ccna explorationg 4.0 - chapter 6 teleworker services

The Teleworker Solution• The term broadband refers to advanced communications systems capable of providing high-speed transmission of services, such as data, voice, and video, over the I

Chapter 6 - Teleworker Services

CCNA Exploration 4.0

Introduction

Business Requirements for

Teleworker Services

The Business Requirements for Teleworker Services

• When designing network architectures that support a teleworking

solution, designers must balance organizational requirements for

security, infrastructure management, scalability, and affordability

against the practical needs of teleworkers for ease of use, connection

The Teleworker Solution

• The term broadband refers to advanced communications systems capable of providing high-speed transmission of services, such as data, voice, and video, over the Internet and other networks

• Transmission is provided by a wide range of technologies, including digital

subscriber line (DSL) and fiber-optic cable, coaxial cable, wireless technology, and satellite

• Soon, voice over IP (VoIP) and videoconferencing components will become expected parts of the teleworkers toolkit.

• Home Office Components - The required home office components are a laptop or

desktop computer, broadband access (cable or DSL), and a VPN router or VPN client software installed on the computer Additional components might include a wireless

access point When traveling, teleworkers need an Internet connection and a VPN client

to connect to the corporate network over any available dialup, network, or broadband connection

• Corporate Components - Corporate components are VPN-capable routers, VPN

The Teleworker Solution

Broadband Services

Connecting Teleworkers to the WAN

• The choice of access

network technology and

the need to ensure

suitable bandwidth are

the first considerations

to address when

connecting teleworkers.

Connecting Teleworkers to the WAN

Cable

Cable

Cable

• The Data-over-Cable Service Interface Specification (DOCSIS) is an international

standard developed by CableLabs, a non-profit research and development consortium for cable-related technologies

• DOCSIS specifies the OSI Layer 1 and Layer 2 requirements:

– Physical layer - For data signals that the cable operator can use, DOCSIS specifies

the channel widths (bandwidths of each channel) as 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, 3.2 MHz, and 6.4 MHz DOCSIS also specifies modulation techniques (the way to use the RF signal to convey digital data)

– MAC layer - Defines a deterministic access method, time-division multiple access

(TDMA) or synchronous code division multiple access method (S-CDMA)

Cable

• DSL is a means of providing high-speed connections over installed copper wires

• Several years ago, Bell Labs identified that a typical voice conversation over a local loop only required bandwidth of 300 Hz to 3 kHz

• Advances in technology allowed DSL to use the additional bandwidth from 3 kHz up to 1 MHz to deliver high-speed data services over ordinary copper lines

• The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL)

• The transfer rates are dependent on the actual length of the local loop, and the type and condition of its cabling For satisfactory service, the loop must be less than 5.5

kilometers (3.5 miles)

• The two key components are the DSL transceiver

and the DSLAM:

– Transceiver - Connects the computer of the

teleworker to the DSL Usually the transceiver is

a DSL modem connected to the computer using

a USB or Ethernet cable Newer DSL

transceivers can be built into small routers with

multiple 10/100 switch ports suitable for home

office use

– DSLAM - Located at the CO of the carrier, the

DSLAM combines individual DSL connections

from users into one high-capacity link to an ISP,

and thereby, to the Internet.

• The major benefit of ADSL is the ability to provide data services along with

POTS voice services.

• ADSL signals distort voice transmission and are split or filtered at the customer premises There are two ways to separate ADSL from voice at the customer premises: using a microfilter or using a splitter

• A microfilter is a passive low-pass filter with two ends One end connects to

the telephone, and the other end connects to the telephone wall jack This

solution eliminates the need for a technician to visit the premises and allows the user to use any jack in the house for voice or ADSL service.

• POTS splitters separate the DSL traffic from the POTS traffic The POTS

splitter is a passive device In the event of a power failure, the voice traffic still travels to the voice switch in the CO of the carrier

• Splitters are located at the CO and, in some deployments, at the customer

premises At the CO, the POTS splitter separates the voice traffic, destined for POTS connections, and the data traffic destined for the DSLAM.

Broadband Wireless

• Broadband access by ADSL or cable provides teleworkers with faster connections than dialup, but until recently, SOHO PCs had to connect to a modem or a router over a Cat 5 (Ethernet) cable

• Wireless networking, or Wi-Fi (wireless fidelity), has improved that situation, not only in the SOHO, but on enterprise campuses as well

• The benefits of Wi-Fi extend beyond not having to use or install wired network

connections Wireless networking provides mobility Wireless connections provide

increased flexibility and productivity to the teleworker

Broadband Wireless

• The significant limitation of wireless access has been the need to be within the local transmission range (typically less than 100 feet) of a wireless router or wireless access point that has a wired connection to the Internet.

• The concept of hotspots has increased access to wireless connections across the world A hotspot is the area covered by one or more interconnected access

Broadband Wireless

• The figure shows a typical

home deployment using a

single wireless router

• This deployment uses the

hub-and-spoke model.

Broadband Wireless

• A mesh is a series of access points (radio transmitters) as shown in the figure Each access point is in range and can communicate with at least two other

access points.

• A meshed network has several advantages over single router hotspots

– Installation is easier and can be less expensive because there are fewer wires

– Deployment over a large urban area is faster From an operational point of view, it is more reliable

Broadband Wireless

• WiMAX (Worldwide Interoperability for Microwave Access) is

telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-point links to full

mobile cellular type access.

– A tower that is similar in concept to a cellular telephone tower A

single WiMAX tower can provide coverage to an area as large as 3,000 square miles, or almost 7,500 square kilometers.

– A WiMAX receiver that is similar in size and shape to a PCMCIA

Broadband Wireless

• There are three ways to connect to the Internet using satellites: way multicast, way terrestrial return, and two-way

one-1 One-way multicast satellite Internet systems are used for IP multicast-based data,

audio, and video distribution Even though most IP protocols require two-way

communication, for Internet content, including web pages, one-way satellite-based Internet services can be "pushed" pages to local storage at end-user sites by

satellite Internet Full interactivity is not possible

2 One-way terrestrial return satellite Internet systems use traditional dialup access

to send outbound data through a modem and receive downloads from the satellite

3 Two-way satellite Internet sends data from remote sites via satellite to a hub,

which then sends the data to the Internet The satellite dish at each location needs

• Satellite Internet services

are used in locations where

land-based Internet access

is not available, or for

temporary installations that

are continually on the move.

Broadband Wireless

• The most common standards are included in the IEEE 802.11 wireless local area network (WLAN) standard, which addresses the 5 GHz and 2.4 GHz

public (unlicensed) spectrum bands

• The 802.11n standard is a proposed amendment that builds on the previous 802.11 standards by adding multiple-input multiple-output (MIMO).

• The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and has

a range of up to 30 miles (50 km) It can operate in licensed or unlicensed

bands of the spectrum from 2 to 6 GHz.

Broadband Wireless solution

VPN Technology

• VPN technology enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and

security

VPNs and Their Benefits

VPNs and Their Benefits

• Scalability - VPNs use the Internet infrastructure within ISPs and carriers, making it easy for

organizations to add new users Organizations, big and small, are able to add large amounts of

capacity without adding significant infrastructure.

• Consider these benefits when

using VPNs:

• Cost savings - Organizations can

use cost-effective, third-party

Internet transport to connect

remote offices and users to the

main corporate site This eliminates

expensive dedicated WAN links

and modem banks.

• Security - Advanced encryption

and authentication protocols

protect data from unauthorized

access

Types of VPNs

• Organizations use site-to-site VPNs to connect dispersed locations in the same way as a leased line or Frame Relay connection is used

• Because most organizations now have Internet access, it makes sense

to take advantage of the benefits of site-to-site VPNs

users using dialup

networks This usually

involved a toll call and

incurring long distance

charges to access the

VPN Components

• Components required to establish this VPN include:

1 An existing network with servers and workstations

2 A connection to the Internet

3 VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs, that act as endpoints to establish, manage, and control VPN connections

Characteristics of Secure VPNs

to permit organizations to establish secure, end-to-end,

private network connections over the Internet.

VPN Tunneling

• Tunneling allows the use of public networks like the Internet to carry data for users as though the users had access to a private network

• Tunneling encapsulates an entire packet within another packet and

sends the new, composite packet over a network

VPN Data Integrity

• For encryption to work, both the sender and the receiver must know the rules used to transform the original message into its coded form

• VPN encryption rules include an algorithm and a key An algorithm is a mathematical

function that combines a message, text, digits, or all three with a key The output is an unreadable cipher string

VPN Data Integrity

• Some of the more common encryption algorithms and the length of

keys they use are as follows:

– Data Encryption Standard (DES) algorithm

– Triple DES (3DES) algorithm

– Advanced Encryption Standard (AES)

VPN Data Integrity

• Hashes contribute to data integrity

and authentication by ensuring that

unauthorized persons do not tamper

with transmitted messages

• A hash, also called a message

digest, is a number generated from

a string of text

• The hash is smaller than the text

itself It is generated using a formula

in such a way that it is extremely

unlikely that some other text will

produce the same hash value

• There are two common HMAC

IPsec Security Protocols

• IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication

• There are two main IPsec framework protocols.

– Authentication Header (AH)

– Encapsulating Security Payload (ESP)

IPSec encryption with pre-shared keys

IOS software for Cisco routers consists of the following four major tasks:

– Task 1 is to prepare for IPSec: This task involves determining the

detailed encryption policy, identifying the hosts and networks to

protect, determining details about the IPSec peers, determining the needed IPSec features, and ensuring existing ACLs are compatible with IPSec

– Task 2 involves configuring IKE: This task includes enabling IKE,

creating the IKE policies, and validating the configuration

– Task 3 is configuring IPSec: This task includes defining the

transform sets, creating crypto ACLs, creating crypto map entries, and applying crypto map sets to interfaces

– Task 4 is to test and verify IPSec: Using show, debug, and

related commands to test and verify that IPSec encryption works

Task 1 is to prepare for IPSec

Task 2 involves configuring IKE:

Task 3 is configuring IPSec:

IPsec Security Protocols

IPsec Security Protocols

IPsec Security Protocols

IPsec Security Protocols

IPsec Security Protocols

IPsec Security Protocols

Labs

Summary