Transcript Slide 1

Sybex CCNA 640-802
Chapter 14: Wide Area Networks
Instructor & Todd Lammle
Chapter 14 Objectives
The CCNA Topics Covered in this chapter
include:
• Introduction to WAN’s
• HDLC
• PPP
• Frame Relay
• Introduction to VPN’s
2
Defining WAN Terms
• Customer Premises Equipment
(CPE)
• Demarcation (demarc)
• Local loop
• Central Office (CO)
• Toll network
WAN Connection Types
DTE-DCE-DTE
Channel Service Unit (CSU) is a device that converts a digital data
frame from the communications technology used on a local area
network (LAN) into a frame appropriate to a wide-area network (WAN)
and vice versa.
The Data Service Unit (DSU) is a device that performs protective
and diagnostic functions for a telecommunications line.
WAN Support
• Frame Relay
• ISDN: Integrated Services Digital
Network
• LAPB: Link Access Procedure,
Balanced
• LAPD: Link Access Procedure, Dchannel
• HDLC: High-level Data Link Control
• PPP
• ATM: Asynchronous Transfer Mode
HDLC Protocol
• Bit-oriented Data Link layer ISO
standard protocol, i.e., control
information is encoded by bits
• Specifies a data encapsulation
method on synchronous serial
data links
• A point-to point protocol used
on leased lines
• No authentication can be used
HDLC Frame Format
Point-to-Point Protocol (PPP)
• Purpose:
– Transport layer-3 packets across a
Data Link layer point-to-point link
• Can be used over asynchronous
serial (dial-up) or synchronous
serial (ISDN) media
– Uses Link Control Protocol (LCP)
• Builds & maintains data-link
connections
Point-to-Point Protocol Stack
PPP Main Components
• EIA/TIA-232-C
– Intl. Std. for serial communications
• HDLC
– Serial link datagram encapsulation method
• LCP
– Used in P-t-P connections:
• Establishing
• Maintaining
• Terminating
• NCP
– Method of establishing & configuring Network
Layer protocols
– Allows simultaneous use of multiple Network
layer protocols
LCP Configuration Options
• Authentication
– PAP: Password Authentication Protocol
– CHAP: Challenge Handshake
Authentication Protocol
• Compression
– Stacker
– Predictor
• Error detection
– Quality
– Magic Number
• Multilink
– Splits the load for PPP over 2+ parallel
circuits; a bundle
PPP Session Establishment
• Link-establishment phase
• Authentication phase
• Network-layer protocol phase
PPP Session Establishment
PPP Authentication Methods
• Password Authentication Protocol
(PAP)
– Passwords sent in clear text
– Remote node returns username & password
– Only performed in initial link establishment
• Challenge Handshake Authentication
Protocol (CHAP)
– Done at start-up & periodically
– Challenge & Reply
• Remote router sends a one-way hash ~ MD5
Configuring PPP
•
Step #1: Configure PPP on RouterA & RouterB:
Router__#config t
Router__(config)#int s0
Router__(config-if)#encapsulation ppp
Router__(config-if)#^Z
•
Step #2: Define the username & password on each router:
– RouterA:
cisco
– RouterB:
cisco
RouterA(config)#username RouterB password
RouterB(config)#username RouterA password
NOTE: (1) Username maps to the remote router
(2) Passwords must match
•
Step #3: Choose Authentication type for each router;
CHAP/PAP
Router__(Config)#int s0
Router__(config-if)#ppp authentication chap
Router__(config-if)#ppp authentication pap
Router__(config-if)#^Z
PPP Example 1
PPP Example 2:
Failed PPP authentication
PPP Example 3:
Mismatched WAN Encapsulations
PPP Example 4:
Mismatched IP Address
Frame Relay
• Background
– High-performance WAN
encapsulation method
– OSI Physical & data Link layer
– Originally designed for use across
ISDN
• Supported Protocols
– IP, DECnet, AppleTalk, Xerox
Network Service (XNS), Novell IPX,
Banyan Vines, Transparent Bridging,
& ISO
Before Frame Relay
After Frame Relay
Frame Relay
• Purpose
– Provide a communication interface
between DTE & DCE equipments
– Connection-oriented Data Link
layer communication
• Via virtual circuits: PVC, SVC
• Provides a complete path from the
source to destination before sending
the first frame
Frame Relay Terminology
Frame Relay Encapsulation
• Specified on serial interfaces
• Encapsulation types:
– Cisco (default encapsulation type)
– IETF (used between Cisco & nonCisco devices)
RouterA(config)#int s0
RouterA(config-if)#encapsulation framerelay ?
ietf Use RFC1490 encapsulation
<cr>
Data Link Connection Identifiers
(DLCIs)
• Frame Relay PVCs are identified by DLCIs
• IP end devices are mapped to DLCIs
– Mapped dynamically or mapped by IARP
• Global Significance:
– Advertised to all remote sites as the same PVC,
need LMI extensions
• Local Significance:
– DLCIs do not need to be unique
• Configuration
RouterA(config-if)#frame-relay interface-dlci ?
<16-1007> Define a DLCI as part of the current
subinterface
RouterA(config-if)#frame-relay interface-dlci 16
DLCI’s are Locally Significant
Local Management
Interface (LMI)
• Background: a signaling standard
between a router and the first connected
frame relay switch
• Purpose: passing information about the
operation and status of the VC between
the DTE and switch
• LMI Messages
–
–
–
–
Keepalives
Multicasting
Global addressing
Status of virtual circuits
LMI Types
• Configuration:
RouterA(config-if)#frame-relay lmi-type ?
cisco
ansi
q933a
– Beginning with IOS ver 11.2+ the LMI type
is auto-sensed
– Default type: cisco
• Virtual circuit status:
– Active: everything is up, routers can
exchange information
– Inactive: router interface is up and
connected with the switch, but the remote
router is not up
– Deleted: no LMI info is being received on
the interface from the switch
Single interfaces
RouterA(config)#int s0/0
RouterA(config-if)#encapsulation frame-relay
RouterA(config-if)#ip address 172.16.20.1
255.255.255.0
RouterA(config-if)#frame-relay lmi-type ansi
RouterA(config-if)#frame-relay interface-dlci 101
RouterA(config-if)#^Z
Sub-interfaces
• Definition
– Multiple virtual circuits on a single
serial interface: multiplexing
– Enables the assignment of different
network-layer characteristics to each
sub-interface
• IP routing on one sub-interface
• IPX routing on another
– Mitigates difficulties associated with:
• Partial meshed Frame Relay networks
• Split Horizon protocols
Creating Sub-interfaces
Configuration:
#1: Set the encapsulation on the serial
interface
#2: Define the subinterface
RouterA(config)#int s0
RouterA(config)#encapsulation frame-relay
RouterA(config)#int s0.?
<0-4294967295> Serial interface number
RouterA(config)#int s0.16 ?
multipoint
Treat as a multipoint link
point-to-point
Treat as a point-to-point link
Sub-interfaces
– Point-to-point: a single virtual circuit connects one
router to another. Each p-t-p subinterface requires
its own subnet.
– Multipoint: when the router is the center of a star of
virtual circuits that are using a single subnet for all
routers’ serial interfaces connected to the switch.
Mapping Frame Relay
Necessary to IP end devices to
communicate
– Addresses must be mapped to
the DLCIs
– Methods:
• Frame Relay map command
• Inverse-arp function
Using the map command
RouterA(config)#int s0
RouterA(config-if)#encap frame
RouterA(config-if)#int s0.16 point-to-point
RouterA(config-subif)#no inverse-arp
RouterA(config-subif)#ip address 172.16.30.1
255.255.255.0
RouterA(config-subif)#frame-relay map ip
172.16.30.17 16 ietf broadcast
Using the inverse arp
command
RouterA(config)#int s0.16 point-to-point
RouterA(config-subif)#encap frame-relay ietf
RouterA(config-subif)#ip address 172.16.30.1
255.255.255.0
RouterA(config-subif)#frame-relay interfacedlci 200
Committed Information
Rate (CIR)
• Definition: Provision allowing
customers to purchase amounts of
bandwidth lower than what they
might need
– Cost savings
– Good for bursty traffic
– Not good for constant amounts of
data transmission
Congestion Control
• Discard Eligibility (DE):
– Transmit packets beyond the CIR, the packets
exceeding the CIR are to be discarded if network
is congested at that time. These excessive bits
are marked with a DE bit.
• Forward-Explicit Congestion Notification (FECN)
– When the frame relay network recognizes
congestion in the cloud, the FECN bit will be set
to 1 to notify the destination DTE that the path
the frame just traversed is congested.
• Backward-Explicit Congestion Notification (BECN)
– When the switch detects congestions, it’ll set the
BECN bit in a frame that’s destined for the source
router.
Monitoring Frame Relay
RouterA>sho frame ?
ip
show frame relay IP statistics
lmi
show frame relay lmi statistics
map
Frame-Relay map table
pvc
show frame relay pvc statistics
route show frame relay route
traffic Frame-Relay protocol statistics
RouterA#sho int s0
RouterB#show frame map
Router#debug frame-relay lmi
Troubleshooting Frame Relay
Why can’t RouterA talk to RouterB?
You need to use your own DLCI number 100 instead of the remote
DLCI number to communicate with the switch.
Troubleshooting Frame Relay
Why is RIP not sent across the PVC?
Because frame relay is a non-broadcast multi-access network, i.e., no
broadcast across the PVC. So it’s necessary to add broadcast in the
mapping statement.
Introduction to VPN’s
• VPNs are used daily to give
remote users and disjointed
networks connectivity over a
public medium like the Internet
instead of using more
expensive permanent means.
43
Types of VPN’s
• REMOTE ACCESS VPNS
Remote access VPNs allow remote users like
telecommuters to securely access the corporate
network wherever and whenever they need to.
• SITE-TO-SITE VPNS
Site-to-site VPNs, or, intranet VPNs, allow a company to
connect its remote sites to the corporate backbone
securely over a public medium like the Internet
instead of requiring more expensive WAN
connections like Frame Relay.
• EXTRANET VPNS
Extranet VPNs allow an organization’s suppliers,
partners, and customers to be connected to the
corporate network in a limited way for business-tobusiness (B2B) communications.
44
Written Labs and Review
Questions
– Open your books and go through all the
written labs and the review questions.
– Review the answers in class.
45