate wants to take into the business world. The CCNP and CCDP tracks are daunting at first glance because they both require a number of tests. To become a CCNP or CCDP, a candidate must first be a Cisco Certified Network Associate (CCNA). The CCNP and CCDP certifications require study and proficiency in the three areas of advanced routing, in switching and RAS, and a specialization in either design or troubleshooting. Neither CCNP or CCDP certification is a “one test and I’m home” exam. Each exam for these certifications is difficult in its own right because of the depth of understanding needed 4 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification for each area of concentration. The focus of this book is the preparation for and passing of the CCNP/CCDP Remote Access Exam. Some of the information in this book overlaps with information in the routing field, and you may have seen some of this book’s information while studying switching. In addition, there are other certification books that specifically focus on advanced routing and switching. You might find some overlap in those manuals also. This is to be expected—all the information taken as a whole is what produces a CCNP or CCDP. The exam is a computer-based exam that has multiple choice, fill-in-the-blank, and list-in-order style questions. The fill-in-the-blank questions are filled in using the complete syntax for the command, including dashes and the like. For the fill-in-the-blank questions, a tile button is given to list commands in alphabetical order. This is a real life saver if you can’t remember if there is a dash or an “s” at the end of a command. Knowing the syntax is key, however, because the list contains some bogus commands as well as the real ones. The exam can be taken at any Sylvan Prometric testing center (1-800-829-NETS or www.2test.com). The test has 62 randomly generated questions, and you have 90 minutes to complete it. As with most Cisco exams, you cannot mark a question and return to it. In other words, you must answer a question before moving on, even if this means guessing. Remember that a blank answer is scored as incorrect. Most of the exam is straightforward; however, the first answer that leaps off the page can be incorrect. You must read each question and each answer completely before making a selection. If you find yourself on a question that is incomprehensible, try restating the question a different way to see if you can understand what is being asked. Very few candidates score 100 percent in all catagories—the key is to pass. Giving up just one question because of lack of diligence can mean the difference between passing and failing because there are so few questions. Four questions one way or the other can mean a change of 10–20 percent!! Many people do not pass on the first try, but success is attainable with study. This book includes questions and scenarios that are designed to be more difficult and more in depth than most questions on the test. This was not done to show how much smarter we are, but to allow you a certain level of comfort when you have mastered the material in this book. The CCNP and CCDP certifications are difficult to achieve, but the rewards are there, and will continue to be there, if the bar is kept where it is. How This Book Can Help You Pass the CCNP Remote Access Exam The primary focus of this book is not to teach material in the detail that is covered by an instructor in a five-day class with hands-on labs. Instead, we tried to capture the essence of each topic and to present questions and scenarios that push the envelope on each topic that is covered for the Remote Access test. Overview of Cisco Certifications 5 The audience for this book includes candidates that have successfully completed the Building Cisco Remote Access Networks (BCRAN) class and those that have a breadth of experience in this area. The show and debug commands from that class are fair game for questions within the Remote Access exam, and hands-on work is the best way to commit those to memory. If you have not taken the BCRAN course, the quizzes and scenarios in this book should give you a good idea of how prepared you are to skip the class and test out based on your experience. On the flip side, however, you should know that although having the knowledge from just a classroom setting can be enough to pass the test, some questions assume a CCNA-level of internetworking knowledge. Overview of Cisco Certifications Cisco fulfills only a small portion of its orders through direct sales; most times, a Cisco reseller is involved. Cisco’s main motivation behind the current certification program was to measure the skills of people working for Cisco Resellers and Certified Partners. Cisco has not attempted to become the only source for consulting and implementation services for network deployment using Cisco products. In 1996 and 1997 Cisco embarked on a channel program in which business partners would work with smaller and midsized businesses with whom Cisco could not form a peer relationship. In effect, Cisco partners of all sizes carried the Cisco flag into these smaller companies. With so many partners involved, Cisco needed to certify the skill levels of the employees of the partner companies. The CCIE program was Cisco’s first cut at certifications. Introduced in 1994, the CCIE was designed to be one of the most respected, difficult-to-achieve certifications. To certify, a written test (also at Sylvan Prometric) had to be passed, and then a two-day hands-on lab test was administered by Cisco. The certifications were a huge commitment for the smaller resellers that dealt in the commodity-based products for small business and home use. Cisco certified resellers and services partners by using the number of employed CCIEs as the gauge. This criterion worked well originally, partly because Cisco had only a few large partners. In fact, the partners in 1995–1997 were generally large integrators that targeted the midsized coporations with whom Cisco did not have the engineering resources to maintain a personal relationship. This was a win-win situation for both Cisco and the partners. The partners had a staff that consisted of CCIEs that could present the product and configuration with the same adroitness as the Cisco engineering staff and were close to the customer. Cisco used the number of CCIEs on staff as a criterion in determining the partner status of another company. That status in turn dictated the discount received by the reseller when buying from Cisco. The number of resellers began to grow, however, and with Cisco’s commitment to the lower-tier market and smaller-sized business, it needed to have smaller integrators that could handle that piece of the market. 6 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification The CCIE certification didn’t help the smaller integrators who were satisfying the small business and home market; because of their size, the smaller integrators were not able to attain any degree of discount. Cisco, however, needed their skills to continue to capture the small business market, which was—and is—one of the largest markets in the internetworking arena today. What was needed by Cisco was a level of certification that was less rigorous than CCIE but that would allow Cisco more granularity in judging the skills on staff at a partner company. So Cisco created several additional certifications, CCNP and CCDP included. Two categories of certifications were developed—one to certify implementation skills and the other to certify design skills. Service companies need more implementation skills, and resellers working in a pre-sales environment needed more design skills. So the CCNA and CCNP are implementation-oriented certifications; whereas, the Cisco Certified Design Associate (CCDA) and CCDP are design-oriented certifications. Rather than just one level of certification besides CCIE, Cisco created two additional levels— Associate and Professional. CCNA is more basic, and CCNP is the intermediate level between CCNA and CCIE. Likewise, CCDA is more basic than CCDP. Several certifications require other certifications as a prerequsite. For instance, CCNP certification requires CCNA first. Also, CCDP requires both CCDA and CCNA certification. CCIE, however, does not require any other certification prior to the written and lab tests. This is mainly for historical reasons. Cisco certifications have become a much needed commodity in the internetworking world as companies scramble to position themselves with the latest e-commerce, e-business, and e-life that is out there. Because Novell, Windows NT, Linux, or any other routed protocols generally need to be routed somewhere, the integrators want a piece of that business as well. Because Cisco cannot form a relationship with every new startup business, it looks for certified partners to take on that responsibility. The CCNP and CCDP certifications are truly another win-win situation for resellers, integrators, you, and Cisco. The Remote Access Exam and the CCNP and CCDP Certifications The Remote Access exam proves mastery of the features used in larger corporate dial-in facilities and Internet service provider (ISP) operations. Skills required for CCNP and CCDP certifications include the ability to install, configure, operate, and troubleshoot remote access devices in a complex WAN environment. Specifically, the remote access skills required ensure that the CCNP or CCDP candidate can ensure minimal WAN costs to the customer or client using the Cisco IOS features. Exams Required for Certification 7 The Cisco features that are critical to this endeavor include dial-on-demand, bandwidth-ondemand, dial backup, snapshot routing, dialer-maps, and dialer profiles. In addition, successful candidates should be comfortable with Frame Relay, ISDN, PSTN, and X.25. The target audience for CCNP and CCDP certification includes the following: • Gold- or Silver-certified partners • CCNAs who want increased earning power, professional recognition, job promotions, and so on • Level 1 network support individuals that want to progress to level 2 • ISP professionals who want to gain a larger understanding of the Internet picture and its intricacies A CCNP’s training and experience enables him or her to accomplish the following: • Install and configure a network to minimize WAN costs and to ensure connectivity from remote sites • Maximize performance over a WAN link • Improve network security • Provide access to remote customers or clients • Configure queuing for congested links to alleviate occasional congestion • Provide dial-up connectivity over analog and digital networks • Implement DDR backup services to protect against down time Exams Required for Certification You are required to pass a group of exams for CCNP or CCDP certification. The exams generally match the same topics that are covered in one of the official Cisco courses. Table 1-1 outlines the exams and the courses with which they are most closely matched. Table 1-1 Exam-to-Course Mappings Certification Exam Number Name Course Most Closely Matching the Exam’s Requirements CCNA 640-507 CCNA Interconnecting Cisco Network Devices (ICND) CCDA 640-441 CCDP Designing Cisco Networks CCNP 640-503 Routing Building Scalable Cisco Networks (BSCN) 640-504 Switching Building Cisco Multilayer Switched Networks (BCMSN) continues 8 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification Other Cisco Certifications The certifications mentioned so far are oriented toward routing and LAN switching. Cisco has many other certifications, which are summarized in Table 1-2. Refer to Cisco’s web site at www.cisco.com/warp/public/10/wwtraining/certprog/index.html for the latest information. 640-505 Remote Access Building Cisco Remote Access Networks (BCRAN) 640-509* Foundation BSCN, BCMSN, and BCRAN 640-506 Support Cisco Internetwork Troubleshooting (CIT) CCDP 640-503 Routing Building Scalable Cisco Networks (BSCN) 640-504 Switching Building Cisco Multilayer Switched Networks (BCMSN) 640-505 Remote Access Building Cisco Remote Access Networks (BCRAN) 640-509* Foundation BSCN, BCMSN, and BCRAN 640-025 CID Cisco Internetwork Design (CID) * Passing exam 640-509 meets the same requirements as passing these three exams: 640-503, 640- 504, and 640-505. Table 1-2 Additional Cisco Certifications Certification Purpose, Prerequisites CCNA-WAN Basic certification for Cisco WAN switches CCNP-WAN Intermediate certification for Cisco WAN switches; requires CCNA-WAN CCDP-WAN Design certification for Cisco WAN switches; requires CCNP-WAN CCIE-WAN Expert level certification for Cisco WAN switches; no prerequisite; requires exam and lab CCIE-ISP Dial CCIE-level certification for Internet Service Provider (ISP) and dial-up network skills; no prerequisite; requires exam and lab CCIE-SNA-IP Expert level certification for Cisco products and features used for melding SNA and IP networks; no prerequisite; requires exam and lab CCNP and CCDP specializations Several specialized certifications are available for CCNP and CCDP (routing/switching); see www.cisco.com/warp/public/10/ wwtraining/certprog/special/course.html for more details Table 1-1 Exam-to-Course Mappings (Continued) Topics on the Exam 9 What Is on the Remote Access Exam? The Remote Access exam evaluates the knowledge of network administrators and specialists who must configure and maintain a RAS and the associated peripheral components that accompany it. Candidates attempting to pass the Remote Access exam must perform the following tasks: • List and describe the remote access alternatives available and discuss the inherent advantages and disadvantages of each access method • Configure the RAS for ISDN BRI and PRI access and asynchronous modem connectivity • Use the appropriate debugging utilities to troubleshoot a connection • Connect remote office routers to central office routers by dial-up WAN connections and demonstrate end-to-end connectivity • Implement simple (local router) security and centralized (AAA) security methods • Distinguish the correct router platform for various sites relating to growth, throughput, and performance • Configure dial-on-demand and bandwidth-on-demand functions to minimize WAN costs • Establish backup dial links to protect against primary line loss • Configure and troubleshoot a Frame Relay connection using subinterfaces • Configure a reverse Telnet session and maintain the modems used for the RAS device • Provide queuing for congested links, and quality of service (QOS) for the customer Topics on the Exam Table 1-3 outlines the various topics that you are likely to encounter on the exam. The topics represent a detailed list for areas of focus, but are not intended as a list of test question topics. In fact, each listed topic can have subitems. For example, knowing that ISDN BRI stands for “Integrated Services Digital Network Basic Rate Interface” might not be enough knowledge for the test! Table 1-3 lists the exam topics in the order in which they are found within this book. 10 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification Table 1-3 CCNP/CCDP Remote Access Exam Topics Chapter Topics Chapter 2, “Cisco Remote Connection Products” Protocols Overview, Selecting WAN Type and Site Considerations, Cisco Remote Access Solutions, Determining the Appropriate Interfaces, and Cisco Product Selection Tools Chapter 3, “Assembling and Cabling the WAN Components” Central/Branch Office/Telecommuter Site Equipment, Assembling and Cabling the Network, and Verifying Installation Chapter 4, “Configuring Asynchronous Connections with Modems” Asynchronous Signaling Methods, Reverse Telnet, Configuration of the Router Interface to Communicate Through a Modem, Configuration of a Chat-Script, Assignment of IP Addresses to a Remote Device, and Configuration of the Physical and Logical Parameters for Modem Communication Chapter 5, “Configuring PPP and Controlling Network Access” PAP and CHAP Configuration, Remote-Node Connection Overview, PPP Architecture, NCP Options, PPP Authentication, Callback, Compression, Multilink, and PPP Verifying and Troubleshooting Chapter 6, “Using ISDN and DDR Technologies” ISDN Overview, ISDN Services, Monitoring ISDN Connections, ISDN BRI and DDR, ISDN BRI Optional Configurations, DDR Overview, Rotary Groups, Dialer Profiles, ISDN PRI Configurations, PRI Incoming Analog Calls on Digital Modems, Backup Overview, Configuring Dial Backup, Using Dialer Interfaces, and Routing with Load Backup, Load Sharing Chapter 7, “Configuring a Cisco 700 Series Router” Overview and Features, IOS-700 Features, Profiles, Configuring the Cisco 700 Series, Routing with the Cisco 700 Series, Dynamic Host Configuration Protocol (DHCP) Overview, and Cisco 700 Series as DHCP Server and Relay Agent Chapter 8, “Establishing an X.25 Connection” X.25 Protocol, Virtual Circuits, Configuring X.25, and Setting up the Router as a X.25 Switch Recommended Training Path for CCNP and CCDP 11 Recommended Training Path for CCNP and CCDP The recommended training path for the Cisco professional level certifications is, of course, the instructor-led courses: • Building Scalable Cisco Networks (BSCN) —The BSCN class covers the advanced routing protocols and the scaling issues involved with a large routed network with multiple protocols. • Building Cisco Multilayer Switched Networks (BCMSN) —The BCMSN class covers the switch infrastructure and the configuration in a large network environment. • Building Cisco Remote Access Networks (BCRAN) —The BCRAN class covers the dial-up and RAS issues involved in large scale remote access designs and implementations. After these courses, the CCNP requires Cisco Internetwork Troubleshooting as the final course. The CCDP requires Cisco Internetwork Design as the final course. Chapter 9, “Frame Relay Connection Controlling Traffic Flow” Frame Relay Operations, Frame Relay Signaling, Configuring Frame Relay, Verifying Frame Relay Operations, Frame Relay Subinterfaces Overview, Configuring Frame Relay Subinterfaces, Frame Relay Traffic Shaping Overview and Terminology, Configuring Traffic Shaping, and Verifying Frame Relay Traffic Shaping Chapter 10, “Managing Network Performance with Queuing and Compression” Choosing a Queuing Method, Weighted and Priority Fair Queuing, Custom Queuing, Verifying Queuing Operations, Optimizing Traffic Flow with Data Compression, and Configuring Data Compression Chapter 11, “Scaling IP Addresses with NAT” NAT Overview and Terminology, NAT Operations, NAT Overloading, NAT Load Balancing, NAT Overlapping Addresses, Configuring, Verifying and Troubleshooting NAT, PAT Porthandler Operation, and Configuring and Monitoring PAT Chapter 12 “Using AAA to Scale Access Control in an Expanding Network” Overview of Cisco Access Control Solutions, Understanding and Configuring Authentication, Authorization and Accounting (AAA), and Using AAA with Virtual Profiles Table 1-3 CCNP/CCDP Remote Access Exam Topics (Continued) Chapter Topics 12 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification The previously listed courses are the recommended training events for passing the exams for the CCNP or CCDP track. However, as Cisco evolves the testing, the tests might not necessarily correlate to the given class. In other words, the tests can cover material that is germane to the material in the class but that might not have been covered per se. In essence, Cisco is looking for each test to be less a fact-stuffing event and more a gauge of how well you know the technology. Figure 1-1 illustrates the training track for CCNP and CCDP, as of September 2000. Figure 1-1 CCNP/CCDP 2.0 Training and Exam Track CCNP Prerequisites or or Recommended Training Select An Exam Path CCNA Certification Building Scalable Cisco Networks (BSCN) Building Cisco Multilayer Switched Networks (BCMSN) Building Cisco Remote Access Networks (BCRAN) BCMSN E-Learning Edition BCRAN E-Learning Edition Cisco Internetwork Troubleshooting (CIT) Single Exam Path Foundation Exam Path Routing 640-503 Switching 640-504 Remote Access 640-505 Support 640-506 Foundation 2.0 640-509 Support 640-506 CCDP Prerequisites or or Recommended Training Select An Exam Path CCNA Certification Building Scalable Cisco Networks (BSCN) Building Cisco Multilayer Switched Networks (BCMSN) Building Cisco Remote Access Networks (BCRAN) BCMSN E-Learning Edition BCRAN E-Learning Edition Cisco Internetwork Design (CID) Single Exam Path Foundation Exam Path Routing 640-503 Switching 640-504 Remote Access 640-505 CID 640-025 Foundation 2.0 640-509 CID 640-025 CCDA Certification How to Use This Book to Pass the Exam 13 How to Use This Book to Pass the Exam There are five sections in each chapter: a short pre-assessment quiz, the main topics of the chapter, a summary of the key points of the chapter, a test to ensure that you have mastered the topics in the chapter, and finally (when applicable), a scenario section with scenario-related questions and exercises. Each chapter begins with a quiz, which is broken into “quizlets.” If you get a high score on these quizlets, you might want to review the “Foundation Summary” section at the end of the chapter and then take the chapter test. If you score high on the test, you should review the summary to see if anything else should be added to your crib notes for a final run-through before taking the live test. The “Foundation Summary” section in each chapter provides a set of “crib notes” that can be reviewed prior to the exam. These notes are not designed to teach, but merely to remind the reader what was in the chapter. Each “Foundation Summary” section consists of charts and raw data that complement an understanding of the chapter information. If you score well on one quizlet, but low on another, you are directed to the section of the chapter corresponding to the quizlet on which you scored low. You’ll notice that the questions in the quizlet are not multiple-choice in most cases. This testing format requires you to think through your answer to see if the information is already where you need it—in your brain! If you score poorly on the overall quiz, it is recommended that you read the whole chapter because some of the topics build on others. At the end of most chapters are scenarios that require a compilation of all information in the chapter to complete. Much like an English teacher requiring you to write a sentence using a newly learned word because the word is no good if it cannot be applied, the scenarios provide an opportunity to apply the chapter data. All quizlet and end-of-chapter questions, with answers, are in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A.” These conveniently located questions can be read and reviewed quickly prior to taking the live test. The CD has testing software, as well as many additional questions similar to the format of the Remote Access exam. These questions should be a valuable resource when making final preparations for the exam. Anyone preparing for the Remote Access exam can use the guidelines at the beginning of each chapter to guide his or her study. However, if you would like some additional guidance, the final parts of this chapter give additional strategies for study, based on how you have prepared before buying this book. So, find the section that most closely matches your background in the next few pages, and then read some additional ideas to help you prepare. There is a section for the reader who has passed other CCNP exams and is ready for the Remote Access Exam, one for the reader who has passed the CCNA and is starting the CCNP track, and one for the reader that has no Cisco certifications and is starting the CCNP track. 14 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification One Final Word of Advice The “Foundation Summary” section and your notes are your “crib note” knowledge of Remote Access. These pieces of paper are valuable when you are studying for the CCIE or Cisco recertification exam. You should take the time to organize them so that they become part of your paper “long term memory.” Reviewing information that you actually wrote in your own handwriting is the easiest data to put back into your brain RAM. Gaining a certification but losing the knowledge is of no value. For most people, maintaining the knowledge is as simple as writing it down. You Have Passed Other CCNP Exams and Are Preparing for the Remote Access Exam Scenario 1: You Have Taken the BCRAN Course Because you have taken other Cisco exams and have taken the BCRAN course, you know what you are up against. The Remote Access exam is like all the others. The questions are “Sylvanish” and the answers are sometimes confusing if you read too much into them. The best approach with this book is to take each chapter “Do I Know This Already?” quiz and focus on the parts that draw a blank. It is best not to jump to the final exam until you have given yourself a chance to review the entire book. You should save it to test your knowledge after you have mentally checked each section to see that you have an idea of what the whole test could be. Remember that the CD testing engine spools out a sampling of questions and might not give you a good picture the first time you use it; the test engine could spool a test that is easy for you, or it could spool one that is very difficult. Before the test, make your own notes using the “Foundation Summary” sections and your own handwritten notes. Writing something down, even if you are copying it, makes it easier to remember. Once you have your bank of notes, study them, and then take the final exam three or four times. Each time you take the test, force yourself to read each question and each answer, even if you have seen them before. Again, repetition is a super memory aid. Scenario 2: You Have NOT Taken the BCRAN Course Because you have taken other Cisco exams, you know what you are up against in the test experience. The Remote Access exam is like all the others. The questions are “Sylvanish,” and the answers are sometimes confusing if you read too much into them. The best approach with this book, because you have not taken the class, is to take each chapter’s “Do I Know This Already?” quiz as an aid for what to look for as you read the chapter. Once you have completed a chapter, take the end-of-chapter test to see how well you have assimilated You Have Passed the CCNA and Are Preparing for the Remote Access Exam 15 the material. If there are sections that do not seem to gel, you might want to consider buying a copy of the Cisco Press book Building Cisco Remote Access Networks , which is a hard copy of the material found in the BCRAN course. Once each chapter has been completed, you should go back through the book and do the scenarios to verify that you can apply the material you have learned. At that point, you should then use the CD testing engine to find out where you are in your knowledge. Before the test, make notes using the “Foundation Summary” sections and your own additions. Writing something down, even if you are copying it, makes it easier to remember. Once you have your bank of notes, study them, and then take the final practice exam on the CD testing engine three or four times. Each time you take the test, force yourself to read each question and each answer, even if you have seen them before. Again, repetition is a super memory aid. You Have Passed the CCNA and Are Preparing for the Remote Access Exam Scenario 1: You Have Taken the BCRAN Course Because you have taken other Cisco exams and have taken the BCRAN course, you know what you are up against. The Remote Access exam is like all the others. The questions are “Sylvanish,” and the answers are sometimes confusing if you read too much into them. The best approach with this book is to take each chapter’s “Do I Know This Already?” quiz and focus on the parts that draw a blank. It is best not to jump to the final exam until you have given yourself a chance to review the entire book. Save the final to test your knowledge after you have mentally checked each section to see that you have an idea of what the whole test could be. The CD testing engine spools out a sampling of questions and might not give you a good picture the first time you use it; the test engine could spool a test that is easy for you, or it could spool one that is very difficult. Before the test, make your own notes using the “Foundation Summary” sections and your own additions. Writing something down, even if you are copying it, makes it easier to remember. Once you have your bank of notes, study them, and then take the final practice exam on the CD testing engine three or four times. Each time you take the test, force yourself to read each question and each answer, even if you have seen them before. Again, repetition is a super memory aid. 16 Chapter 1: All About the Cisco Certified Network Professional and Design Professional Certification Scenario 2: You Have NOT Taken the BCRAN Course Because you have taken other Cisco exams, you know what you are up against from the perspective of the test experience. The Remote Access exam is like the others. The questions are “Sylvanish,” and the answers are sometimes confusing if you read too much into them. The best approach with this book, because you have not taken the class, is to take each chapter’s “Do I Know This Already?” quiz to determine what to look for as you read the chapter. Once you have completed a chapter, take the end-of-chapter test to see how well you have assimilated the material. If there are sections that do not seem to gel, you might consider buying a copy of the Cisco Press book Building Remote Access Networks , which is a hard copy of the material found in the course. Once each chapter has been completed, you should go back through the book and do the chapter scenarios to see that you can apply the material you have learned. At that point, you should then use the CD testing engine to find out where you are. Before the test, make your own notes using the “Foundation Summary” sections and your own additions. Writing something down, even if you are copying it, makes it easier to remember. Once you have your bank of notes, study them, and then take the final practice exam on the CD testing engine three or four times. Each time you take the test, force yourself to read each question and each answer, even if you have seen them before. Again, repetition is a super memory aid. You Have Experience and Want to Skip the Classroom Experience and Take the Remote Access Exam Scenario 1: You Have CCNA Certification Because you have taken other Cisco exams, you know what you are up against in the test experience. The Remote Access exam is like the others. The questions are “Sylvanish,” and the answers are sometimes confusing if you read too much into them. The best approach with this book, because you have not taken the course, is to take each chapter’s “Do I Know This Already?” quiz to determine what to look for as you read the chapter. Once you have completed a chapter, take the end-of-chapter test to see how well you have assimilated the material. If there are sections that do not seem to gel, you might want to buy a copy of the Cisco Press book Building Remote Access Networks , which is a hard copy of the material found in the course. Once each chapter has been completed, you should go back through the book and do the chapter scenarios to see if you can apply the material you have learned. At that point, you should use the CD testing engine to find out where you are. You Have Experience and Want to Skip the Classroom Experience and Take the Remote Access Exam 17 Before the test, make your own notes using the “Foundation Summary” sections and your own additions. Writing something down, even if you are copying it, makes it easier to remember. Once you have your bank of notes, study them, and then take the final practice exam on the CD testing engine three or four times. Each time you take the test, force yourself to read each question and each answer, even if you have seen them before. Again, repetition is a super memory aid. Scenario 2: You DO NOT Have a CCNA Certification Why don’t you have the certification? The prerequisite for the CCNP certification is to be certified as a CCNA, so you really should pursue your CCNA certification before tackling the CCNP certification. Beginning with the Remote Access exam gives you a skewed view of what is needed for the Cisco Professional certification track. That being said, if you must pursue the certifications out of order, follow the spirit of the book. Read each chapter and then do the quiz at the front of the chapter to see if you caught the major points. After you have completed all 12 chapters, do the scenarios and see if you can apply the knowledge. Once that is done, try the test and pay particular attention to the Sylvan-way of testing so that you are prepared for the live test. Good luck to all! This chapter covers the following topics that you need to master as a CCNP: • Identifying Selection Criteria for Router Placement —This section addresses the questions raised when planning a Cisco network: Is the router going to be used at a central office facility, a branch office, or in support of telecommuters? What are the cost factors and how volatile is the proposed location? • Selecting a WAN Connection Type for Remote Access Purposes —The WAN connection type directly affects the current and future needs of the customer and influences his or her level of satisfaction. This section addresses the selection process. • Determining Site Requirements —The three sites described are central office, branch office, and the small office/home office (SOHO) or remote office (RO). The successful CCNP candidate should be aware of these sites and their associated requirements. • Hardware Selection —If the site requirements and the WAN connection options are fully considered, the selection of the right product becomes an outgrowth of the design. The Cisco product selection guide can easily narrow the product selection to a short-list with the information gleaned from the site, application uses, bandwidth needs, backup requirements, and so on. C H A P T E R 2 Cisco Remote Connection Products This chapter covers the selection of products for the central office, the branch office, and the SOHO or RO. The key is to know where product families fit, not to memorize individual product part numbers or codes. For instance, you can get by knowing the capabilities of the 3600 product family as compared to the 1600 product family, without getting into the granular details of either. The bulk of the information in this chapter leads the engineer to ask the right questions when embarking on a new design. The points to consider include the following: • Availability —The key question here is “Is there ISDN or DSL in my area, and can I get it?” Because we are talking about Remote Access, it is not a given that the service we might want is available. • Bandwidth —What speed is needed for the applications that will use the link? It is important that the bandwidth handle the client’s requirements. In general, clients who are extremely cost-conscience might look for solutions that are doomed to failure. • Cost —This is one of the final selection criteria for an implementation. You must explore all the WAN options available because costs can vary between regions. In general, cost is directly related to the bandwidth requirement. • Ease of management —Given any installation at any site, the cost of moves, adds, and changes should be factored into the design. CiscoWorks is a good choice for management software, but it is not your only choice. • Applications and traffic patterns —This can be the most difficult task; however, it is by far the most critical. For example, a remote law office repeatedly uploading and downloading thousand-page documents can require a different solution than a remote insurance agency that sends a few pages of client information and that accesses a SQL database. The traffic patterns and needs define the bandwidth requirement, which in turn drives the cost. • Backup needs and Quality of Service (QoS) —The need for backup links and QoS are important. For instance, what is the cost of downtime? If the cost is high, your high-speed Frame Relay circuit should be backed up by a low-cost ISDN line. Another consideration is the cost of loss of service if a dial link fails. If this happens, backup needs and costs should be weighed against the track record of the suppliers in the area for a given access technique. 20 Chapter 2: Cisco Remote Connection Products • Access control requirements —In implementations for Remote Access, security is a major consideration. Because the users are not “local” to the location, it is imperative that you consider access control. This can be as simple as a local username/password database or as complex as using an AAA server in a firewall environment. The core issue is knowing the volume of security needed and the sensitivity of the data. For example, Joe and Bob’s Tire Shop might require a simple password scheme for security, where Einstein’s Genetic Research Corporation would want an environment that provides more control. Cisco has categorized the locations in which a dial-up situation might be needed. These locations, central, branch, and remote/home office, are detailed in the following list: • Central office —A central site should provide room for growth so that remote or branch sites can be added without a wholesale change at the aggregation site or central office. Considerations for a central site should include which bandwidths are required by each remote or branch and the additional bandwidth needed for growth. The cost of WAN services is also a central office concern because it supplies the bulk of the bandwidth needed for the enterprise. In addition, security and access control are other concerns at the central site. • Branch office —A branch office is smaller than a central site and gives a presence to the company in a specific region. The branch office considerations involve connecting to the central site while knowing the value/cost ratio of the bandwidth. In addition, the availability of the central site connection should be considered. Is backup needed? Does dial-ondemand suffice for this connection? What kind of data will be transferred? Like the central site, costs need to be controlled in the branch office site, but money is not the overriding concern. • SOHOs and ROs —CCDPs implementing SOHOs and ROs are generally more costconscious because of the number of the offices in a given situation. The small SOHO or RO must have the capability to connect using the WAN service selected and available, but maintaining multiple unlike devices is not a good idea. For instance, it is best to use the 1600 family at all remotes sites, including the home sites, even if some sites don’t need that much power. The placement of unneeded power is balanced by the fact that the engineer must maintain only a few configuration plans. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. “Do I Know This Already?” Quiz 21 • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through writing facts and concepts down, even if you never look at the information again. • Use the diagram in Figure 2-1 to guide you to the next step. Figure 2-1 How to Use This Chapter “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide which parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter 22 Chapter 2: Cisco Remote Connection Products The six-question quiz helps you determine how to spend your limited study time. The quiz is sectioned into smaller “quizlets,” each of which corresponds to the four major topic headings in the chapter. Use the scoresheet in Table 2-1 to record your scores. 1 What are the selection criteria for selecting a router platform? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 2 Which of the following does not affect the installation of a router? a. availability b. reliability c. cost d. router port density e. security requirements f. bandwidth usage 3 In routing, what is meant by the term availability ? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Table 2-1 Scoresheet for Quizlets and Quiz Quizlet Number Foundation Topics Section Covered by These Questions Questions Score 1 Identifying Selection Criteria for Router Placement 1–2 2 Selecting a WAN Connection Type for Remote Access Purposes 3 3 Determining the Site Requirements 4 4 Hardware Selection 5–6 All questions 1–6 Router Selection Criteria for Remote Access Purposes 23 4 In routing, what is meant by the term reliability ? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 5 Name two important issues that you must consider when selecting a product for a SOHO. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 6 What product would you select for a central office facility that had to support three to five branch offices using Frame Relay circuits from 64–256 Kbps and that had 20–30 occasional dial-up users? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections,” on page 397. The suggested choices for your next step are as follows: • You correctly answered four or fewer questions overall —Read the chapter. This includes the “Foundation Topics,” “Foundation Summary,” and “Q&A” sections, as well as the scenarios at the end of the chapter. • You correctly answered five or more questions overall —If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section and the scenarios at the end of the chapter. Otherwise, move to the next chapter. Foundation Topics Router Selection Criteria for Remote Access Purposes The selection of a hardware product for Remote Access usage is an art form to some extent, and the biggest router possible is not always the best router. For instance, information gathered about the site is also critical. 24 Chapter 2: Cisco Remote Connection Products Generally speaking, the information you must consider to select the appropriate piece of network hardware consists of the following: • Availability —Ask yourself if you can get the service in your area, and what are the geographic restrictions to this technology, who are service providers and what is the backhaul network or infrastructure that will carry your data past the last mile? Availability is the most critical criterion for many out-of-the-way ROs and SOHOs. Remember that telecommuting from a ranch in Big Bend might sound fantastic, but determining the modes of communication that are available is the key consideration behind the implementation. • Reliability and QoS —Will voice or video be added at a later time? How critical is the traffic? If it is a brokerage house or online banking institution, the aspect of reliability may override all other factors. If it is a local tire shop, which checks inventory at the warehouse, the reliability of the link may not be mission critical. The loss of this link during a bad storm or local power outage may be a minor concern to the tire shop. If there is no local power then you probably can’t install any tires anyway. Is a backup link needed? Is the link critical enough to warrant backup services for it? If you are a home user and you lose your phone or ISDN service do you need a backup? • Cost —WAN fees must be paid every month. This parameter is the driving force behind many decisions, as it should be. The Cisco DDR feature enables the WAN link to be present when interesting traffic, as defined by the administrator or customer, warrants it. The bandwidth-on-demand (BoD) feature is another method to reduce WAN costs but maintain speed. • Security requirements and access control —Today many companies are embracing the idea of e-commerce. Consumers, customers, and outsiders are given access to different parts of the internal corporate network. To protect the internal network, you should know what type of control is in place, what type can be put in place, and how much each type costs. A small biotechnical research firm, whose only asset is the information on the network, might be willing to expend a great deal of effort to ensure protection. On the other hand, a small tire shop might be willing to expend only a small amount. • Bandwidth usage — Speed is a better way to describe this issue. You should know how much information can be received and how much must be received. Not enough bandwidth leads to congestion and frustration for the SOHO, RO, or branch office. In fact, too little bandwidth can be the same as none. • Ease of management —Any solution must be palatable to the customer. If the administrative overhead of a solution outweighs the viability of the solution it may be more costly. A solution that continually needs to be fixed, upgraded, changed, or tweaked is a poor choice in terms of time. On the other hand, any solution that is totally free from management worries generally costs too much. The issue is to offer the right management solution for each situation. Selecting a WAN Connection Type for Remote Access Purposes 25 • Application traffic —You should know the type of traffic that is carried on the link. Is the link primarily used for file transfer or email? What are the packet sizes? What type of delay is acceptable? For example, if a file transfer takes two seconds over a LAN but ten minutes over a WAN link, is this acceptable? Application traffic and the actions of your customers are critical to your decision. Once each piece of information has been gathered, router selection is easy because knowing what needs to be done and how much has to be done by the router helps you select the right router for the job. Much of the information in the previous bulleted list could be considered common sense; however, many consumers of WAN technology buy a big router because it is better than a small router. The cost of any networking equipment is small compared to the monthly cost to maintain the WAN service. The decision process should focus strictly on the usage and needs. This section discussed that there is no one answer to what a customer needs. Each installation and each design is unique to the situation that is being solved. The value-added reseller (VAR) or integrator must focus on the business of the customer rather than the business of selling the same router to each customer. Selecting a WAN Connection Type for Remote Access Purposes Once you define customer needs, you must select carrier technology to support the applications that are identified. For Remote Access, the choices (in descending order of speed and control) are as follows: • Leased line —A leased line gives the consumer complete control of the facility in terms of what data is to be put on it. The customer effectively owns the bandwidth of the link. This ownership offers high security and control to the customer; however, this is probably the highest cost solution available. Although lease facilities with very high data rates (up to multiple megabit) can be obtained, the issue is how much bandwidth, and at what cost, the consumer is willing to purchase. • Frame Relay —Frame Relay service probably carries the majority of business circuits in the United States. With this service, the customer somewhat controls the resources being used by specifying a Committed Information Rate (CIR) or guaranteed rate of delivery. The Frame Relay provider, however, controls the latency or delay through the network, and speed is a function of the provider’s offerings. Speeds can range up to multiple megabit transfer rates; however, they are generally available only up to T1 (1.544 Mbps). With Frame Relay, the issue of cost is lessened because many companies share the circuits. 26 Chapter 2: Cisco Remote Connection Products • ISDN —Integrated Services Digital Network (ISDN) offers more bandwidth than a simple dial-up link; however, it is a circuit-switched connection and is subject to availability of the remote end. The control of the circuit is given over to the provider. Speed for ISDN is limited to 128 Kbps for a remote user using a Basic Rate Interface (BRI). • Asynchronous dialup —Simple modem connectivity such as asynchronous dialup is sometimes all that is needed for communication. Speeds are limited to 53 kbps or slower, depending on the type of connection and the modem being used. Dialup is the most inexpensive of all communication methods and is available almost everywhere. Once you settle on the criteria of need and availability, your next step is to determine the requirements for installing the hardware at various sites. Determining the Site Requirements In general, each company site can be placed into one of three categories: central, branch, or SOHO or RO. Each type of site provides different opportunities for growth. The sections that follow provide insight into which platforms would be used at each site. Central Site Installations If the installation is taking place in a central or corporate headquarters site, room for growth should be a strong consideration. Room for growth is important because remote or branch sites can be added or deleted over time and the hardware platform should be flexible so that a “forklift” upgrade is not needed every time a change in corporate strategy occurs. Decisions for the central office should include evaluation of speeds and feeds. The speeds should be sufficient to aggregate the information flows from the branch and remote sites. With speeds, cost is a major consideration because the recurring WAN charges are the dominant cost factor. In fact, hardware costs pale in comparison to the ongoing costs for WAN charges. Firewalls and access control (feeds) are also top considerations because the central site must maintain and enable outside communication, but protect against unauthorized access. Branch Office Installations If the installation is to be done in a branch office, there is less need for flexibility than with the central site. This does not mean that a fixed configuration device is acceptable, however. It still might be more palatable for the router to contain enough ports for expansion. Branch office support generally includes access to smaller single function remote offices or remote users. Considerations at the branch office include the WAN connection type and the monthly costs. Additionally, the branch office must be able to authenticate itself to the central site. Hardware Selection 27 The issue of availability is another critical factor in the branch office. You must know how often and how long a connection will be needed and if a backup is necessary. The central office generally uses links that are always available or highly reliable, whereas the branch office might not want to pay for that reliability. Remote Office or Home Office Installations An installation at either of these locations is likely to have a fixed function device that was chosen with cost as a main factor. Once the election of the access method is made, it is unlikely to change in the near term. The traffic or data that exits the RO or HO can usually be categorized very neatly. An example of this categorization would be a remote salesperson who must gain download corporate pricing and upload sales data and email. The overriding consideration at these offices is generally cost. In addition, the RO must maintain a method for authentication to the branch or central site and justify the connection time to a central or branch office. In general, these offices would use a dial-on-demand methodology to minimize WAN charges. Hardware Selection When the research is done and the location is selected, the last step is to select a router that meets the specifications created. Cisco is continually updating the product line for all types of WAN scenarios. The best way to stay current with the offerings available for RAS solutions is at the Cisco web site at www.cisco.com. The products in the following section represent some of the current offerings for Remote Access environments. The successful CCNP or CCDP candidate should be aware of the capabilities and limitations of each product family and where the devices from each family can be implemented. Product Families: Capabilities and Limitations The Cisco 700 series family of routers supports IP and IPX routing over ISDN. Routers from this family have no scalability for adding ports and were designed for ROs and SOHOs. 28 Chapter 2: Cisco Remote Connection Products A 700 series router is an inexpensive ISDN access device. Figure 2-2 illustrates a Cisco 700 series router. Figure 2-2 Cisco 700 Series Router The Cisco 800 series family of routers is the lowest priced entry-level router that runs the IOS software. Because the base operating system for the 800 series router is the same as for the higher end router platforms, this platform enables the corporate staff to use the same language to configure the remote device. The Cisco 800 series router is ideal for the RO or SOHO. The WAN options for the 800 series are the same as for the 700 series. Figure 2-3 illustrates a Cisco 800 series router. Figure 2-3 Cisco 800 Series Router One of the older device families, the Cisco 1000 series family of routers provides either ISDN or serial connections for the branch office or RO. A router from this family can be used for X.25 or Frame Relay and is sometimes called an end-node router. The key feature of this router family is that it provides an expanded set of WAN options. It is a fixed configuration router, so the selection of the WAN option must be made prior to purchase. Hardware Selection 29 Figure 2-4 shows a Cisco 1000 series router. Figure 2-4 Cisco 1000 Series Router The Cisco 1600 series is relatively new and offers a modular construction that enables the WAN interfaces to be changed by the customer as needed. The WAN cards in a 1600 series router can be shared with routers from the 2600 and 3600 router series. This enables the maintenance of only a small set of hot-spare boards. The 1600 uses the trademark IOS and is generally positioned at a branch office site and not at a RO or SOHO. Figure 2-5 illustrates a Cisco 1600 series router. Figure 2-5 Cisco 1600 Series Router The Cisco 2500 router series is the oldest router platform mentioned so far. A router from this series is a fixed configuration router that offers a wide range of options for the branch or central office. This router series is not modular. If a different port configuration is needed, a new 2500 is required. 30 Chapter 2: Cisco Remote Connection Products Figure 2-6 illustrates a Cisco 2500 series router. Figure 2-6 Cisco 2500 Series Router The Cisco 2600 series router is replacing the current 2500 router due to its flexibility with the WAN card design. The 2600 can support many different hardware configurations in a single chassis. In fact, the customer can mix and match both LAN and WAN resources by simply changing boards on the chassis. The 2600 series router is generally positioned in a branch office site or small central facility. Figure 2-7 illustrates a Cisco 2600 series router. Figure 2-7 Cisco 2600 Series Router The Cisco 3600 series provides two, four, or six module slots, depending on the model. The 2600 series router provides only two. A 3600 series router is considered a central office piece of equipment because the flexibility and port density are so high. Figure 2-8 illustrates a Cisco 3600 series router. Figure 2-8 Cisco 3600 Series Router Hardware Selection 31 The Cisco 4500 and 4700 series router models are being eclipsed by the 3600; however, they are still viable products. The 4500 and 4700 series provide a modular design similar to the 3600 and are intended for large regional offices and central office facilities that require a high rate of throughput. Figure 2-9 illustrates the Cisco 4xxx series router. Figure 2-9 Cisco 4xxx Series Router The Cisco AS5000 series routers (specifically, the 5200 and 5300 routers) provide a high port density and are typically found at an Internet service provider’s (ISP) Point-of-Presence (POP). The AS5000 chassis incorporates the functions of modems, switches, routers, and channel banks into a single platform. In addition, the AS5000 series can support serial, digital, ISDN, and asynchronous access through a single physical interface. This support of mixed media makes this router very useful for a central office environment in which many different branch offices and ROs must be supported. Figure 2-10 illustrates a Cisco AS5300 series router. 32 Chapter 2: Cisco Remote Connection Products Figure 2-10 Cisco AS5300 Series Router The Cisco 7200 series router is used in a RAS environment. The 7200 series can provide a central site with many high-speed interfaces in which many branch offices can be aggregated. Figure 2-11 shows several Cisco 7200 series routers. Figure 2-11 Cisco 7200 Series Router The preceding router descriptions represent much of the Cisco product line. To properly install this equipment, you should consult Cisco’s web site (www.cisco.com) to gain the most up-todate information. Although it is possible to review the entire suite of Cisco products before making a product decision for an installation, to do so would be time consuming. To help with the selection task, you should use the Cisco Product Selection Tool, which is available on CD-ROM and Cisco’s web site. This tool enables the user to quickly narrow a selection to a small handful of router platforms by paring down the Cisco product line so that only the router platforms that match the search criteria are displayed. Hardware Selection 33 In addition to using the Product Selection Tool, the customer or consumer can simply provide the requirements to a Cisco-certified VAR or to a Cisco sales engineer and ask which products satisfy the requirements. This advice might sound a bit trite, but Cisco is truly focused on ensuring that the right solution is provided in every instance in which their products are used. The emphasis that Cisco has placed on the certification process for their VARs is just one piece of evidence that supports this statement. 34 Chapter 2: Cisco Remote Connection Products Foundation Summary The section is a collection of information that provides a convenient review of many key concepts in this chapter. For those of you already comfortable with the topics in this chapter, this summary could help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For any of you doing your final preparation before the exam, these tables and figures will hopefully be a convenient way to review the day before the exam. The selection of router products should be based on the following criteria: • Availability • Bandwidth • Cost • Ease of management • Applications and traffic patterns • Backup needs and QoS • Access control requirements In general, each company site can be placed into one of three categories: central, branch, or remote. Table 2-2 outlines considerations for each type of site. Table 2-2 Site Considerations Site Major Considerations Central Cost of WAN services Bandwidth growth Flexibility Access control Branch WAN availability Backup needs Ease of management Application traffic patterns RO or SOHO Cost of equipment Ease of management Foundation Summary 35 Table 2-3 Router Model Usage Location Table Router Model Site Usage Notes 700 Home office Inexpensive ISDN access router 800 Remote office/Branch office IOS software; ISDN access router 1000 Remote office/Branch office ISDN/serial LAN extender 2500/2600 Branch office Medium flexibility with mid-range cost; supports a variety of LAN/WAN technologies 3600 Central office High-flexibility, high-cost modular configuration that supports any office configuration 5000 Central office Specifically targeted at high-density RAS sites that support a large number of dial-up users over both analog and ISDN lines 7000 Central office Provides high-powered, high-cost, core router functionality Table 2-4 WAN Connection Options Table Method Speeds Notes Leased Lines All speeds High control; high bandwidth Up to T1/T3 High-cost, enterprise network usage Frame Relay Up to T1 speed Medium-control, shared-bandwidth, branch office usage X.25 Up to T1 speed Low-control shared bandwidth that is generally considered to be old technology ISDN PRI-T1 speed; BRI-128 kbps Low-control shared bandwidth that is faster than asynchronous dialup Asynchronous Up to 53 kbps Low control and variable cost that is effective for limited usage environments 36 Chapter 2: Cisco Remote Connection Products Q&A The questions and scenarios in this book are more difficult than what you will experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than enabling you to derive the answer from clues hidden inside the question itself, the questions challenge your understanding and recall of the subject. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, mastering these questions will help you limit the number of exam questions on which you narrow your choices to two options and then guess. The answers to these questions can be found in Appendix A, on page 397. 1 What are the selection criteria for selecting a router platform? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 2 Which of the following does not affect the installation of a router? a. availability b. reliability c. cost d. router port density e. security requirements f. bandwidth usage 3 Of the 3600, 4800, 5300, and 7100 series routers, which provides a high dial-up port density for an ISP? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Q&A 37 4 Which of the following statements is true? a. All interface cards used in the 2600 can be used in the 1600. b. All interface cards used in the 1600 can be used in the 2600. c. All interface cards used in the 3600 can be used in the 1600. d. All interface cards used in the 3600 can be used in the 2600. 5 In routing, what is meant by the term availability? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 6 In routing, what is meant by the term reliability? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 7 Backup is a consideration when looking at which of the following criteria: availability, reliability, traffic patterns, or QoS? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 8 What WAN connection method affords the most control for the consumer? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 9 Name two important issues in the selection of a product for a SOHO. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 38 Chapter 2: Cisco Remote Connection Products 10 What WAN methods offer the least control to the customer? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 11 What product would you select for a central office facility that had to support three to five branch offices using Frame Relay circuits from 64–256 Kbps and that had 20–30 occasional dial-up users? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 12 What router would be appropriate for a SOHO user who is using ISDN and who is very cost-conscious? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 13 A branch office must connect to the central site over Frame Relay at 64 kbps. No growth is expected for the next two years, at which time Frame Relay connectivity for two satellite sites will be added at 64 kbps. What router platform would you recommend? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 14 The administration is considering supplying routers for all their ISDN dial-up users. The network administrators are comfortable with the IOS and must implement the dialup for 20 users over the next few months. What equipment would you propose for the central office and the SOHOs? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Scenario 2-2 39 Scenarios The following scenarios and questions are designed to draw together the content of the chapter and exercise your understanding of the concepts. There is not necessarily a right answer. The thought process and practice in manipulating each concept in the scenario is the goal of this section. Scenario 2-1 You have decided to use a 3640 router for the central office to support 15 dial-up users and two Frame Relay connections attached to your corporate Ethernet. 1 What modules would be needed for your router? 2 Would you offer BoD to your dial-up users? 3 How can you offer ISDN dial-up service? Scenario 2-2 You provide leased-line connectivity (T1s) from your central office to three branch offices that supply time-critical information for your customers. In addition, the central site maintains an ISP connection for the branch office users to do research. The branch office has less than 10 users who constantly upload small files to the corporate data warehouse. In addition, they use the leased line for e-mail and Web surfing. 1 What backup plans would you consider? 2 What controls might you place on the backup links? 3 What router would you recommend for the branch offices? 40 Chapter 2: Cisco Remote Connection Products Scenario Answers The answers provided in this section are not necessarily the only possible correct answers. They merely represent one possibility for each scenario. The intention is to test your base knowledge and understanding of the concepts discussed in this chapter. Should your answers be different (as they likely will be), consider the differences. Are your answers in line with the concepts of the answers provided and explained here? If not, go back and read the chapter again, focusing on the sections related to the problem scenario. Scenario 2-1 Answers 1 An Ethernet module, a channelized T1, a MICA modem bank, and a multiport serial card are recommended. The Ethernet module provides connectivity to the local LAN. The T1 and MICA bank fulfill the dial-up needs, and the serial card enables Frame Relay. 2 Given the fact that you have 24 channels and 15 occasional dial-up users, multilink or BOD should be considered to improve the service. 3 The question should be “How can I offer analog service?” because MICA modems require analog service. This question requires you to think about how termination is done for both analog and digital in the same device. Scenario 2-2 Answers 1 ISDN would be a good choice because of the higher speed. You might consider making sure that the service is divergent into your branch office so that if the frame fails due to a “back-hoe attack,” the ISDN line has a chance of being uninterrupted. 2 Access control is a major issue. If the primary link fails, the backup link should block all noncritical traffic such as HTTP so that the mission critical information is not lost. It is assumed that the reason for the T1 is that the bandwidth is needed. If an ISDN BRI is used for backup, the highest possible link would be 128 kbps, hence the need for strict control. 3 A 1600 router should be sufficient, although a 2600 router would also work. Given the fact that there are only three remotes, you might want to go with the 1600 router and buy two for each location so that in the event of a hardware failure, a hot swap could be done. This chapter covers the following topics that you need to master as a CCNP: • Choosing WAN equipment—This section discusses the basic guidelines behind the selection of routers for specific deployments. • Assembling and cabling the equipment—This section goes over some of the possible types of physical connections that can be necessary for individual deployments. • Verifying the installation—This section explains how to confirm the physical connectivity of the WAN devices. C H A P T E R 3 Assembling and Cabling the WAN Components The CCNP Remote Access Exam requires you to have an in-depth understanding of various WAN technologies. This chapter focuses on the cabling requirements of various technologies. Although individual WAN topologies can require specific cabling variances and Frame Relay implementations require little or no variance from implementations of High-Level Data Link Control (HDLC), the physical cabling is virtually identical. However, other technologies can have different requirements depending on the location (internal or external) of WAN devices, such as CSU/DSU’s or NT1’s. This chapter explores the basics behind racking and cabling the remote access devices discussed in this book. The discussion in this chapter focuses on routers. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through down writing facts and concepts, even if you never look at the information again. • Use the diagram in Figure 3-1 to guide you to the next step. 44 Chapter 3: Assembling and Cabling the WAN Components Figure 3-1 Do I Know This Already? “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The six-question quiz helps you make good choices about how to spend your limited study time. The quiz is sectioned into smaller, two-question “quizlets,” each of which corresponds to the three major topic headings in the chapter. Use the scoresheet in Table 3-1 to record your scores. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter “Do I Know This Already?” Quiz 45 1 Which router is best used as a central site router: 2611, 3640, or 1004? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 Which router best serves as a small office or home office (SOHO) router for telecommuters: 7200, 700, or 7500? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 3 Which WAN technology is best suited for providing high-density dial-up access for remote users? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 4 Which WAN technology is best suited for variable bandwidth (low-speed to high-speed) deployments that enable the connection of multiple branch offices to a central site? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 5 What does a green LINK LED signify on an Ethernet interface? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ Table 3-1 Scoresheet for Quizlets and Quiz Quizlet Number Foundation Topics Section Covered by These Questions Questions Score 1 Choosing WAN Equipment 1–2 2 Assembling and Cabling the equipment 3–4 3 Verifying the Installation 5–6 All questions 1–6 46 Chapter 3: Assembling and Cabling the WAN Components 6 On a 1600 router, what is the CD LED? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A,” on page 397. The suggested choices for your next step are as follows: • You correctly answered four or fewer questions overall—Read the chapter. This includes the “Foundation Topics,” “Foundation Summary,” and “Q&A” sections, as well as the scenarios at the end of the chapter. • You correctly answered one or fewer questions on any quizlet—Review the subsections of the “Foundation Topics” part of this chapter, based on the information that you entered in Table 3-1. Then move into the “Foundation Summary” and “Q&A” sections and the scenarios at the end of the chapter. • You correctly answered five or more questions overall—If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section and the scenarios at the end of the chapter. Otherwise, move to the next chapter. Foundation Topics 47 Foundation Topics The discussions in this chapter revolve around a fictitious, albeit typical, network topology. Figure 3-2 depicts that topology. Figure 3-2 Network Topology for Chapter Discussion Figure 3-2 depicts a number of technologies in the network. These technologies (ISDN, Frame Relay, X.25, and so on) are discussed in this book at various times and are not discussed in this chapter. You must understand the concepts and components involved in properly connecting WAN devices. Frame Relay, ISDN (BRI and PRI), and other Layer 2 technologies are necessary implementation in your WAN deployment. Choosing the proper technology is a decision that is based on the goals of the network at each step. The goals of the network must be laid out ahead of time. Some of the questions you should consider include • What do you wish to gain from this specific deployment? • How many users must it support? • How much bandwidth is necessary to support the applications in use at each site? • Which router model(s) support the needs of the site? Central site Cisco 3600 1.544 Mbps ISDN BRI ISDN BRI Cisco 1700 Branch Office B 256 kbps 64 kbps Branch Office A Cisco 1700 ISDN/Analog Frame Relay 48 Chapter 3: Assembling and Cabling the WAN Components • Has future growth been taken into account? • Will the selected WAN components support an upgrade, or will a new component be necessary? Choosing WAN Equipment Once the goals of the network have been decided on, the hunt for proper equipment begins. Choosing the equipment that goes into each site is always an interesting endeavor. Vendors are contacted, and sales personnel visit and relentlessly tell you that their equipment is the best. Wisely, the decision is made to go with Cisco products (as if there were ever a doubt). Obviously, the needs of each individual site in Figure 3-2 vary. The next few sections focus on each site and its unique technological requirements. Central Site Router Selection The central site is usually the corporate office site and is also usually the largest of the sites. With this distinction comes the need for more diverse capabilities with regard to WAN connectivity. Many times, multiple technologies must be supported at this site, and all facets of the network must be supported. In addition, each of the branch offices connects back to the central site, and remote and/or mobile users need to be able to connect through telephone lines to the network. All of these needs must be supported from the central site. To do so, you must simultaneously deploy a number of technologies, such as Frame Relay, ISDN BRI/PRI (T1 or E1), asynchronous modems, network authentication, serial connections, bandwidth issues, and the list goes on. Many times the solution involves a combination of the options listed here, and then some. For serial connections as well as T1/E1 PRI, you should know that inside of North America, the customer (that is, your company) is responsible for providing a CSU/DSU for the installation of the network. For BRI connections, the customer must provide the NT1. Outside of North America, however, these devices are generally telco-provided. The issue of the point of demarcation (demarc) arises when setting up the central site. The demarc is the point at which responsibility for the line changes from the telco to customer or vice versa. The demarc is placed in the section of the premises at which the telephone equipment is installed. Many times, however, this is not the desired location of the router, so a choice must be made. Should you have the demarc extended, or extend it yourself? Usually, it’s much easier (although slightly more expensive) to have the telco installer extend the demarc for you. On the customer side of the demarc, the devices installed are known as customer premises equipment (CPE). Extending the point of responsibility transfer saves you a great number of headaches. Choosing WAN Equipment 49 Obviously, all the possibilities for a central site router cannot be discussed at this time. There are too many variables (and the exam doesn’t even touch on all of them anyway). However, you should know that many mid- to high-range routers, including WAN access and Access server routers, support multiple technologies and port densities for the central site router. In this chapter we discuss the 36X0, 4000, AS5X00, and 7200 series routers. Keep in mind that there are high-end routers, such as the 7500 series, 12000 series, and so on. However, these high-powered routers are beyond our scope at the moment. 3600 Router Series The 3600 series is a versatile family of routers; for variations of supported technologies, it is hard to beat. It is a multifunctional platform that enables routing of data, voice, video, and dial access capabilities in a single chassis. The 3600 series offers three chassis variants: 3620, 3640, and the new 3660. The 3620 has two module slots, the 3640 has four module slots, and the 3660 has six module slots. Each module slot can contain MICA modems for dial-in access, voice network modules for telephone connectivity directly to the router, and data network modules. The beauty of this series is that all these technologies can be implemented simultaneously in one chassis. All the interface components can be removed, serviced, and inserted without taking the chassis out of the rack. In addition, all the modules use spring screws that won’t detach from the component, so there is no more looking for that dropped screw. NOTE The modules for this router are not hot-swappable! You must turn off the power before inserting or removing any component. The 3620 probably is not the best choice for a central installation. Although it is a highly versatile and capable router, it simply doesn’t have the port density necessary for deploying a wide spectrum of technologies simultaneously. The 3640 and 3660 shine in their support of the varying technologies and speeds in the typical Enterprise deployment. These two models combine mix and match capabilities with the horsepower necessary to support a wide array of variables. For instance, these two routers can provide dial-up access (through MICA modem modules), ISDN, Frame Relay, and X.25 services in a single chassis. In any central site deployment, this type of flexibility is imperative. 50 Chapter 3: Assembling and Cabling the WAN Components 4000 Router Series The 4000 series is tried and tested. The routers in this series are established models. This router family makes use of Network Processing Modules (NPM) to implement different technologies. These individual cards can be mixed and matched to some degree for various technologies. LAN and WAN NPMs can be installed simultaneously at varying line speeds and encapsulations. Although this series is somewhat versatile, any changing of components requires the removal of the entire motherboard tray. Care should be taken here. Many 4000 routers have been destroyed at this point because although there is a handle on the tray that facilitates its removal, most people are not ready for the sudden weight change when the end of the tray clears the chassis and the whole thing drops. Newer 4000 chassis have a clip built in that stops the tray to get your attention; when the tray stops, you have to move the clip aside to continue removing the board. A router in the 4000 series is a good choice for a central site. However, the technological advances and added features of the 3600 series tend to make them more attractive. AS5X00 Router Series This family of routers is an Access Server line (hence the AS in the name). The available models in the line are the AS5200, the AS5300, and the AS5800. The series also includes a very highend model known as the AccessPath. It consists of a number of AS5300s operating together in a single integrated rack with a Catalyst switch collocated. The AS5X00 family of devices can provide carrier class service scalability as well as multiprotocol routing services. These devices are usually deployed in an ISDN installation to provide remote users dial-up access to internetwork resources. The AS5300 is Voice-over-IP capable with the proper line cards installed. This family of routers is designed to perform best in dial-up access environments. The routers offer high-density voice and data solutions. The AS5200 is an older model and is quickly being replaced by the AS5300. The AS5300 can terminate both digital and analog data calls. There are three slots in an AS5300. It supports four or eight T1/E1 ports in a single slot, with MICA modems or VOIP feature cards in the other two slots, which are typically PRI ports. With eight T1s, the incoming call volume can reach 192 calls (240 with E1s). With the other two slots populated with MICA modem blades, that capacity can easily be supported. For extremely high call volume, the AS5800 model is available. It can handle six 12-port T1/E1 trunk cards (72 T1/E1 ports). This means it can handle up to 1728 B channels at T1 or 2160 B channels at E1. This density enables hot sparing. The AS5800 model has the capability to support 10 MICA modem line cards, each of which is capable of handling 72 calls (720 total). With only 14 line card slots, it obviously cannot do both T1/E1 and MICA modem cards at the same time; however, this combination is very common. Choosing WAN Equipment 51 Inbound calls to an AS5800 router can be digital from another ISDN device or analog from a dial-up user. Therefore, this router is a good choice for central site dial-up facilities. In a mixed technology environment with multiple WAN technologies, this router probably isn’t the best choice, but for dial-up deployments, it’s hard to beat. 7200 Router Series This family of routers has been around for a while and represents a wide install base. These devices provide high-power core LAN/WAN routing capabilities as well as voice integration capabilities. ATM, ISDN, and circuit emulation services are just a few of the available options supported. If an AS5800 solution is being put in place, this router is absolutely necessary. It provides the router shelf function for the AS5800. Without the 7200, the AS5800 does not function. The 7200 has a six-slot chassis. The port modules can be mixed and matched for varying degrees of connectivity and bandwidth. The newer VXR version of the 7200 includes a TDM bus, which provides better performance than its predecessors. This router is a great choice for the central site, based on its flexibility and overall power. Branch Office Router Selection Branch office sites are the source of many debates when the time comes to connect them to the central site through a WAN implementation. The amount of bandwidth necessary to adequately support the site is a crucial factor in the decision-making process. The technology implemented to provide the necessary bandwidth is equally important. Consider a small branch office of three users with low bandwidth needs. ISDN BRI might be a good fit for the installation. However, what if the office grows to 20 users in a short time? At that point, the 128 kbps can be inadequate to support them, and ISDN BRI has no additional bandwidth to offer. If the bandwidth becomes inadequate, a technology and/or router change becomes necessary. However, the time and costs involved may not be feasible at the current time. Would adequate planning and an alternate choice of technology have prevented the issue? Yes, they may have prevented the issue, if there were any indication that this particular office was going to grow as it did. Overall, it’s sometimes a guessing game. This section of the chapter focuses on some router families that meet the needs of the small- to medium-sized branch office. These are the 1600, 1700, 2500, and 2600 series routers. Note that the 3620 can also be a good choice for the branch office, when flexibility is needed. However, it was discussed in the previous section and need not be revisited. 52 Chapter 3: Assembling and Cabling the WAN Components 1600 Router Series This family of routers is generally meant to extend networks to small offices. These routers are flexible in their physical configuration options, but cannot support high port densities. The 1600 has a small footprint (read: not rack mountable), so it fits just about anywhere in the wiring closet. If it is to be placed in a rack, it requires a shelf to sit on. All 1600 router implementations include one or two LAN ports and a single WAN port. For dedicated connectivity back to the central site, this router would provide a solid base. 1700 Router Series This router family is designed for the small- to medium-sized office. It can support one to four WAN connections and Ethernet or Fast Ethernet connectivity. It is quite similar in some regards to its 1600 router cousin. However, it tends to be a higher horsepower device. A 1700 series router is seen in some circles as the replacement to the 2500 series router. It can provide multiple WAN connections simultaneously and is a strong, stable router. It has a small footprint and is easy to work with. This flexibility and growth capacity make it an ideal choice for a small- to medium-sized branch office. If it is to be placed in a rack, it requires a shelf to sit on. 2500 Router Series The 2500 is the workhorse of the product line. Its chassis is arguably the most deployed router model in the world. It has a seemingly endless array of configuration options. Typically, 2500 series routers are mission-specific; that is, they are usually fixed configuration chassis. They can support almost any technology in some form or fashion. The 2500 is the most deployed router model in Cisco’s line. With the varying interface configurations it offers, it’s proven itself very valuable. Its downfall has been the introduction of devices with higher speeds and lower costs. It’s well known that this router works well in almost any situation. However, it may not work as quickly as its newer counterparts. If speed is the issue (as it usually is), the 1700 or 2600 probably are better choices. 2600 Router Series A cousin to the 3620 series, the 2600 series can support multiservice offerings of voice, video, and data in a single chassis. Analog or digital telephony are options for this box. Traditional LAN/WAN routing options are, of course, available as well. This router too is seen as a viable replacement for the 2500 series routers. It is rack mountable and flexible in its configuration. It combines high-speed processing capabilities with mix and match port types. Choosing WAN Equipment 53 For branch offices with integrated voice and data, the 2600 series router would be a good choice. However, in a data only environment, it cannot offer the port density necessary for a medium-sized branch office. Small Office/Home Office (SOHO) Router Selection This is a somewhat newly emerging market. The growing needs of the telecommuter are a very real aspect of today’s internetwork deployments. Cisco offers a couple options with regard to SOHO deployments. Depending on the company and the needs of the telecommuter, a 2500 or 2600 router could be utilized. However, Cisco’s 700, 800, and 1000 series routers can be a more manageable and ideal solution. 700 Router Series The options available here are the 760 or 770. These are primarily low-cost ISDN routers. It should be noted that although these routers are easily managed, they do not run the Cisco IOS. Therefore, the rules and methods of configuring other Cisco routers do not apply to this one. This could be a good thing or a bad thing, depending on the preferences of the person performing the configuration. Users who prefer the IOS command-line interface (CLI) may not like it as well because it does not respond to the same command structure. This router is well suited to SOHO use; however, it is limited to ISDN. If ISDN is not the technology of choice, this may not be the solution for you. The 700 router is addressed in detail later in this book. 800 Router Series The 800 series connects small offices and corporate telecommuters to the Internet or to a corporate LAN through ISDN, serial connections (Frame Relay, leased lines, X.25, or asynchronous dial-up), IDSL, and ADSL. It also enables customers to take advantage of valueadded services, such as differentiated classes of service, integrated voice/data, business class security, and virtual private networks (VPNs). The routers in the 800 series run the Cisco IOS and are a good choice if the needs of the SOHO include low port density with flexible WAN technology options. 1000 Router Series The 1000 router series is the LAN extender router series. Routers in this series run Cisco IOS Software and are capable of implementing technologies other than ISDN. The 1004 router is used with ISDN, and the 1003 router is used with Frame Relay. 54 Chapter 3: Assembling and Cabling the WAN Components The 1000 series routers provide a single LAN and a single WAN interface. The 1004 includes a single ISDN BRI (S/T or U) interface. The 1003 includes a single serial interface. The 1600 and 800 series routers are seen as replacements to the 1000 series because routers in the 1000 series are nearing their end of life. Assembling and Cabling the Equipment There are a number of types of physical connectivity options available based on the technologies being implemented. This section touches on the basics behind these connections. Much of what this section holds is review for most people with any significant time in the industry. For more in depth information regarding physical connectivity, pinouts for individual cables, and other requirements, check out www.cisco.com. Available Connections For this section, refer to Figure 3-3, which represents a number of technologies. Note that if all the labels are removed from the figure, the various connectivity possibilities become numerous. Figure 3-3 Connection Types Windows 95 PC Cisco 700 Ethernet PC modem SOHO Site RJ-11 BRI (RJ-45) RJ-11 Modem Serial RS232 Central site Cisco 36x0 Ethernet Serial V.35, X.21, RS232 EIA/TIA-449, EIA-530 Serial V.35, X.21, RS232 EIA/TIA-449, EIA-530 BRI (RJ-45) Cisco 1600 Branch office T1/E1 for PRI RJ-48 ISDN/Analog Frame Relay service Verifying the Installation 55 A few of the connection options in Figure 3-3 come up on a regular basis: • Frame Relay—Frame Relay connections are serial connections only. EIA/TIA-232, EIA/ TIA-449, V.35, and X.21 are the supported serial connections for Cisco routers. V.35 is the most common connection type for most areas; however, popularity varies. These connections make use of electrically specific transition cables that should be purchased along with the router. • ISDN BRI—BRI connections are known as 2B+D connections. However, 1B+D and 0B+D implementations are available for deployment. An ISDN BRI connection makes use of Category 5 cabling to connect to the demarc. It may be necessary to provide an external NT1 if one is not integrated into the router. You can tell whether one is integrated by the label on the interface. A BRI interface with an integral NT1 is labeled as BRI U, and a BRI interface without an integral NT1 is labeled as BRI S/T. These connections make use of RJ-45 cables, which are typically Category 4 or 5 in quality. • ISDN PRI—This implementation varies, based on geographic location. Based on ISDN technology, PRI makes use of T1 or E1 characteristics. Outside of North America, you will very likely encounter E1 PRI. Inside of North America, you will encounter T1 PRI. The primary difference between the two is the number of bearer channels. T1 PRI makes use of 23B+D connectivity, and E1 PRI makes use of 30B+D connectivity. E1 PRI obviously has a significantly higher bandwidth capacity than T1 PRI. These connections make use of category 4 or 5 RJ-45 cables. • Asynchronous—These connections make use of RJ-11 cables. They are dial-up connection interfaces designed to accept calls from remote users. If utilizing external modems, EIA/TIA-232 cables are necessary to connect the modem to the router. It is feasible to have all modems internal to the router as well. Verifying the Installation The task of verifying physical connectivity is usually an easy one. If all is well, there is an LED on the front of the router (or on the back by the interface in question) that is green. If it’s not green, it’s time to figure out why. During the boot process, the LEDs may flash green. This is completely normal. Other models of Cisco devices have an amber colored light during the boot sequence. However, once the router has booted, all active and functioning LEDs should turn to solid green. You’ll hear the phrase “Green is good” over and over in many Cisco classes and environments. For most routers, identifying the LEDs is the difficult part. This section focuses on some of the routers discussed in previous sections to give you some idea of where to find the proper LEDs for your specific needs. For additional information, refer to the installation guide that came with your specific router. 56 Chapter 3: Assembling and Cabling the WAN Components Central Site Router Verification Each router model has its own set of LEDs. They’re usually located in the same places. Overall status LEDs, such as Enabled and Active LEDs, are usually on the front of the chassis. The interface specific LEDs are on the back of the chassis, adjacent to the interface in question. The rule with LEDs is simple: “Green is good.” Any other color should be investigated. With the model by model differences in mind for individual routers, this discussion focuses on only a couple chassis models, rather than all the models that have been discussed in this chapter. 3600 Router LEDs The 3600 series chassis architecture was a departure from the traditional router chassis architecture in that the CON and AUX ports are on the front of the box. This has received mixed reviews overall. The LEDs that share the front of the box with the CON and AUX ports enable the administrator to monitor at a glance the status of the router. The Ready LED (located on the front of the router) indicates that a functional network module is in the indicated slot. As traffic traverses the router, the Activity LED blinks according to the volume of the traffic. The Enable LED specifies whether the module has passed the power on self-test (POST). Obviously, if no module has been inserted into a particular slot, the appropriate LEDs remain dark. Figure 3-4 illustrates the positioning of the LEDs on the 3640 router. Figure 3-4 3640 Router LEDs Verifying the Installation 57 Each interface on each network module in a 3600 has its own LEDs to provide status. Ethernet (two LEDs), Serial (five LEDs), PRI (four LEDs), and so on all have interface-specific LEDs. Each type of interface can have a different number of LEDs to communicate status and activity. Ethernet interfaces, for example, have only two LEDs: Link and Activity. The Link LED specifies that the cable is properly connected to the hub or switch. The Activity LED specifies that LAN traffic has been detected on the wire. Branch Office Router Verification LEDs are LEDs. The “Green is good” rule still applies no matter the type of router with which you are dealing. Each branch office router has its own set of LEDs, as was the case with the central site routers. Again, all models discussed previously are not mentioned; only a single chassis is discussed. 1600 Router LEDs The 1600 router is a mission-specific router. It’s capable of sustaining one WIC, one BRI, and one LAN interface. LEDs on the router consist of those appropriate to each type of interface as well as two system LEDs. Refer to Figure 3-5 for the 1600 LEDs. Figure 3-5 1600 Router LEDs 58 Chapter 3: Assembling and Cabling the WAN Components The system LEDs are PWR and OK. They are fairly self-explanatory. The PWR LED should be green if the router is powered on. The OK LED should be green if the router has passed the POST. The OK LED flashes during the router boot sequence. The BRI interface LEDs consist of one LED for each B channel (B1 and B2). Each is green only when that B channel is connected to a remote site. There are two WIC LEDs. The CD LED is green once an active connection is established on the serial interface. The ACT (Activity) LED is green once traffic is detected on the WAN interface. On the back of the router, the WIC itself has an LED (CONN) indicating that data is traversing the link. SOHO Router Verification These routers are generally quite small. Many of them are not much larger than the old Hayes and US Robotics modems of the 1980s. There is only so much that can be said about LEDs before the point is over emphasized. As in the two previous sections, this discussion focuses on a single router chassis, in this case, the 770 router. Figure 3-6 depicts the LEDs in this discussion. Figure 3-6 770 Router LEDs As you can see in the figure, there are a number of LEDs on this box. Table 3-2 analyzes the relevant LEDs, from left to right. Verifying the Installation 59 Table 3-2 770 Router LEDs LED What the LED Indicates RDY This LED is the Ready indicator. It is green when the router is powered up. NT1 This LED indicates that the internal NT1 (an ISDN device that provides the basic functionality of a CSU/DSU in an ISDN environment) in the 770 is active. While synchronizing with ISDN terminal devices, the LED blinks once per second. When synchronizing with telco switching equipment, it blinks 5 times per second. LINE This LED indicates synchronization between the ISDN S interface and the ISDN terminal device(s). LAN This LED indicates that a frame has been sent or received on the interface in the last minute. LAN RXD This LED signifies that traffic has been received on the Ethernet interface. LAN TXD This LED signifies that traffic has been sent from the Ethernet interface. CH1 This LED is the indicator for the first ISDN B channel. Once a connection has been established on the first B channel, this LED lights. CH1 RXD This LED indicates the receipt of traffic on the first ISDN B channel. CH1 TXD This LED indicates the transmission of traffic on the first ISDN B channel. CH2 This LED is the indicator for the second ISDN B channel. Once a connection has been established on the first B channel, this LED lights. CH2 RXD This LED indicates the receipt of traffic on the second ISDN B channel. CH2 TXD This LED indicates the transmission of traffic on the second ISDN B channel. PH1, PH2 These LEDs are analog POTS (plain old telephone service) ports that are green only when the attached devices (such as a phone, fax, and so on) are in use. LINK Located on the back of the router near the Ethernet interface, this LED indicates physical connectivity to the Ethernet segment. 60 Chapter 3: Assembling and Cabling the WAN Components Foundation Summary Overall, this chapter dealt with physical connectivity for the router. Most cables are interfacespecific in that they can be attached at only one place on the router. That is not always the case, however. For example, Category 5 UTP cable can be used with Ethernet, T1/E1 WIC, and ISDN interfaces. You should take the time to ensure that the correct cable is attached in the appropriate place. A straight-through Ethernet cable does not work in a T1/E1 WIC connection. The pinouts are dissimilar. LEDs are an important part of the router. They provide a quick status of the router and its interfaces. A red or amber LED is worthy of investigation. Remember, green is good. Table 3-3 documents the site types and the Cisco router options applicable to each location type. Table 3-3 Cisco Routers Applicable to Central, Branch, and SOHO Locations Site Applicable Routers Central 3600, 4000, AS5X00, 7200 Branch 1600, 1700, 2500, 2600 SOHO 700, 800, 1000 Q&A 61 Q&A The questions and scenarios in this book are more difficult than what you will experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than enabling you to derive the answer from clues hidden inside the question itself, the questions challenge your understanding and recall of the subject. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, mastering these questions will help you limit the number of exam questions on which you narrow your choices to two options and then guess. If you incorrectly answer one of the following questions, review the answer and ensure that you understand the reason(s) why your answer is incorrect. If you are confused by the answer, refer to the text in the chapter to review. The answers to these questions can be found in Appendix A, on page 397. 1 Which router is best used as a central site router: 2611, 3640, or 1004? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 Which router best serves as a small office or home office (SOHO) router for telecommuters: 7200, 700, or 7500? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 3 Which WAN technology is best suited for providing high-density dial-up access for remote users? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 62 Chapter 3: Assembling and Cabling the WAN Components 4 Which WAN technology is best suited for variable bandwidth (low-speed to high-speed) deployments that enable the connection of multiple branch offices to a central site? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 5 What does a green LINK LED signify on an Ethernet interface? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 6 On a 1600 router, what is the CD LED? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 List four routers that would be suitable for use as central site routers. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 List three routers that would be suitable for use as branch office routers. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 List a possible cause of an OK LED not being green on a 1600 router. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 10 List a possible cause of a LINK LED not being lit on an Ethernet interface. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Scenario 3-1 63 Scenarios The following scenarios and questions are designed to draw together the content of the chapter and exercise your understanding of the concepts. There is not necessarily a right answer to each scenario. The thought process and practice in manipulating the related concepts is the goal of this section. Scenario 3-1 Consider Figure 3-7 for the purposes of this scenario. Figure 3-7 Scenario 3-1 Topology The goal in this case is to adequately deploy the proper technologies and line speeds to support the sites in the figure. Complete the scenario by meeting the needs of each step specified in the tasks that follow. 1 Make the decision as to which types of routers should be deployed at each site. For the central site, assume 100+ users and that the number is growing. For the branch site, assume 10 users, and for the SOHO site, assume a single user. 2 Based on your router choices, deploy WAN topology appropriate to your choices. Branch site Central site SOHO site 64 Chapter 3: Assembling and Cabling the WAN Components Scenario Answers The answers provided in this section are not necessarily the only possible correct answers. They merely represent one possibility for the scenario. The intention is to test your base knowledge and understanding of the concepts discussed in this chapter. Should your answers be different (as they likely will be), consider the differences. Are your answers in line with the concepts of the answers provided and explained here? If not, go back and read the chapter again, focusing on the sections related to the problem scenario. Scenario 3-1 Answers 1 For the growing central site, with 100+ users, it can be necessary to implement a 7200 router or higher. A 3640 could certainly handle the job. However, care must be taken in regards to future growth. If the site has few or no plans for growth in the near future, the 3640 is a good choice. The branch office site with only 10 users could function with a 1700, 2600, or similar router. The SOHO site with a single user will likely use ISDN for connectivity and a 1004 or 700 router. 2 For the central site connecting to the branch site, a single dedicated circuit can be implemented. If future sites are to be added, Frame Relay can be appropriate. According to Figure 3-7, there is a secondary connection between the central and branch sites. Secondary connections are typically ISDN. The SOHO site shows connectivity to the same cloud as the secondary central-to-branch connection. Also, with the selection of a 700 or 1004 router, the obvious connectivity choice is ISDN. This chapter covers the following topics that you need to master as a CCNP: • Modem signaling—This section covers the transfer of data, the flow control for the signal and the modem, and the call termination methods that are defined by the modem signal pins. • Modem configuration using reverse Telnet—This section describes reverse Telnet, which provides a method to communicate with a device that is attached to an asynchronous port on the router. • Router line numbering—In this section, each router asynchronous interface has an associated line number where the physical and datalink parameters are configured. The line numbering is different between the fixed and nonfixed configuration router models. • Basic asynchronous configuration—This section covers the configuration of the physical interface so that it can communicate with the attached device. In the same way that you configure a COM port to talk to a modem on a PC, you must declare to a router the parameters that match the modem settings. • Configuration of the attached modem—In this section, you learn that a modem must be configured to answer a call and to provide the correct signalling for the telephone company. This is done using the modem command language, which uses the AT command set. • Chat scripts to control modem connections—This section covers chat scripts, which provide a way to dictate to the modem how to place a call, answer an incoming call, and handle a current connection. C H A P T E R 4 Configuring Asynchronous Connections with Modems To successfully configure an asynchronous modem connection, the following must occur: 1 The modem itself must be configured to respond correctly to the telephone company circuit. 2 The physical aspects of the router link to the modem must be correctly defined to match the modem parameters. 3 The logical parameters must be established to provide a network-layer end-to-end connection. The modem must be configured so that it understands the signalling on both the telephoneline side and the router-connection side. This information includes the line rate and the number of bits used for data and other physical settings for the modem. The particulars for the modem are discussed in the body of this chapter. The second and third pieces of an asynchronous modem connection are configured on the router and provide both physical and logical aspects for a connection. The physical properties are configured on the line. These parameters include the line rate, the data linklayer protocols supported on the line, and so on. These parameters are needed for the router line to communicate with the attached modem. The last piece of an asynchronous modem connection is configuring the logical information on the router interface. The logical information includes the Layer 3 addresses, the network-layer protocol, the authentication methods, and so forth. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through writing facts and concepts down, even if you never look at the information again. • Use the diagram in Figure 4-1 to guide you to the next step. 68 Chapter 4: Configuring Asynchronous Connections with Modems Figure 4-1 How to Use This Chapter “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The twelve-question quiz helps you determine how to spend your limited study time. The quiz is sectioned into smaller, two-question “quizlets,” each of which corresponds to the six major topic headings in the chapter. Use the scoresheet in Table 4-1 to record your scores. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter “Do I Know This Already?” Quiz 69 1 What pins are used for modem control? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 2 What is the standard for DCE/DTE signaling? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 3 In character mode using reverse Telnet, what is the command to connect to the first async port on a 2509 router that has a loopback interface of 192.168.1.1? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 4 What port range is reserved for accessing an individual port using binary mode? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Table 4-1 Scoresheet for Quizlets and Quiz Quizlet Number Foundation Topics Section Covered by These Questions Questions Score 1 Modem Signaling 1–2 2 Modem Configuration Using Reverse Telnet 3–4 3 Router Line Numbering 5–6 4 Basic Asynchronous Configuration 7–8 5 Configuration of the Attached Modem 9–10 6 Chat Scripts to Control Modem Connections 11–12 All questions 1–12 70 Chapter 4: Configuring Asynchronous Connections with Modems 5 If a four-port serial (A/S) module is in the second slot on a 3640 router, what are the line numbers for each port? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 6 What is the AUX port line number on a 3620 series router? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 What does the physical-line async command do and on what interfaces would you apply it? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 In what configuration mode must you be to configure the physical properties of an asynchronous interface? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 When should modem autoconfigure discovery be used? What happens when you use it? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 10 Which of the following commands would you use to add an entry to a modemcap database called newmodem? a. edit modemcap newmodem b. modemcap edit newmodem c. modemcap edit type newmodem d. modemcap add newmodem “Do I Know This Already?” Quiz 71 11 List four reasons why you would use a chat script. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 12 Which of the following would trigger a chat script start? a. Line reset b. DDR c. Line activation d. Manual The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A,” on page 397. The suggested choices for your next step are as follows: • 6 or fewer overall score—Read the chapter. This includes the “Foundation Topics,” the “Foundation Summary,” Q&A, and scenarios at the end of the chapter. • 7, 8, or 9 overall score—Begin with the “Foundation Summary,” then go to the Q&A and scenarios at the end of the chapter. • 10 or more overall score—If you want more review on these topics, skip to the “Foundation Summary,” then go to the Q&A and scenarios at the end of the chapter. Otherwise, move to the next chapter. 72 Chapter 4: Configuring Asynchronous Connections with Modems Foundation Topics Modem Signaling This chapter covers the signaling of the modem and the configurations for a Remote Access Server (RAS) connection. The successful CCNP or CCDP candidate should be able to describe the signaling and pins used by the cabling and not just the syntax that is required for the connection. The signaling is just as important because it provides the basis for the physicallayer troubleshooting that can be needed to establish a connection. Asynchronous data communications technology occurs when an end device, such as a PC, calls another end device, such as a server, to exchange data. In asynchronous data communications, end devices are called data terminal equipment (DTE). These devices communicate through data circuit-terminating equipment (DCE). DCE devices clock the flow of information. In our case, the modem provides the DCE function to the PC and server. The Electronic Industries Association/Telecommunications Industry Association (EIA/TIA) defines a standard for the interface between DCE and DTE devices. This standard is the EIA/ TIA-232 and was previously referred to as the RS-232-C standard (where the RS stood for “recommended standard”). It is unwise to think of a PC-to-server connection that uses asynchronous communications as a single circuit. The PC using a modem is one DTE to DCE path end. The far end DCE to DTE (modem to server) is another path. Each DTE–DCE or DCE–DTE connection must be made prior to data transfer. With asynchronous communication, eight pins are used in a DB25 to transfer data and control the modem, as listed in Table 4-2. The table shows the pins and their definitions. As you read the table, note the direction of the signal and whether DCE or DTE controls or signals on the pin. Table 4-2 Standard EIA/TIA-232 Definitions and Codes Pin Number Designation Definition Description 2 TD Transmits data DTE-to-DCE data transfer 3 RD Receives data DCE-to-DTE data transfer 4 RTS Request to send DTE signal buffer available 5 CTS Clear to send DCE signal buffer available 6 DSR Data set ready DCE is ready. 7 GRD Signal ground 8 CD Carrier detect DCE senses carrier. 20 DTR Data terminal ready DTE is ready. Modem Signaling 73 Pins 2, 3, and 7 enable data transfer, pins 4 and 5 enable flow control of data, and pins 6, 8, and 20 provide modem control. Data Transfer The pins used for data transfer are pin 2, 3, and 7. The DTE device raises the voltage on the RTS when it has buffer space available to receive from the DCE device. Once a call is established and the DTE device sees the DCE raise the voltage on the CTS, the DTE device transmits data on pin 2. Conversely, the DTE device will raise the voltage on the RTS when it has buffer space available to receive from the DCE device. The need for the ground pin is such that a positive or negative voltage can be discerned. Data Flow Control The RTS pin and the CTS pin control the flow of information. The DTE device controls the RTS pin (as shown in Tabel 4-2), which, when seen by the DCE, alerts the DCE that it can receive data. It might help you to think of the RTS as the ready-to-receive pin. The DCE device controls the CTS pin, which in turn signals the DTE that it has buffer available. These definitions are critical to a CCNP or CCDP candidate. Modem Control DSR and DTR are signal pins used to control how the modem operates. The DSR pin is raised when the modem is powered on. This raising lets the DTE device know that the modem is ready for use. The DTR pin is raised when the DTE device is powered and ready to receive information from the DCE. In most cases, when the DTE device is powered on, the DTR pin is raised; however, there are cases in which the DTR pin is raised only if a software package begins to run. This might sound like a minor point, but when you are troubleshooting, it is important to know if the DTE has signaled the modem that it is ready. In fact, just because the PC is on does not necessarily mean that DTR is asserted, and whether your DTE device raises the DTR when powering up or when you turn on your communication software, DTR is needed for a two-way conversation between the DCE and DTE device. Note that the CD pin is also a signal pin. When two DCE devices establish a connection, the CD pin is asserted to indicate that a carrier signal has been established between the DCE devices. Note also that because two devices constitute the DTE (PC) and DCE (modem) connection, either must be allowed to terminate the connection. 74 Chapter 4: Configuring Asynchronous Connections with Modems DTE Call Termination When the DTE is ready to terminate the connection because the user has completed the call and signaled the PC to go back on-hook, the DTR is dropped. For this to happen, the modem must be configured to interpret the loss of the DTR as the end of a conversation. When the DTE drops the DTR, the modem is alerted that the carrier is no longer needed. This configuration is done when the modem is first installed. This can be manually done for each call, or it can be scripted in a chat script that is sent to the modem each time a call is terminated. Each time a call is terminated, the router resets (rescripts) the modem. This low level configuration is done on the modem to prepare the modem for reuse. In many cases, accepting the default configuration for a modem allows it to function properly. Even accepting the default configuration provides a “configuration” to the modem. The details of each modem parameter are discussed in the section, “Configuration of an Attached Modem,” later in this chapter. DCE Call Termination If a far-end modem drops the CD because the remote DTE has ended the transmission, the nearend modem must signal the near-end DTE that the transmission has been terminated. The modem must be programmed to understand and signal this termination. In other words, the modem must be told how to handle the loss of carrier detection. By default, most modems understand that this signal loss is an indication that the call is to be terminated. However, it is a configuration parameter that the modem must understand. Modem Configuration Using Reverse Telnet In order to configure a modem, a router must be set up to talk to it. Cisco refers to this as a reverse Telnet connection. A host that is connected to a router can Telnet to a Cisco reserved port address on the router and establish an 8-N-1 connection to a specific asynchronous port. An 8-N-1 connection declares the physical signaling characteristics for a line. Table 4-3 shows reserved port addresses. The router must have a valid IP address on an interface and an asynchronous port. To establish a connection to the modem connected to the asynchronous port, you can Telnet to any valid IP address on the router and declare the Cisco reserved port number for the asynchronous interface. You can do this only, however, from the router console or a remote device that has Telnet access to the router. Most modem consoles operate using eight data bits, zero parity bits, and one stop bit. In addition, the use of reverse Telnet enables the administrator to configure locally attached devices. For example, suppose you want to set up an 8-N-1 connection to the first asynchronous interface on a router, which has the 123.123.123.123 address assigned to its E0 port. To connect in character mode using Telnet, you would issue the following command: telnet 123.123.123.123 2001 Router Line Numbering 75 where 123.123.123.123 is the router’s E0 port and 2001 is the Cisco reserved port number for the first asynchronous port on the router. Table 4-3 shows the Cisco reserved port numbers for all port ranges. The use of the rotary group reserved port number connects to the first available port that is in the designated rotary group. If a specific individual port is desired, the numbers from the first column of Table 4-3 are used. You can establish a session with an attached modem using reverse Telnet and the standard AT command set (listed later in Table 4-4) to set the modem configuration. This, however, is the hard way because once a modem connection has been established using reverse Telnet, you must disconnect from the line for the modem to be usable again. In addition, to exit the connection, you would have to press Ctrl+Shift+6 and then x to suspend the session, and then issue the disconnect command from the router prompt. It is important to remember this simple sequence because the modem does not understand the exit command as does a router! Router Line Numbering The line numbers on a router are obtained in a methodical manner. The console port is line 0. Each asynchronous (TTY) port is then numbered 1 through the number of TTY ports on the router. The auxiliary port is given the line number LAST TTY + 1, and the virtual terminal (vty) ports are numbered starting at LAST TTY + 2. Example 4-1 has the show line output for a Cisco 2511 router, which has eight asynchronous ports available. Notice that the AUX port is labeled in line 17 and the vty ports are labeled in lines 18–22. Table 4-3 Reverse Telnet Cisco Reserved Port Numbers Connection Service Reserved Port Range For Individual Ports Reserved Port Range For Rotary Groups Telnet (character mode) 2000–2xxx 3000–3xxx TCP (line mode) 4000–4xxx 5000–5xxx Telnet (binary mode) 6000–6xxx 7000–7xxx Xremote 9000–9xxx 10000–10xxx Example 4-1 show line Output for Cisco 2511 Router 2511Router>show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 0 CTY - - - - - 0 1 0/0 - * 1 TTY 9600/9600 - - - - - 7 23 0/0 - * 2 TTY 9600/9600 - - - - - 5 1 0/0 - * 3 TTY 9600/9600 - - - - - 14 63 0/0 - * 4 TTY 9600/9600 - - - - - 4 3 0/0 - continues 76 Chapter 4: Configuring Asynchronous Connections with Modems The numbering scheme for interfaces was expanded for the 3600 series routers. The console is still line 0 and the vty ports are similarly counted after the TTYs. However, Cisco chose to use reserved numbering for the available slots. Thus, slot 0 has reserved lines 1–32, slot 1 has reserved lines 33–64, slot 2 has reserved lines 65–97, and so on. Each slot is given a range of 32 line numbers, whether they are used or not. Figure 4-2 shows the rear of the chassis for a 3620 and 3640 router and the line numbers associated with each slot. Figure 4-2 Line Numbers for 3620 and 3640 Routers * 5 TTY 9600/9600 - - - - - 16 6 0/0 - * 6 TTY 9600/9600 - - - - - 12 7 0/0 - 7 TTY 9600/9600 - - - - - 3 1 0/0 - 8 TTY 9600/9600 - - - - - 0 9 0/0 - * 9 TTY 9600/9600 - - - - - 12 0 0/0 - * 10 TTY 9600/9600 - - - - - 16 0 0/0 - * 11 TTY 9600/9600 - - - - - 25 2 0/0 - * 12 TTY 9600/9600 - - - - - 5 0 0/0 - * 13 TTY 9600/9600 - - - - - 0 0 0/0 - 14 TTY 9600/9600 - - - - - 0 2 0/0 - 15 TTY 9600/9600 - - - - - 0 0 0/0 - 16 TTY 9600/9600 - - - - - 3 0 0/0 - 17 AUX 9600/9600 - - - - - 0 0 0/0 - 18 VTY - - - - - 0 0 0/0 - 19 VTY - - - - - 0 0 0/0 - 20 VTY - - - - - 0 0 0/0 - 21 VTY - - - - - 0 0 0/0 - 22 VTY - - - - - 0 0 0/0 - Example 4-1 show line Output for Cisco 2511 Router (Continued) Router Line Numbering 77 The line-numbering scheme is important when configuring a router. In the case of the 3600 and 2600 routers with the new modular interfaces, the line numbers are based on the slot that the feature card is in. For illustration, consider the output in Example 4-2, which is from a 3640 series router with a modem card in slot 2. Notice that the line numbers for the internal modems are 65–70 because only one MICA card is installed in the slot. To properly configure a router, you must know the association between the line and interface numbers. The AUX port on the modular routers is the last line number, which would be the number of slots multiplied by 32, plus 1. In the case of the 3640 router shown in Example 4-2, the AUX port number is 129, and the vty ports are 130–134 by default. In Example 4-3, the configuration for a 3640 router has physical characteristics configured on line 97 for the asynchronous interface in slot 3/0. The remaining IOS commands are discussed in detail later in this chapter, but are presented here for completeness. Example 4-2 show line Output from a 3640 Series Router with a Modem Card in Slot 2 router#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 0 CTY - - - - - 0 0 0/0 - I 65 TTY - inout - - - 0 0 0/0 - I 66 TTY - inout - - - 0 0 0/0 - I 67 TTY - inout - - - 0 0 0/0 - I 68 TTY - inout - - - 0 0 0/0 - I 69 TTY - inout - - - 0 0 0/0 - I 70 TTY - inout - - - 0 0 0/0 - I 97 TTY 115200/115200- inout - - - 0 0 0/0 Se3/0 *129 AUX 9600/9600 - - - - - 0 0 0/0 - 130 VTY - - - - - 0 0 0/0 - 131 VTY - - - - - 0 0 0/0 - 132 VTY - - - - - 0 0 0/0 - 133 VTY - - - - - 0 0 0/0 - 134 VTY - - - - - 0 0 0/0 - The following lines are not in asynchronous mode or are without hardware support: 1–64, 71–96, and 98–128. Example 4-3 3640 Router Configuration interface Serial3/0 physical-layer async ip unnumbered Ethernet0/0 no ip directed-broadcast encapsulation ppp async mode interactive peer default ip address pool TESTPOOL no cdp enable ppp authentication chap ! line 97 password cisco continues 78 Chapter 4: Configuring Asynchronous Connections with Modems Basic Asynchronous Configuration To configure the modem (the DCE) from the router (the DTE), you must set up the logical and physical parameters for the connection. The logical parameters include the protocol addressing, the authentication method, and the encapsulation, all of which are configured on the asynchronous interface. The physical configuration is done on the line. The physical parameters include the flow control, the DTE-DCE speed, and the login request. It is important for the successful CCNP or CCDP to be aware of the command mode needed for configuration. The configuration in Example 4-4 demonstrates which commands are used on each line or interface. autoselect during-login autoselect ppp login local modem InOut transport input all stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 login local ! Example 4-4 Configuration for a Serial Interface in Asynchronous Mode interface Serial3/0 !logical parameters go on the interface physical-layer async ip unnumbered Ethernet0/0 no ip directed-broadcast encapsulation ppp async mode interactive peer default ip address pool remaddpool no cdp enable ppp authentication chap line 97 !physical parameters go on the line autoselect during-login autoselect ppp login modem InOut modem autoconfigure type usr_sportster transport input all stopbits 1 rxspeed 115200 Example 4-3 3640 Router Configuration (Continued) Basic Asynchronous Configuration 79 Example 4-4 shows the distinction between the physical and logical parameters and where they are defined in the router configuration file. Three types of router interfaces can be configured for serial communication: • Asynchronous interfaces • Synchronous/asynchronous interfaces (A/S) • Synchronous interfaces Router interfaces that are synchronous only cannot be used for modem or asynchronous communication. On the router models with A/S ports, the serial ports default to synchronous, and the interface must be declared for asynchronous usage using the physical-layer async command. The configuration in Example 4-4 is for the first (port 0) synchronous/asynchronous interface on a four-port A/S card in the third slot of a 3600. The physical-layer async is needed because this device has A/S ports. Hence, the physical-layer async command is entered at the router(config-if)# prompt for Serial 3/0. On the other hand, in the case of those routers that have ports designated as asynchronous, only the physical-layer async command is not used. Logical Considerations on the Router Logical considerations are configured on the interface of the router. These include the networklayer addressing, the encapsulation method, the authentication, and so on. The configuration in Example 4-5 is for a serial interface that is used to receive an inbound call. In Example 4-5, the physical-layer async command places the serial 2 interface in asynchronous mode. Once this command is issued, the router treats the interface as an asynchronous port. This can be done on ONLY those interfaces that are defined as A/S. The ip unnumbered Ethernet0 command declares that the interface assume the address of the E0 interface. This enables the saving of IP addresses but makes the interface non-SNMP manageable. This command could be replaced with the desired IP address of the interface (refer Example 4-5 Router Configuration for Serial Interface Receiving Inbound Calls interface Serial2 physical-layer async ip unnumbered Ethernet0 ip tcp header-compression passive encapsulation ppp bandwidth 38 async mode interactive peer default ip address pool remaddpool no cdp enable ppp authentication chap 80 Chapter 4: Configuring Asynchronous Connections with Modems to the discussion in this section that covers ip address pool). Note that it is quite common for a large number of asynchronous interfaces to a common physical interface to be unnumbered and to use an address pool to assign the network-layer addresses to the dial-up users. The ip tcp header-compression passive command states that if the other DCE device sends packets with header-compression, the interface understands and sends in kind but does not initiate the compression. The encapsulation ppp command declares the encapsulation method for the interface. The bandwidth 38 command tells the routing protocol and the router (for statistics) the speed of the line. This command has no affect on the actual negotiated speed of the modem or the speed at which the DTE talks to the modem. The async mode interactive command enables, once a connection is made, the dial-up user access to the EXEC prompt. The peer default ip address pool remaddpool command specifies that the IP address assigned to the dial-up user be from the address grouping or pool defined by the label remaddpool. The syntax for the pool definition, defined in global configuration mode, is as follows: ip local pool remaddpool low-ip-pool-address high-ip-pool-address. A unique address from the pool of addresses is given to a dial-up user for the duration of the session. The address is returned to the pool when the dial-up user disconnects the session. In this fashion, it is not necessary to associate an IP address with each asynchronous interface. Each asynchronous interface to another interface on the router is unnumbered and the pool is created from part of that interface’s subnet. For more information and examples on the use of address pools and unnumbering, refer to Chapter 6, “Using ISDN and DDR Technologies.” The no cdp enable command turns off the Cisco Discovery Protocol for the interface. By default, this protocol is on, and because the interface is likely connected to a dial-up user who does not understand CDP, the bandwidth it would use is saved. The ppp authentication chap command specifies that the Challenge Handshake Authentication Protocol (CHAP) be used on this link. Failure of the client to honor CHAP results in the link not being established. Physical Considerations on the Router Physical characteristics are configured in line mode. These include the speed, the direction of the call, modem setup, and so on. Example 4-6 shows a configuration used to connect to a USR Sportster modem on physical line 2. Basic Asynchronous Configuration 81 The login local command is the same for this line as it is for the console and AUX ports. The Login local command tells the physical line to request a username/password pair when a connection is made and to look locally on the router for a matching username xxxx password yyyy pair that has been configured in global mode (xxxx and yyyy represent a freely chosen username and password combination). The autoselect during-login and autoselect ppp commands automatically start the PPP protocol and issue a carriage return so that the user is prompted for the login. This feature became available in IOS Software Release 11.0. Prior to this “during-login” feature, the dialup user was required to issue an exec command or press the Enter key to start the session. The modem InOut command enables both incoming and outgoing calls. The alternative to this command is the default no modem inout command, which yields no control over the modem. The modem autoconfigure type usr_sportster command uses the modemcap database usr_sportster entry to initialize the modem. We further discuss this initialization later in the chapter. The transport input all command enables the processing of any protocols on the line. This command defines which protocols to use to connect to a line. The default command prior to 11.1 was all; the default with 11.1 is none. In the router configuration, the number of stopbits must be the same for both communicating DCE devices. Remember that the physical-layer parameters must match for the physical layer to be established. Failure to do so prevents the upper layers from beginning negotiation. In Example 4-6, rxspeed and txspeed are shown as separate commands. The speed command, however, sets both transmit and receive speeds and locks the speed between the modem and the DTE device. Failure to lock or control the DTE-to-DCE speed allows the speed of local communication to vary with the line speed negotiated between the DCE devices. This limits the capability of the DTE-to-DCE flow control. The flowcontrol hardware command specifies that the RTS and CTS be honored for flow control. Example 4-6 Router Configuration Connecting USR Sportster Modem on Physical Line 2 line 2 autoselect during-login autoselect ppp login local modem InOut modem autoconfigure type usr_sportster transport input all stopbits 1 rxspeed 115200 txspeed 115200 flowcontrol hardware 82 Chapter 4: Configuring Asynchronous Connections with Modems Example 4-6 provides the basic configuration for an asynchronous line. Once the DTE device has been configured, you must set the DCE device to communicate with the modem by using the AT commands. Configuration of the Attached Modem In the early modem days, the Hayes command set was the de facto standard; however, there was never a ratified industry command set. Today, rather than converging to a general standard, the modem industry has actually diverged. Nonetheless, the AT commands documented in Table 4-4 are considered “standard” and should work on most modems. A CCNP or CCDP should be familiar with these commands. For many modems on the market today, commands not in this table are used to configure the modem fall into the category of not standard. The correct initialization string must be sent to the modem for proper operation. You can do this by using a chat script or the modem autoconfigure command. The former method is the most common. Modem Autoconfiguration and the Modem Capabilities Database Modem autoconfiguration is a Cisco IOS software feature that enables the router to issue the modem configuration commands, which frees the administrator from creating and maintaining scripts for each modem. The general syntax for modem autoconfiguration is as follows: modem autoconfigure [discovery type modemcap-entry-name] The two command options for the modem autoconfigure command are as follows: • type—This option configures modems without using modem commands, or so it is implied. The type argument declares the modem type that is defined in the modem capabilities database so that that the administrator does not have to create the modem commands. Table 4-4 Standard AT Commands COMMAND Result AT&F Loads factory default settings ATS0=n Auto answers AT&C1 CD reflects the line state AT&D2 Hangs up on low DTR ATE0 Turns off local echo ATM0 Turns off the speaker Configuration of the Attached Modem 83 • discovery—Autodiscover modem also uses the modem capabilities database, but in the case of discover, it tries each modem type in the database as it looks for the proper response to its query. As you can see, the modem autoconfigure command relies on the modem capabilities database, also known as the modemcap. The modem capabilities database has a listing of modems and a generic initialization string for the modem type. The discovery of a modem using the autoconfigure feature uses the initialization strings from each modem in the modem capabilities database to discover the installed modem. If the modem is not in the database, it fails, and the administrator has to manually add the modem to the database. The use of the discovery feature is not recommended because of the overhead on the router. Each time the line is reset, the modem is rediscovered. However, the discovery feature can be used to initially learn the modem type if you are not geographically near the router and cannot gather the information any other way. After discovery has taken place, the administrator should use the type option to specify the entry in the modem capabilities database to use. To discover a modem, the syntax would be as follows: modem autoconfigure discovery Again, once the modem type is determined, the final configuration for the router interface should be as follows: modem autoconfigure type entry_name_from_modemcap This configuration eliminates unnecessary overhead on the router. Use the show modemcap command to see the entries in the modemcap database. Example 4-7 demonstrates the output from the show modemcap command. Example 4-7 show modemcap Command Output Reveals Modemcap Database Entries BCRANrouter#show modemcap default codex_3260 usr_courier usr_sportster hayes_optima global_village viva telebit_t3000 microcom_hdms microcom_server nec_v34 nec_v110 nec_piafs cisco_v110 mica 84 Chapter 4: Configuring Asynchronous Connections with Modems To view the detailed settings for a particular entry in the modem capabilities database, the entry name is added as an argument to the show modemcap command. The database has most models of modems. If your entry is not in the database, it can be added by editing the database. Editing the database requires creating your own entry name and specifying the AT commands for the initialization string. This must be done for any modem that is not in the database. This might sound time-consuming or tedious, but it has to be done only once. The added information to the database is stored in NVRAM as part of the router configuration and can be copied to other routers that have the same modems. Common practice dictates that multiple modem types not be used at a single RAS facility. Instead, the administrator should use a single modem type and maintain spares of that particular type so that constant manipulation of the modem capabilities database is not necessary. Let’s take a look at how a modem is added to the database. If an attached modem is a Viva plus that is not listed in the database, but another Viva modem is in the database, you could create a new entry and name it whatever you want. The AT commands that are unique to the Viva plus modem would be added to the local configuration in NVRAM and the additional AT commands that are the same for all Viva modems would be obtained from the database. To add the modem, you would use the following global commands: modemcap edit viva_plus speed &B1 modemcap edit viva_plus autoanswer s0=2 modemcap edit viva_plus template viva These commands use the initialization string from the entry viva and enable the administrator to alter the newly created viva_plus. All changes and additions to the modemcap are stored in the configuration file for the router. Because of this, Cisco can add to the modemcap at any release because the local NVRAM changes override the modemcap. The overview of all this is that you bought some modems that you, as the administrator, feel are the best for your application. The modemcap database may, or may not, have these particular modems defined. If the modem is defined in the modemcap then you can simply use the type option to the modem autoconfigure command. If the modem is not in the database then it must be added. Once it is added, all future modem connections on this router can simply point to the added entry. Chat Scripts to Control Modem Connections Chat scripts enable us to talk to or through a modem to a remote system using whatever character strings or syntax is needed. A chat script takes the form of Expect-string - send-string - expect-string - send-string where the expect strings are character strings sent from or through the modem to the DTE device and the send strings are character strings sent from the DTE device to or through the modem. Chat Scripts to Control Modem Connections 85 Reasons for Using a Chat Script As a CCNP or CCDP, you should be aware that chat scripts are used for the following goals: • Initialization—To initialize the modem • Dial string—To provide the modem with a dial string • Logon—To log in to a remote system • Command execution—To execute a set of commands on a remote system Reasons for a Chat Script Starting A chat script can be manually started on a line using the start-chap command; they can also be configured to start for the following events: • Line activation—CD trigger (incoming traffic) • Line connection—DTR trigger (outgoing traffic) • Line reset—Asynchronous line reset • Startup of an active call—Access server trigger • Dialer startup—From a dial-on-demand trigger Using a Chat Script The primary use of a chat script is to provide the dial number for the connection. The following line shows an example of this chat script: Router(config)#chat-script REMDEVICE ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30 CONNECT \c Care should be taken with the character case used in this command. ABORT ERROR and ABORT BUSY cause the modem to abort if it sees ERROR or BUSY. Both arguments might be easier understood if read as “abort if you see ERROR” and “abort if you see BUSY,” respectively. If error or abort are entered in lowercase, the modem never sees these conditions because its search is case-sensitive. The \T inserts the called number from the dial string or map command into the chat script. A \t causes the script to look for a “table character”; hence, case is important here as well. NOTE Detailed information on the dial string and map commands are provided in Chapter 6. The REMDEVICE chat script has been configured to drop the connection if the modem declares a busy or error condition. If no busy or error condition is declared, the router does not 86 Chapter 4: Configuring Asynchronous Connections with Modems wait for anything except string = " ". The router then issues the ATZ, or modem reset, command, using a send string. The router waits for the modem to respond OK, which is the normal modem response to ATZ. The router then sends the ATDT command and replaces the \T with the phone number to make the call. Last, the TIMEOUT 30 declares that the call is considered “not answered” if no carrier is obtained in 30 seconds. Once the connection is made, the chat script sends a c, which is a carriage return. Provided that the router, the modem, and the phone number are correct, the physical layer should now be established! Congratulations! You can now move on to the upper layer protocols, such as PPP (see Chapter 5, “Configuring PPP and Controlling Network Access”) and advanced uses (see Chapter 6). Foundation Summary 87 Foundation Summary The Foundation Summary is a collection of tables and figures that provides a convenient review of many key concepts in this chapter. For those of you already comfortable with the topics in this chapter, this summary could help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For any of you doing your final preparation before the exam, these tables and figures will hopefully be a convenient way to review the day before the exam. Table 4-5 Standard EIA/TIA-232 Definitions and Codes Pin Number Designation Definition Description 2 TD Transmits data DTE-to-DCE data transfer 3 RD Receives data DCE-to-DTE data transfer 4 RTS Request to send DTE signal buffer available 5 CTS Clear to send DCE signal buffer available 6 DSR Data set ready DCE is ready. 7 GRD Signal ground 8 CD Carrier detect DCE senses carrier. 20 DTR Data terminal ready DTE is ready. Table 4-6 Cisco Reserved Port Numbers Used with Reverse Telnet Connection Service Reserved Port Range for Individual Ports Reserved Port Range for Rotary Groups Telnet (character mode) 2000–2xxx 3000–3xxx TCP (line mode) 4000–4xxx 5000–5xxx Telnet (binary mode) 6000–6xxx 7000–7xxx Xremote 9000–9xxx 10000–10xxx 88 Chapter 4: Configuring Asynchronous Connections with Modems Figure 4-3 3600 Line Numbers Table 4-7 modem autoconfigure Commands Command What It Does modem autoconfigure discovery Discovers the modem modem autoconfigure type entry_name_from_modemcap Creates the final configuration for the router interface, which eliminates unnecessary overhead on the router show modemcap Displays the entries in the modemcap database Table 4-8 Standard AT Commands Command Result AT&F Loads factory default settings ATS0=n Auto answers AT&C1 CD reflects the line state AT&D2 Hangs up on low DTR ATE0 Turns off local echo ATM0 Turns off the speaker Foundation Summary 89 Reasons for using a chat script: • Initialization—To initialize the modem • Dial string—To provide the modem with a dial string • Logon—To log in to a remote system • Command Execution—To execute a set of commands on a remote system A chat script can be manually started on a line using the start-chap command; they can also be configured to start for the following events: • Line activation—CD trigger (incoming traffic) • Line connection—DTR trigger (outgoing traffic) • Line reset—Asynchronous line reset • Startup of an active call—Access server trigger • Dialer startup—From a dial-on-demand trigger 90 Chapter 4: Configuring Asynchronous Connections with Modems Q&A The questions and scenarios in this book are more difficult than what you will experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than enabling you to derive the answer from clues hidden inside the question itself, the questions challenge your understanding and recall of the subject. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, mastering these questions will help you limit the number of exam questions on which you narrow your choices to two options and then guess. The answers to these questions can be found in Appendix A, on page 397. 1 What pins are used for modem control? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 2 What is the standard for DCE/DTE signaling? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 3 If the user wants to terminate a call, what pin does the DTE device drop to signal the modem? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 4 What must be done to terminate a reverse Telnet session with an attached modem? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Q&A 91 5 In character mode using reverse Telnet, what is the command to connect to the first async port on a 2509 router that has a loopback interface of 192.168.1.1? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 6 Which interface is line 97 on a 3640 series router? a. S 0/97 b. S 3/1 c. S 2/1 d. S 097 7 What port range is reserved for accessing an individual port using binary mode? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 8 When flow control is enabled, which pins are used? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 9 If a four-port serial (A/S) module is in the second slot on a 3640 router, what are the line numbers for each port? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 92 Chapter 4: Configuring Asynchronous Connections with Modems 10 What is the AT command to return a router to factory default settings? a. AT Default b. AT@F c. AT&F d. ATZ 11 What is the AUX port line number on a 3620 series router? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 12 Which of the following commands configure a router for use with a Viva modem? a. modem autoconfigure viva b. modem configure type viva c. modem autoconfigure type viva d. modem autoconfigure discovery type viva 13 What does the physical-line async command do and on what interfaces would you apply it? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 14 In what configuration mode must you be to configure the physical properties of an asynchronous interface? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 15 What does it mean when the signal pin RTS is asserted? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Q&A 93 16 What is the command to manually begin a chat script named remcon? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 17 When should modem autoconfigure discovery be used, and what are the ramifications of doing so? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 18 What command would you use to add an entry to the modemcap database called newmodem? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 19 Which interface type provides clocking for a line? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 20 List four reasons why you would use a chat script. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 21 What command can be used to determine whether Serial 0 is the DCE or DTE? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 94 Chapter 4: Configuring Asynchronous Connections with Modems 22 What command lists the transmit and receive speeds for the asynchronous ports on the router? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 23 On which pins does the DTE device send and receive? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 24 Which of the following would trigger a chat script start? a. Line reset b. DDR c. Line activation d. Manual Scenarios 95 Scenarios There are no scenarios for this particular chapter. The key issues and concepts here are syntax, syntax, and syntax. For further review, you should practice creating a configuration for a router and include all parts necessary for an asynchronous setup. The parts should include: • Line configuration (physical) • Interface configuration (logical) • A new modemcap entry (your choice) • An alias to address the modem locally (Reverse Telnet) • A chat script for the connection (no phone number needed!) This chapter covers the following topics that you need to master as a CCNP: • PPP background—This section examines the underlying technology of the Point-to- Point Protocol (PPP) and its components. • PPP options—This section discusses how to configure various options available with PPP. These options include authentication, PPP Callback, compression, and PPP Multilink. • PPP troubleshooting—This section details some of the show and debug commands useful in dealing with issues arising with PPP. C H A P T E R 5 Configuring PPP and Controlling Network Access The CCNP Remote Access Exam requires you to have an in depth understanding of various WAN technologies. In this chapter the discussion focuses on Point-to-Point Protocol (PPP). The typical implementation of PPP has traditionally been in dial-up and/or ISDN deployments. The growing need of corporations to include dial-up access to network resources for remote users has created a high demand for point-to-point technologies. Telecommuting personnel require access to network devices and information that looks and feels as it would at the office (albeit at slower access rates). PPP and its options enable this type of access to become a reality. The capabilities of PPP give it the versatility to remain flexible, yet viable, in many situations. Most remote access technology implementations center on PPP as the core access method. Dial-up clients require a means of accessing the network. Windows 95, Windows 98, Windows 2000, and so forth include dial-up networking client software as part of a standard installation. In addition, many companies have created proprietary dial-up clients. PPP is the underlying architecture that makes it all work. PPP creates a single connection over which multiple protocols can be multiplexed. IP, IPX, and AppleTalk, for example, can all traverse PPP links. The actual configuration of the dialup client is not discussed here. The discussions in this chapter center on the Access Server configuration. Whether the Access Server is a 3640 router or an AS5x00 router, the configuration is essentially the same. Authentication plays a vital role in PPP connections. Having dial-up lines with no user authentication is a dangerous game to play. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) authentications provide varying degrees of security. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. 98 Chapter 5: Configuring PPP and Controlling Network Access • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through writing down facts and concepts, even if you never look at the information again. • Use the diagram in Figure 5-1 to guide you to the next step. Figure 5-1 How to Use This Chapter “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter “Do I Know This Already?” Quiz 99 The nine-question quiz helps you make good choices about how to spend your limited study time. The quiz is sectioned into smaller, three-question “quizlets,” each of which corresponds to the three major topic headings in the chapter. Use the scoresheet in Table 5-1 to record your scores. 1 Where is PPP typically implemented? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 What is the function of the LCP? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 3 What is the difference between interactive and dedicated asynchronous implementations? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 4 List the four PPP LCP negotiable options. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 5 List the two supported authentication types with PPP. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ Table 5-1 Scoresheet for Quiz and Quizlets Quizlet Number Foundation Topics Section Covered by These Questions Questions Score 1 PPP Background 1–3 2 PPP Options 4–6 3 PPP Troubleshooting 7–9 All questions 1–9 100 Chapter 5: Configuring PPP and Controlling Network Access 6 In PPP Callback implementations, which router is in charge of the authentication challenge as well as the disconnect of the initial call? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 What command shows the status of individual B channels at any given time? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 What command enables the real-time viewing of CHAP communications? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 What command enables the real-time viewing of dial events? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections,” on page 397. The suggested choices for your next step are as follows: • You correctly answered four or fewer questions overall—Read the chapter. This includes the “Foundation Topics,” “Foundation Summary,” and “Q&A” sections, as well as the scenarios at the end of the chapter. • You correctly answered one or fewer questions on any quizlet—Review the subsections of the “Foundation Topics” part of this chapter, based on the information that you entered in Table 5-1. Then move into the “Foundation Summary” and “Q&A” sections and the scenarios at the end of the chapter. • You correctly answered five or more questions overall—If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section and the scenarios at the end of the chapter. Otherwise, move to the next chapter. PPP Background 101 Foundation Topics PPP Background RFC 1661 defines PPP. PPP’s basic function is to encapsulate network layer protocol information over point-to-point links. The mechanics of PPP are as follows: Step 1 To establish communications, each end of the PPP link must first send Link Control Protocol (LCP) packets to configure and test the data link. Step 2 After the link has been established and optional facilities have been negotiated as needed, PPP must send Network Control Protocol (NCP) packets to choose and configure one or more network layer protocols. Step 3 Once each of the chosen network layer protocols has been configured, traffic from each network layer protocol can be sent over the link. Step 4 The link remains configured for communications until explicit LCP or NCP packets close the link down, or until some external event occurs (such as the expiration of an inactivity timer expires or the intervention of a network administrator). In other words, PPP is a pathway that is opened for multiple protocols simultaneously. PPP was originally developed with IP in mind; however, it functions independently of the Layer 3 protocol that is traversing the link. PPP Architecture As mentioned, PPP encapsulates the network layer protocol(s) that are configured to traverse a PPPconfigured link. PPP has a number of capabilities that make it flexible and versatile, including: • Multiplexing of network layer protocols • Link configuration • Link quality testing • Authentication • Header compression • Error detection • Link parameter negotiation 102 Chapter 5: Configuring PPP and Controlling Network Access PPP supports these functions by providing an extensible LCP and a family of NCPs to negotiate optional configuration parameters and facilities. The protocols to be transported, the optional capabilities, and the user authentication type are all communicated during the initial exchange of information when a link between two points is set up. PPP Components PPP can operate across any DTE/DCE interface. The only absolute requirement imposed by PPP is the provision of a duplex circuit, either dedicated or switched, that can operate in either an asynchronous or synchronous bit-serial mode, transparent to PPP link layer frames. Other than those imposed by the particular DTE/DCE interface in use, PPP does not impose any restrictions regarding transmission rates. In just about every type of WAN technology in internetworking, a layered model is shown to provide a point of reference to the OSI model and to illustrate where each particular technology operates. PPP is not much different from other technologies. It too has its own layered model to define form and function. Figure 5-2 depicts the PPP layered model. Figure 5-2 PPP Layered Model As with most technologies, PPP has its own framing structure. This structure enables the encapsulation of virtually any Layer 3 protocol. Because PPP is, by nature, point-to-point, no mapping of protocol addresses is necessary. Figure 5-3 shows the PPP frame format. Upper-layer protocols (such as IP, IPX, AppleTalk) Network Control Protocol (NCP) (specific to each network-layer protocol) Link Control Protocol (LCP) High-Level Data Link Control (HDLC) Physical Layer (such as EIA/TIA-232, V.24, V.35, ISDN) 3 2 1 OSI layer PPP Background 103 Figure 5-3 PPP Frame Format The frame structure fields for PPP are as follows: • Flag—A single byte that indicates the beginning or end of a frame. The flag field consists of the binary sequence 01111110. • Address—A single byte that contains the binary sequence 11111111, the standard broadcast address. PPP does not assign individual station addresses. • Control—A single byte that contains the binary sequence 00000011, which calls for transmission of user data in an unsequenced frame. • Protocol—Two bytes that identify the protocol encapsulated in the information field of the frame. The most up-to-date values of the protocol field are specified in the most recent Assigned Numbers RFC. At press time, this was RFC 1700. For more information, see www.isi.edu/in-notes/rfc1700.txt. • Data—Zero or more bytes that contain the datagram for the protocol specified in the Protocol field. The end of the Data field is found by locating the closing flag sequence and allowing 2 bytes for the FCS field. The default maximum length of the information field is 1500 bytes. By prior agreement, consenting PPP implementations can use other values for the maximum Data field length. • Frame Check Sequence (FCS)—Normally 16 bits (2 bytes). By prior agreement, consenting PPP implementations can use a 32-bit (4-byte) FCS for improved error detection. The LCP can negotiate modifications to the standard PPP frame structure. Modified frames, however, are always clearly distinguishable from standard frames. 1 1 1 2 Variable 2 or 4 Flag Address Control Protocol Data FCS 104 Chapter 5: Configuring PPP and Controlling Network Access PPP LCP The PPP LCP provides a method of establishing, configuring, maintaining, and terminating the point-to-point connection. LCP goes through four distinct phases: 1 A link establishment and configuration negotiation occurs. Before any network layer datagrams (for example, IP) can be exchanged, LCP first must open the connection and negotiate configuration parameters. This phase is complete when a configurationacknowledgment frame has been both sent and received. 2 A link-quality determination is made. LCP allows an optional link-quality determination phase following the link-establishment and configuration-negotiation phase. The link is tested to determine whether the quality is sufficient to initialize the network layer protocols. Transmission of network layer protocols can be held until this phase is complete. 3 The network layer protocol configuration negotiation occurs. Network layer protocols can be configured separately by the appropriate NCP and can be initialized and taken down at any time. 4 Link termination then occurs at the request of the user or a predefined inactivity timer, loss of carrier occurrence, or some other physical event. Three classes of LCP frames are used to accomplish the work of each of the LCP phases: • Link-establishment frames are used to establish and configure a link. • Link-termination frames are used to terminate a link. • Link-maintenance frames are used to manage and debug a link. Dedicated and Interactive PPP Sessions Asynchronous interfaces on an access server can be configured to accept inbound calls from remote users. There are two modes that can be used in this situation, interactive and dedicated. In interactive mode, users who dial into the network are able to access the user mode prompt. The user must enter the command ppp connect to initiate the connection. If access to the router prompt is unacceptable, dedicated mode should be used. Dedicated mode forces the connection into a PPP session once the call setup is complete. The command to implement interactive or dedicated mode for dial-up connections is as follows: RouterA(config-if)#async mode [dedicated interactive] IP addressing on serial interfaces can be done statically or dynamically. If assigned statically, the ip address command is used on the interface just as any other interface. To enable dynamic addressing, the ip unnumbered command is used: RouterA(config-if)#ip unnumbered interface-type interface-number PPP Options 105 Asynchronous interfaces can assign predefined IP addresses to dial-up clients using the following command: RouterA(config-if)#peer default ip address {ip-address dhcp pool poolname} The dhcp and pool options require global configuration of a pool of addresses using the following command: RouterA(config)#ip local pool poolname start-address end-address The poolname must match the poolname in the peer default ip address command. It is possible for the dial-up client to assign his or her own address. To do this, use the async dynamic address command at the interface level. PPP Options As mentioned, LCP negotiates a number of parameters. This section goes into more detail regarding those parameters. LCP negotiation enables you to add features to your PPP configuration. The additional options are as follows (more details are in upcoming sections of this chapter): • Authentication—By using either PAP or CHAP (discussed later) to authenticate callers, this option provides additional security. Implementation of this option requires that individual dial-up clients identify themselves and provide a valid username and password. • Callback—This option can be used to provide call and dial-up billing consolidation. A user dials into the network and disconnects; then, the access server dials the user back and a connection is established. • Compression—Compression is used to improve throughput on slower-speed links. Care should be taken when implementing compression. The topic of compression is discussed later in this book. • Multilink PPP—This option takes advantage of multiple ISDN B channels. Multilink is a standardized method of bundling B channels to aggregate their bandwidth. Data is transmitted across multiple links and reassembled at the remote end. PPP Authentication The topic of authentication has been touched on throughout this chapter. At this point, it is finally time to get down to specifics. PPP authentication offers two options—PAP and CHAP. These two protocols offer differing degrees of protection. Both protocols require the definition of usernames and accompanying passwords. This can be done on the router itself or on a TACACS or RADIUS authentication server. The examples we deal with in this book are those in which the router itself is configured with all usernames and passwords. 106 Chapter 5: Configuring PPP and Controlling Network Access PAP PAP is exactly what its name implies. It is a clear text exchange of username and password information. When a user dials in, a username request is sent. Once that is entered, a password request is sent. All communications flow across the wire is in clear text form. No encryption is used with PAP. There is nothing stopping someone with a protocol analyzer from gleaning passwords as they traverse the wire. At that point, simply playing back the packet allows authentication into the network. Although it may not provide the level of protection you may be seeking, it’s better than nothing. It serves to keep honest people honest. Figure 5-4 depicts the PAP authentication procedure. Figure 5-4 PAP Authentication As is clearly seen, PAP is a one-way authentication between the router and the host. Example 5-1 shows a basic PPP PAP configuration. Example 5-1 PAP Configuration Example RouterA(config)#username emma password twinz RouterA(config)#interface async 0 RouterA(config-if)#enapsulation ppp RouterA(config-if)#ppp authentication pap Remote user Emma Access server Router A Run PPP Use PAP "emma, twinz" Accept or reject Name: Emma Password: twinz username Emma password twinz Local user database PPP Options 107 CHAP CHAP is much more secure than PAP. It implements a two-way encrypted authentication process. Usernames and passwords still must exist on the remote router, but they do not cross the wire as they did with PAP. When a user dials in, the access server issues a challenge message to the remote user after the PPP link is established. The remote end responds with a one-way hash function. This hash is generally an MD5 entity. If the value of the hash matches what the router expects to see, the authentication is acknowledged. If not, the connection terminates. Figure 5-5 depicts CHAP authentication. Figure 5-5 CHAP Authentication The playback of packets captured by a protocol analyzer is not an issue with CHAP. The use of variable challenge values (that is, unique values) for each authentication attempt ensures that no two challenges are the same. CHAP also repeats a challenge every two minutes for the duration of the connection. If the authentication fails at any time, the connection is terminated. The access server controls the frequency of the challenges. Example 5-2 shows a basic CHAP configuration. Example 5-2 CHAP Configuration Example RouterA(config)#username amanda password twinz RouterA(config)#interface async 0 RouterA(config-if)#enapsulation ppp RouterA(config-if)#ppp authentication chap Remote user Amanda Access server Router A Request for challenge Challenge Response Accept or reject Name: Amanda Password: twinz username Amanda password twinz Local user database Use CHAP Run PPP 108 Chapter 5: Configuring PPP and Controlling Network Access There are specific steps involved in a CHAP negotiation: Step 1 Making a call—The inbound call arrives at the PPP configured interface. LCP opens the CHAP negotiation and the access server initiates a challenge. Step 2 Conveying the challenge—When the access server sends the challenge, a challenge packet is constructed. The packet consists of a challenge packet type identifier, a sequence number for the challenge, a random number (as random as an algorithm can be), and the authentication name of the called party. The calling party must process the challenge packet as follows: (a) The ID value from the challenge packet is fed into the MD5 hash generator. (b) The random value is fed into the MD5 hash generator. (c) The authentication name of the called party is used to look up the password. (d) The password is fed into the MD5 hash generator. The resulting value is the one-way MD5 CHAP challenge that is forwarded to the called party in response to the challenge. This value is always 128 bits in length. Step 3 Answering the challenge—Once the reply is hashed and generated, it can be sent back. The response has a CHAP response packet type identifier, the id from the challenge packet, the output from the hash, and the authentication name of the calling party. The response packet is then sent to the called party. Step 4 Verifying—The called party processes the response packet as follows: (a) The ID is used to find the original challenge packet. (b) The ID is fed into the MD5 hash generator. (c) The original challenge random number value is fed into the MD5 hash generator. (d) The authentication name of the calling party is compared to the username/password list in the router or in an authentication server. (e) The password is fed into the MD5 hash generator. (f) The hash value received in the response packet is compared to the result of the hash value just generated. PPP Options 109 The authentication succeeds only if the hash value received from the calling party (from Step 2) matches the calculated hash value (from Step 4). Step 5 Constructing the result—If the values of the hash calculations match, the authentication is successful and a CHAP success packet is constructed. It contains a CHAP success message type and the id from the response packet. If the authentication fails, a CHAP failure packet is constructed. It contains a CHAP failure message type and the ID from the response packet. Indication of success or failure is then sent to the calling party. PPP Callback The PPP Callback option was developed to provide connectivity to remote users while controlling access and the cost of calls. Callback enables a router to place a call, and then request that the central router call back. Once the request is made, the call disconnects. The central router then dials the router back, which reverses the charges for the call. This callback feature adds another layer of protection because it only dials back authorized numbers. However, callback is not considered to be a security feature. PPP Callback routers can play two roles, that of the callback client and that of the callback server. The client router passes authentication (PAP or CHAP) information to the server router, which in turn analyzes dial string and hostname information to determine whether callback is authorized. If authentication is successful, the server disconnects the call and then places the return call. The username of the client router is used as a call reference to associate it with the initial call. For the callback to be successful, the hostname must exist in a dialer-map statement; otherwise, the router is unable to determine the proper dial string to use in calling back the client. If the return call fails, there are no retries. The client has to reissue the callback request. For callback to function, both sides of a PPP link must be configured to support it. As mentioned, a server and a client must be specified. The client issues the initial call and the server places return calls. There is a catch, however. If a call is placed requesting callback, the server disconnects the call after authentication. It is possible that another call will come in on the same B channel during the idle time between disconnect and callback. If it is the last available B channel, callback will not occur. It is also possible that on DDR implementations, interesting traffic can force an outbound call on the last available B channel. Again, if this happens, callback does not occur. Example 5-3 shows a PPP Callback configuration for the client. 110 Chapter 5: Configuring PPP and Controlling Network Access Example 5-4 shows the PPP Callback configuration for the server. The callback client uses the ppp callback request command to request that the callback occur. The server router uses the ppp callback accept command as an indication that it should accept callback requests and place a call to the phone number configured for the requesting client (in this case, 5553434). The dialer callback-secure command disconnects calls that are not properly configured for callback. It also forces a disconnect of any unconfigured dial-in users. This command ensures that the initial call is always disconnected at the receiving end and that the return call is made only if the username is configured for callback. Figure 5-6 illustrates the PPP Callback procedure. Example 5-3 PPP Callback Client Configuration Client(config)#username Client password cisco Client(config)#username Server password cisco Client(config)#dialer-list 1 protocol ip permit Client(config)#interface S0 Client(config-if)#ip address 10.1.1.1 255.255.255.0 Client(config-if)#encapsulation ppp Client(config-if)#dialer map ip 10.1.1.2 name Server 5551212 Client(config-if)#dialer-group 1 Client(config-if)#ppp callback request Client(config-if)#ppp authentication chap Client(config-if)#dialer hold-queue timeout 30 Example 5-4 PPP Callback Server Configuration Server(config)#username Client password cisco Server(config)#username Server password cisco Server(config)#dialer-list 1 protocol ip permit Server(config)#interface S0 Server(config-if)#ip address 10.1.1.1 255.255.255.0 Server(config-if)#encapsulation ppp Server(config-if)#dialer callback-secure Server(config-if)#dialer map ip 10.1.1.1 name Client 5553434 Server(config-if)#dialer-group 1 Server(config-if)#ppp callback accept Server(config-if)#ppp authentication chap PPP Options 111 Figure 5-6 PPP Callback Procedure When the client router dials, its hold queue timer begins to count down. No additional calls to the same destination can be made until the time reaches zero. This value is configurable using the dialer hold-queue command detailed later in this chapter. PPP Compression Compression is covered in Chapter 10, “Managing Network Performance with Queuing and Compression,” in more detail. This section is simply an overview of PPP’s compression capabilities. Compression is most useful on slower-speed links. In routing, there comes a point when it is faster to send information outright than it is to compress, send, and decompress it. Compression simply serves to decrease transit time across the WAN. PPP or Layer 2 compression is determined during LCP negotiation. Therefore, if one side of the call doesn’t support it or have it configured, it is not utilized for that call. Cisco supports a number of compression algorithms. They include STAC, Predictor, MPPC, and TCP header compression. These are discussed in Chapter 10 and are not therefore covered here. 1 2 3 4 5 6 7 Call initiation User authentication Initiating call disconnected Authentication Connection proceeds Client called Server-to-client dial string identified Call acknowledgment Callback client Callback server 112 Chapter 5: Configuring PPP and Controlling Network Access Multilink PPP Multilink PPP is a specification that enables bandwidth aggregation of multiple B channels into one logical pipe. Its mission is comparable to that of Cisco’s bandwidth-on-demand (BOD). More specifically, the Multilink PPP feature provides load-balancing functionality over multiple WAN links, while providing multivendor interoperability, packet fragmentation and proper sequencing, and load calculation on both inbound and outbound traffic. Cisco’s implementation of Multilink PPP supports the fragmentation and packet sequencing specifications in RFC 1717. Multilink PPP enables packets to be fragmented and the fragments to be sent at the same time over multiple point-to-point links to the same remote address. Refer to Chapter 6, “Using ISDN and DDR Technologies,” for a more detailed discussion of Multilink PPP. PPP Troubleshooting Troubleshooting PPP is similar to troubleshooting many other WAN technologies. However, there is a key difference: The implementation of authentication adds another item to the list of things that can go wrong. This section details some of the commands useful in dealing with PPP issues. The first step in troubleshooting PPP connections is to remove authentication of any kind from the configuration. If the service functions properly at that point, it’s time to rethink your authentication configuration. The show dialer command provides useful information about the current status of B channels. Example 5-5 shows sample output. The show dialer command shows status and connection information regarding each B channel and the number to which the channel is connected. It also shows successful and failed calls. The debug ppp negotiation and debug ppp authentication commands are useful in enabling the administrator to view the real-time communication between PPP configured devices. They Example 5-5 show dialer Command Output Reveals B Channel Status RouterA#show dialer Dial String Successes Failures Last called Last status 4155551212 1 0 00:00:00 successful 4155551213 1 0 00:00:00 successful 0 incoming call(s) have been screened. BRI0: B-Channel 1 Idle timer (300 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) BRI0: B-Channel 2 Idle timer (300 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) PPP Troubleshooting 113 are mentioned together because they are often implemented simultaneously. Example 5-6 shows screen output from the commands. As is noted in the output, this is an example of a failed CHAP authentication attempt. Chapter 6 covers additional show and debug commands for PPP. Example 5-6 Combined debug ppp negotiation and debug ppp authentication Command Output ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = C223/5 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 28CEEF99 ppp: received config for type = 3 (AUTHTYPE) value = C223 value = 5 acked ppp: received config for type = 5 (MAGICNUMBER) value = 1E23F5C acked PPP BRI0: B-Channel 1: state = ACKSENT fsm_rconfack(C021): rcvd id E4 ppp: config ACK received, type. = 3 (CI_AUTHTYPE), value = C223 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 28CEEF99 BRI0: B-Channel 1: PPP AUTH CHAP input code = 1 id = 82 len = 16 BRI0: B-Channel 1: PPP AUTH CHAP input code = 2 id = 95 len = 28 BRI0: B-Channel 1: PPP AUTH CHAP input code = 4 id = 82 len = 21 BRI0: B-Channel 1: Failed CHAP authentication with remote. Remote message is: MD compare failed ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = C223/5 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 28CEEFDB %LINK-3-UPDOWN: Interface BRI0: B-Channel 1, changed state to down %LINK-5-CHANGED: Interface BRI0: B-Channel 1, changed state to down %LINK-3-UPDOWN: Interface BRI0: B-Channel 1, changed state to up %LINK-5-CHANGED: Interface BRI0: B-Channel 1, changed state to up ppp: sending CONFREQ, type = 3 (CI_AUTHTYPE), value = C223/5 ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 28CEF76C ppp: received config for type = 3 (AUTHTYPE) value = C223 value = 5 acked ppp: received conf.ig for type = 5 (MAGICNUMBER) value = 1E24718 acked PPP BRI0: B-Channel 1: state = ACKSENT fsm_rconfack(C021): rcvd id E6 ppp: config ACK received, type = 3 (CI_AUTHTYPE), value = C223 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 28CEF76C BRI0: B-Channel 1: PPP AUTH CHAP input code = 1 id = 83 len = 16 BRI0: B-Channel 1: PPP AUTH CHAP input code = 2 id = 96 len = 28 BRI0: B-Channel 1: PPP AUTH CHAP input code = 4 id = 83 len = 21 BRI0: B-Channel 1: Failed CHAP authentication with remote. Remote message is: MD compare failed 114 Chapter 5: Configuring PPP and Controlling Network Access Foundation Summary PPP was developed specifically for point-to-point connectivity, as its name implies. It has become one of the more versatile protocols in use today. ISDN implementations, serial connections, and other dial-up connections now implement PPP. Configuring PPP is not a difficult process; however, it does have some intricate differences when compared to other WAN technologies. The options provided by PPP enable a level of control over network resources previously unknown. LCP negotiation of authentication, callback, compression, and PPP Multilink make this granularity possible. PPP authentication enables the use of PAP or CHAP. PAP makes use of clear text passwords, which could enable packet playback if captured by a protocol analyzer. CHAP implements an MD5 hash challenge and response. Every challenge is unique, as is each response. At periodic intervals (two minutes) during the course of the connection, additional challenges are issued. In the event of a failed authentication, the call is immediately disconnected. PPP Callback enables the centralization of call related costs. A central site provides callback services to remote clients. Client devices dial it and are authenticated. Upon successful authentication, the server disconnects the call and dials the client back. PPP Compression enables a reduction in the delay associated with transmission of data over lower-speed links. Care should be taken when using compression because memory utilization on the router is greatly increased. PPP Multilink enables the bundling of multiple bearer channels into one aggregate pipe. Traffic is broken up and sent across the redundant pathways to the remote side where it is reassembled. Any protocol can go across a PPP link. The only requirement is that the adjacent interfaces must be configured with the protocols that need to cross the link. Q&A 115 Q&A The questions and scenarios in this book are more difficult than what you will experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than enabling you to derive the answer from clues hidden inside the question itself, the questions challenge your understanding and recall of the subject. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, these questions will help you limit the number of exam questions on which you narrow your choices to two options and then guess. The answers to these questions can be found in Appendix A, on page 397. 1 Where is PPP typically implemented? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 What is the function of the LCP? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 3 What is the difference between interactive and dedicated asynchronous implementations? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 4 List the 4 PPP LCP negotiable options. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 5 List the two supported authentication types with PPP. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 116 Chapter 5: Configuring PPP and Controlling Network Access 6 In PPP Callback implementations, which router is in charge of the authentication challenge as well as the disconnect of the initial call? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 What command shows the status of individual B channels at any given time? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 What command enables the real-time viewing of CHAP communications? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 What command enables the real-time viewing of dial events? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 10 Describe the PPP Callback procedure. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 11 What are the supported compression types on Cisco routers? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 12 Which command, used with callback, ensures that a callback is made only to a properly configured client? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Q&A 117 13 What command informs a router that it is to be a callback client? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 14 What command informs a router that it is to be a callback server? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 15 What is the default time interval between CHAP challenges? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 16 In the event of PPP authentication failure, what happens to the call? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 118 Chapter 5: Configuring PPP and Controlling Network Access Scenarios The following case studies and questions are designed to draw together the content of the chapter and exercise your understanding of the concepts. There is not necessarily a right answer to each scenario. The thought process and practice in manipulating the related concepts is the goal of this section. Scenario 5-1 Refer to Figure 5-7 for this scenario. Figure 5-7 Network Environment for Scenario 5-1 These three routers need to be configured for dial-up access. Varying degrees of configuration are performed on each router. Use the figure as the sole source of information for the following tasks: 1 Configure the Central site router for CHAP authentication. The password in all instances is “cisco”. The interfaces in question are BRI 0 and BRI 1. Don’t worry about the intricacies of the ISDN configuration. The task here is the PPP configuration only. ISDN is covered in Chapter 6. Central site Site A Site B BRI0 BRI0 BRI0 BRI1 ISDN Scenario 5-3 119 2 Configure the SiteA router for PPP and CHAP authentication on BRI 0. Use “cisco” as the password. 3 Configure the SiteB router for PPP and CHAP authentication on BRI 0. Use “cisco” as the password. Scenarion 5-2 It has been determined that a callback implementation is in order. Complete the tasks that follow: 1 Configure the Central site router to act as a PPP Callback server. 2 Configure the SiteA router to act as a PPP Callback client. 3 Configure the SiteB router to act as a PPP Callback client. Scenario 5-3 The PPP implementation is having problems. Implement appropriate means of troubleshooting to meet the following symptoms: 1 The call is being completed successfully; however, it is immediately disconnected. List the commands to troubleshoot this issue. 2 The callback client has issued a callback request and successfully authenticated; however, the callback is not occurring. What is a possible cause? 120 Chapter 5: Configuring PPP and Controlling Network Access Scenario Answers The answers provided in this section are not necessarily the only possible correct answers. They merely represent one possibility for each scenario. The intention is to test your base knowledge and understanding of the concepts discussed in this chapter. Should your answers be different (as they likely will be), consider the differences. Are your answers in line with the concepts of the answers provided and explained here? If not, go back and read the chapter again, focusing on the sections related to the problem scenario. Scenario 5-1 Answers 1 The Central site router configuration is as follows: 2 The SiteA router configuration is as follows: 3 The SiteB router configuration is as follows: Central(config)#username Central password cisco Central(config)#username SiteA password cisco Central(config)#username SiteB password cisco Central(config)#interface bri0 Central(config-if)#encapsulation ppp Central(config-if)#ppp authentication chap Central(config)#interface bri1 Central(config-if)#encapsulation ppp Central(config-if)#ppp authentication chap SiteA(config)#username Central password cisco SiteA(config)#username SiteA password cisco SiteA(config)#interface bri0 SiteA(config-if)#encapsulation ppp SiteA(config-if)#ppp authentication chap SiteB(config)#username Central password cisco SiteB(config)#username SiteB password cisco SiteB(config)#interface bri0 SiteB(config-if)#encapsulation ppp SiteB(config-if)#ppp authentication chap Scenario 5-2 Answers 121 Scenario 5-2 Answers 1 The Central site router configuration is as follows: 2 The SiteA router configuration is as follows: 3 The SiteB router configuration is as follows: Central(config)#username Central password cisco Central(config)#username SiteA password cisco Central(config)#username SiteB password cisco Central(config)#dialer-group 1 protocol ip permit Central(config)#interface bri0 Central(config-if)#encapsulation ppp Central(config-if)#dialer callback-secure Central(config-if)#ip address 10.1.1.1 255.255.255.0 Central(config-if)#ppp authentication chap Central(config-if)#dialer map ip 10.1.1.2 name SiteA 5555656 Central(config-if)#dialer-group 1 Central(config-if)#ppp callback accept Central(config)#interface bri1 Central(config-if)#encapsulation ppp Central(config-if)#dialer callback-secure Central(config-if)#ppp authentication chap Central(config-if)#ip address 10.2.1.1 255.255.255.0 Central(config-if)#dialer map ip 10.2.1.2 name SiteB 5556767 Central(config-if)#dialer-group 1 Central(config-if)#ppp callback accept SiteA(config)#username Central password cisco SiteA(config)#username SiteA password cisco SiteA(config)#dialer-list 1 protocol ip permit SiteA(config)#interface bri0 SiteA(config-if)#ip address 10.1.1.2 255.255.255.0 SiteA(config-if)#encapsulation ppp SiteA(config-if)#ppp authentication chap SiteA(config-if)#dialer map ip 10.1.1.1 name Central 5559090 SiteA(config-if)#dialer-group 1 SiteA(config-if)#ppp callback request SiteB(config)#username Central password cisco SiteB(config)#username SiteB password cisco SiteB(config)#dialer-list 1 protocol ip permit SiteB(config)#interface bri0 SiteB(config-if)#ip address 10.2.1.2 255.255.255.0 SiteB(config-if)#encapsulation ppp SiteB(config-if)#ppp authentication chap SiteB(config-if)#dialer map ip 10.2.1.1 name Central 5559191 SiteB(config-if)#dialer-group 1 SiteB(config-if)#ppp callback request 122 Chapter 5: Configuring PPP and Controlling Network Access Scenario 5-3 Answers 1 The symptom listed here is consistent with authentication failure. Show dialer or debug ppp authentication assists in troubleshooting the condition. 2 A callback failure of this sort can sometimes be attributed to busy B channels. If a callback request comes in and authentication is successful, the server disconnects the call. If this is the last available B channel, and a new call comes in, the new call takes the available B channel and callback cannot occur. This chapter covers the following topics that you need to master as a CCNP: • POTS versus ISDN; BRI and PRI Basics—These introductory sections examine the underlying technology of ISDN and its components. • Basic Rate Interface—This section explores the technologies related to BRI-specific implementations of ISDN technology. • Implementing Basic DDR—This section covers many of the commands used to configure a basic DDR solution (the traditional methodology for deploying ISDN), including the definition of interesting traffic, dialer maps, and static routes. This section helps you understand DDR and the accompanying command structure. • Advanced DDR operations—This section covers a number of variable parameters specific to a DDR implementation, such as the decision to use Cisco’s proprietary bandwidth on demand function to load share over multiple bearer channels as well as the standardized PPP Multilink. • Primary Rate Interface—This section explains the concepts of and differences between T1 and E1 PRI-based implementations. C H A P T E R 6 Using ISDN and DDR Technologies The CCNP Remote Access Exam requires you to have an in depth understanding of various WAN technologies. In this chapter the discussion focuses on ISDN. ISDN is not a new technology by any means. However, it is still widely implemented around the world. Even with the advent of newer (and faster) broadband technologies, ISDN continues to grow in the workplace, albeit at a slower rate than what has been seen in the recent past. There are two specific implementation types discussed in this chapter: BRI and PRI. Although they are based on the same technologies and use the same protocols, their implementations are very different. This chapter touches on the background information necessary to give you a solid understanding of each technology. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through writing down facts and concepts, even if you never look at the information again. • Use the diagram in Figure 6-1 to guide you to the next step. 126 Chapter 6: Using ISDN and DDR Technologies Figure 6-1 How to Use This Chapter “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The 15-question quiz helps you determine how to spend your limited study time. The quiz is sectioned into smaller, three-question “quizlets,” each of which corresponds to the major topic headings in the chapter. Use the scoresheet in Table 6-1 to record your scores. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter “Do I Know This Already?” Quiz 127 1 List the two most common implementations of ISDN. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 List the number of bearer channels for BRI, T1 PRI, and E1 PRI. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 3 What type of information is carried over the D channel? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 4 List the specifications that define Layer 2 and Layer 3 of ISDN. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 5 When is it necessary to use dialer in-band in an ISDN BRI configuration? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ Table 6-1 Scoresheet for Quizlets and Quiz Quizlet Number Foundation Topics Section(s) Covered by These Questions Questions Score 1 POTS versus ISDN; BRI and PRI Basics 1–3 2 Basic Rate Interface 4–6 3 Implementing Basic DDR 7–9 4 Advanced DDR Operations 10–12 5 Primary Rate Interface 13–15 All questions 1–15 128 Chapter 6: Using ISDN and DDR Technologies 6 What is the difference between a router with a BRI S/T interface and one with a BRI U interface? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 Write out the commands to define only Telnet and FTP as interesting traffic for DDR. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 List two of the most common encapsulations available for use on BRI interfaces. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 An interface that has been configured not to send routing updates is known as what type of interface? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 10 When using rotary groups, what should determine the dialer interface number? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 11 What technology is used to provide redundancy for WAN links? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 12 DDR traditionally involves the use of static routes. If static routes are not desired, what technology can be implemented? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ “Do I Know This Already?” Quiz 129 13 What information is required of the telco to implement PRI implementations? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 14 List the options available for T1 and E1 framing and line code configuration. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 15 List the command to have the router forward all incoming voice calls to internal MICA technology modems. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections,” on page 397. The suggested choices for your next step are as follows: • You correctly answered six or fewer questions overall—Read the chapter. This includes the “Foundation Topics,” “Foundation Summary,” and “Q&A” sections, as well as the scenarios at the end of the chapter. • You correctly answered two or fewer questions on any “quizlet”—Review the subsections of the “Foundation Topics” part of this chapter, based on the information that you entered in Table 6-1. Then move into the “Foundation Summary” and “Q&A” sections and the scenarios at the end of the chapter. • You correctly answered seven, eight, or nine questions overall—Begin with the “Foundation Summary” section and then go to the “Q&A” section and scenarios at the end of the chapter. • You correctly answered 10 or more questions overall—If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section and the scenarios at the end of the chapter. Otherwise, move to the next chapter. 130 Chapter 6: Using ISDN and DDR Technologies Foundation Topics ISDN refers to a set of digital services that has been available to end users for a number of years. It involves the digitizing of the telephone network so that carriers can provide end users with multiple services from a single end-user interface over existing telephone wiring. ISDN is an effort to standardize subscriber services, user/network interfaces, and network and internetwork capabilities. The goal of standardizing subscriber services is to give some level of international compatibility. Compatibility between International Carrier networks has long been at the forefront of more than a few heated debates in the global standards committees. Their pain, to a degree, has been good for the technology. This standardization, as it has evolved, has made reality of the myth of multivendor interoperability. By no means is it implied that multivendor interoperability is perfect. It is nowhere near perfect and will never be as long as there are global politics in the technology fields. The ISDN community would like to ensure that ISDN networks communicate easily with one another. ISDN was developed with the idea that it would be used to transport voice calls, data traffic, and video traffic. The evolution of ISDN as a viable technology moves forward with the needs of those very different traffic types in mind. ISDN applications include high-speed image applications, additional telephone lines in homes to serve the telecommuting industry, highspeed file transfer, and video conferencing. ISDN is also becoming very common in homebased and small offices as many corporations extend their offices into the residential arena. POTS Versus ISDN ISDN is the replacement of traditional analog plain old telephone service (POTS) equipment and wiring schemes with higher-speed digital equipment. The transition from POTS to ISDN changes the way connections at the local loop area are processed. With POTS, a caller would have to dial up the operator and request a call setup. To accomplish this, the calling party telephone was picked up (that is, went off hook) and a crank was turned to generate current on the line that would light up an LED on the operator console. The operator would answer the setup request and begin setting up the call, making a manual connection between the caller and the called party. The manual connection completed the analog local loop (that is, the connection between the telco switch and customer devices). From the local loop, the call typically went through the central office (CO). Once digital technologies were born and implemented, the operator was replaced with digital facilities, leaving only the local loop as analog. The transition to ISDN completes the digital link by replacing the local loop with digital equipment. Basic Rate Interface 131 BRI and PRI Basics ISDN interfaces can be either PRI or BRI. A PRI differs from a BRI mainly due to the number of channels it offers. ISDN channels are usually divided into two different types—B and D: • The bearer channel—The B channel is the facility that carries the data. Each B channel has a maximum throughput of 64 kbps. B channels can carry encoded pulse code modulation (PCM) digital voice, video, or data. B channels are used mainly for circuit-switched data communications such as High-Level Data Link Control (HDLC) and Point-to-Point Protocol (PPP). However, they can also carry packet-switched data communications. • The D Channel—The D channel is used to convey signaling requests to an ISDN switch. In essence, it provides a local loop to the telephone company’s central office. The router uses the D channel to dial destination phone numbers. It has a bandwidth of 16 kbps for BRI or 64 kbps for PRI. Although the D channel is used mainly for signaling, it too can also carry packet-switched data (X.25, Frame Relay, and so on). Basic Rate Interface BRI is the most typical ISDN connection and is a native ISDN interface on a router. The basic rate connection consists of two bearer (B) channels and a single (D) channel. When both B channels are active, the aggregate bandwidth becomes 128,000 bps. You can purchase ISDN service with two, one, or zero B channels. Typical deployments use two B channels. Implementations of one B channel provide cost reduction, and zero B channel implementations enable another technology (such as X.25) to be run across the D channel. In this book, we do not discuss the deployment of zero B channel deployments because such implementations are not typical in most internetworks. Figure 6-2 depicts the typical 2B+D model. Figure 6-2 BRI 2B + D When you have ISDN BRI installed, the telephone company (or telco) places a Category 5 unshielded twisted-pair (UTP) cable at your site. The telco runs the cable to a location within your premises (usually a telephone room). Many times, the base installation charge covers only bringing the line into your premises. In that case, you must decide if you want to extend the cable into your wiring closet or server room. Usually it is well worth the negligible additional charge to enable the telco installer to extend it to a point that is easy to reach from the router with another cable. BRI B channel 1 = 64 kbps B channel 2 = 64 kbps D channel = 16 kbps 132 Chapter 6: Using ISDN and DDR Technologies When you extend the cable, the extension begins at a 66 block on your premises. A 66 block is merely the location where all the lines coming into your premises are separated into individual pairs. Once the decision has been made regarding where to put the cable and the cable is put in place, the installer attaches an eight-pin modular (RJ-45) jack to the cable and attaches the jack to the wall. The installer should label the jack with the appropriate service profile identifiers (SPIDs) and a circuit identifier number. This information is necessary if a call for service is needed in the future. In North America, this jack is the point of demarcation (demarc), where responsibility for the line changes hands. The equipment on your side of the point of demarc is known as customer premise equipment (CPE). The jack that the telco installs is a direct interface from the local central office switch to your customer premise equipment. One important piece of equipment in any ISDN BRI installation is an NT1. The NT1 is a device similar to a channel service unit/data service unit (CSU/DSU), which is used in serial connections. The NT1 terminates the local loop. The NT1 has at least two interfaces: an S/T interface jack and a U interface. The S/T interface is attached to the router’s BRI interface. The U interface is attached to the telco jack. Many of Cisco’s BRI-capable routers are now available with an integrated NT1. These interfaces are labeled “BRI U”. If this feature is not available on the chassis, the interface is labeled “BRI S/T” and an external NT1 is necessary. This native ISDN interface is the router’s TE1 interface. From time to time, it may be necessary to install ISDN, but there is no native BRI interface on your router. In such cases, it is still possible to use ISDN. However, another piece of hardware known as a terminal adapter must be used. The terminal adapter is a device that contains the BRI that your router is missing. In recent ISDN hype, telecommunications manufacturers marketed terminal adapters as ISDN modems. Terminal adapters are not modems. They do not modulate and demodulate signals. What they do is interface your router’s universal I/O serial port. The terminal adapter interfaces the NT1 with a native BRI. The non-native (that is, non-BRI) ISDN is known as the TE2 interface. The interface between the TE2 and the TA is known as the R interface. It is important to note that a non-native ISDN interface (more specifically, a solution that lacks a D channel) requires you to use the dialer in-band command to issue signaling requests to the ISDN switch. Using the dialer in-band configuration, each B channel, in effect, loses 8000 bps of available bandwidth for signaling. Therefore, the bandwidth available per B channel becomes 56,000 bps. In some cases, ISDN facilities are available only at 56,000 bps per B channel, regardless of whether the interface is native ISDN. Check with the telco provider for details for a particular installation. Figure 6-3 shows the ISDN reference points. Basic Rate Interface 133 Figure 6-3 ISDN Interface Detail BRI Protocols As is the standard for implementations in this industry, the ISDN implementation is divided into multiple layers. This division of labor for ISDN is not unlike the OSI model. ISDN has three layers. Layer 1 deals with signal framing, Layer 2 deals with framing protocols, and Layer 3 deals with D channel call setup and teardown protocols. Each of these protocols has a specific mission to accomplish. Figure 6-4 depicts the ISDN layer model. Figure 6-4 ISDN Protocol Layers ISDN Layer 1 Layer 1 for ISDN is similar to that of the OSI model. It refers to physical connectivity. This connectivity is obviously an important piece of the picture. Without it, nothing happens. In order for a router to communicate with an ISDN network, it must be configured for the type of switch to which it is connected. The carrier should provide the type of switch that is to be used. If it was not previously documented, a call should be placed to the carrier to obtain the information. S T U R TE1 NT2 NT1 TE2 TA ISDN switch D channel B channel DSS1 (Q.931) IP/IPX LAPD (Q.921) HDLC/PPP/FR/LAPB I.430/I.431/ANSI T1.601 Layer 3 Layer 1 Layer 2 134 Chapter 6: Using ISDN and DDR Technologies Manufacturers of ISDN central office switches (also known as local exchange equipment) divide the local exchange into two functions: local termination and exchange termination. The local termination function deals with the transmission facility and termination of the local loop. The exchange termination function deals with the switching portion of the local exchange. The AT&T 5ESS and the Northern Telecom DMS-100 are the two principle ISDN switches used in North America. The recent release of National ISDN-1 software has corrected most incompatibility issues between the AT&T and Northern Telecom switches. Prior to the release of this software, for example, you could not use AT&T ISDN products with a Northern Telecom switch. AT&T introduced the 5ESS switch in 1982. It can provide up to 100,000 local loops. Approximately 16000 5ESS switches are in use worldwide, serving close to 40 million lines. In the United States, approximately 85 percent of the BRI lines in service connect to a 5ESS-equipped central office. By comparison, the Northern Telecom DMS-100 switch family is intended to deliver a wide range of telecommunication services. The DMS-100, introduced in 1978, can terminate up to 100,000 lines. Although AT&T and Northern Telecom have deployed the most ISDN switches, there are other ISDN switch manufacturers. Table 6-2 depicts the various switch types available for BRI implementations. Table 6-2 BRI Switch Types Switch Type Description Basic-1tr6 1TR6 switch type for Germany Basic-5ess AT&T 5ESS switch type for the U.S. Basic-dms100 DMS-100 switch type Basic-net3 NET3 switch type for UK and Europe Basic-ni1 National ISDN-1 switch type Basic-nwnet3 NET3 switch type for Norway Basic-nznet3 NET3 switch type for New Zealand Basic-ts013 TS013 switch type for Australia Ntt NTT switch type for Japan vn2 VN2 switch type for France vn3 VN3 and VN4 switch types for France Basic-1tr6 1TR6 switch type for Germany *Check with the provider for the appropriate switch type. A change of switch type requires a reload of the router. Basic Rate Interface 135 The ISDN Layer 1 is concerned not only with physical connectivity, but also with how the bits traverse the wire. To accommodate transmission, a framing method must be established to enable communication between the NT and the TE as well as between the NT and the Local Exchange (LE). The framing between the NT and TE is defined in the ITU specification I.430. Figure 6-5 depicts the BRI frame. Figure 6-5 ISDN BRI Framing Between NT and TE Notice in Figure 6-5 that 16 bits from each B (B1 and B2) channel and 4 bits from the D channel (D) are being time division multiplexed along with framing (F) and alignment (A) bits. Frame transmission is constant regardless of whether data is actually being sent. Between the NT and the LE, another framing convention is used, ANSI T1.601. The intricacies of ANSI T1.601 are not discussed at this time because they are not covered on the CCNP Remote Access Exam. For more information on this topic, check out www.ansi.org. ISDN Layer 2 The Layer 2 processes of ISDN are defined in the ITU specifications Q.920 and Q.921. Q.921 defines the actual communication format. Obviously, Layer 2 communication does not take place unless Layer 1 is properly installed and functioning. 1 1 8 1 1 1 1 1 8 1 1 1 8 1 1 1 8 1 1 1 NT TE frame F L B1 L D L F L B2 L D L B1 L D L B2 L D L 1 1 8 1 1 1 1 1 8 1 1 1 8 1 1 1 8 1 1 1 NT TE frame F L B1 E D A F F B2 E D S B1 E D S B2 E D S 136 Chapter 6: Using ISDN and DDR Technologies Q.921 institutes an addressing scheme similar to many other networking technologies. Just as in LAN implementations, ISDN Layer 2 addressing is meant to provide physical addressing on the network. Because multiple logical devices can exist in a single physical device, it is necessary to correctly identify the source and/or destination process or logical entity when transmitting or receiving data. In communication with the ISDN switch, an identifier must be issued by the switch. This is known as a Terminal Endpoint Identifier (TEI). The telco has the option of creating a specific profile for your implementation. Should this be the case, the telco will assign a SPID for each of your bearer channels. The use of SPIDs is optional. Terminal Endpoint Identifier (TEIs) A terminal endpoint can be any ISDN-capable device attached to an ISDN network. The TEI is a number between 0 and 127, where 0–63 are used for static TEI assignment, 64–126 are used for dynamic assignment, and 127 is used for group assignments. (0 is used only for PRI and is discussed later.) The TEI provides the physical identifier, and the service access point identifier (SAPI) carries the logical identifier. The process of assigning TEIs differs slightly between North America and Europe. In North America, Layer 1 and Layer 2 are activated at all times. In Europe, the activation does not occur until the call setup is sent (known as “first call”). This delay conserves switch resources. In Germany or Italy, as well as in other parts of the world, the procedure for TEI assignment can change according to local practices. In other countries, another key piece of information to obtain is the bus type. Supported types are point-to-point or point-to-multipoint connection styles. In Europe, if you are not sure, specify a point-to-multipoint connection, which will enable dynamic TEI addressing. This is important if BRI connections are necessary because Cisco does not support BRI using TEI 0, because it is reserved for PRI TEI address 0. If you see a TEI of 0 on a BRI, it means that a dynamic assignment has not yet occurred, and the BRI may not be talking to the switch. In the U.S., a BRI data line is implemented only in a point-to-point configuration. Example 6-1 shows a typical ISDN Layer 2 negotiation. Example 6-1 debug isdn q921 Output RouterA#debug isdn q921 BRI0: TX -> IDREQ ri = 65279 ai = 127 BRI0: RX <- UI sapi = 0 tei = 127 i = 0x0801FF0504038090A218018896250101 BRI0: TX -> IDREQ ri = 61168 ai = 127 BRI0: RX <- IDASSN ri = 61168 ai =64 BRI0: TX -> SABMEp sapi = 0 tei = 64 BRI0: RX <- UAf sapi = 0 tei = 64 BRI0: TX -> INFOc sapi = 0 tei = 64 ns = 0 nr = 0 i = x08017F5A080280D1 BRI0: RX <- RRr sapi = 0 tei = 64 nr = 1 BRI0: RX <- INFOc sapi = 0 tei = 64 ns = 0 nr = 1 i = x08007B963902EF01 BRI0: TX -> RRr sapi = 0 tei = 64 nr = 1 Basic Rate Interface 137 NOTE The following paragraphs are a partial explanation of the output listed in Example 6-1. You should take the time to understand this section because the output gives a great deal of troubleshooting information. You may need more than one reading to get it all straight. The ri is a reference indicator. It provides the router and the switch a way to keep straight all the calls they may be processing. Notice in the IDREQ and the IDASSN, the ri value is the same. If the router sends an IDREQ and receives no response, it retries every two seconds. Each time the ri is different. The ai is an association indicator. ai = 127 is the router’s way of requesting a TEI from the switch. The switch reply is ai = 64. Therefore, 64 is the assigned TEI. Notice that all remaining correspondence has tei = 64 referenced. Once the router has a TEI, it sends a SABME (Set Asynchronous Balanced Mode Extended) message with sapi = 0. This means that this is a signalling connection (that is, this is all taking place over the D channel). If no TEI is assigned, Layer 2 does activate and the output from the debug isdn q921 command renders only TX->IDREQ lines. If all the Layer 2 processes are successful, you will see MULTIPLE_FRAME_ESTABLISHED under the Layer 2 Status section in the output of the show isdn status command. See Example 6-3 in the “ISDN Call Setup” section for a demonstration of the show isdn status command output. Service Profile Identifiers (SPIDs) Another key part of the ISDN BRI Layer 2 is the SPID. SPIDs are used only in BRI implementations. PRI implementations do not require the use of SPIDs. The SPID specifies the services to which you are entitled from the switch and defines the feature set that you ordered when the ISDN service was provisioned. The SPID is a series of characters manually entered into the router’s configuration to identify the router to the switch. This is different from the TEI discussed earlier. The TEI address is dynamically assigned. The SPID is statically assigned to the router based on information provided by the service provider. If needed, two SPIDs are configured, one for each channel of the BRI. Usually, the SPID includes the ten-digit phone number of each B channel followed by four additional digits (sometimes 0101) assigned by the telco. BRI0: RX <- INFOc sapi = 0 tei = 64 ns = 1 nr = 1 i = 0x8007B962201013201013B0110 BRI0: TX -> RRr sapi = 0 tei = 64 nr = 2 BRI0: TX -> RRp sapi = 0 tei = 64 nr = 2 BRI0: RX <- RRf sapi = 0 tei = 64 nr = 1 BRI0: TX -> RRp sapi = 0 tei = 64 nr = 2 BRI0: RX <- RRf sapi = 0 tei = 64 nr = 1 Example 6-1 debug isdn q921 Output (Continued) 138 Chapter 6: Using ISDN and DDR Technologies SPID requirements are dependent on both the software revision and the switch. Many switch manufacturers are moving away from SPIDs, as they have already done in Europe. SPIDs are required only in the U.S., and then are used only by certain switches. 5ESS, DMS-100, and NI-1 support the use of SPIDs; however, it is not necessary to configure them unless it is required by the LEC. ISDN Layer 3 ISDN Layer 3 does not impose the use of any network layer protocol for the B channels. The use of the D channel is defined in Q.931 and specified in ITU I.451 and Q.931 + Q.932. Q.931 is used between the TE and the local ISDN switch. Inside the ISDN network, the Signalling System 7 (SS7) Internal Signalling Utility Protocol (ISUP) is used. Link Access Procedure on the D channel (LAPD) is the ISDN data link layer protocol for the D channel. The data link protocol for the B channel, however, can be any of the available protocols because the information can be passed transparently to the remote party. HDLC, PPP, or Frame Relay encapsulations can be used to pass data over the B channel. LAPD As mentioned, LAPD is the data link layer protocol for the D channel. It defines the framing characteristics for payload transmission, as illustrated in Figure 6-6. Figure 6-6 The LAPD Frame The following list defines the subfields of the Address portion of the LAPB frame. • SAPI—Service access point identifier (6 bits) • C/R—Command/response bit (1 bit) • EA—Extended addressing bits • TEI—Terminal Endpoint Identifier Flag Address SAPI 6 bits C/R 1 bit EA 1 bit TEI 7 bits EA 1 bit Ctrl Data FCS Flag 1 2 1 Variable 1 1 Basic Rate Interface 139 NOTE All fields are one byte except for the Address field, which has two bytes. Data is variable in length. ISDN Call Setup The setup procedure for ISDN calls is very similar to that of other circuit switched technologies. It begins with a request, which is acknowledged. The acknowledging switch then forwards the setup request on to the next switch in the line, and so on. Once the called party is reached, a connect message is sent, which also must be acknowledged. Figure 6-7 depicts the ISDN call setup procedure. Figure 6-7 ISDN Call Setup Prior to the actual Connect and the Call Proceeding (CALL PROC) messages, there can be a number of different progress messages indicating call progress. For instance, the calling party sends setup messages to the switch. The switch responds with the Setup Acknowledgement (SETUP ACK) and Call Proceeding messages. The remote switch then sends the setup message to the called party, which acknowledges with a CALL PROC message. Alerting messages can then be sent, although they are optional, depending on carrier implementation. Alerting messages are normally associated with voice traffic and are not usually implemented in data calls. Connect messages flow from the called party to the calling party when the connection is established and can be followed by a Connect Acknowledgement (CONNECT ACK), which is also optional. Once the calling party receives the CONNECT ACK, the call setup is complete. Calling party Setup Setup acknowledge Call proceeding Alerting Connect Connect acknowledge Called party Setup Call proceeding Alerting Connect Connect acknowledge Provider switch network 140 Chapter 6: Using ISDN and DDR Technologies Example 6-2 shows the beginning of a call setup. The output is from a ping to the remote side while the debug isdn q931 command is active. Note the ping timeout (.), which is followed by a ping success (!) after the call setup. The ICMP traffic falls within the parameters of what has been defined as interesting traffic. The call is placed and interface BRI 0, B channel 1 can be seen initializing and completing the call. The last line of the output states that the call is connected to 2145553000, RouterB. Once the call is up, you can monitor the call using the show isdn status command. This is a useful troubleshooting command because it shows the status of all three layers of ISDN that have been discussed in this chapter. Example 6-3 shows the output from the show isdn status command. Note that both B channels are connected to the remote side. This is visible under the Layer 2 Status section. Example 6-2 debug isdn q931 Command Output Reveals Call Setup Details RouterA#debug isdn q931 RouterA#ping 10.12.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.12.1.2, timeout is 2 seconds: ISDN BR0: TX -> SETUP pd = 8 callref = 0x0E Bearer Capability i = 0x8890 Channel ID i = 0x83 Keypad Facility i = 0x3935353532303032 ISDN BR0: RX <- SETUP_ACK pd = 8 callref = 0x8E Channel ID i = 0x89 ISDN BR0: RX <- CALL_PROC pd = 8 callref = 0x8E ISDN BR0: RX <- CONNECT pd = 8 callref = 0x8E %LINK-3-UPDOWN:Interface BRI0:1, changed state to up ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x0E %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up.!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 36/36/36 ms %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2145553000 RouterB Example 6-3 show isdn status Command Output RouterA#show isdn status The current ISDN Switchtype = basic-5ess ISDN BRI0 interface Layer 1 Status: ACTIVE Layer 2 Status: TEI = 90, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 1 Active Layer 2 Call(s) Activated dsl 0 CCBs are 2, Allocated = 2 callid=0, sapi=0, ces=2 callid=8000, sapi=0, ces=1 Implementing Basic DDR 141 ISDN Call Release Any party in the network can release the call for whatever reason. Whether the release of the call is intentional or accidental (that is, due to some type of failure in the network), the call is torn down completely. When either the calling or called party is ready to disconnect a call, that party issues a disconnect (DISC) message. The disconnect is not negotiable. If necessary, the call can be re-established, but once a disconnect is issued, the call comes down. When a DISC is issued, it is acknowledged with a release message (RELEASED). The switch forwards the RELEASED message, which should be followed by a Release Complete (RELEASE COMPLETE) message. Figure 6-8 depicts the ISDN call release process. Figure 6-8 ISDN Call Release Implementing Basic DDR Dial-on-demand routing (DDR) is a feature available on ISDN-capable Cisco routers. It was created to enable users to save money on usage-based ISDN. Use-based ISDN occurs when charges are assessed for every minute of ISDN circuit connect time. Obviously, in a charge-by-the-minute scenario, the connection should be down during no or low-volume traffic times. DDR provides that capability and offers a wide array of commands and configuration variations. Many of those configuration options are covered in the remainder of this chapter. Calling party Release complete Called party Disconnect Provider switch network Released Disconnect Release Released Release complete 142 Chapter 6: Using ISDN and DDR Technologies The configuration tasks for implementing basic DDR are as follows: Step 1 Set the ISDN switch type. Step 2 Specify interesting traffic. Step 3 Specify static routes. Step 4 Define the interface encapsulation and ISDN addressing parameters. Step 5 Configure the protocol addressing. Step 6 Define any additional interface information. Figure 6-9 depicts the network topology that is referenced throughout this chapter. Figure 6-9 Sample ISDN Topology Step 1: Setting the ISDN Switch Type The telephone company provides you the type of switch to which you are connecting. Manufacturers of ISDN central office switches (also known as local exchange equipment) divide the local exchange into two functions: local termination and exchange termination. The local termination function primarily deals with the transmission facility and termination of the local loop. The exchange termination function deals with the switching portion of the local exchange. To function, the switch type must be specified on the router. Use the isdn switch-type command to configure the router for the type of switch to which the router connects. Your telephone company provides you the type of switch that is located in the central office to which your router will connect. For a listing of supported switch types, see Table 6-2. The isdn switch-type command has historically been issued from the global configuration prompt. However, as of IOS version 12.0, this command can be issued from the interface configuration prompt as well. The usage of this command is included in Example 6-4. ISDN service provider 10.11.1.1/24 10.13.1.2/24 10.12.1.1/24 10.12.1.2/24 Router A Router B 214-555-2222 214-555-2223 214-555-1111 214-555-1112 Implementing Basic DDR 143 Step 2: Specifying Interesting Traffic The entire configuration of DDR depends on how the traffic types that cause a call setup to occur are triggered. This traffic is known as interesting traffic. Cisco’s implementation of DDR allows for as much or as little specificity of interesting traffic as is deemed necessary; interesting traffic is defined by the creation of dialer-lists that can specify that an entire protocol suite, no matter the level of traffic, can trigger a call setup. Dialer-lists can be associated with standard or extended access lists to be specific to various traffic types. Rather than associating an access list with an interface, it is associated with a dialer-list (discussed in the “Specifying Interesting Traffic with Access Lists” section in this chapter). Example 6-4 shows a basic configuration in which all IP traffic has been specified as interesting. This is specified in the dialer-list line. The dialer-list is associated with the proper interface using a dialer-group line, as shown. Note that the list number and the group numbers are identical. This number ties the dialer-list and dialer-group together. This number cannot be re-used by any other dialer-list or dialergroup in the same router. The remote router configuration should be similar. Example 6-5 details the basic configuration of the remote router. Example 6-4 Basic DDR Configuration on RouterA RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#dialer map ip 10.12.1.2 5552222 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit Example 6-5 Basic DDR Configuration on RouterB RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.2 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#dialer map ip 10.12.1.1 5551111 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit 144 Chapter 6: Using ISDN and DDR Technologies Specifying Interesting Traffic with Access Lists Example 6-4 and 6-5 deal with a blanket statement enabling entire protocol suites. This type of implementation is not always the best, or preferred, method of defining interesting traffic. To define specific traffic types as interesting traffic, you should use access lists. Any type of access list can be implemented in defining interesting traffic. Rather than being associated with an interface, the access list is associated with the dialer-list. This access list discussion focuses on IP access lists because the author assumes that you are already familiar with access lists to some degree. Example 6-6 shows a sample configuration using IP extended access lists to define interesting traffic. The explanation follows the output. Example 6-6 implements a more specific definition of interesting traffic. access-list 101 is denying FTP and Telnet. That is, they are not allowed to trigger a call setup. Any other IP traffic attempting to traverse the link triggers the call. Once the call is up, Telnet and FTP can go across freely. Notice the dialer-list line highlighted in Example 6-6. Rather than enabling the entire IP protocol suite to trigger the call, this line specifies that all traffic attempting to exit through BRI 0 must be tested against access-list 101. The interface configuration has not changed from our basic configuration model. Only the dialer-list has been altered to point to the access list. The dialer-list still must point to the dialergroup on the interface (that is, the dialer-list and dialer-group numbers must match). The access list number can be any valid standard or extended access list number (Example 6-6 demonstrates IP only). However, as stated earlier, interesting traffic for any protocol can be implemented using the appropriate access list command structure. Example 6-6 Extended Access Lists with Interesting Traffic RouterA#config t RouterA(config)#access-list 101 deny tcp any any eq ftp RouterA(config)#access-list 101 deny tcp any any eq telnet RouterA(config)#access-list 101 permit ip any any ! RouterA(config)#interface bri 0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp <output omitted> RouterA(config-if)#dialer-group 2 ! RouterA(config)#dialer-list 2 protocol ip list 101 Implementing Basic DDR 145 Step 3: Specifying Static Routes In the classic DDR model, dynamic routing protocol updates are not moving across the link, so it is important that static routes be used in place of dynamic updates. To provide bidirectional reachability between the two sites in the absence of routing protocol traffic, static routes should be configured at both the local and remote routers. As demonstrated in Example 6-6, any IP traffic that needs to cross the link has been defined as interesting and will trigger a call setup. Do not confuse the definition of interesting traffic with the implementation of security measures. DDR defines only what types of traffic can initiate a call, not what can go across it. Once a call has been established, any type of traffic that has been configured on the BRI interface traverses the link freely. This includes routing updates. If the IP network on which the BRI interface exists is included in the routing protocol configuration (and the BRI interface isn’t specified as passive), routing updates can flow across the link while it is active. Once static routes have been specified, it is important to make the BRI interface(s) passive. Passive interfaces are discussed later in this chapter. Static routes are necessary in DDR because the ISDN link is not always active. In a dynamic routing environment, the fact that the link is down could be construed as a network down condition and reachability could be lost. To combat this, the link shows that it’s spoofing while it’s down. Example 6-7 demonstrates this through the show interface bri 0 command. The first line in the output shows that the interface is up and the line protocol is down, but the line protocol is actually up because the router knows this is a DDR connection and keeps the line protocol state at up (spoofing). Example 6-7 show interface bri 0 Command Output RouterA#show interface bri 0 BRI0 is up, line protocol is up (spoofing) Hardware is BRI MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set Last input 0:00:06, output 0:00:06, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Output queue: 0/64/0 (size/threshold/drops) Conversations 0/1 (active/max active) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 359 packets input, 5814 bytes, 1 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 70 packets output, 307 bytes, 0 underruns 0 output errors, 0 collisions, 6 interface resets, 0 restarts 0 output buffer failures, 0 output buffers swapped out 5 carrier transitions 146 Chapter 6: Using ISDN and DDR Technologies Obviously, while there is no connectivity, routing updates cannot flow. If all IP traffic is defined as interesting and the implementation in question is using a dynamic routing protocol, the routing updates keep the link up at all times. For example, IGRP uses a 90-second update cycle. Previous examples in this chapter placed a dialer idle-timeout 180 command on the interface. This command states that the link should come down after 180 seconds of idle time. If IGRP updates are sent every 90 seconds, the idle timeout countdown is reset with each update. The very purpose of DDR has been defeated. Step 4: Defining the Interface Encapsulation and ISDN Addressing Parameters ISDN installations are capable of employing HDLC or PPP encapsulation (among others). PPP is most often used because of its rich feature set and flexibility. PPP offers the use of a single B channel or the combination of the two B channels in a single aggregate pipe. It enables us to decide when a connection should be dialed, when an additional channel should be brought up and used, when to disconnect the call, and other options that are discussed in the next couple of sections. As discussed earlier in Chapter 5, PPP encapsulates network layer protocol information over point-to-point links. Although it can be configured on a variety of interfaces, our focus remains on the ISDN-capable interface. To establish communications over an ISDN link, each end of the PPP link must first send Link Control Protocol (LCP) packets to configure and test the data link. After the link has been established and optional facilities have been negotiated as needed, PPP must send Network Control Protocol (NCP) packets to choose and configure one or more network-layer protocols. Once each of the chosen network layer protocols has been configured, datagrams from each network layer protocol can be sent over the link. The link remains configured for communications until explicit LCP or NCP packets close the link down, or until some external event occurs (for example, a period of inactivity). Functionally, PPP is simply a pathway opened for multiple protocols to share simultaneously. The call setup is initiated by interesting traffic as defined using access lists and terminated by an external event, such as manual clearing or idle timer expiration. Any interesting traffic that traverses the link resets the idle timer; non-interesting traffic does not. Configuring ISDN Addressing ISDN addressing uses phone numbers that are exactly like the phone numbers utilized by millions of people day in and day out. These numbers are telco-designated and locally significant. They usually include an area code, a local exchange, and additional digits. Implementing Basic DDR 147 To function, the router must understand what phone number to dial as well as when to dial it. How does it come to know this information? The same way it knows everything else it knows— the administrator tells it. The administrator uses dialer maps to tell the router how and when to dial a particular destination. Dialer maps serve the same basic function as does ARP in a LAN: the mapping of network layer addresses to data link layer addresses. In this case, the data link layer address is the phone number. To get to a specific destination, the router must associate the proper destination phone number with the next logical hop protocol address. Step 5: Configuring Protocol Addressing Once the encapsulation has been decided upon, you must apply a protocol addressing scheme. You can configure DDR with any routable protocol. Each protocol that must pass across the link must have a configured address. For IP implementations, you must supply an IP address and subnet mask to the interface. The protocol addressing scheme should be decided upon well in advance of any deployment of any networking technology. In IPX implementations, you must apply an IPX network number to the BRI interface. The host portion of the address is hard-coded in the global configuration or is taken from the Burned In Address (BIA) of the lowest numbered LAN interface (that is, Ethernet 0). When IPX routing is enabled and IPX network numbers are configured on interfaces, the IPX RIP and the SAP protocols are automatically enabled for those interfaces. IPX RIP and SAP are broadcast-based updates for routing table information and Novell NetWare service propagation, respectively. These broadcasts are on independent 60-second timers. You might or might not wish for this traffic to go across your ISDN link. To avoid this traffic, you can simply not include RIP and SAP in your interesting traffic definitions. This is accomplished by implementing IPX access lists to filter out RIP and SAP. The access lists are then associated with the dialer list defining interesting traffic. At this point, RIP and SAP go across the link only as long as the link is up because of the transfer traffic that fits the interesting parameters. You can also define IPX static routes and static SAP entries. Example 6-8 shows the encapsulation as well as the application of an IPX network number and an IP address to the BRI interface. Example 6-8 Protocol Addressing RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#ipx network number 80fa RouterA(config-if)#encapsulation ppp 148 Chapter 6: Using ISDN and DDR Technologies Step 6: Defining Additional Interface Information The purpose of DDR is to bring down the ISDN link when the traffic volume is low or idle. However, at times, the traffic volume can simply be in a short lull. Indeed, LAN traffic is bursty—quiet times followed by an explosion of traffic. To avoid the link coming down when traffic flow ceases and then being forced to redial, use the dialer idle-timeout command. Executing this command dictates that when traffic defined as interesting has ceased to flow across the link for the specified period of time (in seconds), go ahead and bring down the link. For instance, if the command dialer idle-timeout 180 is used at the interface configuration mode, the link comes down three minutes after the last piece of interesting traffic has traversed the link. Note that only interesting traffic resets the timer. Any non-interesting traffic goes across, but does not contribute to keeping the link up. SPIDs As discussed earlier in this chapter, many BRI implementations use SPIDs. The SPID simply informs the switch of the purchased feature set for the particular installation. These SPIDs are not standardized in their format. The telco provider specifies the use of SPIDs and the appropriate values, if necessary. To apply SPIDs to the interface, use the commands isdn spid1 and isdn spid2. These commands have an optional parameter at the end known as ldn. This is the local dial number. As stated, it is optional; however, it has been found that in some implementations, the circuit does not perform optimally in the absence of the ldn parameter. In addition, although it doesn’t hurt to have the ldn parameter on the command line, it can hurt sometimes not to have it. As noted earlier, PRI does not use SPID information. The ldn parameter must be used if the switch is programmed to look for them (the telco will inform you of this). If they are expected and not specified, the circuit may not come up. This lack of coming up can be seen in the show isdn status command under the Layer 2 status section. It shows invalid ldn and spid invalid. Obviously the circuit is not initialized in this state. Caller ID Screening Utilizing the features offered by caller ID, the router can be configured to accept calls only from specified callers. The isdn answer command is used for this purpose. The configuration is quite simple. Once this command has been issued, the router only accepts calls from numbers that have been specified. Use of this feature combats unauthorized use of the facilities. Configuring Additional Interface Information Example 6-9 illustrates the concepts of this section, including SPIDs, the dialer idle-timeout command, call screening, and dialer maps. Implementing Basic DDR 149 Passive Interfaces Static routes used in place of dynamic routing functions also allow the link to be dropped. However, you must take care in your configuration. To continue the discussion, an IGRP example is used; consider the basic IGRP/DDR configuration in Example 6-10. Example 6-9 Optional Configuration Parameters RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#isdn spid1 21455511110101 2145551111 RouterA(config-if)#isdn spid2 21455511120101 2145551112 RouterA(config-if)#isdn answer 2145552222 RouterA(config-if)#isdn answer 2145552223 RouterA(config-if)#dialer map ip 10.12.1.2 2145552222 RouterA(config-if)#dialer map ip 10.12.1.2 2145552223 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit ! RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 Example 6-10 Passive Interface Justification RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface ethernet 0 RouterA(config-if)#ip address 10.11.1.1 255.255.255.0 ! RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#isdn spid1 21455511110101 2145551111 RouterA(config-if)#isdn spid2 21455511120101 2145551112 RouterA(config-if)#isdn answer 2145552222 RouterA(config-if)#isdn answer 2145552223 RouterA(config-if)#dialer map ip 10.12.1.2 2145552222 RouterA(config-if)#dialer map ip 10.12.1.2 2145552223 RouterA(config-if)#dialer-group 1 ! RouterA(config)#access-list 101 permit tcp any any eq telnet RouterA(config)#access-list 101 permit tcp any any eq ftp RouterA(config)#access-list 101 permit tcp any any eq ftp-data ! RouterA(config)#dialer-list 1 protocol ip list 101 ! continues 150 Chapter 6: Using ISDN and DDR Technologies There is a stub network on the remote side; this stub network is network 10.13.1.0/24. This configuration has a problem: while the static route is properly defined, IGRP is still sending updates across the link. In addition, because interface BRI 0 is part of the classful network 10.0.0.0, it is included in routing updates. A simple alteration under the IGRP configuration remedies the problem, as demonstrated by Example 6-11. Making an interface passive lets the routing protocol know that it should not attempt to send updates out the specified interface. The passive-interface command has a slightly different effect, depending on the type of routing protocol used. For RIP and IGRP, the operation is the same. These two protocols do not send updates out the passive interface, although they can receive updates through these interfaces. OSPF and EIGRP also act the same. These protocols rely on the establishment of communications with neighboring routers. If the interface is passive, this cannot occur. Therefore routing updates are neither sent nor received on the passive interface. If the neighbor relationship cannot be achieved, updates cannot flow. Static Route Redistribution An issue arises from time to time with static routes—static routes are just that, static. The dynamic routing protocol does not advertise the static route, so reachability can be affected. To remedy this, the static route can simply be redistributed into the dynamic routing protocol. It is important that a default metric be assigned in the configuration of the redistribution, or the routing protocol will not know how to treat the route. Redistribution is beyond our scope at this time and is not discussed further. RouterA(config)#router igrp 100 RouterA(config-router)#network 10.0.0.0 ! RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 Example 6-11 Making the Configuration Work Properly RouterA(config)#router igrp 100 RouterA(config-router)#network 10.0.0.0 RouterA(config-router)#passive-interface bri 0 Example 6-10 Passive Interface Justification (Continued) Implementing Basic DDR 151 Default Routes From time to time, a router is faced with a dilemma that it would dread (if it could dread, that is). The dilemma is what to do when it doesn’t know what to do. As it stands now, in the absence of a suitable routing table entry to a given destination, a router has no choice but to return an ICMP “Destination Unreachable” message to the sender. This dilemma, however, is easily remedied. By giving the router a default route, it can forward the traffic on to another router that may have a suitable entry in a routing table to keep the traffic flow alive. This is known as the gateway of last resort. The default route can be entered in a number of different ways. Depending on the routing protocol and its configuration, the default route can even be injected into the routing table automatically. If the default route must be entered manually (as with RIP), you can issue the ip defaultnetwork command. There is a catch here, however: The router must have a valid route (either static or dynamic) to the default network. If the routing table does not have an entry for the default network, one must be entered. Example 6-12 illustrates this concept. As mentioned earlier, you may have the option of performing this function in another way: If the routing protocol supports it, a static default route to the network 0.0.0.0 0.0.0.0 is used. The entry is that of a static route. Example 6-13 illustrates the static default route. Notice that a specific next hop was specified. This is significant in that a static route with a specific next hop is not redistributed automatically. If the overall desire is to have this route automatically redistribute, an outbound interface can be specified. This is true with all static routes, not just the static default route. Example 6-14 illustrates the same configuration, but with one that does have to be manually redistributed. In this case, any traffic for which the router does not have a suitable routing entry is forwarded out interface serial 0 to the device on the other side of the link. Example 6-12 Static Route with ip default-network RouterB(config)#ip route 10.11.1.0 255.255.255.0 10.12.1.1 RouterB(config)#ip default-network 10.11.1.0 Example 6-13 Static Default Route RouterB(config)#ip route 0.0.0.0 0.0.0.0 10.12.1.1 Example 6-14 Automatically Redistributed Default Route RouterB(config)#ip route 0.0.0.0 0.0.0.0 Serial 0 152 Chapter 6: Using ISDN and DDR Technologies Note that the example does not reference BRI 0 as the outbound interface. Although it is a valid command configuration to place BRI 0 at the end of the default route command (that is, the router allows it), this configuration will not function because the routing table entry is the origin of the next hop address information that triggers the call to the other side of the network. In addition, the dialer map association ties a phone number to that next hop address. If there’s no routing table entry, the device has no way of knowing the next hop address. Therefore, it does not know which dialer map to utilize for the call and the call fails. Rate Adaptation Earlier in the chapter, a solution was discussed that involved the use of non-native ISDN routers being placed into service in an ISDN network. A short discussion described how this is possible using TA. In this type of implementation, the dialer in-band command is a necessary part of the configuration which effectively takes 8 kbps from each B channel for use by the signaling entity. In other words, the 16 kbps that would normally be out-of-band in the D channel now has to be taken from the B channels. Effectively, the throughput is now 56 kbps for each B channel. Should a native solution dial into a non-native solution with out-of-band signaling, the native solution would need to step down its speed to 56 kbps. This is done with rate adaptation. The implementation of rate adaptation is simply an extension of the dialer map command. The dialer-map command tells the router that to reach a specific next hop address, a specific phone number must be called. The dialer-map command simply associates the destination protocol address with the appropriate phone number to dial to get there. Example 6-15 illustrates the configuration of the router dialing into the non-native 56-kbps installation. Example 6-15 Rate Adaptation RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#dialer map ip 10.12.1.2 speed 56 2145552222 RouterA(config-if)#dialer map ip 10.12.1.2 speed 56 2145552223 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit ! RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 Implementing Basic DDR 153 Bandwidth on Demand Bandwidth on demand (BOD) is a Cisco proprietary implementation that allows the aggregation of multiple B channels into a single logical connection. This implementation is widely used in Cisco-centric networks. The implementation of Cisco’s BOD solution is accomplished through the dialer loadthreshold command. The variable parameter in the command is load. When the interface is connected to the remote side, a measurement of load is kept and updated continually based on utilization of the link. The load is measured on a scale of 1–255, with 255 representing link saturation. This command is typically utilized in almost every DDR configuration to provide load sharing over both B channels. Example 6-16 demonstrates this concept. The dialer load-threshold 110 statement specifies that if the load of the first B channel reaches 110 (about 43 percent utilization), the second B channel should be initialized and, once connected, the traffic should load balance across both channels. The router recalculates the load of the link every 5 minutes to maintain an accurate picture without unnecessarily using CPU cycles. In a multivendor environment, BOD may not be a viable choice due to its proprietary nature. For such cases, Multilink PPP is more appropriate. Multilink PPP Multilink PPP is a specification that enables the bandwidth aggregation of multiple B channels into one logical pipe. Its mission is comparable to that of Cisco’s BOD. More specifically, the Multilink PPP feature provides load-balancing functionality over multiple wide area network (WAN) links, while providing multivendor interoperability, packet fragmentation and proper sequencing, and load calculation on both inbound and outbound traffic. Cisco’s implementation of Multilink PPP supports the fragmentation and packet sequencing specifications in RFC 1717. Multilink PPP enables packets to be fragmented and the fragments to be sent (at the same time) over multiple point-to-point links to the same remote address. Example 6-16 Implementing Cisco’s BOD Feature RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#dialer load-threshold 110 RouterA(config-if)#dialer map ip 10.12.1.2 speed 56 2145552222 RouterA(config-if)#dialer map ip 10.12.1.2 speed 56 2145552223 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit ! RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 154 Chapter 6: Using ISDN and DDR Technologies As with BOD, the multiple links come up in response to a dialer load-threshold command. The load can be calculated on inbound traffic or outbound traffic as needed for the traffic between the specific sites. Multilink PPP provides bandwidth on demand and reduces transmission latency across WAN links. Also, as in BOD, a router running MLPPP recalculates the load every five minutes. At any time, you can use a show interface command to see the current load of the interface. Example 6-17 shows the configuration and the show interface BRI 0 command output. The preceding show interface bri 0 1 command shows only the first B channel (hence the bri 0 1). If the second B channel were up, the command show interface bri 0 2 could be entered to view its status. Notice that as highlighted in Example 6-17, the load is currently 1/255. In other words, little or no traffic is flowing across the link. Example 6-17 Multilink PPP RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#ppp multilink RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#dialer load-threshold 110 RouterA(config-if)#dialer map ip 10.12.1.2 speed 56 2145552222 RouterA(config-if)#dialer map ip 10.12.1.2 speed 56 2145552223 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit ! RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 RouterA(config)#end ! RouterA#show interface bri 0 1 BRI0:1 is up, line protocol is up Hardware is BRI with integrated NT1 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open, multilink Open Open: IPCP Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 6148 packets input, 142342 bytes, 0 no buffer Received 6148 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 6198 packets output, 148808 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 9 carrier transitions Implementing Basic DDR 155 Troubleshooting Multilink PPP Multilink PPP can have its share of issues. Fortunately, there are some troubleshooting commands readily available. The following commands are useful in resolving any issues with your PPP connection(s). Each command is followed by sample output. show ppp multilink Command Executing the show ppp multilink command displays the current status of Multilink PPP sessions. Example 6-18 shows sample output of a call in progress. show dialer Command Executing the show dialer command displays active calls and status information. Example 6-19 shows sample output of calls in session. Example 6-18 show ppp multilink Command Output RouterA#show ppp multilink Bundle RouterA, 1 member, Master link is BRI 0 Dialer Interface is BRI0 0 lost fragments, 0 reordered, 0 unassigned, sequence 0x0/0x0 rcvd/sent 0 discarded, 0 lost received, 1/255 load Member Link: 1 (max not set, min not set) BRI0:1 Example 6-19 show dialer Command Output RouterA#show dialer BRI0 - dialer type = ISDN Dial String Successes Failures Last called Last status 2145552222 18 0 00:01:12 successful 0 incoming call(s) have been screened. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is multilink member Dial reason: ip (s=10.12.1.1, d=10.12.1.2) Connected to 2145552222 (RouterB) BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Time until disconnect 93 secs Connected to 2145552223 (RouterB) 156 Chapter 6: Using ISDN and DDR Technologies debug ppp multilink Command Executing the debug ppp multilink command monitors the PPP connect phase. Example 6-20 shows sample output of a ping triggered call. debug dialer Command There are many more commands and command outputs that are useful in troubleshooting the dial process in general. For instance, the debug dialer command is one of the best tools to use in figuring out what traffic is attempting to traverse the ISDN link. Example 6-21 shows the debug dialer command output. Example 6-20 debug ppp multilink Command Output RouterA#debug ppp multilink *Apr 14 03:22:10.489: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Apr 14 03:22:10.497:%LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up *Apr 14 03:22:10.520%LINK-3-UPDOWN: Interface BRI0:2, changed state to up *Apr 14 03:22:10.554: BR0:1 MLP: O seq 80000000 size 58 *Apr 14 03:22:10.558: BR0:2 MLP: O seq 40000001 size 60 *Apr 14 03:22:10.586: BR0:1 MLP: I seq 80000000 size 58 *Apr 14 03:22:10.590: BR0:2 MLP: I seq 40000001 size 60 *Apr 14 03:22:10.598: BR0:1 MLP: O seq 80000002 size 58 *Apr 14 03:22:10.598: BR0:2 MLP: O seq 40000003 size 60 *Apr 14 03:22:10.629: BR0:1 MLP: I seq 80000002 size 58 *Apr 14 03:22:10.629: BR0:2 MLP: I seq 40000003 size 60!!! *Apr 14 03:22:10.630:Success rate is 94 percent (47/50), round-trip min/avg/max = 36/41/128 ms *Apr 14 03:22:10.637: BR0:1 MLP: O seq 80000004 size 58 *Apr 14 03:22:10.641: BR0:2 MLP: O seq 40000005 size 60 %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to up *Apr 14 03:22:10.669: BR0:1 MLP: I seq 80000004 size 58 Apr 14 03:22:11.330:%ISDN-6-CONNECT:InterfaceBRI0:2 is now connected to 2145552223 RouterB Example 6-21 debug dialer Command Output RouterA#ping 10.12.1.2 %SYS-5-CONFIG_I: Configured from console by console Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.12.1.2, timeout is 2 seconds: BRI0: Dialing cause ip (s=10.12.1.1, d=10.12.1.2) BRI0: Attempting to dial 2145552222. %LINK-3-UPDOWN: Interface BRI0:1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up.!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 36/41/52 ms %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2145552222 RouterB Advanced DDR Operations 157 The troubleshooting section of this book could continue on indefinitely. However, the commands here are only those that stay within the scope of the exam. For more information, go to www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/dbook/index.htm and check out the debug command reference. Advanced DDR Operations Up to this point, the discussion has been based in the basics of DDR. With a more solid understanding of the technological base of ISDN and DDR implementations, it is now appropriate to discuss some additional, and more advanced, features available with DDR. DDR installations are capable of utilizing dialer profiles (utilizing virtual dialer interfaces) and rotary groups. The installations also provide redundancy through dial backup and enable the use of dynamic routes across a DDR link while maintaining the routing table and keeping the link idle through snapshot routing. Using Dialer Profiles Dialer profiles first became a configuration option in Cisco IOS Release 11.2. The premise behind dialer profiles was to enable flexible design capabilities for deployment of custom profiles that meet users’ dial access needs. This feature separates the logical function of DDR from the physical interface that places or receives the calls. Prior to dialer profiles, B channels had no choice but to take on the configuration options applied to the physical interface. In this type of deployment, all users who dialed into a particular access server received the same configuration, regardless of their access needs. With dialer profiles, each user’s needs can be met by customized services and unique interfaces. In other words, each individual profile contains appropriately matched interface definitions and needs. Dialer profiles enable the configuration of a logical interface to be associated with one or more physical interfaces. With this type of deployment, the logical and physical configurations are dynamically bound call by call. A dialer profile is made up of three components: • Dialer interfaces—Logical entities implementing a dialer profile on a destinationby- destination basis. Destination specific settings are applied to the dialer interface configurations. Multiple phone numbers (that is, dialer strings) can be specified for the same interface. Using a dialer map class, multiple configuration variations can be associated with a single phone number. • Dialer map class—Defines specific characteristics for any call made to the specified dial string. Earlier in this chapter, the issue of rate adaptation was discussed. The configuration examples specified the speed 56 parameter in the dialer map statement. With dialer profiles, the map class can specify the speed based on the destination being dialed. At other times, again based on destination, the map class can specify speed 64. The speed can be altered on the fly based on the number being dialed. dialer map has an additional 158 Chapter 6: Using ISDN and DDR Technologies keyword, broadcast, that specifies that routing updates should be allowed to flow across the link. Without the broadcast keyword, routing updates would not reach across the cloud. • Dialer pool—Individual dialer interfaces that make use of a dialer pool. The dialer pool is a group of one or more physical interfaces associated with a logical interface. A physical interface can belong to multiple dialer pools. Contention for a specific physical interface is resolved with a configured priority. When implementing dialer profiles with PPP, you must define specific parameters for the physical interface. The physical interface definition uses only the encapsulation, authentication, ppp multilink, and dialer pool configuration parameters. All other settings are applied to the logical interface and applied to that interface as needed for specific calls. Dialer profiles support both PPP and HDLC encapsulation on the physical interface. You can create a number of dialer interfaces on each router. Valid interface designations include numbers ranging from 1 through 255. Each logical dialer interface contains the complete configuration for a destination logical network and any networks reached through it. In other words, multiple physical interfaces can be forced to share a common set of characteristics. Example 6-22 shows a sample configuration for dialer profiles. Example 6-22 Dialer Profile Configuration Example RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface ethernet 0 RouterA(config-if)#ip address 10.11.1.1 255.255.255.0 ! RouterA(config)#interface BRI0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer pool-member 1 RouterA(config-if)#ppp authentication chap RouterA(config-if)#ppp multilink ! RouterA(config)#interface Dialer1 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer remote-name RouterB RouterA(config-if)#dialer string 2145552222 class remote RouterA(config-if)#dialer load threshold 50 either RouterA(config-if)#dialer pool 1 RouterA(config-if)#dialer-group 1 RouterA(config-if)#ppp authentication chap RouterA(config-if)#ppp multilink ! RouterA(config)#map-class dialer remote RouterA(config-map-class)#dialer isdn speed 56 ! RouterA(config)#ip route 10.12.1.2 255.255.255.255 Dialer1 RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 RouterA(config)#dialer-list 1 protocol ip permit Advanced DDR Operations 159 In Example 6-22, there are a number of items to note. For instance, notice that there is no dialer map statement. The mapping is performed in separate statements. The dialer string statement defines the remote phone number as well as the map class (named remote) to utilize in dialing that destination. This is why it is possible to use the outbound interface for the static route definition. This particular example also makes use of the rate adaptation capabilities. The dialer pool statements bind each interface (both logical and physical) together as a single operating entity. Dialer profiles are a very useful addition to the configuration arsenal offered by Cisco IOS. However, they also represents a new set of issues and commands for troubleshooting. As with other implementations of ISDN, it is wise to simply utilize the debug commands discussed to this point. To view the status of a dialer interface, the show dialer interface bri 0 command can be of use, as demonstrated in Example 6-23. The show dialer interface bri 0 command displays the status of each B channel and its configured settings. It specifies the reason for the call setup as well as the interface to which the physical interface is bound. Rotary Groups ISDN rotary groups are similar to dialer pools. One primary difference, however, is the lack of map class capabilities in rotary groups. Configuring rotary groups involves the creation of logical dialer interfaces (as is done in dialer pool configurations), the interface designation of which is an important detail. Example 6-23 show dialer interface bri 0 Command Output RouterA#show dialer interface bri 0 BRI0 - dialer type = ISDN Dial String Successes Failures Last called Last status 0 incoming call(s) have been screened. BRI0: B-Channel 1 Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Dial reason: ip (s=10.12.1.1, d=10.12.1.2) Interface bound to profile Dialer0 Time until disconnect 102 secs Current call connected 00:00:19 Connected to 2145552222 (RouterB) BRI0: B-Channel 2 Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle 160 Chapter 6: Using ISDN and DDR Technologies Example 6-24 shows all the physical BRI interfaces associated with dialer rotary-group 2. The number 2 is used as a rotary group number, so it must also be used as our dialer interface number designator. NOTE It is important that the dialer interface designator (in this case, 2) match the dialer rotarygroup number. If these two numbers do not match, the configuration does not function properly. Figure 6-10 depicts the concept of rotary groups. Example 6-24 Rotary Group Configuration RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface ethernet 0 RouterA(config-if)#ip address 10.11.1.1 255.255.255.0 ! RouterA(config)#interface BRI0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer rotary-group 2 RouterA(config)#interface BRI1 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer rotary-group 2 RouterA(config)#interface BRI2 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer rotary-group 2 ! RouterA(config)#interface Dialer2 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer remote-name RouterB RouterA(config-if)#dialer string 2145552222 class remote RouterA(config-if)#dialer load threshold 50 either RouterA(config-if)#dialer pool 1 RouterA(config-if)#dialer-group 1 RouterA(config-if)#ppp authentication chap RouterA(config-if)#ppp multilink ! RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 RouterA(config)#dialer-list 1 protocol ip permit Advanced DDR Operations 161 Figure 6-10 Rotary Groups The only protocol or configuration attributes configured on the physical interface are the individual commands that make the BRI interface a part of the rotary group and the encapsulation. On dialer pool interfaces, you can set a priority to specify the order in which the interfaces are used. With rotary groups, that granularity is not possible. All protocol attributes are entered at the logical dialer interface configuration level. The use of dialer profiles versus rotary groups comes down to one question: “How much control do I want to have over the link?” With dialer profiles, a map class can be created and applied on a per destination basis. This allows a great degree of control over the characteristics of a particular call based on the destination being called. Rotary groups do not make use of the map class featureset. Therefore, they are limited to the characteristics applied to the dialer interface. Dial Backup Dial backup provides redundancy for WAN links. Although the ISDN connection may not provide the same amount of bandwidth as a primary link, dial backup provides a maintenance path if the primary link fails. Once the down or overload condition of the primary link is detected, the dial-on-demand configuration is placed into service. Figure 6-11 illustrates a network in which dial backup could be utilized. The primary data pathway across the WAN exists between each router’s Serial 0 interface. As mentioned, dial backup can be implemented in two ways. The first, and most obvious, manner is to have dial backup function when a primary link fails. This occurs when a “down” condition is detected on the primary interface, and then the secondary, or backup, link is changed to an “up” state and a connection is established. The backup pathway is used in the absence of the primary, obviously. But, how does the backup link know when it’s time to return to the backup state? Simple—you configure the parameters of the “up” and/or “down” state for the backup link. Dialer 2 BRI 0 Router A BRI 1 BRI 2 BRI 3 Router B PSTN 162 Chapter 6: Using ISDN and DDR Technologies Figure 6-11 Dial Backup Scenario In Example 6-25, notice the backup delay 5 60 command, which specifies that if there is a failure, the system should wait five seconds to bring up the backup link. Once the failure has passed, the system should wait 60 seconds to bring the backup link back down. Implementation of these timers is an attempt to compensate for a “bouncing” interface. In other words, the timers exist to compensate for an interface that drops momentarily and then comes right back up. The backup functionality available with Cisco IOS is not simply for redundancy in the case of a failure. In situations where a WAN link approaches saturation, the ISDN service can be initialized until the period of congestion has passed. The configuration enables the use of a load setting both for the initialization of the link as well as for the termination of the link once the condition is clear. Example 6-25 Dial Backup Example Configuration RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface serial 0 RouterA(config-if)#ip address 10.14.1.1 255.255.255.0 RouterA(config-if)#encapsulation hdlc RouterA(config-if)#backup interface BRI0 RouterA(config-if)#backup delay 5 60 RouterA(config-if)#backup load 90 5 ! RouterA(config)#interface BRI0 RouterA(config-if)#ip address 10.12.1.1 255.255.255.0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#dialer idle-timeout 180 RouterA(config-if)#dialer map ip 10.12.1.2 2145552222 RouterA(config-if)#dialer-group 1 ! RouterA(config)#dialer-list 1 protocol ip permit BRI0 Primary link Secondary link S0 BRI0 S0 Frame Relay ISDN Advanced DDR Operations 163 In the example, note the backup load 90 5 command, which specifies that the router should monitor the load on the primary interface and bring the link up when the load across the primary link is particularly heavy. The numbers represent the load of the interface as shown by the show interface s0 command. The load on an interface is represented by a number between 1 and 255. In the backup load 90 5 command, 90 is the percentage load at which the backup link is activated (in this case 230/255). The second number (in this case, 5%) is a measurement of aggregate load. Once the backup link has been initialized, the router continues to monitor the load. Once the load of both interfaces combined reaches a value of 13/255, the secondary link is terminated. So although dial backup was designed for link redundancy to partially compensate for failure, it can also provide load sharing capabilities to alleviate congestion on the WAN link. Alternative Backup Dial backup is not the only method of providing redundancy. In some implementations, ISDN is not available or viable. In such cases, alternative methods may be the only option. If multiple links are available, standard routing protocol operations automatically load balance across equal cost redundant links. This load balancing usually requires no configuration. From time to time, such as with IPX RIP, it is necessary to define the number of alternative pathways that should be allowed from a specific source to a specific destination. There are even routing protocols that go one step further. Dynamic Backup IGRP and EIGRP have a configuration option known as a variance. These two Cisco proprietary routing protocols can load balance over a maximum of six redundant pathways. The difference between the protocols is that the redundant pathways do not have to equal the cost pathways. The only real rule in the selection is that the next hop must be closer to the destination (that is, it cannot go back to go forward). The variance factor determines the amount of traffic to send across these suboptimal routes. For example, a variance of 4 (e.g., issuing the variance 4 command at the routing protocol configuration mode) tells the router to send data over a particular route if the metric is within four times the value of the best route. Variance is calculated based on the documentation of your network. It should be evident from the examination of network topological maps exactly how many pathways are available from a particular source to a particular destination. 164 Chapter 6: Using ISDN and DDR Technologies Static Backup This section discusses the use of static routes to provide redundant facilities rather than a solution such as dial backup. Static routes were discussed earlier in the chapter and are probably a well-known topic at this point. Static routes used for redundancy purposes are usually implemented as floating static routes. By default, static routes are the most preferred routes because an administrator defines them. This concept of one route being more preferred than another is known as administrative distance. Depending on how it was derived, a particular route (whether static or dynamic) can be more believable than another route derived by a less sophisticated method. Static routes have a default administrative distance of 0 if they are defined with an outbound interface, or 1 if a next-hop address is defined. This makes them highly believable routes. It is possible to alter administrative distance to make a route less preferred than routes that are dynamically derived. Administrative distance is a number between 0 and 255. The higher the distance, the less preferred the route. When the administrative distance of a static route is altered to the point where it is less preferred than the dynamic routes derived by a dynamic routing protocol, it becomes a “floating” static route. Example 6-26 illustrates configuring a floating static route. The number 200 at the end of the line defines the static route as having an administrative distance of 200. If the dynamic routing protocol being used is RIP (default administrative distance = 120), the static route is now less preferred than the dynamic route. Should the RIP route be lost for some reason, the static route becomes the preferred route until the RIP route returns. Table 6-3 displays the administrative distances of common routing protocols. Example 6-26 Floating Static Route Example RouterA(config)#ip route 10.13.1.0 255.255.255.0 10.12.1.2 200 Table 6-3 Administrative Distances Routing Protocol Administrative Distance Connected 0 Static Route 1 EIGRP Summary 5 External BGP 20 Internal EIGRP 90 IGRP 100 OSPF 110 IS-IS 115 Advanced DDR Operations 165 Snapshot Routing Snapshot routing was developed to save bandwidth utilization across dialup interfaces. With snapshot routing, the routing table is placed in an update restricted (that is, frozen) state. This implementation of DDR utilizes a quiet period and an active period. The routing table is not updated during the quiet period, which is the amount of time that the routing table remains frozen. When the quiet period expires, a dialer interface initiates a call to a remote router. The active period is the amount of time the call remains up in order for the two routers to exchange routing updates. It is important to note that snapshot routing is designed for use only with distance vector routing protocols. In addition, you can configure the router to exchange routing updates each time the line protocol goes from “down” to “up” or from “dialer spoofing” to “fully up.” A router can fill one of two roles in a snapshot relationship: server or client. The client router is in charge of the quiet timer countdown. Once the counter reaches zero, the client router dials the server router. Snapshot routing enables dynamic distance vector routing protocols to run over DDR lines. In many implementations, routing broadcasts (including routes and services) are filtered out on DDR interfaces and static definitions are configured instead. With snapshot routing implementations, normal updates are sent across the DDR interface for the short duration of the active period. After this, routers enter the quiet period, during which time the routing tables at both ends of the link remain unchanged. Snapshot routing is therefore a triggering mechanism that controls routing update exchange in DDR scenarios. Only during the active period are the neighboring routers exchanging routing protocol updates. During the quiet period, no updates traverse the link (even if the link is up to enable interesting traffic to cross) and the routing information previously collected is kept in an isolated state in the routing tables. Snapshot routing is useful in two command situations: • Configuring static routes for DDR interfaces • Reducing the overhead of periodic updates sent by routing protocols to remote branch offices over a dedicated serial line RIP 120 EGP 140 External EIGRP 170 Internal BGP 200 Unknown 255 Table 6-3 Administrative Distances (Continued) Routing Protocol Administrative Distance 166 Chapter 6: Using ISDN and DDR Technologies In Example 6-27 and 6-28, RouterA is defined as the server router and RouterB is defined as the client router. In this scenario, the quiet timer is slowly counting down to zero. Once the quiet period timer expires, the client router dials the server router. The defined quiet period is 12 hours (actually 720 minutes). Once the 12 hours have elapsed, the client and server routers “thaw” their routing tables and exchange updates for the duration of the active period, in this case, five minutes. The active periods defined must match on both server and client routers. Five minutes is the minimum active period you can configure for any snapshot configuration. Although the routing tables are frozen, routing updates are still sent at their regular intervals out of any LAN interfaces on the router. For example, if there is an Ethernet segment on the opposite side of a snapshot router, the routing updates still broadcast out of that interface at the normal update interval, while remaining dormant on the BRI interface. It is possible to force the quiet period to expire and start the active period manually using the clear snapshot quiettime command. To monitor snapshot routing processes, use the show snapshot command. Primary Rate Interface PRI implementations are based on T1/E1 technologies. Although PRI is still ISDN, it is treated differently in regard to framing and signaling. Like BRI, PRI has only one connection to the ISDN network, and the switch type must be specified for the configuration to function. An ISDN PRI T1 implementation has 23 B channels and a D channel. As with BRI, each of the B channels has 64-kbps bandwidth available. The D channel, however, is also a 64-kbps channel (unlike BRI). In traditional T1 implementations, 24 timeslots exist. Obviously, one of the 24 timeslots (timeslot 23, counting 0–23) is taken way for signaling and framing. With E1 PRI implementations, there are 30 B channels available and one D channel, all having 64-kbps bandwidth available. Example 6-27 RouterA Snapshot Routing Configuration Example RouterA(config)#hostname RouterA RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface BRI0 RouterA(config-if)#snapshot server 5 dialer RouterA(config-if)#dialer map snapshot 1 name RouterB 2145552222 Example 6-28 RouterB Routing Configuration Example RouterB Snapshot Routing Configuration Example RouterA(config)#hostname RouterB RouterA(config)#isdn switch-type basic-5ess ! RouterA(config)#interface BRI0 RouterA(config-if)#snapshot client 5 720 dialer RouterA(config-if)#dialer map snapshot 1 name RouterA 2145551111 Primary Rate Interface 167 In traditional E1 implementations, there are 30 timeslots, leaving 2 timeslots for signaling and framing. Timeslot 0 is used for framing and timeslot 16 is used for signaling (counting 0–31). E1 PRI makes use of this same principal. Timeslot 16 is the D channel, and timeslot 0 is used for framing information. Figure 6-12 depicts T1 and E1 PRI. Figure 6-12 T1 and E1 PRI ISDN Switch Type The PRI installation procedure is similar to its BRI counterpart. A service call is placed, and then the demarc is determined and extended, if necessary. The carrier provides the basic information necessary for connectivity, but it will be necessary to configure the router with the appropriate switch type. Table 6-4 shows the Cisco-supported switch types. T1/E1 Framing and Line Coding Although it is ISDN, PRI uses T1 framing and line coding. These technologies are based on the same model, represented in a number of 64-kbps channels. The original use of digital facilities was the transport of voice traffic. Because analog technologies were not adequate for long distance transmission due to attenuation, another form of transmission—digitizing—was necessary. Digitizing the voice traffic for transmission enabled it to travel very long distances with no attenuation. Table 6-4 Cisco-Supported Primary Rate Switch Types Switch Type Description primary-4ess AT&T 4ESS switch type for the U.S. primary-5ess AT&T 5ESS switch type for the U.S. primary-dms100 Northern Telecom switch type for the U.S. primary-net5 European switch type for NET5 primary-ni National ISDN switch type for the U.S. primary-ntt Japanese switch type primary-ts014 Australian switch type *Check with the provider for the appropriate switch type. A change of switch type requires a reload of the router. 23 x 64 kbps B channels 1 x 64 kbps D channel BRI T1 PRI BRI E1 PRI 30 x 64 kbps channels 1 x 64 kbps D channel (signaling) 168 Chapter 6: Using ISDN and DDR Technologies Once the data world was born, it became necessary to also transport data over long distances. Because the digital facilities were already available, it seemed a natural extension to use those facilities. However, it proved to be something of a painful experience for a time. The history of voice and data transmission over T1 and E1 facilities followed the same growing pains. T1 Framing The first part of this section focuses on T1 framing and line coding. E1 framing and line coding are discussed afterward. T1 specifies the physical coding of the signal on the wire, and DS1 specifies the framing of characteristics. So, T1 and DS1 are not the same thing after all, even though the two have been used interchangeably for years and it’s certain not to stop because of this book. But, now you know. A digital signal that is level 1 (DS-1) consists of 24 DS-0s. A DS-0 is a 64-kbps channel. This channel is known as a timeslot. One DS0 represents one voice call. The timeslot is derived from the Nyquist theorem. Nyquist said that fs = 2(BW). Because the voice world had decided that 0–4000 Hz would be the supported range for voice circuits, the number 4000 was plugged into the formula in the BW position. Therefore, fs = 2(4000) = 8000, which is the number of samples we should take of this analog wave per second. To properly digitize (quantize) analog voice, it is necessary to take samples of the voice wave over time. Sample too fast and you waste resources. Sample too slowly and you allow for aliasing. Aliasing is a condition that occurs when two or more analog waves can match the coordinate points set forth by the samples (a little beyond our scope). Each of the 8000 samples per second is represented by an eight-bit code word. Without going into too much depth, this code word simply defines the coordinates of the sample (polarity = 1 bit, segment = 3 bits, and step = 4 bits). Figure 6-13 depicts the sampling of the wave and the resulting code word. The resulting throughput of 8000 eight-bit samples per second is 64,000 bps, or one DS-0. When one sample has been taken from each of the 24 timeslots, a T1 frame is created. Because this is time division multiplexing (TDM), 8000 eight-bit samples are taken from each timeslot every second. The result is 8000 T1 frames per second. The telco provider specifies the type of framing that you should use when connecting to their facilities. The choices with T1 are SuperFrame (SF, also known as D4 framing) and Extended SuperFrame (ESF). SF is the assembly of 12 T1 frames. Each of the T1 frames is separated from adjacent frames by a single framing bit (8000 T1 frames per second, each with an additional bit that is an additional 8000 bps of overhead). Primary Rate Interface 169 Figure 6-13 Sampling the Analog Wave ESF is the assembly of 24 T1 frames. Each frame is still separated by a delineating bit, but not all are used for framing. 2000 bps are used for framing, 2000 bps are used for CRC, and 4000 bps are used for data link control (this gives us many more management capabilities as compared to SF). Figure 6-14 depicts a SuperFrame and an Extended SuperFrame. Segment 2 Segment 1 Segment 0 Voltage Time 8000 samples/sec x 8 bits/sample 64000 bps P Se Se Se St St St St 1 0 0 1 0 1 0 1 170 Chapter 6: Using ISDN and DDR Technologies Figure 6-14 SF and ESF T1 Line Code Once the framing has been configured, the next step is to configure the line coding. In North America, there are two types of line coding that are dominant: Alternate Mark Inversion (AMI) and Bipolar with 8 Zero Substitution (B8ZS). AMI is becoming increasingly rare in favor of B8ZS. AMI forces data bandwidth to 56 kbps due to the enforcement of a 1s density rule stating that 12.5 percent of all bits transmitted must be 1s. To enforce the rule, AMI line coded CSU/DSUs force every eighth bit (that is, the least significant bit of each timeslot) to a 1. Effectively, this bit is lost. The rule may or may not actually change the bit, but effective throughput is reduced nonetheless. The end result is that there are still 8000 samples per second, but each sample has been reduced to seven bits, thereby rendering 56000 bits per second. B8ZS has a more effective way of dealing with the enforcement of 1s density. It alters bits only when necessary, and then changes the affected bits back to their original values at the remote side. To verify the configuration of the framing and line code being currently in use, type the command show controllers t1. Example 6-29 shows a sample output of this command. T1 Frame 1 Fr a mi ng T1 Frame 2 Fr a mi ng T1 Frame 3 Fr a mi ng T1 Frame 4 Fr a mi ng T1 Frame 5 Fr a mi ng T1 Frame 6 Fr a mi ng T1 Frame 7 Fr a mi ng T1 Frame 8 Fr a mi ng T1 Frame 9 Fr a mi ng T1 Frame 10 Fr a mi ng T1 Frame 11 Fr a mi ng T1 Frame 12 Fr a mi ng 12 T1 Frames = 1 SuperFrame T1 Frame 1 D L C T1 Frame 2 C R C T1 Frame 3 T1 Frame 4 Fr a mi ng T1 Frame 5 T1 Frame 6 T1 Frame 7 T1 Frame 8 Fr a mi ng T1 Frame 9 T1 Frame 10 T1 Frame 11 T1 Frame 12 Fr a ming T1 Frame 13 T1 Frame 14 T1 Frame 15 T1 Frame 16 Fr a mi ng T1 Frame 17 T1 Frame 18 T1 Frame 19 T1 Frame 20 Fr a mi ng T1 Frame 21 T1 Frame 22 T1 Frame 23 T1 Frame 24 Fr a mi ng 24 T1 Frames = 1 Extended SuperFrame D L C D L C C R C D L C D L C C R C D L C D L C C R C D L C D L C C R C D L C D L C C R C D L C Primary Rate Interface 171 E1 Framing E1 is based on the same basic foundation as T1. The concept of 64-kbps timeslots created by 8000 eight-bit samples per second still holds true, and the sampling rates and methodologies between T1 framing and E1 framing are very similar. The differences lay in the assembly and multiplexing of the channels. E1 frames are constructed of 30 timeslots. Therefore, each E1 frame contains 30 eight-bit samples. When 16 E1 frames are assembled, a multiframe is created. MultiFrame is the dominant frame type in E1 implementations. Figure 6-15 depicts a multiframe. Figure 6-15 E1 Multiframe Example 6-29 show controllers t1 Command Output isdn-14#show controllers t1 T1 0 is up. No alarms detected. Framing is ESF, Line Code is B8ZS, Clock Source is Line Primary. Data in current interval (676 seconds elapsed): 0 Line Code Violations, 0 Path Code Violations 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Total Data (last 46 15 minute intervals): 0 Line Code Violations, 0 Path Code Violations, 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins, 0 Errored Secs, 0 Bursty Err Secs, 1 Severely Err Secs, 0 Unavail Secs E1 Frame 0 E1 Frame 1 E1 Frame 2 E1 Frame 3 E1 Frame 4 E1 Frame 5 E1 Frame 6 E1 Frame 7 E1 Frame 8 E1 Frame 9 E1 Frame 10 E1 Frame 11 E1 Frame 12 E1 Frame 13 E1 Frame 14 E1 Frame 15 16 E1 Frames = 1 Multiframe 172 Chapter 6: Using ISDN and DDR Technologies E1 Line Code E1 deployments can implement AMI; however, the issues with AMI and data transmission still hold true: data transmissions are limited to 56 kbps. To remedy this, high-density bit, level 3 (HDB3) was created. It operates similarly to B8ZS, but in a slightly more efficient manner. If a long string of 0s is detected, a number of them are changed to 1s for the duration of their trip across the provider network. They are then changed back to their original values at the remote CSU/DSU. Obviously, T1/E1 framing and line coding have not been discussed at length. It is an important topic to understand, however, even though it is not touched on in depth on the CCNP Remote Access Exam. For more information on this topic, check out www.cisco.com. PRI Layers PRI is based in the same technologies as BRI. In fact, PRI implements ISDN Q.921 (Layer 2) and Q.931 (Layer 3) in the same manner as BRI. In addition, the call setup messages are identical, as are the call release messages. There are some basic differences between BRI and PRI, however. PRI relies on the assignment of a TEI. This TEI, however, is always 0 in Cisco’s implementation. Example 6-30 shows sample output of the show isdn status command. Notice the TEI and the fact that the state is MULTIPLE_FRAME_ESTABLISHED. This verifies the existence of Layer 2 connectivity. PRI Configuration The configuration of the PRI service is quite simple. Although the command variations and options are very similar to that of its BRI counterpart, a PRI configuration has additional requirements. Example 6-30 show isdn status Command Output RouterA#show isdn status The current ISDN Switchtype = primary-ni ISDN Serial0:23 interface Layer 1 Status: ACTIVE Layer 2 Status: TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: No Active Layer 3 Call(s) Activated dsl 0 CCBs = 0 Primary Rate Interface 173 To meet the needs of the PRI provisioning, the T1 or E1 (whichever is appropriate) must be configured to match telco requirements of framing and line code, as discussed in the preceding sections of this chapter. The T1/E1 controller is actually an internal CSU/DSU. It must be told which timeslots are included in the PRI configuration. For purposes of controller configuration, the timeslot numbering starts at 1 (1–24 for T1, and 1–30 for E1). The command syntax is mercifully limited in the number of actual parameter choices available. Table 6-5 illustrates the options available for T1 and E1 configuration. Once all the appropriate information is collected, the configuration can be completed. Example 6-31 illustrates a typical T1 controller configuration. Note that the switch type has been set. Again, this setting is based on telco-provided information. The controller t1 0/0 command specifies the controller in slot 0, port 0. All 24 timeslots are active in the configuration. The framing is ESF and the linecode is B8ZS; both pieces of information are telco-provided. If this information is not readily available (that is, not provided by the telco), try using the configuration in Example 6-31. Table 6-5 T1/E1 Framing and Line Code Options Options Framing* Line Code* T1 SF (D4) AMI ESF B8ZS E1 CRC4 AMI NO-CRC4 HDB3 CRC4 Australia NO-CRC4 Australia *Framing and line code are telco-provided configuration parameters. If the controller configuration does not match what the telco has defined, the line does not function. Example 6-31 T1 PRI Configuration AS5300A(config)#isdn switch-type primary-ni ! AS5300A(config)#controller t1 0/0 AS5300A(config-controller)#pri-group timeslots 1-24 AS5300A(config-controller)#framing esf AS5300A(config-controller)#linecode b8zs AS5300A(config-controller)#clock source line primary ! AS5300A(config)#interface serial 0/0:23 AS5300A(config-if)#ip address 10.12.1.1 255.255.255.0 AS5300A(config-if)#isdn incoming-voice modem 174 Chapter 6: Using ISDN and DDR Technologies ESF and B8ZS are the default (and most commonly deployed in North America) settings for the configuration in Example 6-31. For E1 implementations, the most common implementation is CRC4 and HDB3. If it doesn’t work, change the line code and framing appropriately. There are a finite number of configuration variables. It is much less time consuming to experiment with the configuration and figure it out than it would be to call the telco and actually get to talk to someone who knows the appropriate settings for your installation. Once the controller is configured, you must define the characteristics of the D channel. For controller t1 0/0, the D channel (as in Example 6-31) is interface serial 0/0:23. The last timeslot (number 0–23 here) is the D channel in T1 PRI. The D channel in E1 PRI is timeslot 15 (numbered 0–30). The timeslot numbering scheme has long been the subject of confusion. To aid in dispelling the confusion, the numbering scheme used at each point is specified. Example 6-32 illustrates the E1 equivalent configuration. This interface, in this case serial 0/0:15, carries the protocol specific configuration (that is, the IP address, the IPX network, and so forth) for protocols that need to traverse this link. The configuration in Example 6-32 was captured from an AS5300 with eight PRI ports and two MICA modem blades with 120 modems each. The isdn incoming-voice modem command specifies that any inbound calls originating from modem users be directed to a MICA modem installed in this device rather than treated as if an actual ISDN-capable device were issuing a call setup. This is not to say that a device with bearer capabilities cannot dial into this device for connectivity. It still can. The AS5300 detects the call type and treats it accordingly. PRI Incoming Analog Calls on Digital Modems Up to this point, the discussion has focused on data calls. In other words, the topics have centered on B channel to B channel calls. Example 6-32 E1 PRI Configuration AS5300A(config)#isdn switch-type primary-ni ! AS5300A(config)#controller e1 0/0 AS5300A(config-controller)#pri-group timeslots 1-30 AS5300A(config-controller)#framing crc4 AS5300A(config-controller)#linecode hdb3 AS5300A(config-controller)#clock source line primary ! AS5300A(config)#interface serial 0/0:15 AS5300A(config-if)#ip address 10.12.1.1 255.255.255.0 AS5300A(config-if)#isdn incoming-voice modem Primary Rate Interface 175 In remote access deployments, the end user dials into an access server. The incoming lines that provide connectivity from end user to the access server are PRI implementations. These PRI lines are completely digital facilities. Figure 6-16 illustrates the typical deployment of an access server installation. Figure 6-16 Network Access Server Deployment When an end user dials into the network access server (NAS), the router detects that the call is inbound from a modem. In other words, it sees the call as an incoming analog call. If it were a call from another B channel, the call would be completely digital; however, because the call originated from an analog modem, the NAS must answer back in the form expected by the modem. Using the isdn incoming-voice modem command, the router passes the call off to one of the internal MICA modems installed in the NAS. In a traditional modem-to-modem call setup, the call begins as digital communication between the PC and the modem. The modem converts the transmission to analog (that is, modulated) and passes it off to the edge CO switch. Once inside the PSTN, the transmission is again converted to digital format for its journey across the PSTN. Once the transmission arrives at the remote edge switch, it is converted back to analog only to be changed back to digital by the modem (that is, demodulated) at the remote site and forwarded to the receiving party. It all seems a bit redundant. In the case of PRI incoming lines receiving these “voice” calls, the call process is the same— up to the point where the call is demodulated by the remote modem. In a NAS implementation, the demodulation is not necessary. It is taken, in digital form, and passed to a MICA modem Windows 95 PC Modem Async BRI PRI Central site Satellite office Home office PSTN 176 Chapter 6: Using ISDN and DDR Technologies where it is not demodulated, but left in digital form. The MICA modem negotiates the connection just as any other modem. Once the connection is complete, the calling party machine is assigned an IP address from the IP address pool configured on the NAS, or another configured source. Once an IP address and default gateway are assigned, the calling party machine functions as if it were attached to the LAN on the remote side of the NAS. Foundation Summary 177 Foundation Summary The Foundation Summary is a collection of tables and figures that provides a convenient review of many key concepts in this chapter. For those of you already comfortable with the topics in this chapter, this summary can still help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For any of you doing your final preparation before the exam, these tables and figures are a convenient way to review the day before the exam. Table 6-6 summarizes the ISDN service offerings. Table 6-7 summarizes ISDN protocols. Table 6-6 ISDN Services Service B Channels D Channel Bandwidth BRI 2 x 64 kbps 1 x 16 kbps 144 kbps T1 PRI 23 x 64 kbps 1 x 64 kbps 1.544 Mbps E1 PRI 30 x 64 kbps 1 x 64 kbps 2.048 Mbps Table 6-7 ISDN Protocols Layer Protocol Description 1 I.430/T1.601 This layer is the physical layer dealing with connectivity. I.430 specifies framing between TE1 and NT1. T1.601 specifies framing between TE and the LE. 2 Q.921 Q.921 institutes an addressing scheme for ISDN. 3 Q.931 Q.931 is used between the TE and the local ISDN switch. Call setup is handled by Q.931 as well. 178 Chapter 6: Using ISDN and DDR Technologies Q&A The questions and scenarios in this book are more difficult than what you should experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than enabling you to derive the answer from clues hidden inside the question itself, the questions challenge your understanding and recall of the subject. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, these questions will help you limit the number of exam questions on which you narrow your choices to two options and then guess. The answers to these questions can be found in Appendix A, on page 397. 1 List the two most common implementations of ISDN. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 2 List the number of bearer channels for BRI, T1 PRI and E1 PRI. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 3 What type of information is carried over the D channel? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 4 List the specifications that define Layer 2 and Layer 3 of ISDN. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 5 When is it necessary to use dialer in-band in an ISDN BRI configuration? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Q&A 179 6 What is the difference between a router with a BRI S/T interface and one with a BRI U interface? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 7 Write out the commands to define only Telnet and FTP as interesting traffic for DDR. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 8 List two of the most common encapsulations available for use on BRI interfaces. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 9 An interface that has been configured not to send routing updates is known as what type of interface? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 10 When using rotary groups, what should determine the dialer interface number? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 11 What technology is used to provide redundancy for WAN links? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 180 Chapter 6: Using ISDN and DDR Technologies 12 DDR traditionally involves the use of static routes. If static routes are not desired, what technology can be implemented? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 13 What information is required of the telco to implement PRI implementations? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 14 List the options available for T1 and E1 framing and line code configuration. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 15 List the command to have the router forward all incoming voice calls to internal MICA technology modems. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 16 Describe the key difference between Cisco’s bandwidth on demand and Multilink PPP. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 17 Create an access list that specifies HTTP and any ICMP traffic as interesting. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Use Figure 6-17 to answer the remaining questions. Q&A 181 Figure 6-17 Network Diagram for Use with Q&A 18 Configure router A such that any IP traffic causes an ISDN call to be placed. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 19 Configure both routers A and B for dynamic routing using RIP and for static routing between networks 172.16.1.0 and 172.19.1.0. Assume the use of only the ISDN network at this time. Make sure no dynamic routes are being sent out the BRI0 interface. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ ISDN service provider 972-555-6789 972-555-6788 SPID1: 97255567890101 SPID2: 97255567880101 972-678-5677 972-678-5678 SPID1: 97267856770101 SPID2: 97267856780101 172.19.1.2/24 172.16.1.1/24 172.18.1.1/24 172.18.1.2/24 172.17.1.2/24 172.17.1.1/24 T1/E1 PRI 172.17.1.3/24 172.20.1.1/24 A B HDLC 182 Chapter 6: Using ISDN and DDR Technologies 20 Configure both routers A and B for basic DDR connectivity using dialer maps. Use basicni1 for the switch type. Include the configuration parameters from Questions 3 and 4. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 21 Configure both routers A and B so that a second B channel is initialized if the first reaches 50 percent saturation in either direction. Also, the call should disconnect after 30 seconds of idle time. Note: This is not a dial backup situation. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 22 Configure router C for T1 PRI connectivity using B8ZS and ESF. Configure the appropriate IP addressing on interface S 0:23. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 23 Now assume that router C is being implemented in an E1 environment using the default settings for framing and linecode. Make the appropriate configuration changes. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 24 Remove the static routes between A and B. Implement a solution that enables dynamic routing without keeping the link up constantly. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 25 Configure routers A and B so that the ISDN link is activated only in cases in which the HDLC link is down or has reached 85 percent capacity. The backup timers for failure are at your discretion. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Scenario 6-1 183 Scenarios The following case studies and questions are designed to draw together the content of the chapter and exercise your understanding of the concepts. There is not necessarily a right answer to each scenario. The thought process and practice in manipulating the related concepts is the goal of this section. Scenario 6-1 In Figure 6-18, the Raleigh and Atlanta routers are dialing into the San Francisco router using DDR configurations. Example 6-33 details the configuration of the Raleigh router and Example 6-34 shows the Atlanta router configuration. Examine the figure and the configurations and utilize them in answering the questions that follow. Figure 6-18 Scenario 6-1 Topology Atlanta San Francisco BRI0 SPID1: 65044478990101 BRI0 SPID2: 65044478980101 BRI1 SPID1: 65044478970101 BRI1 SPID2: 65044478960101 BRI2 SPID1: 65044478950101 BRI2 SPID2: 65044478940101 E0 10.10.1.1/24 Dialer 2 (BRI 0, 1, 2) 10.1.210.1/24 10.1.210.3/24 BRI0 10.25.1.1/24 SPID1: 91944423450101 SPID2: 91944423460101 SPID1: 40455567890101 SPID2: 40455567880101 10.1.210.2/24 BRI0 E0 10.17.1.1/24 E0 Raleigh ISDN 184 Chapter 6: Using ISDN and DDR Technologies Example 6-33 Raleigh Configuration isdn switch-type basic-5ess interface ethernet 0 ip address 10.25.2.2 255.255.255.0 interface BRI0 ip address 10.1.210.3 255.255.255.0 encapsulation ppp dialer idle-timeout 180 isdn spid1 91944423450101 9194442345 isdn spid2 91944423460101 9194442346 isdn answer 4045556789 isdn answer 4045556788 dialer map ip 10.210.1.2 4045556789 dialer map ip 10.210.1.2 4045556788 dialer map ip 10.210.1.1 6504447899 dialer map ip 10.210.1.1 6504447898 dialer map ip 10.210.1.1 6504447897 dialer map ip 10.210.1.1 6504447896 dialer map ip 10.210.1.1 6504447895 dialer map ip 10.210.1.1 6504447894 dialer-group 1 access-list 101 permit tcp any any eq telnet access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq ftp-data access-list 101 permit icmp any any dialer-list 1 protocol ip list 101 router rip network 10.0.0.0 ip route 10.17.1.0 255.255.255.0 10.210.1.2 ip route 10.10.1.0 255.255.255.0 10.210.1.1 Example 6-34 Atlanta Configuration isdn switch-type basic-5ess interface ethernet 0 ip address 10.17.1.1 255.255.255.0 interface BRI0 ip address 10.1.210.2 255.255.255.0 encapsulation ppp dialer idle-timeout 180 isdn spid1 40455567890101 4045556789 isdn spid2 40455567880101 4045556788 isdn answer 9194442345 isdn answer 9194442346 isdn answer 6504447899 isdn answer 6504447898 isdn answer 6504447897 isdn answer 6504447896 isdn answer 6504447895 Scenario 6-3 185 Answer the following questions: 1 What type(s) of traffic causes a call to set up between Atlanta and Raleigh? 2 Will the Raleigh router have any problems in the event that the San Francisco router attempts to call it? 3 Can both Raleigh and Atlanta be connected to the San Francisco router concurrently? 4 Is it possible for the Atlanta router to dial both the San Francisco and the Raleigh routers at the same time? 5 Write out the IOS commands that enable the San Francisco router to support the configuration depicted by Figure 6-18 by using a dialer profile. Scenario 6-2 Refer back to Figure 6-18. Now that the basic configuration is in place, expand the configurations to include the use of snapshot routing: 1 Configure the San Francisco router to act as the snapshot server. 2 Configure the Atlanta and Raleigh routers to act as snapshot clients. Scenario 6-3 The network has been expanded to support higher bandwidth needs. Frame Relay links have been implemented as the primary connection between the sites. Use Figure 6-19 as reference for the questions that follow. isdn answer 6504447894 dialer map ip 10.210.1.3 9194442345 dialer map ip 10.210.1.3 9194442346 dialer map ip 10.210.1.1 6504447899 dialer map ip 10.210.1.1 6504447898 dialer map ip 10.210.1.1 6504447897 dialer map ip 10.210.1.1 6504447896 dialer map ip 10.210.1.1 6504447895 dialer map ip 10.210.1.1 6504447894 dialer-group 1 access-list 101 permit tcp any any eq telnet access-list 101 permit icmp any any dialer-list 1 protocol ip list 101 router rip network 10.0.0.0 ip route 10.25.1.0 255.255.255.0 10.210.1.3 ip route 10.10.1.0 255.255.255.0 10.210.1.1 Example 6-34 Atlanta Configuration (Continued) 186 Chapter 6: Using ISDN and DDR Technologies Figure 6-19 Expanded Network Topology 1 Configure dial backup on all three routers to provide redundancy five seconds after a failure until sixty seconds after the failure has cleared. 2 Configure dial backup on all three routers to provide load balancing in the event that the load on the Frame Relay circuit reaches 90 percent. The link should stay active until the aggregate load is reduced to 10 percent. Scenario 6-4 In the course of testing the configuration of dial backup in Scenario 6-3, you found that the ISDN circuits are not functioning properly. 1 Plan and document your Layer 1 troubleshooting strategy. 2 Plan your Layer 2 troubleshooting strategy. Document the show and debug commands used at this point. 3 You’ve found that you are not receiving a TEI from the switch. Layer 1 is down. What are the possible causes? 4 Plan your Layer 3 troubleshooting strategy. Document the show and debug commands used at this point. Atlanta Raleigh San Francisco S0 10.1.210.2/24 BRI0 10.1.210.3/24 BRI0 10.1.210.1/24 Dialer 2 10.31.10.2/24 DLCI 80 10.31.20.2/24 DLCI 50 10.31.20.1/24 DLCI 17 S0 S0.1 10.31.10.1/24 DLCI 16 S0.2 Frame Relay ISDN Scenario 6-1 Answers 187 Scenario Answers The answers provided in this section are not necessarily the only possible correct answers. They merely represent one possibility for each scenario. The intention is to test your base knowledge and understanding of the concepts discussed in this chapter. Should your answers be different (as they likely will be) consider the differences. Are your answers in line with the concepts of the answers provided and explained here? If not, go back and read the chapter again focusing, on the sections related to the problem scenario. The key here is for you to gain an understanding of the topics. Scenario 6-1 Answers 1 Any ICMP or Telnet traffic causes the call setup to occur. This is defined by access-list 101. 2 Yes. The Raleigh router has implemented caller ID screening. It has been configured to accept only calls originating from the Atlanta router. To correct the situation, it is necessary to add additional isdn answer lines to the configuration on the Raleigh router. 3 Yes. The San Francisco router has an adequate number of B channels available to support inbound calls from both the Raleigh and Atlanta routers. 4 Yes. One B channel can be connected to each site based on the destination of the interesting traffic. 5 Example 6-35 details the configuration that enables the San Francisco router to support the configuration depicted by Figure 6-18 using a dialer profile. Example 6-35 Answer to Scenario 6-1, Question 5 isdn switch-type basic-5ess ! interface ethernet 0 ip address 10.10.1.1 255.255.255.0 ! interface BRI0 encapsulation ppp dialer pool-member 1 ! interface BRI1 encapsulation ppp dialer pool-member 1 ! interface BRI2 encapsulation ppp dialer pool-member 1 continues 188 Chapter 6: Using ISDN and DDR Technologies Scenario 6-2 Answers 1 Example 6-36 details the configuration of the snapshot server on the San Francisco router. 2 Example 6-37 details the configuration of the snapshot client on the Atlanta router. Example 6-38 details the snapshot client configuration on the Raleigh router. ! interface Dialer1 ip unnumbered Ethernet 0 encapsulation ppp peer default ip address 10.1.210.2 dialer remote-name Atlanta dialer string 4045556789 dialer string 4045556788 dialer pool 1 dialer-group 1 ppp multilink ! interface Dialer2 ip unnumbered Ethernet0 encapsulation ppp peer default ip address 10.1.210.3 dialer remote-name Raleigh dialer string 9194442345 dialer string 9194442346 dialer pool 1 dialer-group 1 ppp multilink ! dialer list 1 protocol ip permit Example 6-36 Snapshot Server Configuration interface dialer 2 snapshot server 5 dialer dialer map snapshot 1 name Raleigh 9194442345 dialer map snapshot 1 name Atlanta 4045556789 Example 6-37 Snapshot Client Configuration on the Atlanta Router interface BRI0 snapshot client 5 720 dialer dialer map snapshot 1 name SanFrancisco 6504447899 Example 6-35 Answer to Scenario 6-1, Question 5 (Continued) Scenario 6-3 Answers 189 Scenario 6-3 Answers 1 Example 6-39 shows the dial backup configuration for the San Francisco router. Example 6-40 shows the configuration for the Raleigh router. Example 6-40 shows the configuration for the Atlanta router. Note that in the following configurations, the DDR commands are assumed to be properly implemented. 2 Examples 6-42, 6-43 and 6-44 show the commands that need to be added to the configurations specified in Question 1 to provide load balancing in the event that the load on the Frame Relay circuit reaches 90 percent. Example 6-38 Snapshot Client Configuration on the Raleigh Router interface BRI0 snapshot client 5 720 dialer dialer map snapshot 1 name SanFrancisco 6504447898 Example 6-39 San Francisco Router Dial Backup for Failure Configuration interface serial 0.1 backup interface bri 0 backup delay 5 60 interface serial 0.2 backup interface bri 0 backup delay 5 60 Example 6-40 Raleigh Router Dial Backup for Failure Configuration interface serial 0 backup interface bri 0 backup delay 5 60 Example 6-41 Atlanta Router Dial Backup for Failure Configuration interface serial 0 backup interface bri 0 backup delay 5 60 Example 6-42 San Francisco Router Dial Backup for Load Configuration interface serial 0.1 backup load 90 10 interface serial 0.2 backup load 90 10 190 Chapter 6: Using ISDN and DDR Technologies Scenario 6-4 Answers The answers for this scenario represent a basic troubleshooting guide. By far, they are not the only answers available. 1 Layer 1 represents the physical layer. Make sure the cabling is properly connected. Ensure that the proper cables are being used. Make sure you have the proper switch type configured. Call the telco to ensure the proper setting. Make sure the interface has not been shutdown. With all cables properly connected and the proper switch type, the layer should activate. 2 Layer 2 obviously relies on Layer 1. If Layer 1 is not active, Layers 2 and 3 cannot activate. There are a number of commands useful in troubleshooting Layer 2. Table 6-7 lists some of the privileged EXEC commands: 3 If the TEI is not being negotiated, check the Layer 1 connectivity and the switch type. If Layer 1 is correctly connected and the switch type is properly configured, there may be a problem with the installation. If the switch type is correct, and the telco hasn’t properly installed the line, there is no connectivity. Remember, in Europe, a TEI is not assigned until a call is set up. In North America, there should be on-going communication between the switch and the router, so the TEI should be assigned. Cisco does not support TEI=0 Example 6-43 Raleigh Router Dial Backup for Load Configuration interface serial 0 backup load 90 10 Example 6-44 Atlanta Router Dial Backup for Load Configuration interface serial 0 backup load 90 10 Table 6-8 ISDN Layer 2 Troubleshooting Commands Command Explanation show isdn status This command is useful in troubleshooting all 3 layers of the ISDN connection. It shows layer by layer the status of the connection. If Layer 2 is active, you will see MULTIPLE_FRAME_ESTABLISHED in the output under the Layer 2 information. debug isdn q921 This command shows the real-time negotiation (or lack thereof) between the router and the telco switch. TEI negotiation can also be monitored here. show interface bri0 This command shows a snapshot of the current status (up/down, and so on) of the interface. Scenario 6-4 Answers 191 for BRI connections. For PRI, the TEI is 0. If the switch type is incorrect and/or the switch type is changed, save the configuration and reload the router. The new switch type is not activated until a reload is done. 4 Layer 3 connectivity is dependent on Layers 1 and 2. If they are not active, Layer 3 does not activate. Table 6-8 shows only a few of the privileged EXEC commands available to troubleshoot Layer 3. Table 6-9 ISDN Layer 3 Troubleshooting Command Explanation show isdn status This command is useful in troubleshooting all 3 layers of the ISDN connection. It shows (layer by layer) the status of the connection. debug isdn q931 This command shows the real-time call setup (or lack thereof). You can monitor the progress of the call in real time. debug dialer This enables the real-time dialing and negotiation between the two routers. show interface bri0 This shows a snapshot of the current status (up/down, and so on) of the interface. This chapter covers the following topics that you need to master as a CCNP: • Cisco 700 series router key features and functions—The 700 series router relies on profiles as psuedo interfaces for the device. These profiles take on the characteristics of the site to which the router is being connected. The sites that are discussed in the chapter are the remote office (RO), the small office/home office (SOHO), and the ISP. In addition, the Dynamic Host Configuration Protocol (DHCP) functionality of the device is discussed. • Cisco 700 series router profiles—This section describes the use of profiles for the configuration of a Cisco 700 series router. These profiles provide the building blocks for the 700 series router functionality. • Configuring the 700 series router for IP routing—This section details the commands for routing in an IP environment with the 700 series router. • Routing with the Cisco 700 series router—This section describes the 700 series router’s capabilities in a very small network. This function is generally not used because the 700 is catagorized as an end-user device. • DHCP overview—This section describes DHCP from the perspective of a 700 series router. • Using the 700 series router as a DHCP server and relay agent—This section presents the 700 series router configured as a DHCP server or helper agent. The ability to configure a 700 series router for DHCP is a necessary skill for a CCNP. C H A P T E R 7 Configuring a Cisco 700 Series Router The 700 series router was purchased by Cisco from Combinet in 1997. The purchase gave Cisco an ISDN product uniquely suited to the telecommuter and SOHO market. The 700 series provides single Basic Rate Interface (BRI) connectivity and an Ethernet interface for a LAN connection. The 700 series router is compatible with the full Cisco router product line; however, it does not use the same command line structure for configuration. The command line of the 700 series router uses set as the main verb for most of the commands. This has been likened to the switch product line by some; however, there is no similarity except the use of the set verb. For those who are familiar with the IOS command set, the 700 series command language can be less than intuitive. It is important, however, for the successful CCNP candidate to become familiar with the basic concepts of the 700 configuration and the target market. The target market for this product is the telecommuter, the small office, and the home office environment. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through writing down facts and concepts, even if you never look at the information again. • Use the diagram in Figure 7-1 to guide you to the next step. 194 Chapter 7: Configuring a Cisco 700 Series Router Figure 7-1 How to Use This Chapter “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The nine-question quiz helps you determine how to spend your limited study time. The quiz is sectioned into smaller “quizlets,” each of which corresponds to four of the major topic headings in the chapter. Use the scoresheet in Table 7-1 to record your scores. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter “Do I Know This Already?” Quiz 195 1 Define the acronyms SOHO and RO. _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 What are the three permanent profiles for the 700 series router? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 3 For what is the internal profile used? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 4 How many user profiles can be created? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 5 Can an ISP support dial-on-demand (DDR) routing and bandwidth-on-demand (BoD) with a 700 series router? If not, why? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ Table 7-1 Scoresheet for Quizlets and Quiz Quizlet Number Foundation Topics Section Covered by These Questions Questions Score 1 Cisco 700 series router key features and functions 1 2 Cisco 700 series router profiles 2–4 3 Configuring the 700 series router for IP routing 5–7 4 Using the 700 series router as a DHCP server and relay agent 8–9 196 Chapter 7: Configuring a Cisco 700 Series Router 6 What is the mechanism that points the 700 to the ISP? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 What routing protocols can be configured on the 700 series router? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 How would you configure a 700 series router as a DHCP relay agent? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 When configuring the 700 series router for a DHCP server, how do you set up the default gateway for the client? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A,” on page 397. The suggested choices for your next step are as follows: • You correctly answered five or fewer questions overall—Read the chapter. This includes the “Foundation Topics,” the “Foundation Summary,” and the “Q&A” sections, as well as the scenarios at the end of the chapter. • You correctly answered six, seven, or eight questions overall—Begin with the “Foundation Summary” section and then go to the “Q&A” section and the scenario at the end of the chapter. • You correctly answered all questions correctly—If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section and the scenario at the end of the chapter. Otherwise, move to the next chapter. Cisco 700 Series Router Key Features and Functions 197 Foundation Topics Cisco 700 Series Router Key Features and Functions The key features of a 700 router are: • Internet access for multiple users over one ISDN line—The Cisco 700 series router enables multiple PCs to access the Internet simultaneously. This keeps users from having to share a single PC with an Internet connection or rely on server-based hardware and software. A single Cisco 700 series router can make everyone in the office more productive. • Affordable Internet connections for SOHOs—With the Cisco 700 series, there’s no need to install a separate ISDN card in every PC to provide Internet access to new users and no need to have multiple ISDN lines or multiple Internet access accounts. The Cisco 700 series router includes everything you need for fast access, without the need for costly added hardware or software in a dedicated PC or central server. • High-speed Internet connections—Unlike ISDN cards, the Cisco 700 series router does not steal performance from a PC’s main processor or add work for your central server. Fast call setup with automatic dialup provides quick, automated connections to the Internet and online services. The functions of the 700 series router can be categorized into three feature sets: networking, routing and WAN, and ISDN and telephony features. All are described in the sections that follow. Networking The Cisco 700 series router offers full Point-to-Point Protocol (PPP) support, which includes Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Multilink PPP. The Cisco 700 series router also supports data compression that is compatible with the IOS feature set. As mentioned, the 700 series router can also function as a DHCP server or relay agent to provide address assignments for the network environment. In addition, the router can provide port address translation (PAT) support for a small office’s Internet connectivity. In a small office environment, using the 700 series router as the DHCP server can offer the small value-added reseller (VAR) the ability to control the address assignment without the need to modify or maintain each client on the local network. This is a major benefit to the small VAR from the standpoint of servicing the account. In addition, the use of PAT would give the small office the necessary access to the Internet without the need for knowledge of the IP addresses assigned locally. Both of these factors make this choice an ideal device for a small (four to ten) node network to access the Internet, where the service is handled by a single VAR-managed device. 198 Chapter 7: Configuring a Cisco 700 Series Router Routing and WAN IP and IPX are the only protocols supported on the Cisco 700 series router; however, the 700 series router can function as a bridge for any other protocol. RIP v1 and RIP v2 are supported for IP, and RIP for IPX is also supported. Support for Cisco’s snapshot routing feature is also supported to provide an on-demand method of routing update exchanges. Dial-on-demand routing and bandwidth-on-demand features compatible with the customary IOS features are also configurable on the device. ISDN and Telephony The 700 series router provides dial tone for the telephone service on plain old telephone service (POTS) RJ-11 interfaces. On the earlier 700 series models (750/760), the model number defined the ISDN interface type. The 700 series models that ended in an even number provided the built-in network termination 1 (NT1) interface for ISDN. The models that ended in an odd number provided an S/T interface, for which the customer had to supply the NT1 device if it was needed. In the United States, the built-in NT1 provided a complete solution. The NT1 in the international community, however, is a telephone company device. Thus, there is the need for the different models. The recent models now have both the S/T interface and the U interface on the router. The 775/776 model types are currently recommended. Again, the even numbered 776 comes with a built-in NT1 and the 775 does not. Both models provide two POTS jacks and a four-port hub. Cisco 700 Series Router Profiles The Cisco 700 series router uses different profiles to store the configuration parameters associated with a remote connection or location. This is not unlike the IOS command-line syntax that most engineers associate with an interface dialer on an enterprise-type Cisco router. In a 2500 series router, the phone number, the authentication password, and the addressing could be associated with a dialer interface. The 700 series router, using the same concept, calls the stored information for a connection a profile, and stores it in a UNIX subdirectory. Creating each profile on a 700 series router is similar to creating an interface dialer on a Cisco IOS platform. The unique advantage that the 700 provides is that the profiles can be named instead of numbered. For example, on an IOS platform, the connection to the corporate office can be interface dialer 1, whereas on the 700, the profile can be called corp_office. This simplicity provides a key element in troubleshooting when a configuration has not been viewed for many months. The 700 series router can store a maximum of 20 profiles. This includes 16 user profiles, or 16 definitions for remote connections. There are also three permanent profiles: LAN, standard, and Cisco 700 Series Router Profiles 199 internal. These, in addition to the system profile, make a total of 20. The system profile is also referred to as the global profile in some Cisco documentation. The concept of storage from the standpoint of the IOS is not relevant; set commands are immediately stored in the configuration in which they are typed. Some commands require the router to be rebooted to take effect. The general rule of thumb is to reboot following any configuration change. LAN Profile The LAN profile defines the connection to the Ethernet port. It is used for routing. The parameters that are set here are similar to the configuration on the E0 using the familiar IOS command strings. Although the parameters are similar, the syntax is not. The parameters are the IP address and mask, the route protocol, and so forth. Standard Profile The standard profile is used for inbound ISDN calls that do not have an associated profile. This profile does not support routing. The standard profile is the default profile. If authentication is not required and the destination device you are connecting to does not have a user-defined profile, the router uses the standard profile. If authentication is required and no profile is found, the call is dropped. Internal Profile The internal profile is used when routing is enabled and provides the configuration parameters to pass data between the bridge engine and the IP/IPX route engine. System Profile The system profile provides a declaration of what protocols can be used by the other profiles. If a routing protocol is turned on in the system profile, it can be used by any profile. An example here tells the story best: if you turn off IPX routing in the system profile, no profile can do IPX routing. If the system profile has IPX routing turned on, a profile can choose to do IPX routing. The system provides a global control for all protocols. Profile Use Guidelines Much ado is made about routing in the profiles. Simply stated, an unknown call is not handled with the route engine, and the standard profile does not support routing. On the other hand, a known call, or one with an associated profile, is passed to the internal profile if IP or IPX routing has been declared for the profile and then sent to the route engine for processing to the LAN. 200 Chapter 7: Configuring a Cisco 700 Series Router The following guidelines should be known by the successful CCNP candidate: • Functions—LAN and internal profiles provide the same basic function. • LAN routing—Any protocol routed in the LAN must be routed in the user profile. If a user profile does not declare routing, the LAN profile does not route it. • Bridging—Any protocol routed in the internal profile may be routed or bridged in the user profile. • Pinging—If IP or IPX routing is on for the internal profile, the router can be pinged. The system, LAN, and user profiles must be configured to establish a call. The system level is similar to the IOS global configuration mode, and is where the switch type service profile identifiers (SPIDs) (if needed) and local directory numbers are entered. The IP address and mask for the Ethernet interface and the routing protocol are established in the LAN profile. Again, this is similar to the configuration of interface E0 using the IOS command set. The user profile declares the phone number, frame type, encapsulation, static routing and authentication for this connection. Once the profiles are created, they must be activated. An active profile is ready to accept a demand call. To activate a profile once it is created, you would use set active profile-name where the profile-name is the freely chosen name of the connection. For example, suppose the profile my_corp_off has been created and configured using the set user my_corp_off command. The next step would be to activate the profile by issuing this command: set active my_corp_off. A more in-depth discussion of the syntax takes place later in the chapter. Configuring the Cisco 700 Series Router for IP Routing There are three sections to configuring a Cisco 700 series router—the system level, the LAN, and the user profile. The system profile contains that information that is generally found in the global configuration on an IOS router. The information includes the name of the router and the switch type. Additionally, the system level contains the encapsulation type, the authentication type, and the password used by the 700 series router when it connects to another device. This information is placed on the individual WAN interfaces on other router platforms; however, the fact that encapsulation and the authentication type are NOT interface level parameters can be explained by noting that that there is only one WAN interface on the 700. Configuring the Cisco 700 Series Router for IP Routing 201 The LAN section of the Cisco 700 series router configuration contains the information associated with the Ethernet interface of the router. The IP and/or IPX address and the mask are set in this section. The routing protocol is also turned on in this section. This is similar to the IOS syntax in which routing is turned on as a global parameter, but then the network statement is used to enable routing on the interfaces. Again, because there is only one LAN interface, this approach makes sense. The user section of the Cisco 700 series router configuration contains the information associated with the connection or call. The address and mask, the phone number, the routing protocol, and the static route are put into this section. This section is defined as a profile on the router. Figure 7-2 and Example 7-1 demonstrate a simple configuration for a 700 series router connecting over an ISDN network to a remote access server. Figure 7-2 shows schematically what is being done and Example 7-1 shows the configuration syntax. Note that the System, LAN, and User headers shown in Example 7-1 do not exist as part of the configuration, but are shown to show the parts of the configuration more clearly. Figure 7-2 Rem700 Router Connecting to the RAS Router Called CorpOff 700 series router Central router ISDN Network Corporate office Central site phone number 5551212 BRI0 IP address 10.33.33.1 Rem700 LAN BRI0 LAN IP address 10.22.22.1 Central site BRI/PRI address 10.33.33.2/24 202 Chapter 7: Configuring a Cisco 700 Series Router Example 7-1 shows the configuration file for the network setup in Figure 7-2. The system commands establish the hostname of the 700, the switch type, the encapsulation, and the authentication type and password. The password is the one used by the 700 when connecting to the Corporate Office router. The authentication has been declared as PPP CHAP both inbound and outbound. This is unique to the 700 IOS whereas in the non-700 IOS, the declaration of authentication does not take on a direction. The command cd lan changes the LAN profile. The commands in the LAN section assign the IP address and mask and enable routing. You may be asking the following: “What routing protocol is turned on?” The answer is RIP Version 1 (RIP-1). The router supports only RIP, and by not specifying that RIP Version 2 (RIP-2) is to be used, the router uses RIP-1. In the last section in Example 7-1, the user CorpOFF is created with the command set user CorpOFF. The use of the command set user is used only to create the profile (subdirectory). After the profile has been created, it can be accessed to alter the configuration by using the command cd CorpOFF. This command works with any permanent profile. The commands in the User section set an IP address for the WAN and turn on routing so that the user profile during this call participates with the LAN profile. The phone number is set, and Example 7-1 Configuration File for the Cisco 700 Series Router Labeled Rem700 in Figure 7-1 ------------------------------System section----------------------------------- >set system Rem700 Rem700>set switch 5ess Rem700>set encapsulation ppp Rem700>set ppp authentication incoming chap Rem700>set ppp authentication outgoing chap Rem700>set ppp secret prompt for password prompt for password Rem700>cd lan ------------------------------LAN section-------------------------------------- lan>set bridging off lan>set ip 10.22.22.1 lan>set ip netmask 255.255.255.0 lan>set ip routing on lan>cd Rem700>set user CorpOFF -------------------------------User section------------------------------------ Rem700:CorpOFF>set bridging off Rem700:CorpOFF>set ip 10.33.33.1 Rem700:CorpOFF>set ip netmask 255.255.255.0 Rem700:CorpOFF>set ip routing on Rem700:CorpOFF>set ppp host abc123 Rem700:CorpOFF>set number 5551212 Rem700:CorpOFF>set ip route destination 0.0.0.0/0 gateway 10.33.33.2 Rem700:CorpOFF>cd Rem700>set active CorpOFF Configuring the Cisco 700 Series Router for IP Routing 203 the default gateway is established. In effect, the static route says if the packet isn’t for me, send it to 10.33.33.2, which is the other side of the WAN link. It is important to note that a static route is required on the CorpOFF router to gain access to the Ethernet or LAN of the 700 series router because RIP updates have not been turned on. To turn on RIP updates, you would need the command set RIP update periodic; however, using a distance vector protocol over a dial-on-demand link to maintain route table entries would not be cost effective. The successful CCNP candidate should understand the profile location of the commands, the interoperability with the IOS command set, and the features available on the router. Profile Configuration Commands for the Cisco 700 Series Routers Profile commands are used to establish the basics of the 700 series router configuration. The commands can be categorized for use in the three basic profiles used. Table 7-2 summarizes the commands used for the three basic profiles. Table 7- 2 Profile Command Description System set switch This command declares the switch type for the 700 series router. Valid choices would be DMS100, 5ESS, NI1, and so on. Because the 700 series router only supports a single BRI interface, there is no need for further definition of the switch type. set encapsulation This command declares the encapsulation method for the BRI connection. The choices here are PPP and CPPP. PPP would be the most common setting. set ppp authentication incoming This command declares the authentication type for an incoming call. The choices are CHAP, PAP, or NONE. This feature is unique to the 700 IOS and enables the authentication to take on a direction. set ppp authentication outgoing This command is similar to the incoming authentication, but declares the method of authentication for calls leaving the 700 series router. Again, the method choices are CHAP, PAP, and NONE. set ppp secret This command declares the password for the 700 series router that is used for all calls leaving the 700. This password would be used by PAP or CHAP as declared by the set ppp authentication outgoing command. continues 204 Chapter 7: Configuring a Cisco 700 Series Router set active This command activates the profile. This can be accomplished by a router reboot after the configuration is complete. LAN set bridging off This command does what it suggests—it turns off bridging on the LAN interface. Only those protocols (IP or IPX) that are routed are passed. set ip This command declares the IP address for the LAN interface. set ip netmask This command declares the IP address mask for the LAN interface. set ip routing on This command turns on IP routing for the interface. User set user CorpOFF This command creates the user profile called CorpOFF. This profile name is used (along with the password specified by the set ppp host command) for authentication in the inbound direction. This command is not used after the profile has been created. Once a profile is created, the command cd is used to change it. set bridging off This device enables bridging to be turned off in the profile for the BRI port. set ip 10.33.33.1 The ip address 10.33.33.1 is used for the BRI interface when this profile is used. set ip netmask 255.255.255.0 The mask for the IP address is set to 24 bits. set ip routing on This command enables ip routing on the interface. This does not enable the sending of RIP updates; it simply allows routing to take place over the interface. set number 5551212 The phone number 5551212 is called when this profile is used. set ip route destination 0.0.0.0/0 gateway This is a default route inside the CorpOFF profile. This route causes this profile to be used whenever an ip packet does not have an explicit route to take. Table 7- 2 Profile Command Description Routing with the Cisco 700 Series Router 205 Profile Management Commands for the Cisco 700 Series Routers Table 7-3 summarizes the commands used for managing the Cisco 700 series router profiles. Routing with the Cisco 700 Series Router Routing over the WAN with the 700 series router is accomplished by using static routes within the profile. Each profile (or subdirectory) has a route associated with it. The router, when looking for a route to satisfy a user request for connectivity to a remote network, finds the profile that can satisfy that request and makes a connection using the configuration parameters associated with that profile. Routing on the LAN side of the router is done using RIP-1 or RIP-2. Because the router has a directly connected LAN and each profile is pseudo directly connected, the router maintains a route table with these entries. Any other routes that are learned through RIP over the LAN are also reflected in the route table. It is possible to run RIP over the WAN side; however, because DDR is the general mode for this router, it doesn’t make sense to learn routes from a remote side because the connection is not going to remain up to maintain the routes. The Cisco 700 series router is compatible with the IOS snapshot routing protocol for RIP and can exchange routes on the WAN side, although it would be a rare implementation that would require this. The positioning of this router does not lend itself to being an access router for a large group of users. Table 7- 3 Command Description set user This command initially creates the profile (or subdirectory) for the connection called user. Selecting the name “user” for a connection is similar to naming a router “router”. Generally, the name of the connection is something that is meaningful to the connection. upload This command writes the configuration to the monitor screen. The configuration is presented on the screen without page breaks. It is necessary to use a monitor program (such as hyperterminal) to view the entire configuration by using the scroll arrows on your keyboard. set default This command is similar to doing an erase startup-config and then issuing a reload command on an IOS router. Care should be taken with this command because it does NOT prompt the user that the configuration will be set back to factory defaults. The use of this command could be a career-ending event if there is no saved hardcopy of the configuration. reset This command simply reloads and reinitializes the router. 206 Chapter 7: Configuring a Cisco 700 Series Router Figure 7-3 shows a 700 series router used by a home office user who has a need to connect to a corporate office, another branch, and an Internet service provider. The configuration would consist of multiple profiles, one for each of the connections. Figure 7-3 Home Office Configuration to a Corporate Office, a Branch Office, and a Local ISP The configuration would have the profiles shown in Example 7-2: Example 7-2 Profiles for the Configuration in Figure 7-2 set user BRANCH set bridging off set ip 192.3.5.2 set ip netmask 255.255.255.0 set ip routing on set number 5551234 set ip route destination 192.3.4.0/24 gateway 192.3.5.1 set user CORPORATE set bridging off set ip 10.0.1.2 set ip netmask 255.255.255.0 set ip routing on set number 4441234 set ip route destination 10.0.0.0/24 gateway 10.0.1.1 Cisco 700 series router LAN 10.2.2.0/24 ISDN cloud 192.3.5.1/24 5551234 10.0.1.1/24 4441234 ???.???.???.??? 3331234 Branch office Corporate office Service provider Internet DHCP Overview 207 Executing the show ip route all command would display the output shown in Example 7-3. With this configuration, when the router receives a packet for the 192.3.4.0 network, the packet would be passed to the BRI0 port and the BRANCH profile would be used. If a packet was destined for any 10.0.0.0 network, it would be passed to the BRI0 and the CORPORATE profile would be used. All other packets that are destined to non-known networks would be passed to the BRI0 port and the MYISP profile would be invoked. Note that bridging has been turned off and IP routing has been turned on in each profile. All non-IP packets will not pass through the router; however, all IP packets will be routed. It should be noted that the MYISP profile has not actually been configured for an IP address. Although it does accept the address assigned by the service provider, this is done by simply declaring the IP netmask as 0.0.0.0, without specifying an IP address. The successful CCNP candidate is aware of the flexibility of the 700 series router; however, he or she need not be a subject matter expert on each command nuance. In general, he or she should remember that the 700 series router would be used in a SOHO environment in which ISDN is being used to connect to a limited number of locations and to provide higher-thanmodem speeds to an ISP. DHCP Overview DHCP provides a method for automatically assigning reusable IP addresses to clients. Cisco’s implementation of DHCP follows RFC 2131 for DHCP concepts and RFC 2131 for DHCP options. set user MYISP set bridging off set ip routing on set number 3331234 set ip route destination 0.0.0.0/0 gateway 0.0.0.0 propagate on set ip netmask 0.0.0.0 set bridge off Example 7-3 show ip route all Command Output Displays IP Routes for All Profiles show ip route all Profile Type Destination Bits Gateway Prop Cost Source Age ------------------------------------------------------------------------------ LAN NET 10.118.0.0 24 DIRECT ON 1 DIRECT 0 CentralA NET 0.0.0.0 0 0.0.0.0 OFF 1 STATIC 0 Example 7-2 Profiles for the Configuration in Figure 7-2 (Continued) 208 Chapter 7: Configuring a Cisco 700 Series Router The 700 IOS DHCP server gives the SOHO administrator a much simpler IP address management scheme. DHCP enables the small office with the capability to provide IP addressing on an as-needed basis for each local client. This method eliminates address management on a PC-by-PC basis, which reduces client configuration tasks and costs. Hosts in remote offices can obtain dynamic IP addresses directly from the local 700 series router. DHCP has been generally adopted as the standard for assigning addresses to an internal network. This frees the administrator from configuring and maintaining an address scheme on a PC-by-PC basis. For more information on the inner workings of DHCP, you can turn to the following references (all of which can be accessed from www.isi.edu/in-notes/): • RFC 951—Bootstrap Protocol (BOOTP) • RFC 1542—Clarifications and Extensions for the Bootstrap Protocol • RFC 2131—Dynamic Host Configuration Protocol • RFC 2132—DHCP Options and BOOTP Vendor Extensions These RFCs can be a bit heady for understanding the average uses of DHCP. Nonetheless, the basic thrust of this technology has been widely implemented and accepted. In fact, all Cisco routers can understand and implement this function per the standards. Using the Cisco 700 Series Router as a DHCP Server and Relay Agent The 700 series router is capable of being the DHCP server or functioning as a relay agent to a DHCP server running on another device. To perform the function of a relay agent, the router is configured as follows: set dhcp relay ip-address The use of the 700 series router as a relay agent is very similar to setting an IP helper-address on an IOS router pointing to a DHCP server. Using the set dhcp relay command passes only the DHCP request; however, the IP helper-address can pass other broadcast packets if not configured for only DHCP requests. The use of the router as a relay agent simply points to another device responsible for the maintenance of the IP addressing. Using the 700 series router as a DHCP server is also syntactically very simple: the router must be declared as the server and the address pool must be defined. Any DHCP broadcast request received from the LAN interface is satisfied from the pool. The code in Example 7-4 is required on the router shown in Figure 7-4. Using the Cisco 700 Series Router as a DHCP Server and Relay Agent 209 Figure 7-4 DHCP Setup for the 700 Series Router The set dhcp server command declares that the router be used as the DHCP server. The address pool and network mask are then declared. The syntax for the address pool is different from the syntax used to specify a pool in the IOS command set. The address (in this case, 10.1.1.2) is the first address in the pool. The second number (252) declares the number of addresses that are assigned internally for the DHCP pool. Hence, the pool in this case uses the IP addresses 10.1.1.2 through 10.1.1.253. The gateway that is given to all DHCP clients is the 700 Ethernet interface. The DNS and WINS servers are defined as 192.168.1.5, and the domain sent to all clients is “mycompany”. The key issue is that the 700 series router is assigning itself as the gateway for the clients on its Ethernet segment. In this fashion, it becomes the router for all clients. To become successful with the CCNP material, you should focus on the flexibility of the 700 series router and not on the details of the syntax. Example 7-4 700 Configuration to Implement the Router as a DHCP Server set dhcp server set dhcp address 10.1.1.2 252 set dhcp netmask 255.255.255.0 set dhcp gateway primary 10.1.1.1 set dhcp dns primary 192.168.1.5 set dhcp wins primary 192.168.1.5 set dhcp domain mycompany Cisco 700 series router ISDN cloud Central router DHCP client 10.1.1.1 DHCP address pool 10.1.1.2 through 10.1.1.253 WINS/DNS server 192.168.1.5 210 Chapter 7: Configuring a Cisco 700 Series Router Foundation Summary The Foundation Summary is a collection of tables and figures that provides a convenient review of many key concepts in this chapter. For those of you already comfortable with the topics in this chapter, this summary could help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For any of you doing your final preparation before the exam, these tables and figures will hopefully be a convenient way to review the day before the exam. Table 7-4 summarizes the commands used for the three basic Cisco 700 series router profiles. Table 7- 4 Command Summary for Cisco 700 Series Router Profile Configuration Profile Command Description System set switch This command declares the switch type for the 700 series router. Valid choices would be DMS100, 5ESS, NI1, and so on. Because the 700 series router only supports a single BRI interface, there is no need for further definition of the switch type. set encapsulation This command declares the encapsulation method for the BRI connection. The choices here are PPP and CPPP. PPP would be the most common setting. set ppp authentication incoming This command declares the authentication type for an incoming call. The choices are CHAP, PAP, or NONE. This feature is unique to the 700 IOS and enables the authentication to take on a direction. set ppp authentication outgoing This command is similar to the incoming authentication, but declares the method of authentication for calls leaving the 700 series router. Again, the method choices are CHAP, PAP, and NONE. set ppp secret This command declares the password for the 700 series router that is used for all calls leaving the 700. This password would be used by PAP or CHAP as declared by the set ppp authentication outgoing command. set active This command activates the profile. This can be accomplished by a router reboot after the configuration is complete. LAN set bridging off This command does what it suggests—it turns off bridging on the LAN interface. Only those protocols (IP or IPX) that are routed are passed. set ip This command declares the IP address for the LAN interface. Foundation Summary 211 set ip netmask This command declares the IP address mask for the LAN interface. set ip routing on This command turns on IP routing for the interface. User set user CorpOFF This command creates the user profile called CorpOFF. This profile name is used (along with the password specified by the set ppp host command) for authentication in the inbound direction. This command is not used after the profile has been created. Once a profile is created, the command cd is used to change it. set bridging off This device enables bridging to be turned off in the profile for the BRI port. set ip 10.33.33.1 The ip address 10.33.33.1 is used for the BRI interface when this profile is used. set ip netmask 255.255.255.0 The mask for the IP address is set to 24 bits. set ip routing on This command enables ip routing on the interface. This does not enable the sending of RIP updates; it simply allows routing to take place over the interface. set number 5551212 The phone number 5551212 is called when this profile is used. set ip route destination 0.0.0.0/0 gateway This is a default route inside the CorpOFF profile. This route causes this profile to be used whenever an ip packet does not have an explicit route to take. Table 7- 4 Command Summary for Cisco 700 Series Router Profile Configuration (Continued) Profile Command Description 212 Chapter 7: Configuring a Cisco 700 Series Router Table 7-5 summarizes the commands used for managing Cisco 700 series router profiles. Table 7- 5 Command Summary for Cisco 700 Series Router Profile Management Command Description set user This command initially creates the profile (or subdirectory) for the connection called user. Selecting the name “user” for a connection is similar to naming a router “router”. Generally, the name of the connection is something that is meaningful to the connection. upload This command writes the configuration to the monitor screen. The configuration is presented on the screen without page breaks. It is necessary to use a monitor program (such as hyperterminal) to view the entire configuration by using the scroll arrows on your keyboard. set default This command is similar to doing an erase startup-config and then issuing a reload command on an IOS router. Care should be taken with this command because it does NOT prompt the user that the configuration will be set back to factory defaults. The use of this command could be a career-ending event if there is no saved hardcopy of the configuration. reset This command simply reloads and reinitializes the router. Q&A 213 Q&A The questions and scenarios in this book are more difficult than what you will experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answer. Rather than enabling you to derive the answer from clues hidden inside the question itself, the questions challenge your understanding and recall of the subject. Questions from the “Do I Know This Already?” quiz from the beginning of the chapter are repeated here to ensure that you have mastered the chapter’s topic areas. Hopefully, mastering these questions will help you limit the number of exam questions on which you narrow your choices to two options and then guess. If you incorrectly answer one of the following questions, review the answer and ensure that you understand the reason(s) why your answer is incorrect. If you are confused by the answer, refer to the text in the chapter to review. The answers to these questions can be found in Appendix A, on page 397. 1 What are the three permanent profiles for the 700 series router? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 2 Which one of the following statements is true? a. Any protocol routed in the LAN must be routed in the user profile. b. Any protocol routed in the LAN cannot be routed in the user profile. c. Any protocol routed in the LAN must be bridged in the user profile. d. Any protocol routed in the LAN cannot be bridged in the internal profile. 3 What must be true for the 700 series router to be IP pingable? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 4 For what is the internal profile used? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 214 Chapter 7: Configuring a Cisco 700 Series Router 5 How many user profiles can be created? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 6 Under which mode or profile is the ISDN switch type declared? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 7 What is declared in the LAN profile? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 8 Define the acronyms SOHO and RO. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 9 Can an ISP support DDR and BoD with a 700 series router? If not, why? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 10 What command would you use to declare the use of CHAP authentication when a 700 series router calls a remote site? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Q&A 215 11 What does the command set system 700MLP do? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 12 What is the mechanism that points the 700 series router to the ISP? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 13 Which of the following protocols are supported by the 700 series router: PAP, CHAP, MPPP, IGRP, ISP, and PAT? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 14 What routing protocols can be configured on the 700 series router? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 15 What command is used to display the 700 configuration? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 16 What is the command required for a soft boot on a 700 series router? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 17 What command would you use to configure the 700 series router as a DHCP relay agent? _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 216 Chapter 7: Configuring a Cisco 700 Series Router 18 What does the following command do: set dhcp address 10.1.1.5 12? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 19 Which of the following routed protocols can be used on the 700 router: IGRP, IPX, RIP, IP, OSPF, and static routes? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 20 When configuring the 700 series router for a DHCP server, how do you set up the default gateway for the client? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Scenario 7-1 217 Scenarios The following scenario and questions are designed to draw together the content of the chapter and exercise your understanding of the concepts. There is not necessarily a right answer to the scenario. The thought process and practice in manipulating the related concepts is the goal of this section. Scenario 7-1 You’re a home user with an ISDN connection and would like to connect to your ISP and to your corporate office, which is using the private 192.168.4.0/24 network. Your connection to the corporate office is 192.168.4.12. 1 What router platform might you select? 2 How many user profiles do you need to create? 3 What would the route statements look like in the profiles created? 4 Could you be on the Internet and communicate with your office at the same time? 218 Chapter 7: Configuring a Cisco 700 Series Router Scenario Answers The answers provided in this section are not necessarily the only possible correct answers. They merely represent one possibility for the scenario. The intention is to test your base knowledge and understanding of the concepts discussed in this chapter. Should your answers be different (as they likely will be) consider the differences. Are your answers in line with the concepts of the answers provided and explained here? If not, go back and read the chapter again, focusing on the sections related to the problem scenario. Scenario 7-1 Answers 1 You might select the 700 series router. Although it is true that many router platforms would do, the 700 series router is priced for the home user market. 2 You would need to create two profiles—one for each destination that you want to reach. 3 The route statement in the ISP profile would be the default route or the following: set ip route destination 0.0.0.0/0 gateway 0.0.0.0 The route statement in the profile used to connect to the corporate office would be set ip route destination 192.168.4.0 gateway 192.168.4.12 where 192.168.4.12 is the ISDN interface of the router you are calling. 4 Yes. With two B channels, it would be possible to have both calls on line at the same time. This chapter covers the following topics that you need to master as a CCNP: • X.25 basics—From its emergence in the early 1970s to present day implementation strategies, X.25 remains one of the most (if not the most) deployed technologies in the internetworking world. • X.25 layered model—X.25 employs an implementation model similar to the OSI model. This section discusses the layers of the X.25 model. • X.25 configuration options—For configuration options to be supported globally, there are some configuration parameters that might need to be altered from their default settings. This section details some of those settings. C H A P T E R 8 Establishing an X.25 Connection The CCNP Remote Access Exam requires you to be familiar with the implementation options associated with X.25. You must understand the basic deployment of X.25 as well as the optional configuration parameters. X.25 is similar in some respects to ISDN. The basic functionality of the two is based on the same technology, and the Public Switched Telephone Network (PSTN) still provides the necessary switching facilities. X.25 is similar not only to ISDN for switched virtual circuits (SVCs) but also to Frame Relay. In addition, the frame format is almost identical to High- Level Data Link Control (HDLC). It is imperative that you understand the relationship between DCE and DTE devices. The relationship is discussed throughout the chapter. The exam requires an understanding of various deployment configuration options, including window sizes, packet sizes, and communications windows. How to Best Use This Chapter By taking the following steps, you can make better use of your study time: • Keep your notes and answers for all your work with this book in one place for easy reference. • Take the “Do I Know This Already?” quiz and write down your answers. Studies show retention is significantly increased through writing facts and concepts down, even if you never look at the information again. • Use the diagram in Figure 8-1 to guide you to the next step. 222 Chapter 8: Establishing an X.25 Connection Figure 8-1 How To Use This Chapter “Do I Know This Already?” Quiz The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The 12-question quiz helps you make good choices about how to spend your limited study time. The quiz is sectioned into smaller, four-question “quizlets,” each of which corresponds to the three major topic headings in the chapter. Use the scoresheet in Table 8-1 to record your scores. "Do I Know This Already?" quiz Low score Medium score High score, want more review High score Read Foundation Summary Read Foundation Topics Q&A Scenarios Go to next chapter “Do I Know This Already?” Quiz 223 1 Name the Layer 2 of X.25. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 2 Name the Layer 3 of X.25. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 3 In X.25, what are the two possible roles that a router can play? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 4 What is the function of a PAD in an X.25 network? ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ 5 The addressing scheme in X.25 is known as what kind of address? ______________________________________________________________________ ________________________________