Sybex CCNA 640-802

Chapter 16: Wide Area Networks

Instructor & Todd Lammle

Chapter 14 Objectives
The CCNA Topics Covered in this chapter
include:
Introduction to WANs
HDLC
PPP
Frame Relay
Introduction to VPNs

Defining WAN Terms

Customer Premises Equipment (CPE)

Demarcation (demarc)
Local loop
Central Office (CO)
Toll network

WAN Connection Bandwidth

Digital Signal 0 (DS0) This is the basic digital signaling rate of 64Kbps, equivalent to one channel.
Europe uses the E0 and Japan uses the J0 to reference the same channel speed. Typically used in a
T-carrier transmission, this is the generic term used by several multiplexed digital carrier systems. This
is the smallest capacity digital circuit. 1 DS0 = 1 voice/data line.
T1 Also referred to as a DS1, this contains 24 DS0 circuits bundled together with a total bandwidth of
1.544Mbps.
E1 European equivalent of the T1. Contains 30 DS0 circuits bundled together with a bandwidth of
2.048Mbps.
T3 Referred to as a DS3, this has 28 DS1s bundled together, or 672 DS0s, with a bandwidth of
44.736Mbps.
OC-3 Optical Carrier (OC) 3, uses fiber, is made up of three DS3s bundled together, and contains
2,016 DS0s with a total bandwidth of 155.52Mbps.
OC-12 Optical Carrier 12 is make up of four OC-3s bundled together and contains 8,064 DS0s with a
total bandwidth of 622.08Mbps.
OC-48 Optical Carrier 48 is made up of four OC12s bundled together and contains 32,256 DS0s with
a total bandwidth of 2488.32Mbps.

WAN Connection Types

WAN Support

Frame Relay
ISDN
LAPB
LAPD
HDLC
PPP
ATM
PPPoE
Cable
DSL
MPLS
DWDM

Cable and DSL

Comparisons
Speed
Security
Popularity
Customer satisfaction

Cable Terms
Headend
Distribution network
DOCSIS (Data Over Cable Service
Interface Specification)

Digital Subscriber Line (DSL)

Symmetrical DSL
Asymmetrical DSL

ADSL
PPPoE
RFC1483 Routing
PPPoA

PPPoE with ADSL

DTE-DCE-DTE

HDLC Protocol
Bit-oriented Data Link layer ISO
standard protocol
Specifies a data encapsulation
method
No authentication can be used

HDLC Frame Format

Point-to-Point Protocol (PPP)

Purpose:
Transport layer-3 packets across a
Data Link layer point-to-point link

Can be used over asynchronous

serial (dial-up) or synchronous
serial (ISDN) media
Uses Link Control Protocol (LCP)
Builds & maintains data-link
connections

Point-to-Point Protocol Stack

PPP Main Components

EIA/TIA-232-C
Intl. Std. for serial communications
HDLC
Serial link datagram encapsulation method
LCP
Used in P-t-P connections:
Establishing
Maintaining
Terminating
NCP
Method of establishing & configuring Network
Layer protocols
Allows simultaneous use of multiple Network
layer protocols

LCP Configuration Options

Authentication
PAP
CHAP
Compression
Stacker
Predictor
Error detection
Quality
Magic Number
Multilink
Splits the load for PPP over 2+ parallel
circuits; a bundle

PPP Session Establishment

Link-establishment phase
Authentication phase
Network-layer protocol phase

PPP Session Establishment

PPP Authentication Methods

Password Authentication Protocol
(PAP)
Passwords sent in clear text
Remote node returns username &
password

Challenge Authentication Protocol

(CHAP)
Done at start-up & periodically
Challenge & Reply
Remote router sends a one-way hash ~ MD5

Configuring PPP
on Router A to talk to Router B

Step #1: Configure PPP

RouterA#config t
RouterA(config)#int s0
RouterAconfig-if)#encapsulation ppp
RouterA(config-if)#^Z

Step #2: Define the username & password

RouterA(config)#username RouterB password cisco
RouterB(config)#username RouterA password cisco
NOTE: (1) Username maps to the remote router
(2) Passwords must match

Step #3: Choose Authentication type for each router;

CHAP/PAP
RouterA(Config)#int s0
RouterA(config-if)#ppp authentication chap
RouterA(config-if)#ppp authentication pap
RouterA(config-if)#^Z

PPP Example 1

PPP Example 2

PPP Example 3

PPP Example 4

Frame Relay
Background
High-performance WAN encapsulation
method
OSI Physical & data Link layer
Originally designed for use across ISDN

Supported Protocols
IP, DECnet, AppleTalk, Xerox Network
Service (XNS), Novell IPX, Banyan
Vines, Transparent Bridging, & ISO

Frame Relay
Purpose
Provide a communications
interface between DTE & DCE
equipment
Connection-oriented Data Link
layer communication
Via virtual circuits
Provides a complete path from the
source to destination before sending
the first frame

Before Frame Relay

After Frame Relay

Frame Relay Terminology

Committed Information Rate (CIR)
Access rate

Committed Information
Rate (CIR)
Definition: Provision allowing
customers to purchase amounts of
bandwidth lower than what they
might need
Cost savings
Good for bursty traffic
Not good for constant amounts of
data transmission

Frame Relay Encapsulation

Specified on serial interfaces
Encapsulation types:
Cisco (default encapsulation type)
IETF (used between Cisco & non-Cisco
devices)
RouterA(config)#int s0
RouterA(config-if)#encapsulation
frame-relay ?
ietf
Use RFC1490
encapsulation
<cr>

Data Link Connection Identifiers

(DLCIs)
Frame Relay PVCs are identified by DLCIs
IP end devices are mapped to DLCIs
Mapped dynamically or mapped by IARP

Global Significance:
Advertised to all remote sites as the same PVC

Local Significance:
DLCIs do not need to be unique

Configuration
RouterA(config-if)#frame-relay interface-dlci ?
<16-1007> Define a DLCI as part of the current
subinterface
RouterA(config-if)#frame-relay interface-dlci 16

DLCIs are Locally Significant

Local Management
Interface (LMI)
Background
Purpose
LMI Messages
Keepalives
Multicasting
Multicast addressing
Status of virtual circuits

LMI Types
Configuration:
RouterA(config-if)#frame-relay lmi-type ?
cisco
ansi
q933a

Beginning with IOS ver 11.2+ the LMI

type is auto-sensed
Default type: cisco

Virtual circuit status:

Active
Inactive
Deleted

Congestion Control
Discard Eligibility (DE)
Forward-Explicit Congestion
Notification (FECN)
Backward-Explicit Congestion
Notification (BECN)

Frame Relay Implementation

Single Interface

Partial Meshed Networks

Sub-interfaces
Definition
Multiple virtual circuits on a single
serial interface
Enables the assignment of different
network-layer characteristics to each
sub-interface
IP routing on one sub-interface
IPX routing on another

Mitigates difficulties associated with:

Partial meshed Frame Relay networks
Split Horizon protocols

Creating Sub-interfaces
Configuration:
#1: Set the encapsulation on the serial interface
#2: Define the subinterface
RouterA(config)#int s0
RouterA(config)#encapsulation frame-relay
RouterA(config)#int s0.?
<0-4294967295> Serial interface number
RouterA(config)#int s0.16 ?
multipoint
Treat as a multipoint link
point-to-point
Treat as a point-to-point link

Mapping Frame Relay

Necessary to IP end devices to
communicate
Addresses must be mapped to
the DLCIs
Methods:
Frame Relay map command
Inverse-arp function

Using the map command

RouterA(config)#int s0
RouterA(config-if)#encap frame
RouterA(config-if)#int s0.16 point-to-point
RouterA(config-if)#no inverse-arp
RouterA(config-if)#ip address 172.16.30.1 255.255.255.0
RouterA(config-if)#frame-relay map ip 172.16.30.17 16
ietf broadcast
RouterA(config-if)#frame-relay map ip 172.16.30.18 17
broadcast
RouterA(config-if)#frame-relay map ip 172.16.30.19 18

Using the inverse arp

command

RouterA(config)#int s0.16 point-to-point

RouterA(config-if)#encap frame-relay ietf
RouterA(config-if)#ip address 172.16.30.1
255.255.255.0

Monitoring Frame Relay

RouterA>sho frame ?
ip
show frame relay IP statistics
lmi
show frame relay lmi statistics
map
Frame-Relay map table
pvc
show frame relay pvc statistics
route show frame relay route
traffic Frame-Relay protocol statistics
RouterA#sho int s0
RouterB#show frame map
Router#debug frame-relay lmi

Troubleshooting Frame Relay

Why cant RouterA talk to RouterB?

Troubleshooting Frame Relay

Why is RIP not sent across the PVC?

Introduction to VPNs
VPNs are used daily to give
remote users and disjointed
networks connectivity over a
public medium like the Internet
instead of using more
expensive permanent means.

49

Types of VPNs
REMOTE ACCESS VPNS
Remote access VPNs allow remote users like telecommuters to securely
access the corporate network wherever and whenever they need to.

SITE-TO-SITE VPNS
Site-to-site VPNs, or, intranet VPNs, allow a company to connect its remote
sites to the corporate backbone securely over a public medium like the
Internet instead of requiring more expensive WAN connections like
Frame Relay.

EXTRANET VPNS
Extranet VPNs allow an organizations suppliers, partners, and customers to
be connected to the corporate network in a limited way for business-tobusiness (B2B) communications.

50

Cisco IOS IPsec

IPSec Transforms
specify a single security protocol with its
corresponding security algorithm

Security Protocols
Authentication Header (AH)
Encapsulating Security Payload
(ESP)

51

IpSec benefits
Confidentiality
Data origin authentication
and connectionless integrity
Anti-replay service
Traffic flow

52

Encryption

Symmetric encryption
Asymmetric Encryption
Private keys
Public keys

53

Written Labs and Review

Questions
Open your books and go through all the
written labs and the review questions.
Review the answers in class.

54