Tài liệu Building Cisco Remote Access pdf

Outline Defining WAN Connection Types WAN Connection Speed Comparison WAN Connection Summary Identifying Site Requirements Central Site Considerations Central Site Router Equipment Branc

Trang 2

Cisco Systems has more than 200 offices in the following countries and regions Addresses, phone numbers, and

Argentina * Australia * Austria * Belgium * Brazil * Bulgaria * Canada « Chile * China PRC « Colombia * Costa Rica « Croatia « Czech Republic * Denmark « Dubai, UAE « Finland « France « Germany « Greece * Hong Kong SAR * Hungary India « Indonesia « Ireland « Israel + Italy * Japan *« Korea * Luxembourg * Malaysia * Mexico * The Netherlands « New Zealand * Norway ¢ Peru « Philippines * Poland * Portugal « Puerto Rico * Romania * Russia * Saudi Arabia « Scotland « Singapore * Slovakia * Slovenia * South Africa * Spain * Sweden * Switzerland * Taiwan « Thailand * Turkey Ukraine * United

Kingdom * United States * Venezuela * Vietnam * Zimbabwe

Copyright © 2003, Cisco Systems, Inc All rights reserved CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way

We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco

IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet

Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, IOS, IP/TV, LightStream, MGxX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc and/or its affiliates in the U.S and certain other countries

All other trademarks mentioned in this document or Web site are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0203R)

Trang 3

LESSON TWO: DEFINING WAN ENCAPSULATION PROTOCOLS 1-21

LESSON THREE: DETERMINING THE WAN TYPES TO USE 1-31

Trang 4

Outline Defining WAN Connection Types WAN Connection Speed Comparison WAN Connection Summary

Identifying Site Requirements Central Site Considerations Central Site Router Equipment Branch Office Considerations Branch Office Router Equipment SOHO Site Considerations SOHO Site Router Equipment Summary

Quiz Quiz Answer Key

LESSON FOUR: SELECTING CISCO REMOTE ACCESS SOLUTIONS

Overview

Importance

Objectives Learner Skills and Knowledge Outline

Selecting Cisco Remote Access Solutions Determining the Appropriate Interfaces: Fixed Interface Determining Appropriate Interface: Modular Interface Assembling and Cabling the Network

Verifying Network Installation Verifying Branch Office Installation Verifying SOHO Installation Selecting Products with Cisco Product Selection Tools Summary

Next Steps Quiz Quiz Answer Key

MODULE 2 — USING AAA TO SCALE ACCESS CONTROL IN AN

Cisco Access Control Solutions Overview Basic Security Devices and Router Security Cisco Security Options Overview

CiscoSecure ACS Overview CiscoSecure Components CiscoSecure Administrator GUI Client Summary

2-10 2-11 2-12

Trang 5

Quiz 2-13

LESSON TWO: UNDERSTANDING AND CONFIGURING AAA 2-15

AAA Accounting Commands 2-29

MODULE 3 — CONFIGURING ASYNCHRONOUS CONNECTIONS TOA

Modem Connections and Operation 3-5

Trang 6

LESSON TWO: MODEM CONFIGURATION 3-25

LESSON THREE: TELEPHONY CLASS OF SERVICE 3-45

Managing the Modemcap Database 3-55 Viewing Modemcap Modem Entries 3-56 Creating and Editing a Custom Modemcap Entry 3-57 Viewing a Custom Modemcap Entry 3-58

LESSON FOUR: VERIFYING AND DEBUGGING MODEM 3-63 AUTOCONFIGURATION

Trang 7

MODULE 4 — CONFIGURING PPP AND CONTROLLING NETWORK 4-4 ACCESS WITH PAP AND CHAP

LESSON TWO: CONFIGURING BASIC PPP 4-13

LESSON THREE: CONFIGURING PAP AND CHAP AUTHENTICATION 4-29

Trang 8

LESSON FOUR: USING AND CONFIGURING OTHER PPP LCP OPTIONS 4-43

Asynchronous Callback Line and Interface Commands 4-50 Configuring a PPP Callback Client 4-51 Configuring a PPP Callback Server 4-52 Using Compression with PPP 4-53

LESSON FIVE: USING MULTILINK PPP 4-63

LESSON SIX: VERIFYING AND DEBUGGING PPP 4-71

MODULE 5 — USING ISDN AND DDR TO ENHANCE REMOTE 5-1 CONNECTIVITY

Trang 9

ISDN Configuration Tasks 5-9

Selecting the ISDN Switch Type 5-11 Setting Interface Protocols 5-13 Setting SPIDs if Necessary 5-14

LESSON TWO: CONFIGURING ISDN PRI 5-21

Configuration Tasks for PRI 5-26

T1/E1 Controller Parameters 5-29 Additional ISDN PRI Configuration Parameters 5-31 PRI Configuration Example 5-33

LESSON THREE: CONFIGURING DDR 5-39

Trang 10

LESSON FIVE: OPTIONAL ISDN PPP FEATURES 5-69

LESSON SIX: VERIFYING ISDN AND DDR CONFIGURATIONS 5-87

ISDN Layer 2 debug Commands 5-91 ISDN Layer 3 debug Commands 5-92 Monitoring ISDN BRI D Channel 5-93 Monitoring ISDN BRI B Channels 5-95

Verifying Multilink PPP 5-97 Troubleshooting Multilink PPP 5-99 Testing a DDR Configuration 5-101

Trang 11

MODULE 6 — OPTIMIZING THE USE OF DDR INTERFACES 6-1

Dialer Profiles Overview 6-7

LESSON TWO: CONFIGURING DIALER PROFILES 6-15

LESSON THREE: VERIFYING AND TROUBLESHOOTING A DIALER

Trang 12

Next Steps 6-42

MODULE 7 — ESTABLISHING A DEDICATED FRAME RELAY

LESSON TWO: CONFIGURING FRAME RELAY 7-15

Different DLCls at the Remote Routers 1-22

LESSON THREE: VERIFYING FRAME RELAY CONFIGURATION 7-29

LESSON FOUR: CONFIGURING FRAME RELAY SUBINTERFACES 7-41

Trang 13

LESSON FIVE: CONFIGURING FRAME RELAY 7-55

LESSON SIX: CONFIGURING FRAME RELAY TRAFFIC SHAPING 7-65

MODULE 8 — ENABLING BACKUP FOR A PRIMARY CONNECTION 8-1

Trang 14

LESSON ONE: CONFIGURING DIAL BACKUP 8-3

Dial Backup for High Primary Line Usage 8-6 Activating Backup Interfaces for Primary Line Failures 8-7

Configuring Dial Backup for Excessive Traffic Load 8-12 Configuring Dial Backup for Excessive Traffic Load Example 8-14 Physical Interfaces as Backup Limitations 8-15 Using Dialer Interfaces as the Backup Interface 8-16 Configuring Dial Backup with Dialer Profile 8-17

LESSON TWO: ROUTING WITH THE LOAD BACKUP FEATURE 8-27

MODULE 9 —- MANAGING NETWORK PERFORMANCE WITH

Trang 15

Choosing a Cisco IOS Queuing Option 9-9

LESSON TWO: CONFIGURING WEIGHTED FAIR QUEUING 9-15

LESSON THREE: CLASS-BASED WEIGHTED FAIR QUEUING OVERVIEW 9-27

Weighted Fair Queuing Example 9-32 Configuring CBWFAQ: Step 1 9-34 Configuring CBWFQ: Step 2 9-36 Configuring CBWFQ with WRED: Step 2 9-37 Configuring CBWFQ Default Class: Step 2 9-39 Configuring CBWFQ: Step 3 9-40

LESSON FOUR: CONFIGURING LOW LATENCY QUEUING 9-47

Trang 16

LESSON FIVE: VERIFYING QUEUING OPERATION 9-57

LESSON SIX: OPTIMIZING TRAFFIC FLOW WITH DATA COMPRESSION 9-69

Implementing Compression Overview 9-71

Implementing Payload Compression 9-74 Using TCP/IP Header Compression 9-75

Other Compression Considerations 9-77

LESSON SEVEN: CONFIGURING DATA COMPRESSION 9-81

MODULE 10 — SCALING IP ADDRESSES WITH NETWORK ADDRESS

Trang 17

LESSON TWO: NAT OPERATION 10-15

LESSON THREE: CONFIGURING NAT 10-29

LESSON FOUR: VERIFYING AND TROUBLESHOOTING NAT 10-43

MODULE 11 — USING BROADBAND TO ACCESS A CENTRAL SITE 11-1

Trang 18

Outline 11-2

LESSON TWO: CABLE TECHNOLOGY 11-15

How a Cable System Works 11-19 Cable System Components 11-20

Digital Signals over RF Channels 11-24 Identifying Cable Technology Terms 11-27 Putting Cable Technology All Together 11-30 Process for Provisioning a Cable Modem 11-31 Configuration of a Router with a Cable Modem 11-32

LESSON THREE: DSL TECHNOLOGY 11-39

Trang 19

Quiz 11-57

LESSON FOUR: CONFIGURING THE CPE AS THE PPPOE CLIENT 11-61

PAT for Use with DSL Example 11-69 Using DHCP to Scale DSL 11-70 Configuring a DHCP Server 11-71 Configuring a Static Default Route 11-73 PPPoE Sample Configuration 11-74

LESSON FIVE: CONFIGURING DSL WITH PPPOA 11-79

PAT for Use with DSL Example 11-86 Using DHCP to Scale DSL 11-87 Configuring a Static Default Route 11-88 Sample PPPoA Configuration 11-89

LESSON SIX: TROUBLESHOOTING DSL 11-93

Is the ATM Interface in an Administratively Down State? 11-98

Is the Correct Power Supply Being Used? 11-99

Is the DSL Operating Mode Correct? 11-100

Trang 20

Is Data Being Received from the ISP? 11-102

MODULE 12 — VIRTUAL PRIVATE NETWORKS 12-1

LESSON TWO: CISCO IOS CRYPTOSYSTEM OVERVIEW 12-27

LESSON THREE: IPSEC TECHNOLOGIES 12-39

Trang 21

Five Steps to IPSec 12-46

IKE and IPSec Flowchart 12-49 Tasks to Configure IPSec 12-50

LESSON FOUR: TASK 1—PREPARE FOR IKE AND IPSEC 12-57

Step 3—Check Current Configuration 12-69

LESSON FIVE: TASK 2—CONFIGURE IKE 12-79

Prepare for IKE and IPSec 12-81

Step 2—Create IKE Policies 12-83

IKE Policy Negotiation 12-86 Step 3—Configure ISAKMP Identity 12-87 Step 4—Configure Preshared Keys 12-89 Step 5—Verify IKE Configuration 12-91

LESSON SIX: TASK 3—CONFIGURE IPSEC 12-97

Trang 22

Transform Set Negotiation 12-102

Step 2—Configure Global IPSec Security Association Lifetimes 12-103 Purpose of Crypto Access Lists 12-104 Step 3—Create Crypto ACLs Using Extended Access Lists 12-105 Configure Symmetric Peer Crypto Access Lists 12-107 Purpose of Crypto Maps 12-108 Crypto Map Parameters 12-109 Step 4—Configure IPSec Crypto Maps 12-110 Example Crypto Map Commands 12-112 Step 5—Apply Crypto Maps to Interfaces 12-114 IPSec Configuration Examples 12-115

LESSON SEVEN: TASK 4—TEST AND VERIFY IPSEC 12-121

Task 4—Test and Verify IPSec 12-123

The debug crypto Command 12-129 Crypto System Error Messages for ISAKMP 12-133

Trang 23

Building Cisco Remote Access Networks (BCRAN) v2.0 is an instructor-led course presented

by Cisco Systems, Inc training partners to end-user customers This five-day course focuses on

how to use one or more of the available WAN permanent or dialup technologies to connect company sites In addition, network security and security components are presented

= Course Flow Diagram

= Icons and Symbols

= Learner Introductions

Trang 24

Interconnect network devices used for WANs

Build a functional configuration to support network requirements

Verify the functionality of the network Determine network device operational status

Use debug commands to detect processes

Trang 25

Upon completing this course, the learner will be able to:

Interconnect the network devices as specified by the design and installation plan Build a functional configuration to support the specified network operational requirements Verify the functionality of the network to ensure that it functions as specified

Verify connectivity to non-Cisco devices

Accurately determine network device operational status and network performance, using the command line interface

Manage device configuration files to reduce device downtime and to conform to best

practices, using Cisco IOS” commands Configure access lists to meet specified operational requirements, using the command-line interface

Display network operational parameters so that the student can detect anomalies, using the appropriate show commands

Monitor network operational parameters so that the student can detect anomalies, using the appropriate debug commands

Trang 26

During the laboratory exercises in this course, you will build the network depicted in the figure

To accomplish this task, you will practice the following:

m Selecting Cisco products for remote connections

= Assembling and cabling the WAN components

m Using AAA to scale access control in an expanding network

= Configuring asynchronous connections with modems

™ Configuring and debugging PPP on serial interfaces

m Using ISDN and DDR to enhance remote connectivity

m Using dialer profiles to enhance DDR

= Establishing a dedicated Frame Relay connection and controlling traffic flow

m Enabling a backup to a permanent connection

m Managing network performance queuing for user-defined traffic classes

m Scaling IP addresses with NAT

= Configuring a site-to-site IPSec VPN using preshared keys

Trang 27

Cisco provides three levels of general career certifications for IT professionals with

several different tracks to meet individual needs Cisco also provides focused Cisco Qualified

Specialist (CQS) certifications for designated areas such as cable communications, voice, and security

There are many paths to Cisco certification, but only one requirement—passing one or more exams demonstrating knowledge and skill For details, go to

http://www.cisco.com/go/certifications

Trang 28

Learner Skills and Requirements

This topic lists the course prerequisites

€2nfin:rine ISDx BRI anđ Iceaey ĐDR Corf#vring FPP cwer serí9( ftcs

£ubif1exfa£4

! 1412/0022) Á5/1428Á0 4100/80 41.1 /"À/2/) Verfyix3 sa=2‹ tion with availabk cook: sec an

Before attending the BCRAN v2.0 course, you must have basic knowledge of data networking

equivalent to the information in the Cisco Certified Network Associate Basics (CCNAB) v2.0 course and the /nterconnecting Cisco Network Devices (ICND) v2.0 course Experience

working in a network environment is recommended

Trang 29

In class, you are expected to participate in all lesson exercises and assessments

In addition, you are encouraged to ask any questions relevant to the course materials

If you have pertinent information or questions concerning future Cisco product releases and

product features, please discuss these topics during breaks or after class The instructor will answer your questions or direct you to an appropriate information source

Trang 30

Break and lunch room locations

Attire

Išst0.U011

Facilities-Related Course materials Site emergency procedures Rest rooms Telephones/faxes

The instructor will discuss the administrative issues noted here so you know exactly what to

expect from the class

Sign-in process

Starting and anticipated ending times of each class day

Class breaks and lunch facilities

Appropriate attire during class

Materials you can expect to receive during class

What to do in the event of an emergency

Location of the rest rooms

How to send and receive telephone and fax messages

Trang 31

Course Flow Diagram

This topic covers the suggested flow of the course materials

VU, NUNG s ant ete tern |

eT td 42+

m— ki Modue2: w⁄#h PÀF [TY 1” no ñm+zzin xr

Ex sa vấn He se r<

the Liew af ODS ntenacet

Nedue li:Using tte Shee its ak

DB eens Pee ele

BCRAN 2.0—Module0-10

The schedule reflects the recommended structure for this course This structure allows enough

time for the instructor to present the course information and for you to work through the

laboratory exercises The exact timing of the subject materials and labs depends on the pace of

your specific class

Trang 32

lcons and Symbols

This topic shows the Cisco icons and symbols used in this course

Trang 33

If you have most or all of the prerequisite skills

A profile of your experience

What you would like to learn from this course

Trang 34

Course Evaluations

Cisco relies on customer feedback to make improvements and guide business decisions Your

valuable input will help shape future Cisco learning products and program offerings

On the first and final days of class, your instructor will provide the following information

needed to fill out the evaluation:

™ Course acronym (printed on student kit side label)

™ Course version number (printed on student kit side label)

™ Cisco Learning Partner ID #

= Course ID # (for courses registered in Cisco Learning Locator)

Please use this information to complete a brief (approximately 10 minutes) online evaluation concerning your instructor and the course materials in the student kit To access the evaluation,

go to http://www.cisco.com/go/clpevals

After the completed survey has been submitted, you will be able to access links to a variety of Cisco resources, including information on the Cisco Career Certification programs and future Cisco Networkers events

If you encounter any difficulties accessing the course evaluation URL or submitting your

evaluation, please contact Cisco via email at clpevals_support@external.cisco.com

Trang 35

This module discusses various remote access technologies and considerations for an enterprise

building its corporate network This module also addresses Cisco Systems product selection

information

Objectives

Upon completing this module, you will be able to:

m Explain the advantages and disadvantages of a variety of WAN connection types

m Select the appropriate WAN connection types

m Select Cisco equipment that will suit the specific needs of each site

m Use Cisco tools to select the proper equipment

Outline

The module contains these lessons:

= Defining WAN Connection Types

@ Defining WAN Encapsulation Protocols

m Determining the WAN Types to Use

m Selecting Cisco Remote Access Solutions

Trang 36

Trang 37

Defining WAN Connection

Upon completing this lesson, you will be able to:

™ Describe characteristics of WAN connections

m= Identify types of WAN connections

mm Describe dedicated circuit-switched WAN connections

™ Describe on-demand circuit-switched WAN connections

m Identify packet-switched WAN connections

™ Describe selected broadband access connections

m™ Describe various digital subscriber line (DSL) connections

Trang 38

Learner Skills and Knowledge

To benefit fully from this lesson, you must have these prerequisite skills and knowledge:

m All knowledge presented in the Cisco Certified Networking Associate Basics (CCNAB)

Packet-Switched Virtual Connections Broadband Access

Summary Quiz

Trang 39

WAN Connection Characteristics

This topic describes various WAN connection types

m Provisioned permanently or on demand

m Asynchronous transport network

= Statistical bandwidth allocation in transport network

= Cost typically related to bandwidth guarantee and other quality-of-service

parameters

Trang 40

Synchronization mechanism

— External

= Clocking determined by separate conductor in the media

m Thicker cable with more conductors per connection

— Embedded

= Clocking determined by bit times within the data stream

m Fewer conductors per connection

= Bit synchronization and data-link termination managed at ends of circuit

Appearance of increased control Service provider transparent

Tiêu đề	Building Cisco Remote Access
Trường học	University of Information Technology and Communications
Chuyên ngành	Computer Networks
Thể loại	building guide
Năm xuất bản	2023
Thành phố	Hanoi

Định dạng
Số trang	1.172
Dung lượng	22,05 MB