What is a Cable System?

Download Report

Transcript What is a Cable System?

Teleworker Services
Accessing the WAN – Chapter 6
Modified by Tony Chen
04/08/2009
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Notes:

If you see any mistake on my PowerPoint slides or if
you have any questions about the materials, please
feel free to email me at [email protected].
Thanks!
Tony Chen
College of DuPage
Cisco Networking Academy
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Objectives

In this chapter, you will learn to:
– Describe the enterprise requirements for providing
teleworker services, including the differences between
private and public network infrastructures.
– Describe the teleworker requirements and recommended
architecture for providing teleworking services.
– Explain how broadband services extend enterprise networks
using DSL, cable, and wireless technology.
– Describe the importance of VPN technology, including its
role and benefits for enterprises and teleworkers.
– Describe how VPN technology can be used to provide
secure teleworker services to an enterprise network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Business Requirement for Teleworker Services
 With advances in broadband and wireless
technologies, working away from the office no longer
presents the challenges it did in the past.
– Organizations can cost-effectively distribute data,
voice, video, and real-time applications, across their
entire workforce no matter how remote and scattered
they might be.
 On a broader scale, the ability of businesses to
provide service across time zones and international
boundaries is greatly enhanced using teleworkers.
– Contracting and outsourcing solutions are easier to
implement and manage.
 From a social perspective, teleworking options
increase the employment opportunities for various
groups, including parents with small children, the
handicapped, and people living in remote areas.
– Teleworkers enjoy more quality family time, less travelrelated stress, and in general provide their employers
with increased productivity, satisfaction, and retention.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Teleworker Solution
 With the growing number of teleworkers, enterprises
have an increasing need for secure, reliable, and
cost-effective ways to connect to people working in
small offices and home offices (SOHOs), and other
remote locations, with resources on corporate sites.
 The figure displays 3 remote connection technologies
available to organizations for supporting teleworker:
1. Traditional private WAN Layer 2 technologies,
including Frame Relay, ATM, and leased lines, provide
many remote connection solutions.
2. IPsec Virtual Private Networks (VPNs) offer flexible
and scalable connectivity.
• Site-to-site connections can provide a secure, fast, and
reliable remote connection to teleworkers.
• This is the most common option for teleworkers,
combined with remote access over broadband, to
establish a secure VPN over the public Internet. (A less
reliable means of connectivity using the Internet is a
dialup connection.)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Teleworker Solution: Broadband Services
3. The term broadband refers to advanced
communications systems capable of providing highspeed transmission of services, such as data, voice,
and video, over the Internet and other networks.
 Transmission is provided by a wide range of
technologies, including
–digital subscriber line (DSL)
–fiber-optic cable,
–coaxial cable,
–wireless technology,
–satellite.
 The broadband service data transmission speeds
typically exceed 200 kilobits per second (kb/s), or
200,000 bits per second, in at least one direction:
–downstream (from the Internet to the user's computer)
–upstream (from the user's computer to the Internet).
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Remote Connection Topologies for the Teleworker
•
Broadband vs. Baseband.
– Baseband: only one
signal on the wire at
once - time-division
multiplexing:
• Ethernet networks.
– Broadband: multiple
signals - frequency
division multiplexing.
 In general, broadband refers to
telecommunication in which a wide band of
frequencies is available to transmit information.
–Broadband is generally defined as any sustained
speed of 200K or more.
–Broadband options include
•digital subscriber line (DSL),
•high-speed cable modems,
•fast downstream data connections from direct
broadcast satellite (DBS)
•fixed wireless providers.
•3G wireless
–The most common problem with broadband
access is lack of coverage area.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Teleworker Solution
 To connect effectively to their organization's
networks, teleworkers need two key sets of
components:
–Home Office Components - The required home
office components are a laptop or desktop
computer, broadband access (cable or DSL), and
a VPN router or VPN client software installed on
the computer.
• When traveling, teleworkers need an Internet
connection and a VPN client to connect to the
corporate network over any available dialup, or
broadband connection.
–Corporate Components - Corporate
components are VPN-capable routers, VPN
concentrators, multifunction security appliances,
authentication, and central management devices
for resilient aggregation and termination of the
VPN connections.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Teleworker Solution
 Typically, providing support for VoIP requires
upgrades to these components.
–Routers need Quality of Service (QoS)
functionality.
–QoS refers to the capability of a network to
provide better service to selected network traffic,
as required by voice and video applications.
 The figure shows an encrypted VPN tunnel
connect the teleworker to the corporate network.
–This is the heart of secure and reliable teleworker
connections.
–A VPN is a private data network that uses the
public telecommunication infrastructure.
–VPN security maintains privacy using a tunneling
protocol and security procedures.
–This course presents the IPsec (IP Security)
protocol as the favored approach to building
secure VPN tunnels.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Options for Connecting the Teleworker
 Split tunneling:
–Split tunneling is a computer networking
concept which allows a VPN user to access a
public network (e.g., the Internet) and a local
LAN or WAN at the same time,
•The remote user, for example, then downloads his
email from the mail server at 10.10.0.5, and
downloads a document from the Archive at
10.2.3.4. Next, without exiting the tunnel, the
remote user can print the document through the
PC's local network interface 192.19.2.32 to the
printer at 192.19.2.33.
–Advantages
•An advantage of using split tunneling is that it
alleviates bottlenecks and conserves bandwidth as
Internet traffic does not have to pass through the
VPN server.
–Disadvantages
•A disadvantage of this method is that it essentially
renders the VPN vulnerable to attack as it is
accessible through the public, non-secure network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Connecting Teleworker to the WAN
 Teleworkers typically use diverse applications
(e-mail, web, voice, and videoconferencing) that
require a high-bandwidth connection:
–Dialup access - Dialup is the slowest option,
and is typically used by mobile workers in areas
where high speed connection are not available.
–DSL - DSL also uses telephone lines. DSL uses
a special modem that separates the DSL signal
from the telephone signal and provides an
Ethernet connection to a host computer or LAN.
–Cable modem - The Internet signal is carried on
the same coaxial cable that delivers cable TV. A
special cable modem separates the Internet signal
from the other signals and provides an Ethernet
connection to a host computer or LAN.
–Satellite - The computer connects to a satellite
modem that transmits radio signals to the nearest
point of presence within the satellite network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
What is a Cable System?
 John Walson the founder of the cable television.
–He was the first cable operator to use microwave to
import distant television stations,
–He was the first to use coaxial cable to improve picture
quality, and the distribute pay television programming.
 Cable television first began in Pennsylvania in
1948. John Walson, the owner of an appliance store
in a small mountain town, needed to solve poor
over-the-air reception problems experienced by
customers trying to receive TV signals from
Philadelphia through the mountains.
–Walson erected an antenna on a utility pole on a local
mountaintop that enabled him to demonstrate the
televisions in his store with strong broadcasts coming
from the three Philadelphia stations.
–He connected the antenna to his appliance store via a
cable and modified signal boosters.
http://www.pcta.com/news/walson.
–He then connected several of his customers who were php?PHPSESSID=bad26d0ac5fd
located along the cable path.
8e02fb67d0d5045a6fab
–This was the first community antenna television
(CATV) system in the United States.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
What is a Cable System?
 The “cable” in cable system refers to the coaxial
cable that carries radio frequency (RF) signals
across the network. Coaxial cable is the primary
medium used to build cable TV systems.
 A typical cable operator now uses a satellite
dish to gather TV signals. Early systems were
one-way with cascading amplifiers placed in
series along the network to compensate for
signal loss.
–Taps were used to couple video signals from the
main trunks to subscriber homes via drop cables
 Modern cable systems provide two-way
communication between subscribers and the
cable operator.
–Cable operators now offer customers advanced
telecommunications services including high-speed
Internet access, digital cable television, and
residential telephone service.
–(e.g. impulse-pay-per-view, home shopping,
Internet access),
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
What is a Cable System?
 One Way Cable Modems
–In this system, communications in the down
direction is by cable but the return path is by
conventional telephone line and telephone
modem (33 Kbps).
1-way vs. 2 way
•Some companies have a modem box which
connects to both your telephone line and to the cable
TV system. The box then connects to your computer
via either a USB port or an Ethernet port.
 Two way Cable Modems
–Two way cable systems transmit data in both
directions via cable and therefore do not need a
telephone line. Uplink speeds are typically higher
than 56K modem but not as high as downlink
speeds.
–Cable modem service is always-on and so the
problems with busy signals, connect time, and
disconnects are eliminated.
–These systems generally permanently assign a
dedicated internet address (IP number) to each
user which allows the use of services where your
friends need to know your Internet address such
as ICQ or netphone.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
http://www.azinet.com/a
rticles/cablemodem.htm
14
Cable Technology Terms
 The following terms describe key cable technologies:
– Broadband: In cable systems, broadband refers to the frequencydivision multiplexing (FDM) of many signals in a wide RF bandwidth
over a hybrid fiber-coaxial (HFC) network.
– Community antenna television (CATV): The term now widely
refers to residential cable systems.
– Coaxial cable: Coaxial cable transports RF signals and has certain
physical properties that define the attenuation of the signal. These
properties include cable diameter, dielectric construction, ambient
temperature, and operating frequency.
– Tap: A tap divides the input signal's RF power to support multiple
outputs. Typically, the cable operators deploy taps with two, four, or
eight ports called subscriber drop connections. --- (Passive)
– Amplifier: An amplifier magnifies an input signal and produces a
significantly larger output signal. ---- (Active)
– Hybrid fiber-coaxial (HFC): HFC is a mixed optical-coaxial
network in which optical fiber replaces the lower bandwidth coaxial
where useful in the traditional trunk portion of the cable network.
– Downstream: This is the direction of an RF signal transmission (TV
channels and data) from the source (headend) to the destination
(subscribers). Transmission from source to destination is called the
forward path.
– Upstream: This is the direction of an RF signal transmission
opposite to downstream: from subscribers to the headend, or the
return or reverse path.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Tap
Amplifier
Figure: HFC Architecture
15
Cable Technology Terms
Upstream vs. Downstream
 The following terms describe key cable technologies:
– Value 768 kbps
Upload Speed 256kbps
– Basic 2.0 Mbps
Upload Speed 384kbps
– Advanced 4.0 Mbps
Upload Speed 512kbps
– Ultra 6.0 Mbps
Upload Speed 512kbps.
– Ultra Plus 6.0 Mbps
Upload speed of 1Mbps.
http://www1.wowway.com/internet/internet.aspx?ConIdent=1003&RCView=MAIN
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
Cable System Components
 CATV distributes TV channels collected at a central
location, called a headend, to subscribers over a
branched network of optical fibers, coaxial cables,
and broadband amplifiers.
 There are five major components of a cable system:
Antenna site: The location of an antenna site is chosen
for optimum reception of over-the-air, satellite signals.
Headend: The headend is a master facility where
signals are first received, processed, formatted, and then
distributed downstream to the cable network.
Transportation network: A transportation network links
a remote antenna site to a headend. The transportation
network can be microwave, coaxial, or fiber-optic.
Distribution network: In a classic cable system called a
tree-and-branch cable system, the distribution network
consists of trunk and feeder cables. The trunk is the
backbone that distributes signals throughout the
community service area to the feeder. The feeder
branches flow from a trunk and reach all of the
subscribers in the service area.
Subscriber drop: A subscriber drop connects the
subscriber to the cable services. The subscriber drop is a
connection between the feeder part of a distribution
network and the subscriber terminal device (for example,
TV set or cable modem).
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Cable System Benefits
 The cable system architecture provides a
cost-effective solution for densely populated
areas by cascading a broadcast architecture
to the users.
 The development of cable systems made new
services possible.
–Cable systems support telephony and data
services and analog and digital video services.
 Businesses that employ teleworkers can gain
the following benefits from this widely
available high-speed cable Internet access
method:
–VPN connectivity to corporate intranets
www.conniq.com/InternetAccess_cable.htm
–SOHO capabilities for work-at-home employees
–Interactive television
–Public switched telephone network (PSTN)quality voice and fax calls over the managed IP
networks
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Sending Digital Signals over Radio Waves
 When users tune a radio set across the RF
spectrum to find different radio stations, they tune
the radio to different electromagnetic frequencies
across that RF spectrum.
–The same principle applies to the cable system.
 The cable TV industry uses a portion of the RF
electromagnetic spectrum.
–At the subscriber end, equipment such as TVs,
VCRs, and High Definition TV set-top boxes tune to
certain frequencies that allow the user to view the
TV channel or to receive high-speed Internet access.
 A cable network is capable of transmitting signals
on the cable in either direction at the same time.
The following frequency scope is used:
–Downstream: Transmitting the signals from the
cable operator to the subscriber, the outgoing
frequencies are in the range of 50 to 860 MHz.
–Upstream: Transmitting the signals in the reverse
path from the subscriber to the cable operator, the
incoming frequencies are in the range of 5 to 42
MHz.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
43–50 MHz: Cordless telephones, "49 MHz"
FM walkie-talkies, and mixed 2-way mobile
communication
Downstream: Headend-tosubscriber has 810 MHz of
RF bandwidth.
Upstream: Subscriber-toheadend has 37 MHz of RF
bandwidth.
19
Sending Digital Signals over Radio Waves
 When a cable company offers Internet access
over the cable, Internet use the same cables
–the cable modem system puts downstream data
-- data sent from the Internet to an individual
computer -- into a 6-MHz channel.
•On the cable, the data looks just like a TV channel.
So Internet downstream data takes up the same
amount of cable space as any single channel of
programming.
–Upstream data -- information sent from an
individual back to the Internet -- requires even
less of the cable's bandwidth, just 2 MHz, since
the assumption is that most people download far
more information than they upload.
 Putting both upstream and downstream data on
the cable television system requires two types
of equipment: a cable modem on the customer
end and a cable modem termination system
(CMTS) at the cable provider's end.
http://computer.howstuffworks.com/cable-modem2.htm
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
The Data-over-Cable Service Interface Specification (DOCSIS)
 DOCSIS is an international standard developed by
CableLabs, a nonprofit research and development
consortium for cable-related technologies.
– CableLabs tests and certifies cable equipment such as cable
modem and cable modem termination systems.
 DOCSIS specifies the Open Systems Interconnection
(OSI) Layers 1 and 2 requirements:
– Physical layer: For data signals that the cable operator can
use, DOCSIS specifies the channel widths (bandwidths of
each channel) . DOCSIS also specifies modulation
techniques
•DOCSIS 1.0: 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, 3.2 MHz,
•DOCSIS 2.0: 6.4 MHz.
– MAC layer: Defines a deterministic access method (timedivision multiple access [TDMA] or synchronous code division
multiple access [S-CDMA]).
 DOCSIS currently uses two standards, and a third
standard is under development:
– DOCSIS 1.0 was the first standard issued in March 1997.
– DOCSIS 2.0 was released in January 2002.
•DOCSIS 2.0 enhanced upstream transmission speeds and QoS
capabilities.
– DOCSIS 3.0 is expected to feature channel bonding, enabling http://en.wikipedia.org/wiki/DOCSIS
the use
of multiple downstream and
upstream channels.
21
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
The Data-over-Cable Service Interface Specification
 Plans for frequency allocation bands differ between North American
and European cable systems.
Euro-DOCSIS is adapted for use in Europe.
The main differences between DOCSIS and Euro-DOCSIS relate to
channel bandwidths.
 TV technical standards vary across the world, which affects the way
DOCSIS variants develop.
International TV standards include NTSC in North American and parts of
Japan;
PAL in most of Europe, Asia, Africa, Australia, Brazil, and Argentina;
SECAM in France and some Eastern European countries.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Hybrid Fiber-Coaxial (HFC) Cable Networks
 Accessing the Internet through a cable network is a
popular option that teleworkers can use to access
their enterprise network.
–A significant drawback of only using coaxial cable is
the signal attenuation that happens when the signal
travels from the antenna to the subscriber.
–Amplifiers placed approximately every 2000 feet, boost
signal strength and ensure that RF signals have
enough power to receive all channels for analog TV,
digital TV, and digital data cable modem services.
 Modern cable operators use an HFC network that
deploys fiber in the trunks:
–Reduces the number of amplifiers
–Thin and lightweight—takes less space
–Covers longer distances
–Induces less or virtually no noise
–Less loss of signal
–Immune to external influences, such as thunder or RF
interference
–Easier to handle
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Hybrid Fiber-Coaxial (HFC) Cable Networks
 HFC architecture is relatively simple. A
web of fiber trunk cables connects the
headend (or hub) to the nodes where
optical-to-RF signal conversion takes
place.
–Fiber trunks carry downstream traffic at a
signal strength above 50 decibels (dB) and
reduce the number of cable amplifiers in
trunk lines.
–Coaxial cable is already in place throughout
many neighborhoods, so cable operators
can build an HFC network without having to
replace existing coaxial cable between
nodes and subscribers.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Sending Data over Cable
 Two types of equipment are required to send
digital modem signals upstream and downstream
on a cable system:
–A cable modem (CM) on the subscriber end
–A cable modem termination system (CMTS) at the
headend of the cable operator
 In a modern HFC network, 500 to 2000 active data
subscribers are typically connected to a cable
network segment, all sharing the upstream and
downstream bandwidth.
–The actual bandwidth for Internet service over a
CATV line can be up to 27 Mbps on the download
path to the subscriber and about 2.5 Mbps of
bandwidth on the upload path.
•Based on the cable network architecture, cable operator
provisioning practices, and traffic load, an individual
subscriber can typically get an access speed of between
256 kb/s and 6 Mb/s.
http://en.wikibooks.org/wiki/Computer_Networks/Cable
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Sending Data over Cable (cont.)
 When high usage causes congestion,
–The cable operator can add additional
bandwidth for data services by allocating
an additional TV channel for high-speed
data.
•This addition may effectively double the
downstream bandwidth that is available to
subscribers.
–Another option is to reduce the number of
subscribers served by each network
segment.
•To reduce the number of subscribers,
the cable operator further subdivides
the network by laying the fiber-optic
connections closer and deeper into the
neighborhoods.
http://en.wikibooks.org/wiki/Computer_Networks/Cable
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Cable Technology: Putting It All Together
 In the downstream path,
– the local headend (LHE) distributes TV signals to subscribers
via the distribution network.
– TV signals are received through satellite dishes.
– The CMTS modulates digital data on an RF signal and
combines that RF signal with the TV signals.
– At the fiber node, the optical signal is converted back to an RF
signal and then transmitted over the coaxial network comprised
of amplifiers, taps, and drops.
– At the subscriber end, an RF splitter divides the combined RF
signal into video and data portions.
– The CM receives the data portion of the RF signal.
– The CM, tuned to the data RF signal channels, demodulates
the data RF signal back into digital data and finally passes the
data to the computer over an Ethernet connection.
 In the upstream direction,
– the CM decodes the digital information from the Ethernet
connection, modulates a separate RF signal with this digital
information, and transmits this signal at a certain RF power
level.
– At the headend, the CMTS, tuned to the data RF channels,
demodulates the data RF signal back to digital data and routes
the digital data to the Internet.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Data Cable Network Technology Issues
 Because subscribers share a coaxial cable line,
some problems may occur:
–Subscribers on a segment share the available
bandwidth on that segment.
•The bandwidth that is available to each subscriber
varies based on the number of subscribers.
•Cable operators resolve this issue by adding RF
channels and splitting the service area into multiple
smaller areas within the segment.
–As with any shared media, there is a risk of
privacy loss. Available safeguards are encryption
and other privacy features, which are specified in
the DOCSIS standard used by most CMs.
 A common misconception is that a computer
may communicate directly with another
computer on the same segment. This is not
possible because the CM transmits on a
completely separate frequency than the
frequency on which another CM would receive.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Data Cable Network Technology Issues
 Data Transport Services
Security
 DOCSIS data transport security
provides cable modem users with
data privacy across the cable network
by encrypting traffic flows between
the Cable Modem (CM) and the
Cable Modem Termination System
(CMTS) located in the cable network
headend.
–It should be noted, however, that these
security services only apply to the access
network. Once traffic makes its way from
the access network onto the Internet
backbone, it will be subject to privacy
threats common to all traffic traveling
across the Internet, regardless of how it
got onto the Internet.
http://www.cablelabs.com/news/newsletter/SPECS/September_SPECSTECH/tech.pgs/leadstory.html
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
What is DSL
 Several years ago, Bell Labs identified that a typical
voice conversation over a local loop only required
the use of bandwidth of 300 Hz to 3 kHz.
–For many years, the telephone networks did not use
the bandwidth beyond 3 kHz.
 Advances in technology allowed DSL to use the
additional bandwidth above 3 kHz up to 1 MHz to
deliver high-speed data services over ordinary
copper lines.
–As an example, asymmetric DSL (ADSL) uses a
frequency range from approximately 20 kHz to 1 MHz.
–Fortunately, only relatively small changes to existing
telephone company infrastructure are required to
deliver high-bandwidth data rates to subscribers.
 Figure shows a representation of bandwidth space
allocation on a copper wire for ADSL.
–The green area represents the space used by POTS,
–The other colored spaces represent the space used
by the upstream and downstream DSL signals.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
http://en.wikibooks.org/wiki/Computer_Networks
/DSL
30
What is DSL
 Service providers deploy DSL connections in the
last step of a local telephone network, called the
local loop or last mile.
–The connection is set up between a pair of modems
on either end of a copper wire that extends between
the customer premises equipment (CPE) and the
DSL access multiplexer (DSLAM).
 The two key components of DSL connection are:
–DSLAM: A DSLAM is the device located at the
central office (CO) of the provider.
•The DSLAM is at the central office and combines
individual DSL connections from users into one high
capacity link to the Internet.
–The DSL transceiver: it connects the teleworker’s
computer to the DSL line.
•Newer DSL transceivers can be built into small routers
with multiple 10/100 switch ports for home office use.
 The advantage that DSL has over cable
technology is that DSL is not a shared medium.
–Each user has a separate direct connection to the
DSLAM.
–Adding users does not impede performance unless
the DSLAM Internet connection on the other side
becomes saturated.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
How Does DSL Work?
 DSL types fall into two major categories, taking into
account downstream and upstream speeds:
– Symmetrical DSL: Upstream and downstream speeds
are the same. (Enterprise user)
– Asymmetrical DSL: Upstream and downstream speeds
are different. Downstream speed is typically higher than
upstream speed. (Home user)
 The term xDSL covers a number of DSL variations,
such as Asymmetric DSL (ADSL), high-data-rate DSL
(HDSL), Rate Adaptive DSL (RADSL), symmetric DSL
(SDSL), ISDN DSL (IDSL), and very-high-data-rate
DSL (VDSL).
– DSL types that do not use the voice frequency band allow
DSL lines to carry both data and voice signals
simultaneously (for example, ADSL and VDSL types),
while other DSL types occupying the complete frequency
range can carry data only (for example, SDSL and IDSL
types).
 The data rate that DSL service can provide depends
on the distance between the subscriber and the CO.
– The shorter the distance: the higher the bandwidth
available.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
http://www.linktionary.com/d/dsl.html
32
DSL Variants
 The following properties differentiate DSL variants:
–Nature: Symmetrical DSL has the same speed in both
directions, while asymmetric DSL has different
downstream and upstream speeds.
–Maximum data rate: This defines the maximum speed
that you can deploy with a certain type of DSL.
–Line coding technology: This describes the technique
used to represent digital signals transported over a
copper twisted pair so that the receiver can interpret the
signals accurately. (CAP, DMT, G.Lite)
The transfer rates are dependent on
the actual length of the local loop,
and the type and condition of its
cabling. For satisfactory service, the
loop must be less than 5.5
kilometers (3.5 miles).
–Data and voice support: Depending on the usage of
the available frequency spectrum, certain DSL types
support data and voice simultaneously while other types
do not.
–Maximum distance: This describes the maximum
distance that a certain type of DSL connection can span.
Data Rate
Wire Gauge
Distance
Wire Size
Distance
1.5 or 2 Mbps
24 AWG
18,000 ft
0.5 mm
5.5 km
1.5 or 2 Mbps
26 AWG
15,000 ft
0.4 mm
4.6 km
6.1 Mbps
24 AWG
12,000 ft
0.5 mm
3.7 km
6.1 Mbps
26 AWG
9,000 ft
0.4 mm
2.7 km
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
DSL Variants
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
ADSL and POTS Coexistence
 The major benefit of ADSL is the ability to provide
data services with voice services.
–Figure shows the data channel is established
between the CPE modem and the CO DSLAM.
–The voice channel is established between the
telephone and the voice switch at the CO premises.
 ADSL signals distort voice transmission and are
split or filtered at the customer premises.
–A microfilter filters the ADSL signal from the voice
signal. This solution eliminates the need for a
technician to visit the premises and allows the user
to use any jack in the house for voice or ADSL
service.
–POTS splitters separate the DSL traffic from the
POTS traffic. The POTS splitter is a passive device.
Splitters are located at the CO and, in some
deployments, at the customer premises.
•Figure uses a splitter at the customer premises.
•The actual device is the network interface device (NID).
•The splitter acts as a low-pass filter, allowing only the 0
to 4 kHz frequencies to pass to or from the telephone.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
ADSL and POTS Coexistence
 Because of this additional labor and technical
support, most home installations today use
microfilters.
– Using microfilters also has the advantage of
providing wider connectivity through the
residence.
– Since the POTS splitter separates the ADSL and
voice signals at the NID, there is usually only
one ADSL outlet available in the house.
– The user can install inline microfilters on each
telephone, or install wall-mounted microfilters in
place of regular telephone jacks.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Broadband Wireless
 Wireless networking, or Wi-Fi, has
improved the connectivity situation, not
only in the SOHO, but on enterprise
campuses as well.
–Using 802.11 networking standards, data travels
from place to place on radio waves.
•What makes 802.11 networking easy to deploy is
that it uses the unlicensed radio spectrum.
•Most radio and TV transmissions are government
regulated and require a license to use.
–A hotspot is the area covered by one or more
interconnected access points.
•Public gathering places, like coffee have created
Wi-Fi hotspots, hoping to increase business.
•By overlapping access points, hotspots can cover
many square miles.
–[Tony]: CDMA, EVDO, WiMax, Satellite,
smartphone …
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Broadband Wireless
 Until recently, a significant limitation of wireless access has been the
need to be within the local transmission range (typically less than
100 feet) of a wireless router or wireless access.
 New developments in broadband wireless technology are increasing
wireless availability. These include:
–Municipal Wi-Fi
–WiMAX
–Satellite Internet
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
Broadband Wireless: Municipal Wi-Fi
 Municipal governments also join the Wi-Fi revolution.
–Often working with service providers, cities are deploying
municipal wireless networks.
–Some of these networks provide high-speed Internet
access at no cost or for substantially less than the price of
other broadband services.
–Other cities reserve their Wi-Fi networks for official use,
providing police, fire fighters, and city workers remote
access to the Internet and municipal networks.
 Most municipal wireless networks use a mesh topology
rather than a hub-and-spoke model.
–A mesh is a series of access points (radio transmitters).
Each access point is in range and can communicate with at
least two other access points.
–From an operational point of view, it is more reliable. If a
node fails, others in the mesh compensate for it.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
Broadband Wireless: WiMAX
 WiMAX (Worldwide Interoperability for Microwave
Access) is telecommunications technology aimed at
providing wireless data over long distances in a variety
of ways, from point-to-point links to full mobile cellular
type access.
–WiMAX operates at higher speeds, over greater distances,
and for a greater number of users than Wi-Fi.
–Because of its higher speed (bandwidth) and falling
component prices, the WiMAX will soon supplant municipal
mesh networks for wireless deployments.
 A WiMAX network consists of two main components:
–A tower that is similar to a cellular telephone tower. A
single WiMAX tower can provide coverage to an area as
large as 3,000 square miles, or almost 7,500 square
kilometers.
–A WiMAX receiver that is similar in size to a PCMCIA
card, or built into a laptop or other wireless device.
• A tower can also connect to other WiMAX towers using lineof-sight microwave links.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
40
Broadband Wireless: Satellite Internet
 Satellite Internet services are used in locations where
land-based Internet access is not available, or for
temporary installations that are continually on the move.
–Internet access using satellites is available worldwide,
including for vessels at sea, airplanes in flight, and vehicles
moving on land.
 There are 3 ways to connect to Internet using satellites:
–One-way multicast satellite Internet systems are used for
IP multicast-based data, audio, and video distribution.
• Even though most IP protocols require two-way
communication, for Internet content, including web pages,
one-way satellite-based Internet services can be "pushed"
pages to local storage at end-user sites by satellite Internet.
Full interactivity is not possible.
–One-way terrestrial return satellite Internet systems use
traditional dialup access to send outbound data through a
modem and receive downloads from the satellite.
–Two-way satellite Internet sends data from remote sites via
satellite to a hub, which then sends the data to the Internet.
The satellite dish at each location needs precise positioning
to avoid interference with other satellites.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
41
Broadband Wireless: Satellite Internet
 The figure illustrates a two-way satellite Internet
system. Upload speeds are about one-tenth of the
download speed, which is in the range of 500 kb/s.
 The key installation requirement is for the antenna
to have a clear view toward the equator, where
most orbiting satellites are stationed.
–Trees and heavy rains can affect reception of the
signals.
 Two-way satellite Internet uses IP multicasting
technology, which allows one satellite to serve up
to 5,000 communication channels simultaneously.
–IP multicast sends data from one point to many
points at the same time by sending data in a
compressed format. Compression reduces the size of
the data and the bandwidth.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
42
Broadband Wireless
 The IEEE 802.11 wireless local area network
(WLAN) standard, which addresses the 5 GHz
and 2.4 GHz public (unlicensed) spectrum
bands.
– The most popular access approaches to
connectivity are those defined by the IEEE
802.11b and IEEE 802.11g protocols.
– The latest standard, 802.11n, is a proposed
amendment that builds on the previous 802.11
standards by adding multiple-input multipleoutput (MIMO).
– [Tony]: 802.11a – 5.4 GHz and 54 Mb/s
 The 802.16 (or WiMAX) standard allows
transmissions up to 70 Mb/s, and has a range of
up to 30 miles (50 km). It can operate in
licensed or unlicensed bands of the spectrum
from 2 to 6 GHz.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
43
VPN
 A VPN creates a private network over a public
network infrastructure while maintaining
confidentiality and security.
 VPNs use cryptographic tunneling protocols to
provide protection against packet sniffing, sender
authentication, and message integrity.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
44
VPNs and Their Benefits
 The Internet is a worldwide, publicly
accessible IP network. Because of its
global proliferation, it is an attractive
way to interconnect remote sites.
–However, the fact that it is a public
infrastructure poses security risks to
enterprises and their internal networks.
–Fortunately, VPN technology enables
organizations to create private networks over
the public Internet infrastructure that maintain
confidentiality and security.
–Organizations use VPNs to provide a virtual
WAN infrastructure that connects branch
offices, home offices, business partner sites,
and remote telecommuters to all or portions
of their corporate network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
45
VPNs and Their Benefits
 Organizations using VPNs benefit from
increased flexibility and productivity.
–Cost savings - Organizations can use Internet
infrastructure to connect remote offices and users
to the main corporate site.
•This eliminates expensive dedicated WAN links and
modem banks.
•Remote sites and teleworkers can connect securely
to the corporate network from almost any place.
•VPNs bring remote hosts inside the firewall, giving
them close to the same levels of access to network
devices as if they were in a corporate office.
–Security - Advanced encryption and
authentication protocols protect data from
unauthorized access.
–Scalability - Organizations, big and small, are
able to add large amounts of capacity without
adding significant infrastructure.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
46
Types of VPNs: Site-to-Site VPNs
 Because most organizations now have Internet
access, it makes sense to take advantage of the
benefits of site-to-site VPNs.
– Site-to-site VPNs support company intranets and
business partner extranets.
 In effect, a site-to-site VPN is an extension of classic
WAN networking.
– Site-to-site VPNs connect entire networks to each
other. For example, they can connect a branch office
network to a company headquarters network.
 In a site-to-site VPN, hosts send and receive IP traffic
through a VPN gateway, which could be a router, PIX
firewall, or an ASA.
– The VPN gateway is responsible for encapsulating and
encrypting outbound traffic and sending it through a
VPN tunnel over the Internet to the target site.
– On receipt, the peer VPN gateway strips the headers,
decrypts the content, and relays the packet toward the
target host inside its private network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
47
Types of VPNs: Remote Access VPNs
 Mobile users and telecommuters use remote
access VPNs extensively.
– In the past, corporations supported remote users
using dialup networks. This usually involved a
toll call and incurring long distance charges.
– Most teleworkers now have access to the
Internet from their homes and can establish
remote VPNs using broadband connections.
– Remote access VPNs can support the needs of
telecommuters, mobile users, as well as extranet
consumer-to-business.
 In a remote-access VPN, each host typically has
VPN client software.
– Whenever the host tries to send any traffic, the
VPN client software encapsulates and
encrypts that traffic before sending it over the
Internet to the VPN gateway at the edge of the
target network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
48
VPN Components
 Components required to establish VPN include:
–An existing network with servers and workstations
–A connection to the Internet
–VPN gateways, such as routers, firewalls, VPN
concentrators, and ASAs, that act as endpoints to
establish, manage, and control VPN connections
–Appropriate software to create and manage VPN
tunnels
 The key to VPN effectiveness is security. VPNs
secure data by encapsulating or encrypting the
data. Most VPNs can do both.
–Encapsulation referres to as tunneling, because
encapsulation transmits data transparently from
network to network through a shared infrastructure.
–Encryption codes data into a different format
using a secret key. Decryption decodes encrypted
data into the original unencrypted format.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
49
Characteristics of Secure VPNs
 The 3 foundation of a secure VPN are the followings:
–Data confidentiality - A common security concern is protecting data from
eavesdroppers or unauthorized sources.
• VPNs achieve confidentiality using encapsulation and encryption.
–Data integrity - Data integrity guarantees that no tampering or
alterations occur to data while it travels between the source and
destination.
• VPNs typically use hashes to ensure data integrity.
• A hash is like a checksum or a seal that guarantees that no one has read
the content, but it is more robust.
–Authentication - Authentication ensures that a message comes from an
authentic source and goes to an authentic destination.
• User identification gives a user confidence that the party with whom the
user establishes communications is who the user thinks the party is.
• VPNs can use passwords, digital certificates, smart cards, and biometrics to
establish the identity of parties at the other end of a network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
50
VPN Tunneling
 Tunneling allows the use of public networks like the
Internet to carry data for users as though the users
had access to a private network.
– Tunneling encapsulates an entire packet within
another packet and sends the new, composite packet
over a network.
•
The protocol that is wrapped around the original
data (GRE, IPsec, L2F, PPTP, L2TP)
 This figure illustrates an e-mail message traveling
through the Internet over a VPN.
– PPP carries the message to the VPN device, where
the message is encapsulated within a Generic Route
Encapsulation (GRE) packet.
• GRE is a tunneling protocol developed by Cisco.
– The outer packet source and destination addressing is
assigned to "tunnel interfaces" and is made routable
across the network.
– Once a composite packet reaches the destination
tunnel interface, the inside packet is extracted.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
51
VPN Data Integrity OR Confidentiality
 If plain text data is transported over the public
Internet, it can be intercepted and read. To keep
the data private, it needs to be encrypted.
– VPN encryption encrypts the data and renders it
unreadable to unauthorized receivers.
 For encryption to work, both the sender and the
receiver must know the rules used to transform
the original message into its coded form.
– VPN encryption rules include an algorithm and a
key.
– An algorithm is a mathematical function that
combines a message, text, digits, or all three
with a key.
– The output is an unreadable cipher string.
– Decryption is extremely difficult or impossible
without the correct key.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
52
Encryption Algorithm and Key Length
 The degree of security provided by any encryption
algorithm depends on the length of the key.
–The shorter the key, the easier it is to break,
–However, the shorter the key, the easier it is to pass
the message.
 Some of the more common encryption algorithms and
the length of keys they use are as follows:
–Data Encryption Standard (DES) algorithm Developed by IBM, DES uses a 56-bit key.
• DES is a symmetric key cryptosystem.
–Triple DES (3DES) algorithm - A variant of DES that
encrypts with one key, decrypts with another different
key, and then encrypts one final time with another key.
–Advanced Encryption Standard (AES) - AES
provides stronger security than DES and is
computationally more efficient than 3DES. AES offers
three different key lengths: 128, 192, and 256-bit keys.
192 bits
–Rivest, Shamir, and Adleman (RSA) - An
asymmetrical key cryptosystem. The keys use a bit
length of 512, 768, 1024, or larger.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
53
Symmetric and Asymmetric Encryption
 Symmetric Encryption
–Symmetric key encryption, also called secret key
encryption, each computer encrypts the
information before sending it over the network to
the other computer.
• Encryption algorithms such as DES and 3DES.
–For example, a sender creates a coded message
where each letter is substituted with the letter that
is two letters down in the alphabet;
• "A" becomes "C," and "B" becomes "D", and so
on.
• In this case, the word SECRET becomes
UGETGV.
• The sender has already told the recipient that the
secret key is "shift by 2." When the recipient
receives the message UGETGV, the recipient
computer decodes the message by shifting back
two letters and calculating SECRET.
–The question is, how do the encrypting and
decrypting devices both have the shared secret
key?
• You could use e-mail, courier, or overnight
express to send the shared secret keys to the
administrators of the devices.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
54
Symmetric and Asymmetric Encryption
 Asymmetric Encryption
–Public key encryption is a variant of asymmetric
encryption that uses a combination of a private
key and a public key.
–Asymmetric encryption uses different keys for
encryption and decryption.
• Knowing one of the keys does not allow a hacker
to deduce the second key and decode the
information.
• One key encrypts the message, while a second
key decrypts the message.
–Using public key encryption to exchange data is
a three-step process:
• sender and receiver exchange their public keys
(their private keys are never given out);
• the sender uses the recipient's public key in
encrypting a message then sends it;
• the recipient's complementary private key is used
to decrypt the received message.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
55
Symmetric and Asymmetric Encryption
http://www.netcraftsmen.net/welcher/papers/ipsec1.html
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
56
VPN Data Integrity
 Hashes contribute to data integrity and
authentication by ensuring that unauthorized
persons do not tamper with transmitted
messages.
–A hash, also called a message digest, is a
number generated from a string of text.
–The hash is smaller than the text itself. It is
generated using a formula in such a way that it is
extremely unlikely that some other text will produce
the same hash value.
 In the figure, someone is trying to send Jeremy a
check for US$100. At the remote end, Alex Jones
(likely a criminal) is trying to cash the check for $1,000.
–As the check progressed through the Internet, it was
altered. Both the recipient and dollar amounts were
changed.
–In this case, if a data integrity algorithm was used, the
hashes would not match, and the transaction would no
longer be valid.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
57
VPN Data Integrity
 A keyed hashed message authentication code
(HMAC) is a data integrity algorithm that
guarantees the integrity of the message.
• The original sender generates a hash of the
message and sends it with the message
itself.
• The recipient decrypts the message and the
hash, produces another hash from the
received message, and compares the two
hashes.
• If they are the same, the recipient can be
reasonably sure the integrity of the message
has not been affected.
• However, if there is no match, the message
was altered.
 There are two common HMAC algorithms:
–Message Digest 5 (MD5)
• Uses a 128-bit shared secret key.
–Secure Hash Algorithm 1 (SHA-1)
• Uses a 160-bit secret key.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
58
VPN Data Integrity
 The device on the other end of the VPN tunnel must
be authenticated before the communication path is
considered secure.
 There are two peer authentication methods:
–Pre-shared key (PSK)
• PSKs use symmetric key cryptographic algorithms.
• A PSK is entered into each peer manually and is used to
authenticate the peer.
–RSA signature
• Uses the exchange of digital certificates to authenticate
the peers.
• The local device derives a hash and encrypts it with its
private key.
• The encrypted hash (digital signature) is attached to the
message and forwarded to the remote end.
• At the remote end, the encrypted hash is decrypted using
the public key of the local end. If the decrypted hash
matches the recomputed hash, the signature is genuine.
 Example of RSA encryption.
–http://www.securecottage.com/demo/rsa2.html
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
59
IPsec Security Protocols
 IPsec is protocol suite for securing IP communications
with encryption, integrity, and authentication.
 There are two main IPsec framework protocols.
–Authentication Header (AH) - Use when confidentiality is
not required or permitted.
• AH provides data authentication and integrity.
• It verifies that any message passed from R1 to R2 has not
been modified during transit.
• It also verifies that the origin of the data.
• AH does not provide data confidentiality (encryption).
• Used alone, the AH protocol provides weak protection.
• Consequently, it is used with the ESP protocol to provide
data encryption and tamper-aware security features.
–Encapsulating Security Payload (ESP) - Provides
confidentiality and authentication by encrypting packet.
• ESP authenticates the inner IP packet and ESP header.
• Authentication provides data origin authentication and data
integrity.
• Although both encryption and authentication are optional in
ESP, at a minimum, one of them must be selected.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
60
IPsec Security Protocols
 Some of the standard algorithms that IPsec uses are:
–DES - Encrypts and decrypts packet data.
–3DES - Provides significant encryption strength over DES.
–AES - Provides stronger encryption and faster throughput.
–MD5 - Authenticates packet data, using a 128-bit key.
–SHA-1 - Authenticates packet data, using a 160-bit key.
–DH - Allows two parties to establish a shared secret key
used by encryption and hash algorithms, for example, DES
and MD5, over an insecure communications channel.
 When configuring an IPsec,
–first choose an IPsec protocol.
• The choices are ESP or ESP with AH.
–The second choose an encryption algorithm
• if IPsec is implemented with ESP. Choose the encryption
algorithm: DES, 3DES, or AES.
–The third choose is authentication.
• Choose an authentication algorithm to provide data integrity:
MD5 or SHA.
–The last choice is the Diffie-Hellman (DH) algorithm group.
• Which establishes the sharing of key information between
peers. Choose which group to use, DH1 or DH2.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
61
IPsec Security Protocols: Activity
 In this activity, a simulation is provided of a small company that has setup Internet connectivity using
two Linksys WRVS4400N business class routers. One is located at the Central site and the other at the
Branch site. They would like to access resources between sites but are concerned that the Internet
traffic would not be secure. To address their concern, it has been suggested that they implement a siteto-site VPN between the two sites. A VPN would enable the Branch site office to connect to the Central
site office securely by creating a VPN tunnel which would encrypt and decrypt data.
 Referencing the topology, you will use the Linksys router’s web configuration utility to configure the
settings and enable a VPN called Site-to-Site using MD5 authentication, 3DES encryption, and a preshared key of cisco123.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
62
IPsec Security Protocols: Activity
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
63
Chapter Summary
 In this chapter, you have learned to:
– Describe the enterprise requirements for providing teleworker
services, including the differences between private and public
network infrastructures.Tony Chen COD
– Describe the teleworker
requirements Academy
and recommended
Cisco Networking
architecture for providing teleworking services.
– Explain how broadband services extend enterprise networks using
DSL, cable, and wireless technology.
– Describe the importance of VPN technology, including its role and
benefits for enterprises and teleworkers.
– Describe how VPN technology can be used to provide secure
teleworker services to an enterprise network.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
64