Cisco Press - CCNP Practical Studies - Exam 642-821 BCRAN

Table of Contents
Index
CCNP Practical Studies: Remote Access

ByWesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
Publisher: Cisco Press

Pub Date: December 22, 2003
ISBN: 1-58720-073-2
Pages: 528
Gain hands-on experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
Prepare for the CCNP 642-821 BCRAN exam and gain a better, practical understanding of
exam concepts
Experience how remote access concepts work in a real network with practice labs that walk
you through their implementation
Review set-up guides that show you how to prepare a lab for study
Ready yourself for the new simulation-based questions on the CCNP exams
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications. Designed as a topic-by-topic guide of how to apply remote access concepts in a real
network setting, this book is useful in preparing a CCNP candidate for the general exam
questions by providing a better understanding of how remote access really works. It is also
essential in preparing candidates for the new simulation-based questions that are on the Cisco
certification exams. Finally, it serves anyone wanting a guide to real-world application of these
concepts, regardless of certification interest.
Each chapter includes a review of the applicable technology, and guides the reader through
implementation of the technology. This step-by-step process can be executed on a home- or
office-based lab, a remote-accessible lab, some networking simulation software programs, or
even as a stand-alone guide.
All of the topics on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Copyright
Gain hands-on
experience of CCNP Remote Access topics with lab scenarios for the new 642-821
About the Authors
BCRAN About
exam.
the Technical Reviewers
Acknowledgments
Foreword
Prepare
for the CCNP 642-821 BCRAN exam and gain a better, practical understanding of
Introduction
exam concepts
Goals of This Book
Experience
how remote access concepts work in a real network with practice labs that walk
Audience
Organization
How Best
to Use guides
This Bookthat show you how to prepare a lab for study
Review
set-up
Equipment
Ready
yourself for the new simulation-based questions on the CCNP exams
Summary
Icons Used in This Book
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Command Syntax Conventions
821 BCRAN exam and for workplace challenges in implementing remote access network
Chapter 1. Introduction to Remote Access
of Remote-Access
networkTypes
setting,
this book Users
is useful in preparing a CCNP candidate for the general exam
Remote-Access
Technologies
questions by providing
a better understanding of how remote access really works. It is also
Summary
essential
in preparing candidates for the new simulation-based questions that are on the Cisco
certification
Reviewexams.
QuestionsFinally, it serves anyone wanting a guide to real-world application of these
concepts,
regardless
certification
interest.
Chapter
2. Building of
a CCNP
Remote-Access
Lab
Creating LANs
Creating WANs by Using a Cisco Router as a Frame Relay Switch
Creating
Asynchronous,
ISDN, PPP, DDR,lab,
Dial some
Backup,networking
AAA, and Security
Labs
office-based
lab,
a remote-accessible
simulation
software programs, or
even asSummary
a stand-alone guide.
Chapter 3. Modem Connections and Operation Overview
All of the
topicsModem
on the
new 642-821 BCRAN exam are covered, providing comprehensive exam
A Typical
Connection
preparation.
DTE-to-DTE Wiring
Data Compression and Error Control
Configuring the Modem (DCE)
Scenarios
Practical Exercise 3-1: Configuring a Modem on the AUX Port for EXEC Dial-in Connectivity
Practical Exercise 3-1 Solution

Practical Exercise 3-2: Connecting Routers Back-to-Back Through the AUX Ports
Summary
Review Questions
Chapter 4. Using Cable Modems to Access a Central Site
Cable Modem Technology Overview
Table of Contents
Scenarios
Index
Basic Cable Modem Troubleshooting Using Cisco IOS Software Commands

Practical Exercise: The CMTS and DOCSIS-Compliant Bridging Cable Modem Configuration
Practical Exercise Solution
Summary
Review Questions
Chapter 5. Configuring Point-to-Point Protocol and Controlling Network Access
ISBN: 1-58720-073-2
PPP Overview
Pages: 528
Configuring PPP
Scenarios
Practical Exercise: Dial In and Dial Out
Summary
BCRAN Review
exam.Questions
Chapter 6. Using ISDN and DDR Technologies to Enhance Remote Connectivity
ISDN Overview
Prepare
DDR
exam concepts
The ISDN Layer Protocols
Examining ISDN
Setup and
Teardown
Experience
howCall
remote
access
concepts work in a real network with practice labs that walk
Configuring
ISDN
Scenarios
Review
thatOut
show
you how to prepare a lab for study
Practicalset-up
Exerciseguides
6-1: Dialing
with ISDN
Practical Exercise 6-2: ISDN as a Backup
Practical Exercise
6-2 Remote
Solution Access (CCNP Self-Study) prepares readers for the CCNP 642CCNP Practical
Studies:
Summary
821 BCRAN
exam and for workplace challenges in implementing remote access network
applications.
Designed as a topic-by-topic guide of how to apply remote access concepts in a real
Review Questions
network
setting,
this book
is useful
a CCNP
for the general exam
Chapter
7. Optimizing
the Use
of DDR in
withpreparing
Interface Dialer
Profilescandidate
and Rotary Groups
questions
by
providing
a
better
understanding
of
how
remote
access
really works. It is also
DDR and Dialer Profiles
Dialer Rotary Group Overview
Dialer Profiles and Dialer Rotary Group Configuration
Scenarios
Practicalincludes
Exercise: Configuring
Profiles
Each chapter
a review Dialer
of the
applicable technology, and guides the reader through
implementation
of
the
technology.
This
step-by-step process can be executed on a home- or
office-based
lab,
a
remote-accessible
lab,
some networking simulation software programs, or
Summary
even asReview
a stand-alone
guide.
Questions
Chapter 8. Using DSL to Access a Central Site
ADSL Overview
preparation.
Cisco 6160 DSLAM Overview
Cisco 6400 UAC Overview
DSL Access Architectures and Protocols
Scenarios
Practical Exercise 8-1: PPPoA over DSL

Practical Exercise 8-2: RFC 1483 Bridging over DSL
Summary
Review Questions
Chapter 9. Frame Relay Connectivity and Traffic Flow Control
Frame Relay Background
Table of Contents
Frame Relay Terminology
Index
Frame Relay Devices

Frame Relay Topologies
Frame Relay Virtual Circuits
Frame Relay Configuration Tasks
Disabling or Reenabling Inverse ARP
Frame Relay Subinterfaces
ISBN: 1-58720-073-2
Network-to-Network Interface
Pages: 528
User-Network Interface
Congestion-Control Mechanisms
Frame Relay Traffic Shaping
Troubleshooting Frame Relay Connectivity
Scenarios
BCRAN Practical
exam. Exercise 9-1: Unnumbered Frame Relay
Practical Exercise 9-2: Configuring Multipoint Subinterfaces
Prepare
the CCNP
642-821 BCRAN exam and gain a better, practical understanding of
Practicalfor
Exercise
9-2 Solution
exam concepts
Practical Exercise 9-3: Configuring Traffic Shaping on a PVC
Practical Exercise
Solution
Experience
how 9-3
remote
access concepts work in a real network with practice labs that walk
Practical
Exercise
9-4:
Configuring Guaranteed Rates on an Interface
Review
that show
you
how
to prepare a lab for study
Practicalset-up
Exerciseguides
9-5: Configuring
Frame
Relay
Switching
Summary
Review Questions
CCNP Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Chapter exam
10. Enabling
a Backup
to the Permanent
Connection
821 BCRAN
and for
workplace
challenges
in implementing remote access network
applications.
as a topic-by-topic guide of how to apply remote access concepts in a real
Backup Designed
Overview
networkTriggering
setting,Dial
this
book is useful in preparing a CCNP candidate for the general exam
Backup
questions
by
providing
Scenarios
Practical Exercise: Enabling Backup for a Primary Link
Summary
Review Questions
Each chapter
includes a review of the applicable technology, and guides the reader through
implementation
of the technology.
This step-by-step
can be executed on a home- or
Chapter 11. Managing
Network Performance
with Queuing andprocess
Compression
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
Considerations for Traffic Prioritization
even asQueuing
a stand-alone
guide.
Operations
Configuring and Verifying Queuing
Compression
preparation.
Scenarios
Practical Exercise: Configuring Priority Queuing
Summary
Review Questions
Chapter 12. Scaling IP Addressing with Network Address Translation

NAT Operation
Configuring NAT
NAT Order of Operation
When to Use NAT
NAT Configuration Task List
Scenarios
Table of Contents
Practical Exercise 12-1: Dynamic NAT Using an Outside Source List
Index

Practical Exercise 12-2: Combining Dynamic and Static NAT
Summary
Review Questions
Chapter 13. Using AAA to Scale Access Control in an Expanding Network
ISBN: 1-58720-073-2
AAA Overview
Pages: 528
Configuring AAA
Scenarios
Practical Exercise: ISDN Callback Using TACACS+
Summary
BCRAN Review
exam.Questions
Chapter 14. Securing Remote-Access Networks
Internet Protocol Security
Prepare
for
the CCNP 642-821 BCRAN exam and gain a better, practical understanding of
Cisco VPN
Products
exam concepts
Virtual Private Networks
Memory andhow
CPU Considerations
Experience
remote access concepts work in a real network with practice labs that walk
Monitoring
and
Maintaining
IPSec
you through their
implementation
Clearing IKE Connections
Review
set-up IKE
guides that show you how to prepare a lab for study
Troubleshooting
QoS for Virtual Private Networks
Configuring QoS for VPN Support
MonitoringStudies:
and Maintaining
QoS for
VPNs (CCNP Self-Study) prepares readers for the CCNP 642CCNP Practical
Remote
Access
Scenarios
821 BCRAN
applications.
as IPSec
a topic-by-topic
guide of how to apply remote access concepts in a real
PracticalDesigned
Exercise 14-1:
Router-to-Router
networkPractical
setting,
this 14-1
bookSolution
Exercise
questions
by providing
a better
understanding
of how remote access really works. It is also
Practical
Exercise 14-2:
Three Full-Mesh
IPSec Routers
Practical Exercise 14-3: IPSec Router-to-Router Hub and Spoke
Practicalincludes
Exercise 14-4:
IPSec Between
Routers Using
Private Addresses
Each chapter
a review
of the Three
applicable
technology,
and guides the reader through
implementation
of
the
technology.
This
step-by-step
process
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
Practical Exercise 14-5: IPSec/GRE with NAT
even asPractical
a stand-alone
guide.
Exercise 14-5 Solution
Practical Exercise 14-6: Router to VPN Client with a Preshared Key and NAT
preparation.
Practical Exercise 14-7: PIX to Cisco Secure VPN Client with a Preshared Key
Practical Exercise 14-8: PIX to Cisco VPN 3000 Client
Practical Exercise 14-9: Layer 2 Tunneling Protocol over IPSec

Summary
Review Questions
Appendix A. Answers to Review Questions
Chapter 1
Chapter 3
Chapter 4
Table of Contents
Chapter 5
Index
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
ISBN: 1-58720-073-2
Chapter 12
Pages: 528
Chapter 13
Chapter 14
Index
BCRAN exam.
exam concepts
preparation.
Copyright
Copyright 2004 Cisco Systems, Inc.
Published
by:Table of Contents
Cisco Press
Index
800 East 96th Street, 3rd Floor
Indianapolis, Indiana 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any
means,
electronic
or mechanical, including photocopying and recording, or by any information
Publisher:
Cisco Press
storage
and
retrieval
without written permission from the publisher, except for the
Pub Date: December 22,system,
2003
inclusion
of
brief
quotations
in
a review.
ISBN: 1-58720-073-2
Pages: 528
Printed
in the United States of America 1 2 3 4 5 6 7 8 9 0
First Printing December 2003

Library of Congress Cataloging-in-Publication Number: 2002111069
BCRAN exam.
Warning and Disclaimer
Prepare
for the CCNP
642-821
BCRAN exam
gain a better,
practical understanding
of
This book
is designed
to provide
information
aboutand
remote-access
technologies.
Every effort has
exam
concepts
been made to make this book as complete and accurate as possible, but no warranty or fitness is
implied.
you throughistheir
implementation
The information
provided
on an "as is" basis. The authors, Cisco Press, and Cisco Systems,
Inc., shall have neither liability nor responsibility to any person or entity with respect to any loss
Review arising
set-up from
guides
that
show youcontained
how to prepare
lab for
studythe use of the discs or
or damages
the
information
in thisabook
or from
programs that may accompany it.
The opinions expressed in this book belong to the authors and are not necessarily those of Cisco
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Systems, Inc.
All
terms mentioned
in this book
that anyone
are known
to beatrademarks
or service
marks have
certification
exams. Finally,
it serves
wanting
guide to real-world
application
of been
these
appropriately
capitalized.
Cisco
Press
or
Cisco
Systems,
Inc.
cannot
attest
to
the
accuracy
of this
information. Use of a term in this book should not be regarded as affecting the validity of any
trademark
or includes
service mark.
Each chapter
a review of the applicable technology, and guides the reader through
Trademark Acknowledgments
Feedback Information
All
of thePress,
topicsour
on the
BCRAN exam
are books
covered,
providing
exam
At Cisco
goalnew
is to642-821
create in-depth
technical
of the
highestcomprehensive
quality and value.
preparation.
Each book is crafted with care and precision, undergoing rigorous development that involves the
unique expertise of members of the professional technical community.
Reader feedback is a natural continuation of this process. If you have any comments regarding
how we could improve the quality of this book or otherwise alter it to better suit your needs, you
can contact us through e-mail at feedback@ciscopress.com. Please be sure to include the book
title and ISBN in your message.
Corporate and Government Sales

Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases
or special sales. For more information, please contact: U.S. Corporate and Government Sales
1-800-382-3419
Tablecorpsales@pearsontechgroup.com
of Contents
Index
For
sales outside of the U.S. please contact: International Sales 1-317-581-3793
international@pearsontechgroup.com
We greatly appreciate your assistance.

Publisher
ISBN: 1-58720-073-2
John Wait
Pages: 528
Editor-In-Chief
John Kane
Executive Editor
Brett Bartow
Cisco Representative
Anthony Wolfenden
Ciscohands-on
Press Program
Manager
Sonia
Torres
Gain
experience
of CCNP Remote Access
topics
withChavez
lab scenarios for the new 642-821
BCRAN exam.
Cisco Marketing Communications Manager
Scott Miller
Cisco Marketing Program Manager
Edie Quiroz
Managing
Patrick Kanouse
exam Editor
concepts
Development
Editor
Jill Batistick
Experience
how remote access concepts work
in a real network with practice labs that walk
you
through
their
implementation
Project Editor
Marc Fowler
prepare
a lab for study
CopyReview
Editor set-up guides that show you how to
Gayle
Johnson
Technical
Henry
Benjamin,
Brian
Feeny,
Charles Ragan
ReadyEditors
yourself for the new simulation-based
questions
on the
CCNP
exams
Team Coordinator
Tammi Barnett
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821
BCRAN
exam and for workplace challenges Gina
in implementing
remote access network
Book
Designer
Rexrode
Cover Designer
Adair
network
setting, this book is useful in preparingLouisa
a CCNP
candidate for the general exam
Production Team
Interactive Composition Corporation
certification
exams. Finally, it serves anyone wanting
a guide to real-world application of these
Indexer
Larry Sweazy
Corporate
Headquarters
All of the topics
on the new 642-821 BCRAN exam are covered, providing comprehensive exam
Cisco
Systems,
Inc.
preparation.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100

European Headquarters
Cisco Systems International BV
Haarlerbergpark
Haarlerbergweg 13-19
1101CH Amsterdam
The Netherlands
Table of Contents
www-europe.cisco.com
Index
Tel: 31 0 20 357 1000
Fax: 31 0 20 357 1100
Americas Headquarters
Cisco
Systems,
Publisher:
Cisco Inc.
Press
170Pub
West
Tasman
Drive
Date: December 22, 2003
San Jose, CA 95134-1706
ISBN: 1-58720-073-2
USA
Pages: 528
www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco
Systems, experience
Inc.
Gain hands-on
of CCNP Remote Access topics with lab scenarios for the new 642-821
Capital
BCRAN Tower
exam.
168 Robinson Road
#22-01 to #29-01
Prepare
Singapore
068912
exam
concepts
www.cisco.com
Tel: +65 6317 7777
Experience
Fax: +65
6317 7799
Cisco Systems has more than 200 offices in the following countries and regions. Addresses,
set-up
that show
how
prepare
a lab
for study
phoneReview
numbers,
andguides
fax numbers
areyou
listed
on to
the
Cisco.com
Web
site at
www.cisco.com/go/offices.
Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC
CCNP
Practical
Studies:
Self-Study)
prepares
readers
the CCNP
642-
Colombia
Costa
Rica Remote
Croatia Access
Czech(CCNP
Republic
Denmark
Dubai,
UAE for
Finland
France
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy
applications.
as a topic-by-topic
guide of how
to apply remote
access
concepts
in a real
Japan KoreaDesigned
Luxembourg
Malaysia Mexico
The Netherlands
New
Zealand
Norway
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia
questions
providing a
better understanding
of how
remote
access
really works.
It is also
Scotland by
Singapore
Slovakia
Slovenia South
Africa
Spain
Sweden
Switzerland
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
Cisco
Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela the
Vietnam
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of
these
Zimbabwe
Copyright 2003 Cisco Systems, Inc. All rights reserved. CCIP, CCSP, the Cisco Arrow logo, the
Each
chapter includes
reviewthe
of Cisco
the applicable
and
guides
theFollow
readerMe
through
CiscoPowered
Networkamark,
Systems technology,
Verified logo,
Cisco
Unity,
Browsing,
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
FormShare, iQ Net Readiness Scorecard, Networking Academy, and ScriptShare are trademarks
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Wayorto
even
as aYour
stand-alone
Increase
Internet guide.
Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and
Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified
Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco
preparation.
Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS,
IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the Networkers logo, Network
Registrar,Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet,
StrataView Plus, Stratm, SwitchProbe, TeleRouter, TransPath, and VCO are registered
trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective
owners. The use of the word partner does not imply a partnership relationship between Cisco
and any other company. (0303R)
Printed in the USA
Table of Contents
Dedications
Index
Wesley
Shuo:
I'd like
to dedicate
this book
to my uncle
ByWesley Shuo
, Dmitry
Bokotey
, Raymond Morrow
, Deviprasad
Konda and aunt, who passed away in 2001.
Many thanks to my parents for always being there. To my sister, Eva, and brother, Jeff, for their
continued support. To my best friends, Johnny, Daniel, and Robinson, for being my mentors.
Pub Date:
22, 2003
To my
dear December
wife, Flora,
and two lovely daughters, Priscilla and Kristina, for putting up with me
ISBN:
1-58720-073-2
during the nights and weekends spent working on this book.
Pages: 528
Dmitry Bokotey: I would like to dedicate this book to my wife, Alina, for her never-ending
patience and support, for being here from the start, for never doubting any of my "silly" ideas,
and for her smile that always brightens my day. Special thanks to my daughter, Alyssa, for
bringing light and meaning to my existence every day.
Raymond Morrow: To my wife, Liz, for her support and belief in me to finish what I start, and
BCRAN exam.
to my children, Justin, Trey, Shelby, and Quentin, for never questioning the time I spent in front
of my computer.
Deviprasad Konda: This book is dedicated to my parents, Ahobala and Vimala Raju Konda.
exam concepts
Their love and dedication have built the foundation upon which I stand today.
preparation.
About the Authors

Wesley Shuo, CCIE No. 4116, is a network design consultant with Cisco Systems. In this
capacity, he provides IP Telephony (AVVID) consulting services and technical expertise to
customers
during
the
planning, design, implementation, and operation phases. Before his
Table of
Contents
current
position,
he
was
a solutions consulting engineer in the Service Provider Line of Business
Index
at
Cisco,
where
he
gained
extensive experience with various remote-access and WAN
technologies, including ATM, WAN switching, DSL, MPLS, BGP, IS-IS, OSPF, RIP, VoIP, VoDSL,
VPNs, and IPSec.
Dmitry
Publisher:
Bokotey
Cisco Press
is a triple CCIE (No. 4460) in Routing and Switching, ISP Dial, and Security.
He is
ofDecember
the first22,
professionals
to achieve the new CCIE Security certification. Presently, he is
Pubone
Date:
2003
a senior
solution
consultant for Cisco Systems, where he is responsible for the design and
ISBN:
1-58720-073-2
configuration
of complex telecom and CLEC/ILEC customer networks. He has more than seven
Pages: 528
years of experience designing and managing large network installations. Careerbuilder.com
recently labeled him "one of the world's top computer network engineers."
Raymond Morrow, CCIE No. 4146, CSS1, Cisco IP telephony design specialist, is currently
employed at Northrop Grumman. Previously, he was a principal consultant with Computer
Gain hands-on
experience
of CCNP Remote
with
lab
scenarios
thePartner
new 642-821
Solutions,
a San
Antonio, Texas-based
CiscoAccess
Silver topics
Partner
with
Security
andfor
VPN
BCRAN exam. He has 16 years of experience in the networking arena and designs and
specialization.
implements various networking projects to a diverse customer base. Currently he is studying for
his Security CCIE Lab Exam after having passed the Security CCIE Qualification Exam. He is the
Prepare
for the
CCNP Studies:
642-821Security.
BCRAN exam and gain a better, practical understanding of
coauthor
of CCIE
Practical
exam concepts
Deviprasad Konda is the lead support engineer for Qualcomm's corporate R&D business unit.
Experience
remote
concepts workContent
in a realNetworking
network with
practice labsand
that walk
He manages
the how
Firewall
and access
DMZ Infrastructure,
Infrastructure,
you
through
their
implementation
Quality of Service project teams. He is also part of the design engineering team for Core
Backbone Evaluation and Corporate VPN and Remote Access Infrastructure projects. He has
more than six years of experience designing and implementing Cisco router- and switch-based
enterprise
He also has extensive
network
security
He has a B.S.
Readynetwork
yourselfarchitectures.
for the new simulation-based
questions
on the
CCNPexpertise.
exams
in computer engineering from Graceland University.
preparation.
About the Technical Reviewers

Henry Benjamin, CCIE No. 4695, is a triple Cisco Certified Internet Expert, having certified
Routing and Switching in May 1999, ISP Dial in June 2001, and Communications and Services in
May 2002. He has more than ten years of experience in Cisco networks, including planning,
Table
of Contents large IP networks running IGRP, EIGRP, BGP, and OSPF. Recently
designing, and
implementing
Index
he worked for a large IT organization based in Sydney, Australia, as a key network designer,
CCNP
Practical
Studies:
Remote Access
designing
and
implementing
networks all over Australia and Asia. He is a former CCIE lab
proctor.
By
Wesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
Brian Feeny, CCIE No. 8036, is the senior network engineer for ShreveNet, Inc., an Internet
service provider, where he has worked for the last seven years. He is also a partner in Netjam
LLC,Pub
which
specializes in sales and support of Cisco network equipment. He has more than 11
ISBN:
1-58720-073-2
years of experience
in the networking industry.
Pages: 528
Charles Ragan, CCIE No. 1764, is an independent technology consultant. His background
includes IP routing and switching, various voice over technologies (VoIP, VoFR), and many other
desktop and related protocols. He has been in the information technology field for 19 years. His
full technical biography can be found at http://www.geocities.com/ciscojock2002. He can be
reached
at ciscojock2002@yahoo.com.
Gain hands-on
BCRAN exam.
exam concepts
preparation.
Acknowledgments
Wesley Shuo: I would like to give special thanks to Brett Bartow and Cisco Press for giving me
the once-in-a-lifetime opportunity to work on this book. Many thanks to Dmitry Bokotey,
Raymond
Morrow,
Deviprasad Konda for working extremely hard with me on this book.
Table ofand
Contents
Special
thanks
to
Adeel
Ahmed for providing me with the lab resource and reviewing my chapter.
Index
Thanks
to
Cisco
Systems
and my manager, Himanshu Desai, for providing me with such a
wonderful learning and working environment. Last but not least, I'd like to thank Dr. Helmut
Epp, Dr. Gregory Brewster, Chonghua Zhang, and Ms. Terry Skwarek from DePaul University for
giving me the education and environment to learn about the world of networking.
Dmitry
Bokotey:
Pub Date:
DecemberWriting
22, 2003 a book is never easy. Without help and guidance from my wife, Alina,
and Cisco
it would have been impossible. This book is the product of collective effort. I
ISBN:Press,
1-58720-073-2
wouldPages:
like to
thank the lead author, Wesley Shuo, and coauthor Raymond Morrow, for their
528
willingness to synchronize and compromise, and for their professionalism and knowledge. Again,
I'm forever grateful to my wife, Alina, for help with writing and editing my second book.
I would also like to thank the team at Cisco Press, especially Brett Bartow, for believing in me
and keeping all of us on track.
BCRAN
Big
thanks
exam.
to Cisco Systems' CCIE department, especially Kathe Saccenti, who helped me
become a better engineer.
Prepare
CCNP
exam
a better,
practical
understanding
of
Finally,
I wantfor
tothe
thank
my642-821
parents, BCRAN
Peter and
Ida,and
for gain
letting
me spend
days and
nights beside
exam
concepts
my computer, no matter how pointless they thought it was.
Experience
how This
remote
access
work of
in four
a real
network
practice
labs that walk
Raymond
Morrow:
project
is aconcepts
collaboration
people
withwith
differing
backgrounds.
I
their
wouldyou
likethrough
to thank
my implementation
coauthors, Wesley Shuo, Dmitry Bokotey, and Devi Konda, for their
efforts and willingness to allow me to write this book with them.
Deviprasad Konda: My work on this book would not have been possible but for the help and
Ready
for the new simulation-based questions on the CCNP exams
guidance
of yourself
several people.
Practical
Studies:
Access
(CCNP Wesley
Self-Study)
readers
the CCNP
642ICCNP
would
like to thank
myRemote
friend and
coauthor,
Shuo,prepares
for his help
and for
support.
I owe
him
821enormous
BCRAN exam
and of
forgratitude.
workplace challenges in implementing remote access network
an
amount
setting,
bookmy
is useful
in preparing
a CCNP
candidate
the general exam
Inetwork
would also
like this
to thank
manager,
Liren Chen,
for his
constantfor
encouragement
throughout
questions
a better
how remote
access really works. It is also
the
courseby
of providing
this endeavor.
His understanding
upbeat attitudeofhelped
me immensely.
certification
Last
but not exams.
least, I Finally,
would like
it serves
to thank
anyone
Brett wanting
Bartow at
a guide
Cisco to
Press
real-world
for his considerable
application ofpatience
these
concepts,
after
I missed
regardless
deadline
of after
certification
deadline.
interest.
I am very grateful to him for this opportunity.
preparation.
Foreword
CCNP Practical Studies: Remote Access is designed to provide you with another vehicle to obtain
hands-on experience, which is a critical component of any preparation program for the Cisco
Certified
Network
Professional
exams. The detailed lab scenarios contained in this book illustrate
Table of
Contents
the
application
of
key
internetworking
concepts covered on the CCNP BCRAN exam. They help
Index
you
master
the
practical
skills
you
need
to build, configure, and troubleshoot a remote-access
network to interconnect central sites to branch offices and small offices/home offices. With the
introduction of performance-based testing elements to the CCNP BCRAN exam, these hands-on
skills are of critical importance to succeeding on the exam and in your job as a CCNP
professional.
Cisco and
Press present this material in text-based format to provide another learning
ISBN:Cisco
1-58720-073-2
vehicle
for
our
customers
and the broader user community. A publication does not duplicate the
Pages: 528
instructor-led or e-learning environment, and we acknowledge that not everyone responds in the
same way to the same delivery mechanism. It is our intent that presenting this material via a
Cisco Press publication will enhance the transfer of knowledge to a broad audience of networking
professionals.
Gain hands-on
CCNP Remote
Access
topics
with
lab scenarios
for the
new 642-821
Cisco
Press will experience
present labofmanuals
on existing
and
future
exams
through these
Practical
BCRAN exam.
Studies
titles to help achieve the Cisco Internet Learning Solutions Group's principal objectives:
to educate the Cisco community of networking professionals and to enable that community to
build and maintain reliable, scalable networks. The Cisco Career Certifications and classes that
Prepare
the CCNP 642-821
BCRAN
exam and
gainobjectives
a better, through
practicalaunderstanding
of
support
thesefor
certifications
are directed
at meeting
these
disciplined
exam
concepts
approach to progressive learning.
Experience
how
remote
access
concepts exams,
work in as
a real
with
labscertified
that walk
To succeed
on the
Cisco
Career
Certifications
wellnetwork
as in your
jobpractice
as a Cisco
you
through
their
implementation
professional, we recommend a blended learning solution that combines instructor-led, elearning, and self-study training with hands-on experience. Cisco Systems has created an
authorized Cisco Learning Partner program to provide you with the most highly qualified
instruction
invaluable
experience in lab
and simulation
environments.
To learn
Readyand
yourself
for thehands-on
new simulation-based
questions
on the CCNP
exams
more about Cisco Learning Partner programs available in your area, go to
www.cisco.com/go/authorizedtraining.
The
books that
Cisco Press
in partnership
Systems
meet
the same
standards
applications.
Designed
as acreates
topic-by-topic
guide ofwith
howCisco
to apply
remote
access
concepts
in a real
of
content
quality
demanded
of
our
courses
and
certifications.
It
is
our
intent
that
you
will find
this
and subsequent
Cisco
Pressunderstanding
certification and
publications
of value
as you
questions
by providing
a better
of training
how remote
access really
works.
It isbuild
also your
networking
knowledge
base.
Thomas M. Kelly
Vice
Internet
Learning
Grouptechnology, and guides the reader through
Each President,
chapter includes
a review
of Solutions
the applicable
Cisco
Systems,
Inc.
September
2003
even as a stand-alone
guide.
preparation.
Introduction
The Cisco Certified Network Professional (CCNP) program is one of the main certifications offered
by Cisco Systems. For many network professionals, it is the logical step before they attempt the
prestigious
CCIE
You obtain CCNP certification by successfully passing four written
Table examination.
of Contents
tests,
one
of
which
is
the
Remote
Access examination. This book is intended as a practical guide
Index
for
candidates
who
are
preparing
for the Remote Access examination.
By
Wesley Shuo
, Dmitry
, Raymond
Morrow
, Deviprasad
Konda
Achieving
the
CCNPBokotey
certification
can
greatly
enhance
your
career possibilities. The rigors of

preparing for CCNP certification impart candidates with technical skills that are valuable to many
organizations.
Publisher: CiscoJust
Pressas important, preparing for the certification also gives candidates the tools
needed
to design
and
good networks. From a personal standpoint, becoming a CCNP is
Pub Date:
December
22, maintain
2003
a milestone
for candidates. It proves that they have the knowledge and dedication necessary to
ISBN: 1-58720-073-2
attempt
and pass the four tests. After reading this book, we hope that you will be in a position to
Pages: 528
take and pass the Remote Access examination with confidence.
Gain NOTE
hands-on experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
The Remote Access examination (RMTAC 640-605) is 75 minutes long and has 50 to 60
questions. It is a computer-based exam and can be taken at any Sylvan Prometric site.
Prepare
for the CCNP
BCRAN examorand
gain a better, practical understanding of
You
can contact
Sylvan642-821
at 1-800-829-NETS
at www.2test.com.
exam concepts
preparation.
Goals of This Book

This book's primary objective is to impart candidates with the practical knowledge needed to
pass the Remote Access examination. Theoretical knowledge by itself is insufficient to pass a
Cisco examination. You need practical knowledge to complement theory. Building functional,
Table of
working networks
isContents
the best way to use theory and techniques to develop practical knowledge.
Index
CCNP
Practical
Studies: Remote
Access
A network
professional
looking
to improve his or her remote-access network skills can also use
this
book
as
an
on-the-job
reference.
The,Deviprasad
lab exercises
closely follow real-life scenarios to help
ByWesley Shuo, Dmitry Bokotey, Raymond Morrow
Konda
candidates apply proven Cisco techniques in their work environments.
ThisPublisher:
book's Cisco
mainPress
objective is to help you pass the Remote Access examination. To that end, it
Pub
Date:
December
22,need
2003 to know without going into excessive detail. You can judge the areas
covers the topics you
ISBN:
1-58720-073-2
in which you are weak and focus on them. The primary goal is to help you achieve the practical
skills needed
Pages: 528
to be successful.
BCRAN exam.
exam concepts
preparation.
Audience
This book is focused on network professionals who are preparing for the CCNP Remote Access
written examination. It is assumed that you have CCNA-level knowledge of routing protocols and
WANs and working knowledge of remote-access technologies and protocols.
Table of Contents
Each chapterIndex
begins with a brief overview that describes what the chapter is about. The main
CCNP
Practical
Studies: Remote
part of
each chapter
coversAccess
Scenarios that help you apply theoretical knowledge to real-life
environments.
The
steps
needed
toMorrow
configure
and verify
ByWesley Shuo, Dmitry Bokotey, Raymond
, Deviprasad
Kondathe Scenarios are laid out. Sample
configurations and explanations also are included. You configure a Practical Exercise to test your
knowledge of the material just covered. The accompanying Practical Exercise Solution helps you
assess your familiarity with the topics. The Summary reviews the chapter's main points. Finally,
the Pub
Review
Questions further test your knowledge of the subjects covered.
ISBN: 1-58720-073-2
The Practical
Pages: 528
Exercises are meant to emphasize the real-life aspect of the material. The Review
Questions, on the other hand, are meant to test your theoretical knowledge of the topics. By
putting these together, you will gain an understanding of the technologies and protocols needed
to pass the Remote Access examination.
BCRAN exam.
exam concepts
preparation.
Organization
This book has 14 chapters and 1 appendix. As just described, they have a consistent structure,
including an overview, Scenarios with detailed explanations, examples, Practical Exercises, and
Review Questions. The chapters are as follows:
Table of Contents
Index
ChapterStudies:
1, "Introduction
to Remote
CCNP Practical
Remote Access
Access," introduces the various types of remote-access

technologies,
networks,
and
their
users.
Chapter 2, "Building a CCNP Remote-Access Lab," covers creating LANs and WANs, as well
ISDN, PPP, DDR, dial backup, AAA, and security labs.
Publisher:
Cisco Press
as asynchronous,
Chapter
3, "Modem Connections and Operation Overview," covers modem operation,
ISBN: 1-58720-073-2
communication,
and configuration. Basic and automatic modem configurations are covered
Pages: 528
in detail.
Chapter 4, "Using Cable Modems to Access a Central Site," covers cable modems and their
configuration. It contains an overview of cable modem technology, including transmission
systems, protocols, and technology issues. The configuration of headend and CPE
Gain hands-on
equipmentexperience
is also covered.
BCRAN exam.
Chapter 5, "Configuring Point-to-Point Protocol and Controlling Network Access," covers the
configuration of PPP. Basic PPP features and operation are described. The configuration
Prepare
for callback,
the CCNPauthentication,
642-821 BCRAN
exam
and gain a better, practical understanding of
covers PPP
and
compression.
exam concepts
Chapter 6, "Using ISDN and DDR Technologies to Enhance Remote Connectivity," covers
Experience
how
access concepts
work inofaISDN,
real network
with
labs
thatofwalk
the basic use
of remote
ISDN. Included
is an overview
including
thepractice
different
kinds
you
through
their
implementation
network equipment, ISDN bandwidth, and channels. The process of call setup and
teardown is examined. The configuration of ISDN PRI and BRI is examined, including some
optional configurations such as Multilink PPP.
Chapter 7, "Optimizing the Use of DDR with Interface Dialer Profiles and Rotary Groups,"
theStudies:
more-advanced
topic of(CCNP
ISDN in
a DDR scenario.
The
topic of
DDR
covered,
CCNPcovers
Practical
Remote Access
Self-Study)
prepares
readers
for
the is
CCNP
642and
DDR
configuration
is
demonstrated.
This
chapter
also
covers
the
optimization
821 BCRAN exam and for workplace challenges in implementing remote access networkof DDR
interfaces
using features
such as dialer
groups
andto
dialer
profiles.
applications.
Designed
as a topic-by-topic
guide
of how
apply
remote access concepts in a real
Chapter 8, "Using DSL to Access a Central Site," covers the basic use of DSL. It includes an
overview of the various flavors of DSL. The different Cisco products in the DSL space are
covered. The configuration section covers DSLAM configuration at Layer 2 and PPPoE and
PPPoA configuration at Layer 3.
Chapter 9, "Frame Relay Connectivity and Traffic Flow Control," covers the important topic
of Frame Relay. It offers an overview of Frame Relay, including Frame Relay basics and
signaling. The configuration of Frame Relay subinterfaces and traffic shaping is
demonstrated. Issues and solutions relating to these topics are also covered.
Chapter 10, "Enabling a Backup to the Permanent Connection," covers the configuration
and use of dial backup. The basic theory and operation are discussed, including the various
preparation.
options such as physical versus dialer interfaces and load sharing versus load balancing.
Chapter 11, "Managing Network Performance with Queuing and Compression," covers
queuing and compression and their impact on network performance. Queuing basics are
covered, including the various flavors and their operation. The configuration covers the use
of Weighted Fair Queuing, priority queuing, and custom queuing. Data compression is
discussed and its configuration demonstrated.

Chapter 12, "Scaling IP Addressing with Network Address Translation," covers the use and
configuration of NAT. The concept of NAT and its components are discussed. The
configuration section covers the topics of static NAT, dynamic NAT, and Port Address
Translation.
Chapter 13, "Using AAA to Scale Access Control in an Expanding Network," covers the
of Contents
conceptTable
of AAA
and Cisco's Cisco Secure product. An overview of AAA and its individual
Index
components is given. The Cisco Secure product is examined from both the client and server
CCNP Practical
Studies:
Remote
perspective.
Then
AAAAccess
is configured on both client and server using Cisco Secure.
Chapter 14, "Securing Remote-Access Networks," covers the configuration and use of VPNs
in a remote-access scenario. The overview covers the different components of IPSec,
including ESP, AH, and IKE. The various Cisco products in this space are also described.
The configuration section covers the different VPN configurations, including router-toISBN: 1-58720-073-2
router,
VPN client-to-router, and VPN client-to-PIX.
Pages: 528
Appendix A, "Answers to Review Questions," provides answers to the chapter-ending

review questions.
BCRAN exam.
exam concepts
preparation.
How Best to Use This Book

This book emphasizes a practical approach to study. Convenient access to equipment is a big
plus, because you can easily follow the examples in the book. However, this luxury is unavailable
to many people. Therefore, you don't need the equipment to get the full benefit from this book.
Table of Contents
Complete configurations
are shown in every chapter so that you can get a good understanding of
the concepts Index

involved. The troubleshooting sections help you find your way out of potential
CCNP
Practical
Studies:
Remote
Accessexamples show you what a successful end result looks like.
problems.
The
command
output

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Equipment
There are many places where you can obtain equipment. The ideal situation is if your place of
employment has a lab or spare equipment you can use. If this is not the case, the Internet is a
great place for you to find reasonably priced equipment. Also, a number of resellers and Cisco
of Contents
partners sell Table
equipment.
Alternatively, many simulators can simulate real-life networks. Cisco's
Index
Cisco Interactive Mentor (CIM) is one such product. To find out more about CIM, visit
CCNP
Practical Studies: Remote Access
www.ciscopress.com.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
The prestigious CCNP certification has become increasingly popular. It can be a stepping-stone
for further achievements, such as the CCIE certification. It shows that you have the skill and
dedication required to succeed in the networking industry. In that regard, this book is meant to
Table
of Contents
help you attain
that
goal. It has been designed to help you take and pass the Remote Access
Index
examination.
For
many,
the
end of
one ,journey
the beginning
ByWesley
Shuo
, Dmitry
Bokotey
Raymondsignifies
Morrow, Deviprasad
Konda of another. Successfully achieving the
CCNP certifica-tion can inspire you to goals you might not have thought of before. We hope this
book helps you in that quest.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Icons Used in This Book
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in
the Cisco IOS Command Reference. The Command Reference describes these conventions as
follows:
Table of Contents
Index
Vertical Studies:
bars (|)
separate
alternative,
CCNP Practical
Remote
Access
mutually exclusive elements.
Square brackets ([ ]) indicate optional elements.
Publisher:
Press
BracesCisco
({ })
indicate
a required choice.
Braces
within brackets ([{ }]) indicate a required choice within an optional element.
ISBN: 1-58720-073-2
Pages: 528
Bold indicates commands and keywords that are entered literally as shown. In actual
configuration examples and output (not general command syntax), bold indicates
commands that are manually input by the user (such as a show command).
Italic indicates arguments for which you supply actual values.
BCRAN exam.
exam concepts
preparation.
Chapter 1. Introduction to Remote Access

This chapter covers the following topics:
Table of Contents
Types of Remote-Access Users

Index
CCNP Practical
Studies: Remote
Access
Remote-Access
Technologies
Remote-access networks connect central facilities to remote locations. These can range from
remote
branch offices connecting to central office sites, to telecommuters connecting back to the
office. This chapter introduces the various types of remote-access technologies, networks, and
their users.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Types of Remote-Access Users

Remote-access users vary widely in their situations and needs. The type of network they use
depends on their specific needs:
Table of Contents
Corporate
Indexusers in a branch office These users are connected back to a central office,
usually Studies:
by a Frame
Relay
or serial link. ISDN links can sometimes be used to back up the
CCNP Practical
Remote
Access
primary
link.
Of
late,
broadband
technologies such as cable are also being used in branch
offices.
Publisher:
Cisco Press
Telecommuters
working from home These users use a wide variety of technologies,

line (DSL), cable modems, and dialup links. Virtual private
networks
ISBN: 1-58720-073-2
(VPNs) can also be employed by these users for added security.
Pub
Date: December
22,subscriber
2003
including
digital
Pages: 528
Traveling users Also known as road warriors, they use dialup links and VPN
technologies to connect to resources. They may also employ wireless technologies such as
802.11x for connectivity.
BCRAN exam.
exam concepts
preparation.
Remote-Access Technologies
Based on the needs of the users just described, a wide range of technologies can be used to
provide remote access. Some of the traditional technologies include Frame Relay, leased lines,
ISDN, and dialup links. Newer technologies include DSL, cable modems, and wireless
technologies Table
suchofasContents
802.11x.
Index
CCNP
Studies:
Remote
Access
VPNsPractical
have also
become
a significant
technology in the past few years. They can provide an
alternative
to
expensive
leased
lines
in
a ,central
office/branch
office scenario. Also, they can
Deviprasad
Konda
provide security to users who use them over DSL and cable modem networks to connect to the
central office. IPSec VPNs are a good example of the latter scenario.

ISBN: 1-58720-073-2
Frame
Relay
Pages: 528
Over the past few years Frame Relay has been one of the most popular remote-access
technologies. It offers a high-speed connection between a central office and a branch office.
One of Frame Relay's benefits is built-in congestion control to combat bursty traffic. As
Gain
hands-on
experience
of CCNP
Remote
Access
topics
with labhas
scenarios
the
new 642-821
bandwidth
needs
have increased
over
the years,
this
technology
proven for
very
popular.
Also,
BCRAN
exam.
Frame Relay circuits can be ordered from providers in a variety of bandwidths. Starting at 56
kbps, these are usually fractions of a T1. This allows for flexibility when planning.
Some of the services that can be used over Frame Relay networks are data, voice over IP, voice
exam concepts
over Frame Relay, and IP Multicast.
Frame Relay operates at Layer 2 by encapsulating Layer 3 traffic such as IP within a Frame
Relay frame. To improve performance, Frame Relay relies on higher-layer protocols such as TCP
to overcome corrupt or dropped frames that occur during transmission. This is different from
protocols such as X.25 that have built-in error checking/correction. Often Frame Relay is
described
asyourself
a successor
to X.25.
Ready
for the
new simulation-based questions on the CCNP exams
Frame
Relay employs
itsRemote
own addressing
scheme
at Layer 2prepares
to specify
a frame's
destination.
This
CCNP Practical
Studies:
Access (CCNP
Self-Study)
readers
for the
CCNP 642feature
is
called
a
Data
Link
Connection
Identifier
(DLCI).
This
field
in
the
Frame
Relay
header
tells
the Frame
Relay switch
where to routeguide
the frame.
DLCI remote
can be thought
of as theinMedia
applications.
Designed
as a topic-by-topic
of howThe
to apply
access concepts
a real
Access
Control
(MAC)
address
in
the
Frame
Relay
network.
Another advantage of Frame Relay is its capability to establish one-to-many connections. This is
often called point-to-multipoint. This capability can potentially allow the redirection of traffic
around an outage, provided that a partially-meshed network exists.
One of Frame Relay's drawbacks is the high cost of provisioning links. The high cost can possibly
be justified in a branch office scenario, but it might be unsuitable for single remote users.
Serial Links
preparation.
This type of network has also been historically popular in connecting branch offices. These lines
can be ordered from a fractional T1 such as 56 kbps up to DS3s. Possible fractional T1 line
speeds include 56 kbps, 128 kbps, 256 kbps, and so on. A full DS3 has a speed of 45 Mbps.
These networks do not provide any of the congestion control and error-detection capabilities that
Frame Relay provides. The onus is completely on the higher-layer protocols to provide such
services.
As with Frame Relay, cost is also an issue with these links.
ISDN
Table of Contents
Integrated Services
Digital Network (ISDN) remains one of the most flexible and widely offered
Index
services today.
Providers all over the world offer ISDN services to users.
ISDN
basically
comes
in two
varieties:
ByWesley
Shuo, Dmitry
Bokotey
, Raymond
Morrow, Deviprasad Konda
Publisher:
Cisco Press
Basic Rate
Interface
(BRI), which consists of two 64-kbps Bearer (B) channels and one 16This is often represented as 2B+D, for the two B channels and one
DISBN:
channel.
This has traditionally been the choice of many remote users who connect to the
1-58720-073-2
office
Pages: from
528 their residences. It remains popular, especially with users who do not have DSL
or cable services available at their residences.
Pub
Date:Data
December
2003
kbps
(D) 22,
channel.
Primary Rate Interface (PRI), which in the U.S. consists of 23 64-kbps B channels and one
64-kbps D channel. This is often represented as 23B+D. In Europe, PRI consists of 30 64kbps B channels and one 64-kbps D channel. PRI services are often used when greater
Gain hands-on
CCNP
Access topics
with labbetween
scenarios
for the new
bandwidthexperience
is needed,of
such
as Remote
when a connection
is needed
a central
office642-821
and a
BCRAN
exam.
branch office.
Even though ISDN is offered all around the world, there are differences in the switches that
providers use to provide ISDN service. When configuring ISDN, make sure that the design and
exam concepts
configuration match the switch type and service being offered.
ISDN makes use of the same wiring used by analog phone lines. However, because ISDN is
digital, the signal transmitted across the line is digital instead of analog. This allows for much
higher transmission speeds. In addition, call setup for ISDN is very quick compared to that of an
analog line. This is because of the use of the separate D channel. The setup is done out-of-band
on the
D channel,
it does
notnew
disturb
existing user questions
traffic, andonit the
takes
a short
amount of time.
Ready
yourself
for the
simulation-based
CCNP
exams
The combination of these factors makes ISDN ubiquitous, fast, and convenient.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642ISDN
is useful
when
a variety
of applications
need
to be supported.
The higher
821 BCRAN
exam
and
for workplace
challenges
in implementing
remote
access bandwidth
network can
support
applications
such
as
videoconferencing,
web
browsing,
e-mail,
and
voice
services.
applications. Designed as a topic-by-topic guide of how to apply remote access concepts
inAlso,
a real
ISDN
can
support
multiple
data
sources,
as
opposed
to
analog,
which
typically
can
support
only
one
data
source
at
a
time.
ISDN lends itself to a variety of applications in the remote-access arena. Users who want to
connect from home or users in a small office/home office (SOHO) typically can use BRI
connections to do so.
However, in a scenario where a branch office needs a connection to a central office, PRI services
can be used either as a primary link or as a backup connection that can be activated when the
primary line goes down or when additional bandwidth is needed. This is often called a remote
office/branch office (ROBO) scenario.
ISDN does have some drawbacks. A variety of standards are supported in different parts of the
preparation.
world. This results in a variety of equipment needed to support these standards and interfaces.
You have to be careful when ordering, configuring, and maintaining equipment that connects to
ISDN providers in different parts of the world.
Another drawback of ISDN is its cost. Because ISDN is charged on a per-usage basis, it can be
expensive to operate. This is one of the reasons why ISDN is used in many scenarios as a backup
to a serial link that has a flat per-month cost.

Lately ISDN has been replaced in many homes and SOHO environments by technologies such as
DSL and cable modems, which offer much higher transfer rates. These services are also cheaper
because they offer flat-rate pricing. The combination of these factors has made these
technologies more attractive than ISDN.
Analog
Table of Contents
Index
Analog
service
is the
most ubiquitous
remoteKonda
access available. All you need is a phone
ByWesleydialup
Shuo, Dmitry
Bokotey
, Raymond
Morrow, Deviprasad
line and a modem. Speeds, which started out around 300 bps, have steadily increased over the
years to 56 kbps.
Pubusing
Date: December
2003 usually connect to an access server using a modem. The provider that
Users
analog 22,
dialup
ISBN:
1-58720-073-2
operates the access server gives the user a phone number. The user connects to the access
serverPages:
using528
that phone number.
If in the same calling area, the user can connect to the provider using a local phone number. If
the user is not in the same calling area, many providers have toll-free numbers. This allows
users to connect without incurring long distance charges or using calling cards.
Some providers also offer software that has a list of phone numbers organized by country. Users
BCRAN exam.
can use this software to select the appropriate number for their location. They can then connect
from all over the world.
Users can also connect to the Internet via dialup and then use VPNs to connect to their corporate
exam concepts
networks. Many operating systems now offer native VPN solutions such as Microsoft's Point-toPoint Experience
Tunneling Protocol
(PPTP).
how remote
The most obvious drawback of dialup services is the speedor lack thereof. With applications
becoming
more
and guides
more bandwidth-intensive
and
other broadband
options becoming more
Review
set-up
that show you how to
prepare
a lab for study
cost-effective, users are turning away from dialup.
CCNP
DSL Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
In
the past
few years,
DSL is
has
emerged
as one of
the technologies
that
can
provide
broadband
network
setting,
this book
useful
in preparing
a CCNP
candidate for
the
general
exam
services
to
homes.
This
technology
can
support
both
high-speed
data
and
voice
at
the
questions by providing a better understanding of how remote access really works. It is same
also
time.
It also
can support
data transfer
rates
up to several megabits.
Certain
flavors
of Cisco
DSL
essential
in preparing
candidates
for the
newofsimulation-based
questions
that are
on the
can
deliver
speeds
of
up
to
52
Mbps.
These transfer rates are made possible by using unused frequencies on copper telephone lines.
The
bandwidth
is divided
into
frequencytechnology,
ranges. One
frequency
range
is used
for voice,
Eachavailable
chapter includes
a review
of the
applicable
and
guides the
reader
through
another
is
used
for
upstream
data
transmission,
and
another
is
used
for
downstream
data
transmission.
Foraexample,
voice useslab,
the some
frequency
range of
0 to 3.4 kHz,
and Asymmetric
office-based lab,
remote-accessible
networking
simulation
software
programs, orDSL
uses
the
frequency
ranges
of
25
to
138
kHz
in
the
upstream
direction
and
170
to
1104 kHz in the
downstream direction. Splitters are sometimes used to separate these frequencies.
Another
feature of DSL is that it is "always on." Unlike ISDN and analog, no dial-in is required.
preparation.
This is an attractive feature, especially for users who are accustomed to the cumbersome call
setups and busy signals associated with analog dialup services.
DSL offerings can be broadly divided into two categories:
Asymmetric DSL
Symmetric DSL
Asymmetric DSL
In this category,
Table the
of Contents
upload and download speeds differ. Here are some of the different
Asymmetric DSL
Indextechnologies:
Asymmetric DSL (ADSL) As noted in the name, this technology offers differing upload
and download speeds. This is the most common technology for residential and commercial
Publisher:
use. ItCisco
can Press
be configured to reach rates of 6 Mbps.
Rate-Adaptive
DSL (RADSL) This technology uses ADSL modems that can adjust to
ISBN: 1-58720-073-2
differing
line
lengths
and line qualities. The speed varies in this technology, depending on
Pages: 528
conditions, up to 7 Mbps.
Very High Bit Rate DSL (VDSL) The fastest DSL technology, it has a maximum range
of 4500 feet and can deliver rates of up to 52 Mbps.
Gain hands-on
Consumer
experience
DSL (CDSL)
of CCNP
This
Remote
technology
Access
does
topics
not with
needlab
a splitter
scenarios
likefor
ADSL
the and
new RADSL.
642-821
BCRAN
In exam.
those technologies, splitters are used to split the frequency ranges and protect the
different ranges from interference. CDSL is slower than ADSL and offers downstream
speeds of around 1 Mbps.
exam concepts
Symmetric
DSLhow remote access concepts work in a real network with practice labs that walk
Experience
In this category, the upload and download speeds are the same. Here are some of the different
Symmetric
ReviewDSL
set-up
technologies:
Symmetric DSL (SDSL) This technology is suited to environments that need higher
CCNPupload
Practical
speeds
Studies:
thanRemote
those offered
Access by
(CCNP
ADSL.
Self-Study)
It is provided
prepares
over areaders
single for
telephone
the CCNP
line642and
821 BCRAN
typically
exam
offers
and
rates
for workplace
of around 768
challenges
kbps. in implementing remote access network
Integrated
Services
Network
DSL
(IDSL)
As thefor
name
implies, exam
this
network
setting, this
book isDigital
useful in
preparing
a CCNP
candidate
the general
technology
is
similar
to
ISDN
in
that
it
can
use
the
same
terminal
adapter.
However,
questions by providing a better understanding of how remote access really works. It is alsoit is
different
in that itcandidates
is always on.
Also,
IDSL
is not metered questions
like ISDN. that
It is are
a symmetric
essential
in preparing
for the
new
simulation-based
on the Cisco
service
offering
rates
of
around
144
kbps.
High Bit Rate DSL (HDSL) This technology delivers symmetric data rates of around 1.5
in includes
both directions.
runs
two-wire
pairs.
Each Mbps
chapter
a reviewItof
theover
applicable
technology,
DSL
has a wide
of offerings thatlab,
users
cannetworking
choose from.
Also, DSL's
always-on
office-based
lab,range
a remote-accessible
some
simulation
software
programs, or
characteristics
and its support
guide. of a wide range of applications make it an attractive technology
for many remote users.
DSL
does have its drawbacks. Its distance limitation is a significant issue. DSL services cannot
preparation.
be offered beyond certain distances from the central office. Also, DSL is not as ubiquitous as
other services, like dialup and ISDN.
Cable Modem Services
The demand for high-speed Internet access in the past few years has seen the rise of cable
modem services as a broadband alternative. The technology takes advantage of the wide reach
of cable infrastructure used to deliver television service.
Data is transmitted over the network as radio frequency (RF) signals. The cable modem converts
these into digital signals. In addition to television and data signals, analog voice signals can be
transmitted over the network. These systems can also perform full-duplex communications. The
Contents
fiber coming Table
fromofthe
homes of subscribers is usually aggregated in remote units, and fiber is
Index
used to connect
these units to headend routers. This kind of hybrid network is also called a
CCNP
Practical
Studies: Remote
Hybrid
Fiber-Coaxial
(HFC) Access
network.
Different frequency ranges are used to transmit in upstream and downstream directions. The
cable modem uses channels in the 5-to-42 MHz range to transmit data in the upstream direction.
Similarly,
a TV channel in the 50-to-750 MHz range is used for downstream traffic.
Cable can
ISBN:support
1-58720-073-2
a significant amount of bandwidthenough bandwidth to allow subscribers to
watchPages:
television
and
be on the Internet at the same time. The cable modem uses 10/100
528
Ethernet or USB to connect to the user's PC.
In addition to bandwidth, cable is also attractive because of the wide range of applications it can
support. Data, voice, and video can all be supported by this medium.
Gain
hands-on
experience
CCNP
Remote
Access
topics withcan
labbe
scenarios
forifthe
642-821
Conversely,
because
cable of
is a
shared
medium,
performance
degraded
toonew
many
users
BCRAN
exam.
are on the same segment. This is the most significant drawback of cable. The shared nature of
the medium also raises security concerns, because traffic can potentially be captured using a
packet sniffer.
conceptsrange used for upstream communications is vulnerable to interference
Also, exam
the frequency
caused by household appliances.
preparation.
Summary
This chapter provided a brief introduction to the various kinds of remote-access technologies.
Some of them, such as leased lines and analog, have been in existence for quite a while. On the
other hand, technologies such as DSL and cable modems are more recent offerings and provide
Table
of Contents
bandwidth not
usually
associated with remote-access technologies.
Index
CCNP
Studies:
Access and drawbacks. Different technologies can be used for different
Each Practical
technology
hasRemote
advantages
needs
based
on
their
strengths
andMorrow
weaknesses.
, Deviprasad Konda

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
What are the main kinds of remote-access users?
2:
Index
At
what OSI layer does Frame Relay operate?
Table of Contents
feature
of Frame
Relay
allows
ByWesley 3:
ShuoWhat
, Dmitryaddressing
Bokotey, Raymond
Morrow
, Deviprasad
Konda
4:
for frame routing?
What are some advantages of Frame Relay?
5:
What are the two main varieties of ISDN?
ISBN: 1-58720-073-2
Pages:
6: 528
What
are two advantages of ISDN?
7:
What are the two main varieties of DSL?
8:
What are two advantages of DSL?
What are some drawbacks of DSL?
BCRAN 9:
exam.
exam concepts
preparation.
Chapter 2. Building a CCNP RemoteAccess Lab
of Contents
This
chapter Table
covers
the following topics:
Index
Creating LANs
Creating WANs by Using a Cisco Router as a Frame Relay Switch

Creating
Asynchronous,
Pub
Date: December
22, 2003
ISDN, PPP, DDR, Dial Backup, AAA, and Security Labs
ISBN: 1-58720-073-2
It is essential to have hands-on experience, because the new exam format requires you to
Pages: 528
understand how to configure Cisco devices to be able to pass the exam. In the new format, you
are given interactive access to routers and are asked to configure the routers. If you have taken
the new CCNA or CCNP Routing and Switching exam, you should be familiar with the new exam
format.
This chapter
Gain
hands-on
provides
experience
someofsuggestions
CCNP Remote
on what
Access
devices
topics you
withshould
lab scenarios
acquirefor
to build
the new
a lab
642-821
and
BCRANtechnologies
which
exam.
you can practice by using this lab.
Before you begin, review some of the areas in which you can possibly build a home lab to study
Prepare
forAccess
the CCNP
for the
Remote
exam:
exam concepts
Asynchronous
Experience
PPP
ISDN BRI
Dial-on-demand routing (DDR)
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Frame exam
Relay and for workplace challenges in implementing remote access network
821 BCRAN
Dialsetting,
backupthis book is useful in preparing a CCNP candidate for the general exam
network
Queuing
and compression
essential
in preparing
candidates for the new simulation-based questions that are on the Cisco
Network Address Translation (NAT)
Authentication, authorization, and accounting (AAA)
implementation
Security of the technology. This step-by-step process can be executed on a home- or
even
a stand-alone
guide.
Figureas2-1
illustrates the
lab topology you can use to study most of the areas mentioned in the
preceding list.
preparation.
Figure 2-1. CCNP Home Lab Topology
Table of Contents
Index


ISBN: 1-58720-073-2
Several
key components are required to model the remote-access lab. The following list should
Pages: 528
be viewed more as a list of roles than a list of devices:
LANs: Switches/hubs and cables
WANs: Routers
and cables
Gain hands-on
experience
BCRAN exam.
Routers
Test
hosts
Prepare
forand
theapplications
CCNP 642-821 BCRAN exam and gain a better, practical understanding of
exam concepts
preparation.
Creating LANs
Some labs require host connections. For example, in Chapter 13, "Using AAA to Scale Access
Control in an Expanding Network," you need to test the configuration between the routers and
the AAA server. You can use several different methods to model LANs:
Table of Contents
Index
Using switches
CCNP Practical
Studies: Remote Access
Using hubs
Publisher:
Cisco
Press
Using an
Ethernet
crossover cable
If you ISBN:
will not
connect more than two devices, a common method is to use an Ethernet crossover
1-58720-073-2
cable.Pages:
In the
lab
environment, you can use this cable to connect two routers or to connect a
528
router to one host. An Ethernet crossover cable is just an RJ-45-to-RJ-45 patch cable, pinned out
in a crossover pattern. Figure 2-2 illustrates the pinouts (pins 1, 2, 3, and 6 are used) for an
Ethernet crossover cable.
BCRAN exam.Figure 2-2. Pinouts for an Ethernet Crossover Cable
exam concepts
preparation.
Creating WANs by Using a Cisco Router as a Frame

Relay Switch
You can configure any Cisco router with Cisco IOS Release 11.0 or later and at least two serial
of Contents
interfaces asTable
a Frame
Relay switch. Two interfaces are needed because the switch is primarily a
Index
data communications
equipment (DCE) device and requires two routers to serve as the data
CCNP
Practical
Studies: Remote
Access
terminal
equipment
(DTE) devices.
Because the Frame Relay switch is a DCE-only device, it
requires
DCE
serial
cables
as
well.
The most common way to provide Layer 1 WAN connectivity between routers is to connect a
female
V.35 DCE cable to a male V.35 DTE cable. In any back-to-back configuration, you need to
Pub Date:
2003 of the link sets clocking. To configure an interface's clock rate, use
ensure
that December
one side22,(DCE)
ISBN:
1-58720-073-2
theclock rate [value] command. Example 2-1 shows how to set the clocking on a serial
interface.
Pages: 528
Example 2-1. Configuring the Clock Rate on a DCE Interface

BCRAN exam.
fr_switch(config)#interace serial 1
Prepare for the CCNP 642-821
BCRAN
exam and gain a better, practical understanding of
fr_switch(config-if)#clock
rate
?
exam concepts
Speed (bits per second)
1200
2400
4800
821
BCRAN exam and for workplace challenges in implementing remote access network
19200 setting, this book is useful in preparing a CCNP candidate for the general exam
network
38400 in preparing candidates for the new simulation-based questions that are on the Cisco
essential
56000 regardless of certification interest.
concepts,
64000
Each
chapter includes a review of the applicable technology, and guides the reader through
72000
office-based
lab, a remote-accessible lab, some networking simulation software programs, or
125000
148000
preparation.
250000
500000
800000
1000000
1300000
2000000
4000000
Table of Contents
Index

<300-4000000>
Choose clockrate from list above

ISBN: 1-58720-073-2
Pages: 528
These cables can be ordered from Cisco Systemspart number CAB-V35MT for the V.35 male
DTE cable and part number CAB-V35FC for the female DCE cable. When the cables are
connected in a back-to-back mode, sometimes it can be difficult to tell which one is the DCE
cable. The show controller command specifies the cable type and whether the cable is DCE or
DTE.Example 2-2 shows the output of show controller, where you can tell what the interface
Gain
hands-on
of the
CCNP
Remotethe
Access
topics
with 0lab
scenarios
forcable.
the new
type is.
As you experience
can see from
example,
interface
serial
is a
V.35 DTE
Use642-821
V.35
BCRAN
exam.
cables whenever possible because of their flexibility in a lab environment.
Example
2-2. show controller Command
exam concepts
Router#show controller serial 0
HD unit 0, idb = 0xCED94, driver structure at 0xD3B18
buffer size 1524 HD unit 0, V.35 DTE cable
exam
for workplace
cpb BCRAN
= 0xE2,
eda and
= 0x4140,
cda =challenges
0x4000 in implementing remote access network
network
this
book is at
useful
in preparing a CCNP candidate for the general exam
RX ring setting,
with 16
entries
0xE24000
essential
in preparing
candidates fords=0xE2DDB0
the new simulation-based
questions that are on the Cisco
00 bd_ptr=0x4000
pak=0x0D66F0
status=80 pak_size=0
office-based
lab, a
a remote-accessible
networking
Configuring
Cisco Router lab,
as asome
Frame
Relaysimulation
Switchsoftware programs, or
To configure Frame Relay switching, you must perform the following tasks:
preparation.
Step 1. Enable Frame Relay switching.
You do this with the global configuration command frame-relay switching.
Step 2. Configure the interface LMI and the Frame Relay interface type.
You need to set the encapsulation to Frame Relay with the encapsulation frame-relay
command, and you must set the LMI type with the frame-relay lmi-type [ansi | cisco |
q993a] command from the interface prompt. To continue configuring the Frame Relay
interface, add the frame-relay intf-type dce command. Because the interface is DCE,
you also need to use the clock ratebps command. The bps values range from 1200 to
8000000.
Step 3.
Configure PVCs with the frame-relay route command.
Table of Contents
Index
You do this with the interface command frame-relay route [16-1007]inbound_DLCI

interfaceoutbound_serial_interface [16-1007]outbound_DLCI. This command creates a
ByWesley
Shuo
Bokotey, Raymond
Morrow
Konda
PVC
on,Dmitry
the interface
and maps
it to,Deviprasad
another interface.
Figure
2-3 shows
the
used in this example. It highlights the network from a hardware
Pub Date:
December
22,diagram
2003
and service
provider
perspective.
The Frame Relay switch has two V.35 DCE cables to two
ISBN: 1-58720-073-2
routers, R1 and R2. These two routers have V.35 DTE male cables connected to their Serial 0
Pages: 528
ports. You configure a PVC with DLCI 110 on Serial 0 mapping to DLCI 120 on Serial 1. Other
types of cables, such as X.21 or RS232, can be used as well. Cisco also makes back-to-back
cable, which can save you a lot of space when you build a lab at home.
BCRAN exam.
Figure 2-3. Basic Frame Relay Configuration
exam concepts
Example
2-3yourself
demonstrates
of these commands
and the
basic
configuration
Ready
for the the
newuse
simulation-based
questions
on the
CCNP
exams of a Frame
Relay switch.
applications.2-3.
Designed
as a topic-by-topic
guide
of howRelay
to applySwitch
Example
Configuring
a Basic
Frame
certification exams. Finally, itterminal
serves anyone wanting a guide to real-world application of these
fr_switch#configuration
Enter configuration commands, one per line. End with CNTL/Z.
implementation
of the technology. This
fr_switch(config)#frame-relay
switching
even
as a stand-alone guide.
fr_switch(config)#interface
serial 0
fr_switch(config-if)#encapsulation frame-relay
preparation.
fr_switch(config-if)#frame-relay intf-type dce
fr_switch(config-if)#frame-relay lmi-type ansi
fr_switch(config-if)#clock rate 128000
fr_switch(config-if)#frame-relay route 110 interface s1 120

fr_switch(config-if)#exit
fr_switch(config)#
fr_switch(config)#interface serial 1
Table of Contents
Index
fr_switch(config-if)#encapsulation
frame-relay
fr_switch(config-if)#frame-relay
intf-type
dce
, Deviprasad Konda
lmi-type ansi
fr_switch(config-if)#clock rate 128000

ISBN: 1-58720-073-2
Pages: 528
route 120 interface s0 110
fr_switch(config-if)#exit
BCRAN exam.
Example 2-4 shows the router's configuration in its entirety.
exam concepts
Example 2-4. Entire Frame Relay Configuration
fr_switch#show
running-config
Review set-up
CCNP Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642hostname
fr_switch
!
frame-relay
switching
!
interface Serial0
implementation
no ip addressof the technology. This step-by-step process can be executed on a home- or
even
as a stand-alone
guide.
encapsulation
frame-relay
All
of the topics
clockrate
128000
preparation.
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 110 interface Serial1 120
!
!
interface Serial1
no ip address
Table of Contents
encapsulation
Index frame-relay
128000
Byclockrate
Wesley Shuo, Dmitry
Bokotey, Raymond Morrow, Deviprasad Konda
frame-relay lmi-type ansi

frame-relay
intf-type dce
ISBN: 1-58720-073-2
Pages: 528 route 120 interface Serial0 110
frame-relay
!
!
no
ip classless
BCRAN
exam.
!
line exam
con 0concepts
line Experience
aux 0
line vty 0 4
login
!
end
preparation.
Creating Asynchronous, ISDN, PPP, DDR, Dial Backup,

AAA, and Security Labs
Figure 2-4 illustrates the topology you can use to practice asynchronous communication, PPP,
Table
of Contents
DDR, and dial
backup.
Index

Figure 2-4. Asynchronous, PPP, DDR, and Dial Backup Lab Topology
[View full size image]
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
You can use any Cisco router with an auxiliary port, a rolled RJ-45 cable, an adapter marked
Experience
concepts workand
in aany
realmodem
network
with
practice labs that
walk
"MODEM"
(Cisco how
part remote
numberaccess
CAB-25AS-MMOD),
that
is V.34-capable
or better
youthis
through
to build
lab. Iftheir
you implementation
have one of the following routers, you can also use a SCSI-II 68-pin
async port, an eight-to-one octopus cable, and a 25-pin adapter to build this lab:
Ready
Cisco 2509/2510
CCNPCisco
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 6422511/2512
applications.
Designed with
as a SCSI-II
topic-by-topic
of howasync
to apply
Cisco 2600/3600
68-pinguide
16/32-port
portremote access concepts in a real
The
part number
for thea octopus
cable is CAB-OCTAL-KIT.
It also
includes
head-shells
questions
by providing
of how remote
access
reallymodem
works. It
is also
for
any asynchronous
such
modems.
essential
in preparing devices,
candidates
foras
the
new simulation-based questions that are on the Cisco
It
might not
be feasible
to order ISDN
lines from your service provider. Getting two physical
concepts,
regardless
of certification
interest.
lines can prove costly, because there is an installation charge for the ISDN circuits, as well as the
ongoing
call charges
useof
and
ISDN within
your lab.
You
still might
want through
to do some
Each chapter
includesas
a you
review
thetest
applicable
technology,
and
guides
the reader
research
and find
ISDN cost for
your
location isprocess
reasonable
enough
for short-term
testing.
implementation
ofout
theiftechnology.
This
step-by-step
can be
executed
on a homeor
ISDN
simulators
also expensive, around
$800.
You might
be able tosoftware
pick up programs,
a secondhand
office-based
lab, are
a remote-accessible
lab, some
networking
simulation
or
ISDN
simulator
or evenguide.
rent one for a couple of months. Investing in an ISDN simulator is
even as
a stand-alone
definitely worthwhile if you are considering pursuing CCIE certifications such as
All of the topics on and
the new
642-821
BCRAN
Routing/Switching
Security
in the
future.exam are covered, providing comprehensive exam
preparation.
Cisco Secure Access Control Server software can be downloaded for evaluation from the Cisco
website. It offers centralized control from a web-based graphical interface to manage AAA
functionality.
Routers are the basic requirement for the CCNP remote-access lab. Three routers should be
enough for you to practice most of the areas covered in the CCNP Building Cisco Remote Access
Networks (BCRAN) exam.

Ideally, you should look for 2600XM routers. They are Cisco's current product line. They support
all the new technologies, such as VoIP and VPN acceleration through hardware, and they also
have software support to allow current Cisco IOS software images to be used. These are modular
routers that allow a number of different modules to be included.
Older routers such as the 2500 and the 4000/4500/4700 might also be an option. These routers
Table of Contents
are less expensive
than the 2600XM models and offer a range of interfaces. Memory restrictions
Indexmight hinder future proofing when newer processor- and memory-intensive

on these models
CCNP
Studies:releases
Remote Access
CiscoPractical
IOS software
are introduced.
All routers in the lab should have enough DRAM and Flash memory to load and use at least the
IP PLUS
IPSEC 56 Cisco IOS software feature set. This feature set has all the software functions
required for the CCNP remote-access lab, including IPSec.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
This chapter presented a lab topology that should allow you to practice most of the technologies
discussed in this book:
Table of Contents
Asynchronous
Index
PPP
ISDN BRI
DDR
Pub
ISBN: 1-58720-073-2
Frame Relay
Pages: 528
Dial backup
Queuing and compression
NAT
Gain hands-on
BCRAN exam.
AAA
Security
exam concepts
It can be quite expensive to build a home lab. However, if you intend to pursue other Cisco
certifications
such
as CCIE
in access
the future,
building
a home
labnetwork
can turnwith
out practice
to be very
costExperience
how
remote
concepts
work
in a real
labs
that walk
effective.
Many
companies
offer
online
rack-time
rental.
This
is
another
option
for
you
to
consider.
preparation.
Chapter 3. Modem Connections and

Operation Overview
of Contents
This
chapter Table
covers
Index
A Typical Modem Connection
DTE-to-DTE Wiring
Data
and
Pub
Date:Compression
December 22, 2003
Error Control
ISBN: 1-58720-073-2

Pages: 528
Wide-area communication takes advantage of the existing PSTN for data transfer by converting
digital signals into analog signals and vice versa for transmission over the PSTN. The device used
to accomplish such conversion is called a modem (short for modulator/demodulator).
This
concentrates
the following
topics:
Gain chapter
hands-on
experience on
of CCNP
Remotemodem-related
Access topics with
BCRAN exam.
A typical modem connection
DTE-to-DTE
wiring
exam concepts
Data
compression
and error
control
Experience
how remote
access
Configuring the modem (DCE)
preparation.
A Typical Modem Connection

The devices involved in a modem connection belong to one of two groups: data terminal
equipment (DTE) or data communications equipment (DCE).
Table of Contents
Index
NOTE
Interestingly, the Electronic Industries Association (EIA) defines DCE as data

communications equipment. However, the International Telecommunication UnionPub
Date: December 22, 2003Standards Sector (ITU-TSS, or ITU-T) defines DCE as data circuitTelecommunications
ISBN:
1-58720-073-2
terminating
equipment.
Pages: 528
Examples of the DTE devices are

Gain hands-on
PCs
BCRAN exam.
Routers
Prepare
for computers
Mainframe
exam concepts
DCE devices include
Modems
Channel service units/data service units (CSUs/DSUs)
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Communication
DTE
Devices
821 BCRAN exam and Between
for workplace
challenges
Communication
devices
accomplished
through
communication
between
network setting,between
this bookDTE
is useful
in is
preparing
a CCNP
candidate
for the general
examDCE
devices.
In
other words,
DTE-to-DTE
stages:
certification
exams.
Finally, itcommunication
serves anyoneinvolves
wanting three
a guide
to real-world application of these
Each DTE(1)-to-DCE(1)
DCE(1)-to-DCE(2)
DCE(2)-to-DTE(2)
Each of the three stages requires different cabling and configuration. The next section describes
preparation.
how the DTE-to-DCE interface defined by the EIA/TIA-232 standard works. (TIA stands for
Telecommunications Industries Association.)
DTE-to-DCE Communication
Out of the 25 pins available in a DB-25 connector, only eight are actually used for signaling to
connect a DTE to a DCE. The remaining 17 signals are disregarded. In turn, the eight utilized
signals can be divided into three categories. These categories and their corresponding signals
are described in Table 3-1.
Table of Contents
Index
Table 3-1. DTE-to-DCE Signals

By
Wesley Shuo, Dmitry Bokotey
, Raymond Morrow, Deviprasad
Konda
Category
Signal
Function
Data transfer
Transmit Data (TxD)
Receive
Pub Date: December 22,
2003
Data (RxD)
The DTE transmits data to the DCE.

The DTE receives data from the DCE.
ISBN: 1-58720-073-2
Pages: 528
Hardware flow
control
Ground (GRD) or pin 7 Provides the ground reference for voltage

measurements.
Request to Send (RTS) Indicates that the DTE has buffers available to
receive from the DCE.
Clear to Send (CTS)

Indicates that the DCE has buffers available to take
Gain hands-on experience of CCNP Remote Access
topics
with
data from
the
DTE.
BCRAN exam.
Modem control
Data Terminal Ready
The DTE tells the DCE that it can accept an
(DTR)
incoming call.
The DCE has established a carrier signal with the
exam conceptsCarrier Detect (CD)
remote DCE.
Data Set Ready (DSR) The DCE is ready for use (a pin is not used on
or pin 6
modem connections).
Modem Control Functions
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 modem
BCRAN exam
and
for workplace
in implementing
remote
access
network
The
control
category
signals challenges
are sent between
the DTE and
the DCE
to open
or close the
applications.They
Designed
as a topic-by-topic
of how
to apply
remote access
concepts
a real
connection.
also check
the connectionguide
status.
An existing
connection
termination
caninbe
network setting,
initiated
by a DTEthis
or book
a DCE.
essential
When
a termination
in preparing
is candidates
prompted by
forathe
DTE
new
device,
simulation-based
the access server
questions
dropsthat
the are
DTRon
signal.
the Cisco
The
certification
modem
mustexams.
understand
Finally,
that
it serves
the connection
anyone wanting
needs toaend
guide
when
to real-world
a DTR signal
application
is no longer
of these
concepts,Inregardless
present.
a DTE-initiated
of certification
termination
interest.
with an improperly configured modem control, the DTR
signal might not be dropped or recognized, and the modem might not hang up as a result.
implementation
When
a termination
of the
is initiated
technology.
by aThis
DCE
step-by-step
device, the modem
process must
can be
correctly
executed
reflect
on a the
homestate
or of
office-based
the
carrier with
lab,the
a remote-accessible
CD signal. The access
lab, some
servernetworking
recognizes simulation
that the CDsoftware
signal isprograms,
low and or
even as a drops
therefore
stand-alone
the connection.
guide.
During a DCE-initiated termination with an improperly
configured modem control, the CD signal might not be dropped or recognized, and you might
All of
thesomeone
topics onelse's
the new
642-821
BCRAN
exam are covered, providing comprehensive exam
get
into
modem
session
by mistake.
preparation.
DCE-to-DCE Communication
When a modem has data to send, the following sequence of events takes place:
1.
1. DTE data enters the sending modem via the TxD pin. When DTE sends data to a DCE and
the sending modem's buffer is nearly full, a DCE can control flow (via hardware) by
lowering the CTS signal. This way, the DTE knows not to use TxD.
2. Data is compressed. At the data compression stage, the sending and receiving modems
agree on the compression algorithm. A standard MNP 5 or V.42bis algorithm is used.
Table of Contents
packetized. The following tasks are performed:
3. Data is Index
a. Windowing
b. Checksum
Pub Date:
December 22, 2003
ISBN: 1-58720-073-2
c. Error control
Pages: 528
d. Retransmission
4. Data is modulated from digital into analog signals.
5. hands-on
Data is sent
over the of
telephone
network.
Gain
experience
CCNP Remote
Access topics with lab scenarios for the new 642-821
BCRAN exam.
When the receiving modem gets the data, it performs the same steps as just listed. Only this
time, the order is reversed and is as follows:
exam concepts
1. The signal is demodulated.
their implementation
2. you
The through
data is depacketized.
3. Review
The dataset-up
is decompressed.
yourself
for thetonew
4. Ready
The data
is delivered
thesimulation-based
destination DTE. questions on the CCNP exams
CCNP
Practical Studies:
Remote
Self-Study)
for the CCNP 642If the receiving
DTE is unable
to Access
receive(CCNP
data on
RxD, it canprepares
send an readers
RTS signal.
preparation.
DTE-to-DTE Wiring
This section examines the DTE-to-DTE wiring functions.
Table of Contents
When
theIndex
DTE-to-DTE Devices Are in the Same Vicinity
If two DTE devices such as a terminal and an access server are located close to one another, it
makes more sense to link them back to back instead of using a telephone network and two
DCEs. A regular EIA/TIA-232 cable cannot be used for such DTE-to-DTE links, because both DTE
Publisher:
Cisco
devices
send
on Press
TxD pin 2 and receive on RxD pin 3. In such instances, a null modem can
Pub
Date:
December
22, 2003
accomplish direct DTE-to-DTE
connections. With null modems, pins 2 and 3 are crisscrossed, as
ISBN:
1-58720-073-2
well as other corresponding pins of the DB-25 connector, and thus allow the DTEs to
communicate
Pages: 528with one another.
Alternatively, you can configure some devices, such as serial printers, to act as either a DTE or a
DCE. If a device is configured as a DCE, it transmits data on pin 3 and receives data on pin 2.
Such configuration forgoes a null modem connection and allows a DTE (such as a PC or server)
to be directly connected to a printer with a regular EIA/TIA-232 cable.
BCRAN exam.
RJ-45 Wiring and Cables

concepts
RJ-45exam
connectors
are used for the following ports:
you
through their implementation
Console
Review
set-up guides that show you how to prepare a lab for study
Asynchronous
Ready
Auxiliary
CCNP
Practicaldefine
Studies:
Remote
Access
(CCNPbut
Self-Study)
prepares
the were
CCNPto
642No
standards
RJ-45
interface
pinouts,
Cisco defines
them readers
as DTE. for
If you
cable
821 access
BCRANserver
exam port
and for
workplace
challenges
in implementing
remote access
network
the
(RJ-45)
to an external
device
(modem or terminal),
you would
need RJapplications.cable
Designed
as a
topic-by-topic guide
of how
to apply remotecable
access
in aor
real
45-to-RJ-45
and an
RJ-45-to-DB-25
adapter.
An RJ-45-to-RJ-45
canconcepts
be rollover
network setting, this
book iscable
usefulhas
in preparing
a CCNP as
candidate
for2 the
general
straight-through.
A rollover
its pins reversed,
in 1 to 8,
to 7,
and soexam
on. A
better
understanding
how
is 2also
straight-through
cable, aon
the other
hand, has of
the
pinsremote
going access
straightreally
in a 1works.
to 1, 2Itto
fashion.
certification
exams.
serves
anyone
wanting
a guide
real-world
application
ofsame
these
To
find out which
of Finally,
the two ittypes
of cable
you
have, hold
the to
two
connector
ends of the
concepts,
of certification
interest.
cable
side regardless
by side. Check
the color-coded
wires inside the connector. Straight-through cable
wires are the same color for the same pins on both connectors. A rolled cable has the wire colors
Each
includes aflipped,
reviewas
of shown
the applicable
on thechapter
two connectors
in Figuretechnology,
3-1.
Figure 3-1. Identifying Rollover Cable
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
The octal
cable
used for
for the
the new
asynchronous
port connections
as a exams
rolled cable.
Ready
yourself
simulation-based
questionsfunctions
on the CCNP
An
RJ-45-to-DB-25
adapter
can Access
be either
rollover
or straight-through.
For instance,
a male
or
CCNP
Practical Studies:
Remote
(CCNP
Self-Study)
prepares readers
for the CCNP
642female
DTE
adapter
(MDTE
or
FDTE)
is
straight-through.
A
male
or
female
DCE
adapter
(MDCE
or
FDCE) is rolled.
A male
(MMOD)guide
adapter
is rolled
and remote
is the only
oneconcepts
that supports
applications.
Designed
as amodem
topic-by-topic
of how
to apply
access
in a real
modems.
In
it,
the
MDCE
connectors
are
changed
so
that
DB-25
pin
8
instead
of
6 is wired to
network setting, this book is useful in preparing a CCNP candidate for the generalpin
exam
DSR.
The auxiliary and console ports are configured as DTE devices on Cisco access servers. Terminals
(such as PCs) are also DTE devices. Two DTE devices cannot be directly connected unless the
signals are rolled exactly once. So you must either roll the pins in the cable or in the DB-25
adapter,
but not
both. aTo
directly
two DTE
devices, you
use the
either
of these
formulas:
Each chapter
includes
review
of connect
the applicable
technology,
andcan
guides
reader
through
office-based
lab, a RJ-45
remote-accessible
lab,DB-25
some networking
simulation software programs, or
DTE + rolled
cable + straight
adapter + DTE
DTE + straight RJ-45 cable + rolled DB-25 adapter + DTE
preparation.
DTE-to-DCE Wiring
A DTE-to-DCE connection should not have rolls. The same effect can be achieved with having
two rolls and the connector. Cisco routers come with a kit for console and auxiliary port cabling.
The kit includes the following:

RJ-45-to-RJ-45 rollover cable
RJ-45-to-DB-9 female DTE adapter (labeled "TERMINAL")
RJ-45-to-DB-25 female DTE adapter (labeled "TERMINAL")
Table of Contents
RJ-45-to-DB-25
male DCE adapter (labeled "MODEM")
Index
The RJ-45-to-DB-9 female DTE adapter is typically used to connect a PC being used as a console
terminal. The RJ-45-to-DB-25 female DTE adapter is used to connect a terminal to the console or
auxiliary port. The RJ-45-to-DB-25 male DCE adapter is used to connect the auxiliary port to a
Publisher:
Cisco
Press
modem.
Table
3-2
describes the port types for console and auxiliary ports on Cisco routers.
ISBN: 1-58720-073-2
Pages: 528
Table 3-2. Port Types for Console and Auxiliary Ports on Cisco Routers
Routers
DB-25
RJ-45
BCRAN exam.
Console port
DCE
DTE
Prepare
exam and gain a better,DTE
practical understanding of
Auxiliary
portfor the CCNP 642-821 BCRAN
DTE
exam concepts
preparation.
Data Compression and Error Control

Data compression results depend on the type of data being compressed. Some types, such as
ASCII files, can be compressed quite a bit. Other types of data can compress only a little. Even
though certain software applications can be used to achieve data compression, normally it's
Table
of operation
Contents up to the modem. This is because modem hardware compression
better to leave
this
Index
algorithms are faster than the ones used by host software.
Compression
normally
works
with error-correction
Error detection and correction
ByWesley Shuo, Dmitry
Bokotey
, Raymond
Morrow, Deviprasadalgorithms.
Konda
techniques can be used to guarantee data integrity at any transmission speed. Two examples of
such techniques are
Microcom
ISBN: 1-58720-073-2
Networking Protocol (MNP)
Pages: 528
Link Access Procedure for Modems (LAP-M)

V.42bis and MNP5 are the compression algorithms that commonly operate over LAP-M or MNP4
correction. The V.42 and V.42bis compression algorithms can be implemented in V.32 and V.34
modems as well as in other equipment with lower speed capability. In theory, V.42bis can
Gain
hands-on
of ration.
CCNP Remote
Access
topics with
scenarios
for the new 642-821
provide
the 4:1experience
compression
However,
in practice,
this lab
is rarely
accomplished.
BCRAN exam.
V.42bis compression is achieved when both communicating modems agree to use it. In such
instances, the software compression option should be turned off. If hardware compression is
the CCNP
642-821
better,
practical
used,Prepare
the datafor
transfer
between
the BCRAN
DTE andexam
DCE and
can gain
occuraat
a higher
speed.understanding of
exam concepts
Modem
Modulation
Standards
you through
guides
that show
you how to
prepare aaslab
for study
ITU-TReview
definesset-up
a number
of modem
modulation
standards,
shown
in Table 3-3.
Ready
yourself
questions
the own
CCNP
exams of modems.
On top
of various
ITUfor
standards,
manufacturers have
devisedon
their
versions
This causes some interoperability issues among different kinds of modems, even when the
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642modems come from the same vendor.
essential in preparing candidates
the new
simulation-based
Tablefor
3-3.
Modulation
Standards
Standard
Description
V.32bis
Finalized
in July 1991.
implementation
of the technology.
This step-by-step process can be executed on a home- or
office-based
lab,
a
remote-accessible
V.34
Finished in June 1994. lab, some networking simulation software programs, or
V.34 annex Supports 33.6 Kbps transmit and receive operation. If compression is used, a
All
on the new rate
642-821
exam
are
covered, ifproviding
comprehensive
12of the topics
transmission
of upBCRAN
to 133.8
Kbps
is possible
the PC can
deal with thisexam
preparation. speed.
V.90
The 56 Kbps standard is the most recent one. Most modem manufacturers now
have products that meet this standard. This is despite the fact that a data rate of
53 Kbps is the maximum permitted within the U.S.
When V.34 modems are properly configured, they can adapt to line conditions. Initially, two
modems attempt to establish a call at 28.8 Kbps. If this transmission speed isn't possible
because of line conditions, the modems can continue to reduce the speed in 2.4 Kbps increments
all the way down to a minimum speed of 2.4 Kbps. By the same token, the modems try to
increase the speed when line conditions improve.
In contrast, older modems can negotiate a fixed transmission rate only during handshaking, thus
continuing
transmission
at the speed agreed to at the outset by the two modems. This situation
Table of Contents
might
result
in
a
connection
failure if an older modem's line becomes particularly bad. If the line
Index
quality
improves
down
the
road,
older modems still can't take advantage of greater bandwidth.
By
Wesley
Shuo
, DmitryisBokotey
, Raymond
Morrow, Deviprasad
Konda
The
access
server
unaware
of modulations,
because
it is
only directly involved with DTE-toDCE communication. However, the access server-to-modem speed must consider the modulation
speed
Publisher:
and compression
Cisco Press
ratio to achieve the best end-to-end performance.
ISBN: 1-58720-073-2
Pages: 528
The Relationship
Between Modem Speeds and Compression Ratios
DCE-to-DCE speed is modem-to-modem communication speed across the telephone network.

DTE-to-DCE speed is the communication speed between the computer and the modem attached
to it. If you want to gain maximum benefits from compression, the PC should clock the modem
at
its hands-on
speeds equal
to the potential
ratio.
In a
PC,lab
thescenarios
DTE should
modem
at
Gain
experience
of CCNP compression
Remote Access
topics
with
for set
thethe
new
642-821
its
fastest
rate to take advantage of compression.
BCRAN
exam.
The EIA/TIA-232 serial interface (COM port), found on PCs and some Macs, is sometimes used
Prepare for
the CCNP 642-821
BCRAN
exam and
gain a and
better,
with Universal
Asynchronous
Receiver
Transmitters
(UARTs)
character-oriented
exam concepts
communication
packages. However, these features are unreliable at higher data rates, and the
speed of the interface might fall a good deal short of the full potential of V.34.
you through
If a modem
isn't configured
properly, it might automatically alter DTE-DCE speeds so that they
match DCE-DCE speeds. This is often called speed mismatch. You can prevent speed mismatch
Review
guides
thatso
show
how to the
prepare
laboriginally
for studyconfigured. This speedby locking
theset-up
DTE-DCE
speed
thatyou
it remains
sameaas
locking procedure is called speed conversion. It is also known as port-rate adjustment or
Ready
buffered
mode.
CCNP
Practical
Studies:
Remote
Access (CCNP
the CCNP 642Table 3-4
lists the
maximum
theoretical
speedsSelf-Study)
possible forprepares
selectedreaders
modemfor
modulation
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
standards. You can also see the possible speeds where V.42bis compression is used with the
applications.
same standards.
concepts,
of certification
interest.
Tableregardless
3-4. Maximum
Theoretical
Speeds for Modulation Standards
Standard Speed
Speed
with 4:1 V.42bis
Compression
implementation
of theMaximum
technology.
This step-by-step
process
V.90
56000 224000
V.34
28800 115200
V.32 turbo 19200 76800
preparation.
V.32bis
14400
57600
V.32
9600
38400
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

In this portion of the chapter, you will learn about the tasks involved in configuring the modem:
Connecting
Tableto
of the
Contents
modem (DCE)
Index
Basic modem
CCNP Practical
Studies:configuration
Remote Access
Modem autoconfiguration

Connecting
to the Modem (DCE)
ISBN: 1-58720-073-2
Pages: 528
Asynchronous dial-up involves the use of analog modems to convert data into streams of
information that can be carried over phone lines. These modems can be attached externally, as
with the Cisco 2511 access server, or they can be integrated into the product, as with Cisco
AS5200 series access servers. The line that connects the modem can be a physical asynchronous
line (external modem) or a virtual line inside an integrated modem module (integrated modem).
In
the following
BCRAN
exam. sections, you will learn to
Differentiate
between
a forwardBCRAN
and reverse
connection
to a modem
Prepare for the
CCNP 642-821
exam and
gain a better,
exam concepts
Configure a reverse-Telnet session
Configure
line
types
you through
their
implementation
Differentiating Between a Forward and Reverse Connection to a Modem

Cisco
servers
support
twoAccess
types of
connections
to a prepares
modem: incoming
asynchronous
line
CCNP access
Practical
Studies:
Remote
(CCNP
Self-Study)
readers for
the CCNP 642(forward)
and
outgoing
asynchronous
line
(reverse).
A
user
who
dials
into
an
access
server
from
a
remote terminal
through
asynchronous
line of
makes
a forward
connection,
a userin
who
applications.
Designed
as aan
topic-by-topic
guide
how to
apply remote
accessand
concepts
a real
connects
through
an
access
server
to
an
attached
modem
to
configure
that
modem
makes
a
reverse
connection,
known
as reverse
Telnet. of how remote access really works. It is also
questions
by providing
a better
understanding
A host can make reverse-Telnet protocol connections to devices attached to a Cisco access
server. Different port numbers (20xx, 40xx, and 60xx) are used for different device types. This is
because each type has its own unique data type and protocol negotiations. The remote host
must
specify aincludes
particular
TCP port
on the
router to
connect with
lines
or athrough
rotary
Each chapter
a review
of the
applicable
technology,
andindividual
guides the
reader
group.
For
example,
the
remote
host
might
make
a
reverse-Telnet
connection
to
the
modem
implementation of the technology. This step-by-step process can be executed on a homeor
using
port
2097.
The
TCP
port
number
2097
specifies
a
Telnet
connection
(TCP
port
2000)
office-based lab, a remote-accessible lab, some networking simulation software programs, to
or line
97.
For
the
Telnet
the 642-821
base TCPBCRAN
port forexam
individual
lines is 2000,
and comprehensive
the base TCP port
for
All of
the
topicsprotocol,
on the new
are covered,
providing
exam
rotary
groups
is
3000.
If
the
service
provided
is
the
raw
TCP
protocol
(no
Telnet),
the
base
TCP
preparation.
port for individual lines is 4000, and the base TCP port for rotary groups is 5000. Telnet protocol
(binary mode) uses 6000 as the base TCP port for individual lines and 7000 as the base TCP port
for rotary groups. The Xremote protocol uses 9000 as the base TCP port for individual lines and
10000 as the base TCP port for rotary groups.
You need to use the transport input command to specify which protocol to use when
connecting to a line using reverse Telnet:
Table of Contents
Index
Router(config-line)#transport input {all | lat | mop | nasi | none | pad |

rlogin | telnet | v120}

ISBN: 1-58720-073-2
Pages: 528
For example, if you enter the command transport input all, all possible command option
protocols can be used for the connection. The command options are lat | mop | nasi | none |
pad | rlogin | telnet | v120. Each command option protocol can also be specified individually.
Configuring
a Reverse-Telnet Session
BCRAN exam.
The EXEC commands described in this section allow you to initiate and control a reverse-Telnet
session.
Prepare
You use
for the telnet
CCNP 642-821
command
BCRAN
to make
exam
a Telnet
and gain
connection
a better,topractical
a host or
understanding
to a particularof
port on
exam
a host:
concepts
Router#telnet [host] [port] [/debug]
You can specify the target host either by host name or by IP address. You can use the optional
debug switch to obtain more-detailed information about the connection. If you simply enter the
name
of the host
to which
you want
make a connection,
the
system
tries
establish
a Telnet
Each chapter
includes
a review
of thetoapplicable
technology,
and
guides
the to
reader
through
session
with
that
host
by
default.
The
interface
through
which
the
connection
is
made
provides
the
source IPlab,
address
for the connection.
office-based
a remote-accessible
lab, some networking simulation software programs, or
You use the disconnect command to cut off a particular session or all sessions:
preparation.
Router#disconnect [session-number]
Also, you can put the current session on hold by pressing Ctrl-Shift-6 followed by x.
Table of Contents
Index
Configuring
Line Types
CCNP Practical Studies:
Remote Access
Access servers use four different line types:

Pub
Date:(console
December 22,
2003
CON
port)
All Cisco routers have a console port. This port corresponds to line
0ISBN:
on all
routers.
1-58720-073-2
Pages: 528
AUX (auxiliary port) Most Cisco routers have an auxiliary port. Its number matches up
to the line right after the last TTY line on the router.
TTY (asynchronous port) TTY lines and asynchronous interfaces correspond on a oneto-one basis. In other words, a TTY line of TTYn corresponds to line number n. Only access
Gain hands-on
experience
servers have
TTY lines.
BCRAN exam.
vty (virtual terminal) vty lines are virtual lines normally associated with incoming
Telnet sessions. They are dynamically assigned to the synchronous interfaces. The actual
Prepare
for the
CCNP 642-821
BCRAN
and gain line
a better,
of
line the vty
corresponds
to is given
by exam
the expression
= last_tty_line
+ 2 + m, where
exam
concepts
m equals the number of the vty line. For instance, on a router with 16 TTY ports, the vty 4
line corresponds to line 22.
you through
A connection
to a specific
access server line is valuable when that line has a dial-out modem,
parallel printer, or serial printer attached to it. To establish a connection to such a line, the
remote host or terminal should specify a particular TCP port on the access server. For example,
if you were to make a Telnet connection to line 97 (2000 + 97), you would need to enter telnet
ip-address2097.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Theshow line command displays status information on all line types:
Router#show
line
[line-number] lab, some networking simulation software programs, or
office-based lab,
a remote-accessible
preparation.
If you want more-detailed information on a particular line (such as baud rate, modem state, and
modem hardware state), you need to specify the line-number when issuing this command.
Example 3-1 shows the output from the show line command. The absolute line numbers are
displayed in the Tty column. The next column (Typ) shows the type of line assigned to each line
numberCTY, TTY, AUX, vty, or LPT. The line speed associated with each line is shown in the
Tx/Rx column. For example, the AUX line can transmit and receive at 9600 bps. The line's
autoselect state is shown in the column labeled A. A value of F indicates that autobaud has been
configured for the line, and a hyphen indicates that it has not.
Example 3-1. show line Command Output
Table of Contents
Index
Router#show
line Remote Access
Tty Typ
*
Tx/Rx
Publisher:
0 CTYCisco Press
A Modem
Roty AccO AccI
Uses
Noise
Overruns
Int
0/0
0/0
66 vty
0/0
67 vty
0/0
65ISBN:
AUX1-58720-073-2
9600/9600
Pages: 528
68 vty
0
0
0/0
BCRAN exam.
69 vty
0
0
0/0
70
vty for the CCNP 642-821
- BCRAN -exam-and gain
- a better,
0
0
0/0
Prepare
practical
understanding
of
exam concepts
The type of modem signal configured for the line can be callin, callout, cts-req, DTR-Act, inout,
Review
set-up
show you
how togroup
prepare
a lab forfor
study
or RIisCD.
The
Roty guides
columnthat
indicates
the rotary
configured
the line. If an output or
input access list is configured for the line, it is shown in the AccO and AccI columns, respectively.
Ready
yourself
for the
simulation-based
questions
on the CCNP
exams
The Uses
column
shows
the new
number
of TCP connections
established
to or from
a line since the
system was restarted. The system also reports on the number of times noise has been detected
CCNP
Practical
Studies:
Remote
Access
(CCNP Self-Study)
prepares
readers
for
CCNP 642on each
line since
the last
restart.
The Overruns
column indicates
the
number
ofthe
hardware
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
(UART) overruns and software overflows that have occurred on each line since the last system
applications.
Designed
as a are
topic-by-topic
guide of how
to apply
access
a real
restart. Hardware
overruns
buffer overrunsthey
occur
whenremote
the UART
chipconcepts
receives in
bits
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
from the software faster than it can process them. Conversely, software overflows occur when
questions
by receives
providingbits
a better
understanding
of how
remote
really
works. It is also
the software
from the
hardware faster
than
it canaccess
process
them.
Basic Modem Configuration
implementation
of the
technology.
This step-by-step
process
canofbethe
executed
on a
homeThis portion of the
configuration
section
introduces you
to some
beginning
stages
ofor
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
modem configuration:
All of Interface
the topicsconfiguration
preparation.
Modem configuration using standard AT commands
Nonstandard modem commands
Chat-script configuration
Configuring an Interface
Theinterface async command and the line command are used to configure an asynchronous
port. The interface async command lets you configure the protocol or logical aspects of the
asynchronous port. The line command lets you configure the physical aspects of the same port.
You use the interface async command to configure internal characteristics, such as protocol
encapsulation
Table
andofauthentication
Contents
schemes. But you use the line command to configure external
characteristics
such as the basic modem-related parameters on an access server.
Index
To make a successful asynchronous connection, you need to configure both the modem and the
access server. You need to have the modem
Perform
hardware
flow
Pub
Date: December
22, 2003
control
ISBN: 1-58720-073-2
Hang up when you quit a session

Pages: 528
Lock DTE speed

You should also have the Carrier Detect (CD) signal accurately reflect the carrier state.
On
the
access server,
you need
to configure
the linetopics
to which
is attached.
You
begin
Gain
hands-on
experience
of CCNP
Remote Access
withthe
labmodem
scenarios
for the new
642-821
by
using
the
line
command
to
specify
the
particular
line
being
configured:
BCRAN exam.
exam concepts
Router(config)#line [aux | console | tty | vty]line-number [ending-line-number]
You use the login command to set a login password on the line. This prevents unauthorized
connection on the line:
Router(config-line)#login
preparation.
You specify the password using the password command:
Router(config-line)#password
string
Table of Contents
Index

You configure flow control on the line using the flowcontrol command:
ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on experience of CCNP Remote
topics with
lab scenarios
for the
new 642-821
Router(config-line)#flowcontrol
{noneAccess
| software
[lock]
[in | out]
| hardware
BCRAN exam.
[in | out]}
exam concepts
Because
flow control
(xon and xoff characters) is not recommended for modems used
yousoftware
through their
implementation
with Cisco routers, use this command to specify that Request to send (RTS) and Clear to send
(CTS)Review
signalsset-up
will beguides
used to
control
on the
linefor
by study
setting flowcontrol
that
showthe
youflow
howoftodata
prepare
a lab
hardware.
Getting the modem to lock DTE speed ensures that the modem will always communicate with the
access
server atStudies:
the specified
speed.
You
use the
speed command
set both
and
CCNP Practical
Remote
Access
(CCNP
Self-Study)
preparestoreaders
forthe
thetransmit
CCNP 642receive
speed:
821 BCRAN
office-based
lab, a remote-accessible
Router(config-line)#speed
bps
preparation.
Thespeed command lets you set the maximum transmit and receive speed between the
modem and the access server. The chosen speed value needs to be expressed in bps.
You use the transport input all command if you want every protocol to be passed to the access
server through the line.
Thestopbits command allows you to set the number of stop bits transmitted per byte:
Table of Contents
Index
Router(config-line)#stopbits {1 | 1.5 | 2}

You use
the1-58720-073-2
modem command to configure the type of modem signal for the line:
ISBN:
Pages: 528
BCRAN exam.
Router(config-line)#modem
inout
exam concepts
If you specify a value of inout, the line uses the modem for both incoming and outgoing calls.
ReadyModem
yourself AT
for Commands
the new simulation-based questions on the CCNP exams
Standard
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Modem
vendors
alland
have
own unique
set ofin
modem
commands.
However,
821 BCRAN
exam
fortheir
workplace
challenges
implementing
remote
access several
networkmodem
attention
(AT)
commands
are
common
to
most
of
them.
The
AT
command
syntax
is
in a real
ATargument.
The
modem
command
prefix
"AT"
may
be
in
uppercase
or
lowercase,
but not
mixed
case.
characters
thatunderstanding
follow the "AT"ofare
treated
asaccess
commands,
anyItcharacters
questions
byAny
providing
a better
how
remote
really and
works.
is also
preceding
it
are
ignored.
The standard command for loading factory default settings is AT&Fargument. The factory
default settings are read-only. The argument can have a value of 0, 1, or 2, where 1 is the
default.
S-registers are low-level modem service registers. You can modify modem behavior by setting
numeric values in various modem control registers. The S0 (answer on ring) command, for
instance, sets the modem to answer a call on a particular ring when it is in auto-answer mode.
Its
command
syntax
is new
ATS0=argument.
Theexam
command
ATS0=1
sets a modem
to automatically
All of
the topics
on the
642-821 BCRAN
are covered,
providing
comprehensive
exam
answer
all
incoming
calls
on
the
first
ring.
preparation.
For lines configured with caller ID, automatic answering on the second ring is recommended.
You use the command AT&C1 to get the CD signal to accurately reflect line state. Its command
syntax is AT&Cargument. Specifying 1 (the default value) as the argument causes the modem
to send the CD signal when it connects with another modem and to drop the signal when it
disconnects.
The command AT&D controls the Data Terminal Ready (DTR) signal from the DTE to the
modem. Its command syntax is AT&Dargument. The standard command for getting the modem
to hang up at DTR low is AT&D3.
The characters +++ are used to put a modem in command mode. If you issue this command at
the near-end modem, it is transmitted to the far-end modem. If the far-end modem tries to
interpret it, this might cause the connection to hang. You can overcome this common bug by
of Contents
entering the Table
ATS2=255
or ATS2=128 commands at the far-end modem. The function of the S2
(escape codeIndex
character) command is to store the ASCII decimal code for the escape code
CCNP
Practical
Remote
Access
character.
ItsStudies:
command
syntax
is ATS2=argument.
You can get a modem not to echo keystrokes to DTE in command mode by using the command
ATE0. You can turn echo back on by entering RATE or RATE1 (1 is the default value).
Date: December 22,

2003
ThePub
ATM(speaker)
command
is used to control a modem's speaker. Its command syntax is
ATMargument.
ISBN: 1-58720-073-2
The default argument is 1, which means that the speaker is on during dial-string
execution
Pages:and
528 remains on until a carrier is detected or the modem goes on hook. The standard
command for turning off external audio output from the modem is ATM0.
TheATZ command returns the Cisco modem user interface to its default state and re-executes
the initialization string. ATZ99 returns to the standard Cisco IOS software user interface (EXEC)
mode.
BCRAN exam.
Nonstandard Modem Commands

exam concepts
In addition
to standard modem commands, a number of nonstandard commands are essential
for modems attached to Cisco routers. Let's take a look at some of these commands and how
Experience
remote
access
concepts
work in a real network
with
labs that
walk
they are
used byhow
three
prominent
modem
vendorsMicrocom,
Hayes,
andpractice
U.S. Robotics
(USR).
Any modem attached directly to a Cisco router needs to be configured for hardware flow control.
Review set-up
guides
that show
you howwhere
to prepare
lab for study
USR modems
use the
command
AT&H1&R2,
&H1 a
(transmit
flow control) enables
hardware flow control (CTS) and &R2 (receive hardware flow control) instructs the modem to
theif new
questions
the CCNP
exams are used to set
send Ready
data toyourself
the DTEfor
only
RTS simulation-based
is asserted. The AT\Q3
andon
AT&K3
commands
hardware flow control on Microcom and Hayes modems, respectively.
BCRAN exam
and
forneeds
workplace
in implementing
remote
access
network
The modem's
serial
port
to be challenges
set to a fixed
data-transfer rate.
This
means
locking the
applications.
Designed
as
a
topic-by-topic
guide
of
how
to
apply
remote
access
concepts
a real
DTE speed to prevent it from being negotiated down during the initial call setup. You use in
the
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
DTE data rate command AT&B1 to lock the DTE speed on a USR modem. Specifying 1 as the
questions
providing
a better
understanding
of how
remote
access
really
works. It
also
command by
argument
sets
the DTE
interface to follow
the
DTE data
rate,
regardless
of is
the
DCE
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
the
Cisco
connection rate. Microcom and Hayes lock the DTE speed using AT\J0 and AT&Q6,
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of
these
respectively.
You need to set the type of error control used on the modem. For a USR modem, you use the
Each
chapter
includes
a review automatic
of the applicable
technology,
and guides
the reader
command
AT&M4
to configure
selection
between V.42,
MNP error
control,through
and a nonimplementation
of
the
technology.
This
step-by-step
process
can
be
executed
on a
home-isor
error-controlled data link. In this case, 4 is the default argument. When no error
control
office-based
lab, aorremote-accessible
some networking
simulation
software
programs,
or
selected, an MNP
V.42 link request lab,
is ignored.
The equivalent
Microcom
and Hayes
commands
even
as
a
stand-alone
guide.
areAT\N6 and AT&Q5, respectively.
All
the topics
on the
BCRAN exam
are covered,
providing
comprehensive
exam
Youofneed
to ensure
thatnew
the 642-821
best compression
algorithm
negotiated
between
two communicating
preparation.
modems is used. For a USR modem, you use the command AT&K1 to configure automatic
selection/deselection of Microcom Networking Protocol (MNP) level 5 or V.42bis data
compression. This assumes that an MNP or a Link Access Procedure for Modem (LAPM) link has
been established. Data compression is enabled only if the DTE data rate is higher than the link
rate and the remote DCE supports either the MNP level 5 option in the MNP link request or
V.42bis in the LAPM link request. The compression commands used by Microcom and Hayes are
AT%C1 and AT%Q9, respectively.

Show configuration commands allow you to display current modem settings. The USR modem
inquiry command ATI4 gets the modem to send one screen of data to the DTE. The display
indicates the settings for DTE band rate, parity, word length, S-register values, dial type, AT
commands, and so on. AT/S1 and AT&V are the equivalent commands on Microcom and Hayes
modems, respectively.
Table of Contents
You need to be
able to save any changes to the modem's configuration to its own nonvolatile
Index
RAM (NVRAM).
Microcom, Hayes, and USR all use the command AT&W to achieve this.
You
can Shuo
use ,aDmitry
modem's
Help
command
to,Deviprasad
display all
the AT commands for that modem.
By
Wesley
Bokotey
, Raymond
Morrow
Konda
Microcom and Hayes both use AT$H, whereas USR uses AT$.
Initialization strings are used to send commands to modems before they dial out. No strings are
required
when you dial into a modem.
ISBN: 1-58720-073-2
Pages: 528
Configuring Chat Scripts

Asynchronous modems are not standard. This means that for optimal configuration, you must
write custom chat scripts to perform certain tasks. A chat script is a string of text. It defines the
Gain
hands-on
experience
of CCNPtwo
Remote
Access topics
with lab
scenarios
the new
642-821
handshaking
that
occurs between
DTE devices
or between
a DTE
and itsfor
directly
attached
BCRAN
exam.
DCE (for example, an access server and a modem).
Here is the syntax for the chat-script command:
exam concepts
Router(config)#chat-script
send-string
CCNP Practical Studies: Remotescript-name
Access (CCNPexpect-string
Self-Study) prepares
readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
A
chat script
consists of
expect-send
thatsimulation-based
define the stringquestions
that the local
expects
essential
in preparing
candidates
for pairs
the new
that system
are on the
Ciscoto
see
from theexams.
remoteFinally,
device and
the reply
thatwanting
the local
system
send.application of these
certification
it serves
anyone
a guide
toshould
real-world
Example 3-2 demonstrates a chat script. The chat script name is defined as dial. The expectsend
ABORT
ERROR
stopsofthe
script iftechnology,
an error occurs.
The expect-send
""
Each pair
chapter
includes
a review
thechat
applicable
and guides
the reader pair
through
"ATZ"
sends theofAT
command
to the
modem
to resetprocess
it usingcan
thebe
stored
profile.
empty
implementation
the
technology.
This
step-by-step
executed
on The
a homeor
expect
stringlab,
means
that this task is performed
expecting
an input
string.
OK "ATDT
office-based
a remote-accessible
lab, some without
networking
simulation
software
programs,
or
\T"
that when
the input string OK is received, the AT command is sent to instruct the
evenspecifies
as a stand-alone
guide.
modem to dial the telephone number in dialer-string or the start-chat command. The chat script
All of thethat
topics
the new
642-821
BCRAN
exam
are covered,
comprehensive
exam
specifies
theonaccess
server
will wait
up to
30 seconds
for theproviding
input string
CONNECT. The
preparation.
argument
\c indicates the end of the chat script.
Example 3-2. Chat Script
Router(config)#chat-script dial ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T"
TIMEOUT 30 CONNECT \c
Table of Contents
Chat scripts generally
perform tasks such as
Index
Initializing the attached modem
Instructing the modem to dial out

Pub
Logging
Date: December
into a22,
remote
2003
system
ISBN: 1-58720-073-2
Thestart-chat
command allows you to manually start a chat script on any asynchronous line
Pages: 528
that is not currently active. The command syntax is
BCRAN exam.
exam concepts
Router#start-chatregexp [line-number [dialer-string]]
You can configure chat scripts so that they are executed automatically for specific events. For
example,
a chat
script
for line activationquestions
is triggered
by incoming
traffic (CD going
Ready
yourself
forconfigured
on the
CCNP exams
high).
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642In
line and
activation,
other events
commonly
trigger the remote
execution
of a chat
script:
821addition
BCRAN to
exam
for workplace
challenges
in implementing
access
network
Connection
Triggered
outgoing traffic
such remote
as reverse
Telnet
questions
by providing
a betterby
understanding
of how
access
Line reset Triggered by async line reset
Startup Triggered by access server startup
Dialer Triggered by dial-on-demand routing (DDR)
Modem Autoconfiguration
preparation.
The Cisco IOS software provides a modem autoconfiguration feature that facilitates the
configuration of modems on access servers. With the autoconfiguration feature, you can
configure modems without having to resort to modem configuration commands. You can use the
asynchronous interface to autodiscover the type of modem on the line and to use that modem
configuration. You can configure non-Cisco-supported modems by specifying modem information
in the modem-autoconfiguration chat scripts.
Using the autoconfiguration feature requires you to manage the modem capability (modemcap)
database. This consists of a list of AT configuration commands for setting each modem type's
attributes. Modemcap exists as a file in the Cisco IOS software.
With automatic modem configuration, a chat script is executed each time a modem is reset. This
sends a string of modem-configuration commands to the modem. The command string is
generated automatically whenever the modem is recycled. For example, if you were using an
AppleTalk
Remote
Protocol (ARAP) dial-in modem configured with flow control, it would
Table ofAccess
Contents
receive
a
string
that
included
commands to
Index
ByWesley
Shuo,to
Dmitry
Bokotey
, Raymond Morrow, Deviprasad Konda
Return
factory
defaults
Use hardware
Publisher:
Cisco Pressflow
control
Turn off error control

ISBN: 1-58720-073-2
528
To setPages:
up autoconfiguration
on a modem, you need to
Connect the phone line and power to the modem

Execute the modem autoconfigure command on the line with the modem
BCRAN
exam.
No other
setup function is required for most modem configurations.
With automatic modem configuration, modems are configured to match current line settings.
This means that the line configuration may be changed if the speed for the modem DTE differs
exam concepts
from the current configuration on the line. You should, whenever possible, configure a line to
expect a specific modem type. If none is specified, the access server tries to autodiscover the
modem type. It does this by sending AT commands to the modem and then evaluating the
response using the information in the modemcap database.
The access server's modemcap database has entries for several different modems. The actual
entries
in any
particular
modemcap
database depend
on the on
hardware
andexams
Cisco IOS version. If
Ready
yourself
for the
questions
the CCNP
a particular modem is not currently supported, you can manually add it to the modemcap
database
so that
it will be
autodiscovered
in future
communication.
CCNP Practical
Studies:
Remote
Access (CCNP
Self-Study)
prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
network setting,
this book is useful
Modem
Autoconfiguration
Methods
essential
preparing
for the new
simulation-based
that are
on the Cisco
There areintwo
ways to candidates
configure modem
autoconfiguration.
Youquestions
can configure
modem
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of these
autodiscovery, or you can specify a particular modem type to be used on the line. You also
need
concepts,
regardless
of
certification
interest.
to manage the modemcap database.
Each
chapter modem
includesautodiscovery,
a review of theyou
applicable
To configure
use the technology,
following command:
preparation.
Router(config-line)#modem autoconfigure discovery
Example 3-3 shows modem autodiscovery being configured on lines 1 through 16. The modem
autoconfigure discovery command instructs the access server to send the AT string at various
baud rates until successful reception is confirmed. This command also tells the access server to
send a variety of AT commands in an effort to fully identify the modem from the entries in the
access server's modemcap database.
Table of Contents
Index
Example 3-3. Configuring Modem Autodiscovery

Router(config)#line
1 16
ISBN: 1-58720-073-2
Router(config-line)#modem autoconfigure discovery

Pages: 528
The access server then builds the configuration string based on the discovered modem type and
Gain
experience
of CCNP
with
scenarios
new 642-821
sendshands-on
it to the modem.
If the
accessRemote
server Access
cannot topics
identify
thelab
modem
type,for
thethe
default
modem
BCRAN
exam.
entry in the modemcap is used to build the configuration string.
If you know that the modem can be configured using one of the initialization strings in the
Prepare
for the CCNP
642-821
exam and
gain a better,
practical
understanding
modemcap
database,
you should
useBCRAN
the following
command
to specify
that modem
type: of
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Router(config-line)#modem
autoconfigure
type
modem-typeremote access network
821 BCRAN exam and for workplace
challenges in
implementing
Because
of the
overhead
andit the
possibility
configuration
associated
with
certification
exams.
Finally,
serves
anyoneofwanting
a guideambiguities
to real-world
application
ofmodem
these
autodiscovery,
you should
configureinterest.
the modem type whenever possible. This means that
concepts, regardless
of certification
whenever the line resets, it automatically sends the correct initialization command string to the
Each
modem.
If
none of thelab,
strings
in the modemcap
database
properly initializes
thesoftware
modem,programs,
you need to
office-based
a remote-accessible
lab,
some networking
simulation
or
configure
modem manually.
Alternatively, you can change the modemcap database.
even as a the
stand-alone
guide.
preparation.
Configuring the Modemcap Database
Let's take a closer look at the modemcap database. Modem attributes have a full name and a
two-or three-letter abbreviation. For example, factory defaults are abbreviated as FD. You
should be familiar with these abbreviations for efficient management of the modemcap
database.
One of the basic tasks in managing the modemcap database is viewing the modem entries in the
modemcap file. You can do this using the show modemcap command. To display the
modemcap entry for a particular modem type, you need to include the modem type as an
argument to the show modemcap command. Example 3-4 shows the modemcap entry for the
Codex 3260.
Table of Contents
Example 3-4.
show modemcap modem-type Command Output
Index

Router#show modemcap codex_3260

Modemcap
codex_3260
Pub Date:values
December for
22, 2003
ISBN: 1-58720-073-2
Factory Defaults (FD): &F

Pages: 528
Autoanswer (AA): S0=1

Carrier detect (CD): &C1
Gain
Drop hands-on
with DTRexperience
(DTR): &D2
BCRAN exam.
Hardware Flowcontrol (HFL): *FL3
Lock DTE speed (SPD): *SC1
exam concepts
Best Error Control (BER): *SM3
Best Compression (BCP): *DC1
No Error Control (NER): *SM1
No Compression (NCP): *DC0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642No
(NEC):
821Echo
BCRAN
exam E0
and for workplace challenges in implementing remote access network
No
Result
Codes
(NRS):
network
setting,
this
book isQ1
useful in preparing a CCNP candidate for the general exam
Software
(SFL): for
[not
essential inFlowcontrol
preparing candidates
theset]
Caller
IDregardless
(CID): &S1
concepts,
of certification interest.
Each
chapter
includes
On-hook
(ONH):
H0 a review of the applicable technology, and guides the reader through
office-based
Off-hook (OFH):
H1
Miscellaneous (MSC): [not set]
preparation.
Template entry (TPL): default
Modem entry is built-in
The modemcap entry includes

Command description
Command abbreviation (in brackets)
Command string
Table of Contents
Index
The default modem
type has modemcap values for a few of the most common attributes, such as
factory defaults and autoanswer. It has no command strings for attributes that vary widely with
By
Wesley type,
Shuo, Dmitry
Bokotey
, Raymond
Morrow
, Deviprasad
modem
such as
locking
speeds,
hardware
flowKonda
control, compression, and error correction.
YouPublisher:
can create
a variant modemcap entry using the following command:
Cisco Press
ISBN: 1-58720-073-2
Pages: 528
Router(config)#modemcap
editmodem-name attribute at-command
BCRAN exam.
exam concepts
This allows you to add a new modem to the modemcap database and add new attributes to an
Experience
how remote
access concepts
work in a real network with practice labs that walk
existing
modem entry
in the modemcap
database.
Example 3-5 shows the creation of an entry for a new modem usr_new. The modemcap edit
Review
set-upthe
guides
that entry
show in
you
to prepare
a lab for
study
command
creates
usr_new
thehow
modemcap
database
and
sets the new modem's
caller ID to *U1. The second command locks the DTE speed on the usr_new modem. You can use
themodemcap edit command to specify up to four layers of templates for the current
modemcap
entry.
A template
is another
modemcap
entry that
the current
entry
points
to. 642It's
CCNP Practical
Studies:
Remote
Access (CCNP
Self-Study)
prepares
readers
for the
CCNP
used
to
set
any
value
not
found
in
the
current
modemcap
entry.
In
this
example,
usr_new
points
to
the
usr_courier
modemcap
entry
as
its
template.
Example
3-5. Editing
a Modemcap
Entry
essential in preparing
candidates
Each
chapter includes a review
of the
applicable
technology,
edit
usr_new
caller-id
*U1 and guides the reader through
office-based
lab, some
networking
edit usr_new
speed
&B1
Router(config)#modemcap edit usr_new template usr_courier
preparation.
Theshow modemcap command allows you to verify the access server's new modemcap entry.
You can verify the new attribute values for a modemcap entry by specifying the modem name as
an argument to the show modemcap command. The display for usr_new would be identical to
that for usr_courier, except for the lock DTE speed, caller ID, and template attributes. You can
also use the show running-config command to verify the attribute settings for a new
modemcap entry.
You can remove a modem from the modemcap database by specifying its name as the only
argument to the no modemcap edit command. If you specify the modem name and an
attribute as arguments, the command removes only that modem attribute from the modem's
modemcap entry.
Table of Contents
Index
Troubleshooting Modem Autoconfiguration
Here are some commands you can use to verify and debug modem autoconfiguration:
debug
confmodem Displays the modem-configuration process.
ISBN: 1-58720-073-2
Pages: 528
show line Shows the type of modem configured on a line.

clear line Returns a line to its idle state. Returning a line to its idle state normally means
that the line returns to being a terminal line, with the interface left in a down state.
Let's hands-on
Gain
look at some
experience
commonofproblems
CCNP Remote
associated
Access
with
topics
modem
with autoconfiguration
lab scenarios for the
andnew
discuss
642-821
how
BCRAN
you
might
exam.
troubleshoot them. If a modem fails to respond, you should first check that it's
plugged in and turned on. You should check whether the power-up configuration is set to load
factory defaults. You should determine whether you can connect to the modem through reverse
Prepare
for the CCNP
642-821
BCRAN
exam
and gain
a better,
practical
of
Telnet.
It's important
to check
that there
is a
dial tone
at the
phone jack.
Also,understanding
sometimes the
exam
concepts
modem could have hung up. This fact can be verified by entering the show line command. If an
* appears next to the line, issue the clear linen command to reset it.
you through
implementation
If a modem
is not their
recognized
by modem autoconfigure discovery, you need to check what
modem configuration the line is using. You can do this using the show line command. You
Review
set-up
guides
that
show
you how
to recognizes
prepare a lab
study You can overcome
should
establish
whether
the
Cisco
access
server
thefor
modem.
modem autodiscovery problems by using the modem autoconfigure type command to specify
a particular modem type.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Modem autoconfiguration might fail because of a problem with an original modemcap entry. If
you have configured your own modemcap entry and reconfiguration appears to function, you
should verify that the DTR attribute is not set to &D3. The manual that accompanies your
modem contains information that can be invaluable when troubleshooting any problems.
preparation.
Scenarios
The scenarios presented in this chapter help you gain a better understanding of modem
operation and configuration through practical application. You will go over the necessary
configuration tasks in their logical progression. The two scenarios provided cover the following
Table of Contents
topics:
Index
Configuring the serial interface and asynchronous line on the central router
Configuring the central-site modem

ISBN: 1-58720-073-2
Scenario
3-1: Configuring the Serial Interface and Asynchronous Line
Pages: 528
on the Central Router
Several distinct configuration tasks must be performed to successfully establish a remote

connection using asynchronous modems. The first are the initial configuration of the central-site
router
and the configuration
the serial
interface
thewith
corresponding
line.
Gain hands-on
experience of of
CCNP
Remote
Access and
topics
lab scenarios
for the new 642-821
BCRAN exam.
Suppose that a PC in a small office needs to communicate with a central site over a standard
telephone line. The PC is running Windows 2000 and is fitted with an external modem. At the
central
site, the
to the router
is to
be made
through
an external
modem
directly of
Prepare
forconnection
the CCNP 642-821
BCRAN
exam
and gain
a better,
practical
understanding
attached
to
the
router's
serial
0
port
on
the
serial
sync/async
network
module
in
slot
3. This
exam concepts
scenario is depicted in Figure 3-2.
Review set-up
guides that
show you and
how to
prepare a lab for study
Figure
3-2. Serial
Interface
Asynchronous
Line on the Central
Router
concepts,
certification
Two
of theregardless
commandsofyou'll
need tointerest.
complete the configuration are ip host and physical-layer.
Theip host command is a global configuration command that allows you to define a static
Each
chapter includes
a review
of host
the applicable
technology, and guides the reader through
name-to-address
mapping
in the
cache:
preparation.
Router(config)#ip host {name | tmodem-telephone-number} [tcp-port-number]
{address1 [address2...address8]}
Thetcp-port-number parameter lets you specify a TCP port number when connecting to the host
name using Telnet.
Table of Contents
Index
The general syntax of the physical-layer command is as follows:


ISBN: 1-58720-073-2
Pages: 528
Router(config-if)#physical-layer {sync | async}
BCRAN
Becauseexam.
the default is synchronous mode, you use the keyword async to set the serial interface
to asynchronous mode.
exam concepts
Step 1: Initial Configuration
you
through their
implementation
Before
configuring
the asynchronous
connection, you need to perform an initial configuration of
the central-site router. You can do this from a terminal attached to its console port (line 0). You
set-up
guides
that show you
howYou
to prepare
lab for study
beginReview
by entering
global
configuration
mode.
can thena configure
the router name using the
hostname command. It is also useful to disable the IP domain name system with the no ip
Ready yourself
for the new
onto
the
CCNP exams
domain-lookup
command.
Thissimulation-based
keeps the systemquestions
from trying
translate
domain names that
have typing errors.
exam
and for
workplace
challenges
implementing
network
NextBCRAN
you need
to select
the
routing protocol.
To in
configure
EIGRP remote
routing,access
you use
the router
applications.
Designed
as
a
topic-by-topic
guide
of
how
to
apply
remote
access
concepts
real
eigrp command. You must include the autonomous system number. This number is usedin
toatag
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
the routing information and to identify the routes to other EIGRP routers. You use the network
questions
providing
of EIGRP
how remote
access
really
works.
It is also
command by
to specify
theanetwork
serviced by the
routing
protocol.
Here
it's 10.0.0.0.
certification
Finally,
it serves
anyone
guide to real-world
these
You
can use exams.
the enable
secret
command
to wanting
enable aapassword
for enteringapplication
privileged of
EXEC
concepts,
regardless
of certification
interest.
mode.
Here
the password
is cisco. This
secret password provides an additional layer of security
on the router. Passwords are case-sensitive strings that can be up to 80 characters long. They
Each
chapter
includes
cannot
begin with
a number.
office-based
lab,router
a remote-accessible
somenetwork
networking
simulation
software
programs,
The central-site
is to connect tolab,
its local
through
the Ethernet
0 port
on the or
even
as
a
stand-alone
guide.
module in slot 0. You enter interface e 0/0 to configure this interface. But you can also use
interface ethernet 0/0 and int eth 0/0. You set the IP address for the Ethernet interface
All
of the
on thecommand.
new 642-821
exam
are covered,
providing
exam
using
the topics
ip address
YouBCRAN
also have
to include
a subnet
mask. comprehensive
You then activate
the
preparation.
interface using the no shutdown command.
To begin configuring the console line, you enter line console 0. You are now in line
configuration mode. You use the no exec-timeout command to prevent the console from
automatically disconnecting after a period of inactivity. The default timeout is 10 minutes.
The initial configuration of the central-site router is now complete. It's shown in Example 3-6.
NOTE
Don't forget to reset the exec-timeout after the configuration is completed. Leaving it
of Contents
open is Table
a potential
security risk.
Index

Example 3-6. Initial Configuration of the Central-Site Router

ISBN: 1-58720-073-2
Router#configure
terminal
Pages: 528
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#router eigrp 100
BCRAN exam.
R1(config-router)#network 10.0.0.0
R1(config)#enable
exam concepts secret cisco
R1(config)#interface
ethernet
Experience how remote
access 0/0
R1(config-if)#ip address 10.115.0.120 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#line console 0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for
R1(config-line)#no
exec-timeout
Step
2: The
Serial of
Interface
andinterest.
Line
concepts,
regardless
certification
Each
includes
a reviewofofthe
thecentral-site
applicable router
technology,
and guides
the reader
through
Whenchapter
the initial
configuration
is complete,
you can
begin configuring
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
the serial interface and asynchronous line.
Configuring
the Asynchronous Line
preparation.
Let's assume that the external modem is directly attached to the serial 0 port on the serial
network module in slot 3 (identified as port serial 3/0). You enter interface serial 3/0 to select
the serial 3/0 interface. You are now in interface configuration mode. You must explicitly
configure the interface as an asynchronous interface using the physical-layer async command.
On the Cisco 3640 router, this adds TTY line 97 (TTY97) to the configuration.
Next you need to configure the line (line 97) with the appropriate physical layer parameters. You
enter line 97 to begin the line configuration. This puts you in line configuration mode. To
prevent unauthorized connections, you use the login command to enable user login to the
interface and to challenge for a password. You set the login password using the password
command. Here, it's cisco. To allow incoming and outgoing connections on the line, you enter
modem inout. You want to allow any transport protocol to pass to the router through the line.
You achieve this by entering the transport input all command.
Table of Contents
You use the speed command to set the maximum speed between the router and the modem.
Index
Here, it's 115200 (bps). You use the stopbits command to set the number of stopbits per byte
of data. This example has one stopbit per byte. You should configure the line to use CTS/RTS
By
Wesleyfor
Shuo
, Dmitry Bokotey
signals
hardware
flow control.
ThisPublisher:
completes
Cisco the
Pressconfiguration of the line. You return to global configuration mode by entering
exit.
All
configuration
tasks described in this section are shown in Example 3-7.
ISBN: 1-58720-073-2
Pages: 528
Example 3-7. Asynchronous Line Configuration
R1(config)#interface serial 3/0

BCRAN
exam.
R1(config-if)#physical-layer
async
R1(config-if)#line 97
exam concepts
R1(config-line)#login
R1(config-line)#password
cisco
R1(config-line)#modem
Review set-up guidesinout
that show you how to prepare a lab for study
R1(config-line)#transport
all
Ready yourself for the newinput
simulation-based
questions on the CCNP exams
CCNP Practical Studies: Remote
Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-line)#speed
115200
applications. Designed as a topic-by-topic
R1(config-line)#stopbits
1
questions by providing a better understanding
R1(config-line)#flowcontrol
hardware
R1(config-line)#exit
Configuring
Reverseguide.
Telnet
All ofneed
the topics
on the
642-821 BCRAN
aremodem.
covered,You
providing
comprehensive
exam
You
to be able
to new
reverse-Telnet
to the exam
attached
can assign
it a host name
and
preparation.
associate
it with the router's Ethernet IP address and with the Telnet TCP port corresponding to
the line. You enter ip host modem 2097 10.115.0.120 to define the host name "modem" and
associate it with TCP port 2097 and IP address 10.115.0.120. You can now exit configuration
mode. You can save your configuration to NVRAM by entering copy running-config startupconfig.
Scenario 3-2: The Central-Site Modem

Cisco access servers support reverse-Telnet connections. This means that you can connect
through an access server to an attached modem to configure that modem.
Suppose that a remote PC fitted with an external modem needs to communicate with a central
site over a standard telephone line. At the central site, the connection to the router is to be made
Table of Contents
through an external modem directly attached to one of the router's serial ports. The external
Index
modem has already been assigned the host name "modem." The topology is shown in Figure 3CCNP Practical Studies: Remote Access
3.

Figure 3-3. Central-Site Modem
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
The first
part for
of this
covers BCRAN
the manual
of a
modem
and the second
Prepare
the scenario
CCNP 642-821
exammethod
and gain
better,configuration,
of
part presents
an
alternative
to
the
manual
methodthe
autoconfiguration
technique.
exam concepts
Manual
youModem
through Configuration
set-up
guides that
show you
to prepare
a lab for study
WhenReview
manually
configuring
a modem,
youhow
follow
these steps:
Ready
yourself
forvia
thereverse
Step 1.
Connect
Telnet.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Step 2. Configure the central-site modem.
Step 3. Configure the PC modem.
Step
1: Connecting
via Reverse
certification
exams. Finally,
it serves Telnet
anyone wanting a guide to real-world application of these
Let's look at how you can configure the central-site modem using reverse Telnet. To connect to
Each
chapteronincludes
review
of theTelnet,
applicable
technology,
and
readerHere
through
the modem
line 97 ausing
reverse
you enter
modem
or guides
telnetthe
modem.
modem
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
is the host name of the modem configured to the router's line 97. Remember that the ip host
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
modem 2097 10.115.0.120 command has already been configured.
The system then prompts you for a login password. You respond by entering the appropriate
All
of password.
the topics on
theitnew
BCRAN
exam to
are"cisco."
covered,
login
Here
was 642-821
previously
configured
Youproviding
enter ATcomprehensive
(uppercase or exam
preparation.
lowercase) and press Enter to verify connectivity to the modem. The modem should respond
with an OK message.
Step 2: Configuring the Central-Site Modem
You can now begin entering AT commands to configure the modem. These commands are
specific to your modem manufacturer and are not always the same on different modems. You
should therefore contact your modem manufacturer for a complete list of the AT commands
relevant to your modem. You can normally obtain a list of these commands from the modem
itself by entering AT$.
Let's assume that a USR Sportster modem is being configured. You use the command AT&F0 to
configure the modem to load the factory default settings. The Carrier Detect (CD) and Data
Table of Contents
Terminal Ready (DTR) signals are used between the DTE and DCE to initiate and receive calls.
Index
You use the command AT&C1 to set the modem to operate only when the proper carrier signal
is present. This conforms to RS-232 standard operation, where the CD signal should accurately
By
Wesleythe
Shuo
, Dmitryline
Bokotey
reflect
current
state.
To have
theCisco
modem
Publisher:
Press to hang up on DTR going low, you enter the command AT&D2. You use the
command
AT&H1
to configure the modem for hardware flow control. The modem should send
data to the router only if request to send (RTS) is asserted, so you enter the command AT&R2.
ISBN: 1-58720-073-2
The command AT&M4 is used to set error correction. This allows the modem to automatically
528
select Pages:
between
V.42, MNP, and no error correction.
To set a fixed data transfer rate on the serial port between the modem and the router, you enter
the command AT&B1. To set the modem to autoselect the best compression algorithm (MNP
level 5 or V.42bis), you use the command AT&K1. The command AT&W0 is used to store the
new
to the modem's
0). You
canlab
check
the configuration
using
Gain configuration
hands-on experience
of CCNPNVRAM
Remote(pattern
Access topics
with
scenarios
for the new by
642-821
the
command
BCRAN
exam. ATI4.
After manually configuring the central-site modem, you can leave the reverse-Telnet session by
pressing
Prepare
Ctrl+Shift+6
for the CCNP
and 642-821
then x. You
BCRAN
mustexam
then and
enter
gain
disconnect
a better, practical
to clear the
understanding
Telnet session.
of
If youexam
fail toconcepts
do this, you will not be able to reconnect.
through their the
implementation
Stepyou
3: Configuring
PC Modem
After configuring the central-site modem, you need to configure the PC modem. The AT
commands
specific
your modem manufacturer.
Readyrequired
yourself are
for the
new to
simulation-based
Let's
the PCRemote
modemAccess
is a USR
Sportster
model.prepares
You can readers
use the for
Hyperterminal
CCNPassume
Practicalthat
Studies:
(CCNP
Self-Study)
the CCNP 642communications
utility
to
access
the
modem.
Hyperterminal
is
a
communications
software utility
that
comes
with
Windows
OS.
When
you
have
access,
you
need
to
verify
connectivity
to the
in a real
modem
by
entering
the
command
AT.
The
modem
should
respond
with
an
OK
message.
For
simplicity,
let's saycandidates
that you want
to use
the modem's factory
default
settings.
So you
essential
in preparing
for the
newall
simulation-based
questions
that
are on the
Cisco
enter
the
command
AT&F
to
load
these
settings.
You
then
save
the
configuration
to
the
modem's
using
command
AT&W. You can compound AT commands to speed up
concepts, NVRAM
regardless
of the
certification
interest.
configuration. For example, you can enter the command AT&F&W instead of the separate
commands
AT&F
and AT&W.
Each chapter
includes
After
configuring
the
PC modem, you can
to the central-site
router
usingprograms,
the ATDTor
office-based
lab, a
remote-accessible
lab, connect
some networking
simulation
software
command
and the appropriate
guide. phone number. As soon as the modems have successfully
synchronized, you should receive the prompt "User access verification" and be asked for the
login
When
gained
access,
youare
should
see the
consolecomprehensive
prompt from the
All of password.
the topics on
the you
newhave
642-821
BCRAN
exam
covered,
providing
exam
central-site
preparation.router.
To verify connectivity to line 97 (TTY97), you first enter privileged EXEC mode. You do this by
enteringenable and then entering the appropriate password. Then you enter either show users
or show line 97 at the prompt. The show users command shows which users have active
connections to the router, the lines that they are connected through, and how long they have
been connected. The show line command lists the parameters for a specified line. It also shows
some activity information associated with the line.

You can verify the running configuration using the show running-config command. In Example
3-8 you can see that domain name lookup is disabled, the modem is bound to IP address
10.115.0.120, and the serial 3/0 interfacethe modem-connected interfaceis set to
asynchronous mode. The output also confirms the configuration settings for line 0 (the console
line) and line 97.
Table of Contents
Index
Example
3-8. Running the R1 Configuration
Publisher:
Cisco Press
R1#show
running-config
ISBN: 1-58720-073-2
Pages: 528
hostname R1
!
enable secret 5 $1$FaD0$Xyti5Rkls3LoyxzS8
BCRAN exam.
!
no ipPrepare
domain-lookup
exam concepts
ip host modem 2097 10.115.0.120
!
interface
3/0
ReviewSerial
set-up guides
Ready yourselfasync
physical-layer
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642no ip
address
!
questions
line
con by
0 providing a better understanding of how remote access really works. It is also
certification
exams.
exec-timeout
0 0Finally, it serves anyone wanting a guide to real-world application of these
line 65 70
implementation
of the technology. This step-by-step process can be executed on a home- or
line 97
even
as a stand-alone
guide.
password
cisco
login
preparation.
modem InOut
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
Table of Contents
Index

To disconnect the PC modem, you enter quit.

Autoconfiguring
the Central Modem
ISBN: 1-58720-073-2
Pages: 528
You should follow up the modem autoconfiguration by verifying connectivity.
Step 1: Central-Site Modem Autoconfiguration

Let's
assume
BCRAN
exam.that you are in privileged EXEC mode on the central-site router. You turn on
debugging for modem configuration by entering debug confmodem. This allows you to see the
processes occurring while the router is configuring the modem.
concepts
Next exam
you enter
configuration mode using the configure terminal command. You select the
configuration for the modem line (line 97) by entering line 97. This puts you in line
Experience
howTo
remote
access
concepts
work in a the
realmodem
network
with
labs using
that walk
configuration
mode.
set the
router
to autoconfigure
and
to practice
find its type
you through
implementation
autodiscovery,
youtheir
enter
modem autoconfigure discovery. If you already know that the
modem type is usr_sportster, you should avoid autodiscovery by entering this command. Telling
Review
guides
show
you how to work
prepare
labrouter's
for study
the router
theset-up
modem
type that
reduces
unnecessary
for a
the
processor.
Readymessages
yourself for
on the
The debug
in Example
3-9 show that thequestions
modem type
hasCCNP
beenexams
successfully
discovered. The router has automatically loaded AT commands to configure it.
Example
3-9.this
debug
Messages
network setting,
book isconfmodem
useful in preparing
a CCNP candidate for the general exam
R1#debug
confmodemof certification interest.
TTY97:detection
speed(115200)
response
---OK--Each chapter includes
a review of the
applicable
TTY97:Modem
type
is usr_sportster
office-based lab,
a remote-accessible
TTY97:Modem command: --AT&F&C1&D2&H1&B2&M4&K1&B1S0=1H0-All of the topics on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation. configuration succeeded
TTY97:Modem
TTY97:locking speed(115200) response ---OK--TTY97:locked DTE speed at 115200
TTY97:Done with modem configuration
To leave configuration mode, you enter exit at successive prompts. You turn off modem
configuration debugging by entering the no debug confmodem command. This helps reduce
any
unnecessary
overhead processing for the router.
Table of Contents
Index
Step
2: Verifying Connectivity
As soon as the central-site modem has been autoconfigured, you need to verify connectivity. You
can do this using a modem at any remote siteit could be attached to a PC or to another router.
Let's
assume that the PC modem used to dial in represents a telecommuter. The phone number
1-58720-073-2
of the ISBN:
central-site
modem is 5551005.
Pages: 528
To dial into the central-site router, you use Hyperterminal and the ATDT command. Here you
enter ATDT 5551005. The router responds by challenging you for a login password. On
successful connection, you should see the console prompt from the central-site router. By
opening this session with the routers, you verify connectivity. You disconnect from the modem
by
entering
quit.
Gain
hands-on
BCRAN exam.
If the connection fails, from the central-site router you could reverse-Telnet to the modem and
check its settings using the command ATI4. You could then check the settings for the line on the
routerPrepare
by entering
show
line
97 at the
privileged
EXEC
prompt.
Youpractical
can also understanding
check the status
for the
CCNP
642-821
BCRAN
exam and
gain
a better,
of of
the router's
serial
port
attaching
to
the
modem
by
entering
show
interface
serial
3/0.
exam concepts
If theExperience
settings used
byremote
the autoconfiguration
your
modemwith
are practice
inaccurate,
the walk
how
access conceptsprocess
work in for
a real
network
labsorthat
routeryou
hasthrough
incorrectly
detected
the
modem,
you
can
edit
the
current
entry
to
suit
your
modem,
put a new entry into the modemcap database, or use a manual configuration process.
preparation.
Practical Exercise 3-1: Configuring a Modem on the

AUX Port for EXEC Dial-in Connectivity
In many situations, it might be necessary to allow a router to accept interactive command
of IOS
Contents
processing ofTable
Cisco
(EXEC) calls with a modem connected to the router's auxiliary (AUX)
Index
port. This document
provides the necessary configuration tasks to configure such a scenario.
This
exercise uses the network setup shown in Figure 3-4.
Figure 3-4. Modem on the AUX Port for EXEC Dial-in Connectivity
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Use the following steps to configure a modem on the AUX port for EXEC dial-in connectivity:
Step 1. Connect the cable from the router AUX port to the modem.
Table of Contents
Index
The AUX
port on a Cisco router is either RJ-45 or DB-25. If the AUX port is RJ-45, use a
CCNP Practical
Studies:
Remote
Access cable (part number CAB-500RJ=), which is usually provided
flat-satin
rolled
RJ-45-RJ-45
with
every
Cisco
router
for console
You also need an RJ-45-to-DB-25 adapter
Morrow,connections.
Deviprasad Konda
marked "MODEM" (part number CAB-25AS-MMOD) to connect the rolled cable to the DB25 port on the modem, as shown in Figure 3-5.

ISBN: 1-58720-073-2
Pages: 528
Figure 3-5. Connecting the Rolled Cable to the DB-25 Port on the
Modem
BCRAN exam.
exam concepts
Each
chapter
a review
the use
applicable
technology, DB-25Female-DB25Male
If your
router includes
has a DB-25
AUX of
port,
a straight-through
RS-232
implementation
of
the
technology.
This
step-by-step
process
cable to connect the modem to the router.
even as
a stand-alone
guide. line command to determine the AUX port's async interface.
Step
2. Use the show
Although most routers have the AUX port as line 1, access servers have the AUX port
interface after the TTY lines. For example, if your router has 16 async/modem lines, the
preparation.
AUX port is line 17. Configure the AUX port based on the show line outputs. Example 310 verifies that the AUX port configuration is on interface line 65.
R1#show line
Tty Typ
*
0 CTY
Tx/Rx
A Modem
Roty AccO AccI
Uses
Noise
Overruns
Int
0/0
0/0
Table of Contents
65 AUX Index
9600/9600
66 vty
0/0
67 vty
0/0
0/0
69
vty528
Pages:
0/0
70 vty
0/0

Pub
68Date:
vtyDecember 22, 2003
ISBN: 1-58720-073-2
Step 3. Use the commands shown in Example 3-11 to configure the router AUX line.
BCRAN exam.
Prepare
Example
for the
3-11.
CCNPLine
642-821
Configuration
exam concepts
you through their
R1(config)#line
65 implementation
Review set-up guidesinout
R1(config-line)#speed 115200
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-line)#transport
inputchallenges
all
R1(config-line)#flowcontrol
hardware
network setting, this book is useful
R1(config-line)#password
ciscointerest.
concepts, regardless of certification
Step 4.
Reverse-Telnet
to the modem
andnetworking
configure the
appropriate
initialization
string,
office-based
lab,
a remote-accessible
lab, some
simulation
software
programs,
or
asashown
in Example
3-12.
even as
stand-alone
guide.
preparation.
Example 3-12. Modem Configuration via Reverse Telnet
R1#telnet 172.22.53.145 2065
Trying 172.22.53.145, 2065 ... Open

at
OK
at&f1s0=1
Table of Contents
Index
OK
at&w
OK
R1#disconnect
1 22, 2003
Pub Date: December
ISBN: 1-58720-073-2
Closing connection to 172.22.53.145 [confirm]

Pages: 528
R1#
Gain hands-on
experience
of CCNP
topics
with
labisscenarios
the new 642-821
Step 5. Use
an analog
phoneRemote
to verifyAccess
that the
phone
line
active andforfunctioning.
Then
BCRANconnect
exam. the analog phone line to the modem.
Step 6. Test the modem connection by initiating an EXEC modem call to the router from
another device (for example, a PC). Use a terminal emulation program on the PC, such as
exam concepts
Hyperterminal, and access the PC's modem through one of the COM ports. Once you have
connected how
to the
PC's modem
COM
port,
the
dialpractice
to the router.
Experience
remote
access through
conceptsthe
work
in a
real initiate
network
with
labs that walk
Step 7. As soon as the connection is established, the dial-in client is prompted for a
password.
Enter
the correct
password.
password
must
Review
set-up
guides
that show
you howThis
to prepare
a lab
formatch
study the one configured on
the AUX port line.
preparation.
Practical Exercise 3-2: Connecting Routers Back-toBack Through the AUX Ports
This sample configuration shows you how to directly connect two routers without using a modem
of Contents
or other DCETable
devices.
In this configuration, two Cisco routers are connected back-to-back
Index
through the asynchronous
AUX ports using a null modem cable (rollover cable). The AUX ports of
CCNP
Practical
Studies:
Remote Access
the two
routers
are directly
connected using a rollover cable with Point-to-Point Protocol (PPP)
running
on
the
link.
The
AUX
ports Morrow
are DTE
devices.Konda
Connecting DTE to DTE devices requires a
, Deviprasad
null modem cable (rollover cable).
A flat-satin
rollover (null modem) cable (part number CAB-500RJ=) is usually provided with
PubCisco
Date: December
22,allow
2003 for RJ-45 console connectivity. If the AUX port is a DB-25, use an RJevery
router to
ISBN:
1-58720-073-2
45-to-DB-25 adapter marked "terminal" with the null modem cable (rollover cable).
Pages: 528
This exercise uses the network setup shown in Figure 3-6.
Figure 3-6. Routers Back-to-Back Through the AUX Ports
BCRAN exam.
exam concepts
preparation.

Configure the async interface corresponding to the AUX port. Use the show line command to
determine which async interface corresponds to the AUX port. Make sure the IP addresses on the
AUX ports of both routers are in the same subnet. Specify PPP as the encapsulation for the async
Contents
interface withTable
the of
encapsulation
ppp command. Allow routing protocols on the link with the
Index
async dynamic routing command. The encapsulation ppp and async dynamic routing
CCNP
Practical
Studies:
Remote
commands
are
described
inAccess
greater detail in Chapter 5, "Configuring Point-to-Point Protocol and
Controlling
Network
Access."
By
Wesley Shuo
, Dmitry Bokotey
Configure the default route to point to the Async1 (AUX port) interface. Configure the line for the
AUX port. Allow all protocols to use the line. Set the RX speed (identical to the other router's TX
speed).
Set the TX speed (identical to the other router's RX speed). The routers' configuration is
1-58720-073-2
shown ISBN:
in Example
3-13.
Pages: 528
Example 3-13. Routers' Configuration

BCRAN exam.
R1#show
running-config
hostname R1
! exam concepts
!
interface Async1
ip Ready
address
192.168.10.1
yourself
for the new255.255.255.0
simulation-based questions on the CCNP exams
encapsulation
ppp Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CCNP
Practical Studies:
async mode
dedicated
applications.
Designed
!
questions
by providing a better understanding of how remote access really works. It is also
no ip classless
certification
exams. Finally, it serves anyone wanting a guide to real-world application of these
ip route 0.0.0.0 0.0.0.0 Async1
logging buffered
implementation
!
even
All
of the
topics
line
con
0 on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
exec-timeout 0 0
line aux 0
modem InOut
transport input all

speed 38400
line vty 0 4
Table of Contents
Index
end
________________________________________________________________
Pub Date:
December 22, 2003
R2#show
running-config
ISBN: 1-58720-073-2
hostname
Router2
Pages: 528
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
BCRAN exam.
!
exam concepts
interface
Async1
Experience
ip address 192.168.10.2 255.255.255.0
encapsulation ppp
async mode dedicated
! BCRAN exam and for workplace challenges in implementing remote access network
network
setting, this book is useful in preparing a CCNP candidate for the general exam
no ip classless
essential
in preparing
candidates
for the new simulation-based questions that are on the Cisco
ip route
0.0.0.0 0.0.0.0
Ethernet0
concepts,
logging regardless
buffered of certification interest.
Each
!
office-based
line con 0lab, a remote-accessible lab, some networking simulation software programs, or
exec-timeout 0 0
preparation.
line aux 0
modem InOut
transport input all
speed 38400
line vty 0 4
Table of Contents
Index
end

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
This chapter explained modem connections and operation. DTE devices such as PCs
communicate with each other through DCE devices such as modems. A modem converts digital
signals into analog signals and vice versa. The EIA/TIA-232 standard defines the interface
Contents
between DTETable
and of
DCE.
Index
CCNP
Practical
Studies:
Remote Accessmethods and commands used to establish an asynchronous
You have
seen
the configuration
connection
through
an
analog
modem.
Cisco
accessKonda
servers support two types of connections to
ByWesley Shuo, Dmitry Bokotey
, Raymond
Morrow
, Deviprasad
a modemincoming asynchronous line (forward) connections and outgoing asynchronous line
(reverse) connections.
Date:
December
2003
YouPub
have
seen
how 22,
to configure
the central-site modem. You can use reverse Telnet to manually
ISBN:
1-58720-073-2
configure the central-site modem or use autoconfiguration. You can verify connectivity to the
modem
Pages:
using
528the modem command AT.
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
Which of following signals does a DTE use to indicate to a DCE that it is ready to
Table of
accept
anContents
incoming call?
Index

A. DSR
Publisher: Cisco
B. Press
DTR
C. RTS
ISBN: 1-58720-073-2
Pages: 528
D. CTS
2:
The DTR, CD, and DSR signals belong to which group of signals?
A. Hardware flow control
BCRAN exam.
B. Modem control
C. Data transfer
exam concepts
3: For which
of connection
is nullwork
modem
required?
Experience
how type
remote
access concepts
in acable
real network
with practice labs that walk
A. DTE-DCE
B. DCE-DCE
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642C. DCE-DTE
applications.D.
Designed
DTE-DTE
questions
providing
a better
understanding
of howstatus
remote
access really
works.
It is also
4: by
What
command
would
you use to display
information
for all
line types?
A. show running-config
implementation
B. of
show
theline
technology.
all
C. show line
guide.
D. on
show
vty conBCRAN exam are covered, providing comprehensive exam
All of the topics
theaux
newtty
642-821
preparation.
5:
Which line type would you associate with line number 0?
A. AUX
B. TTY
Table of Contents
Index
C. vty
CCNP Practical D.
Studies:
CONRemote Access
6:
Which of the following AT commands are common to most modem types?

ISBN: 1-58720-073-2
A. AT&B1
Pages: 528
B. AT&F
C. AT&K1
D. AT&D3
BCRAN exam.
E. ATS2=255
F. AT&M4
exam
concepts
7: Why
would you use the modem autoconfiguration feature?
A. To configure a modem automatically
B. To autodiscover modems
C. To update the modemcap database
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam
D. Toand
configure
for workplace
non-Cisco
challenges
modemsin implementing remote access network
preparation.
Chapter 4. Using Cable Modems to

Access a Central Site
of Contents
This
chapter Table
covers
Index
Basic Cable Modem Troubleshooting Using Cisco IOS Software Commands

ThePub
first
section
of this
chapter covers cable modem technology. Some of the key terminologies
Date:
December
22, 2003
are explained
briefly before you configure Cisco's Cable Modem Termination System (CMTS) and
ISBN: 1-58720-073-2
cable Pages:
modem
(CM).
528
Cisco uBR7246 is used as an example in this chapter to explain the basic configuration of the
Cisco CMTS equipment. Two different configurations for the Cisco cable access router, bridging
and routing, are also covered so that you can be educated from both the service provider and
end user sides.
BCRAN exam.
Finally,
the troubleshooting section helps you understand the cable modem initialization process
and learn the Cisco IOS software commands to troubleshoot from both the CMTS and CM sides.
exam concepts
preparation.

Data Over Cable Service Interface Specifications ( DOCSIS) is a project that was developed to
provide a set of necessary communications and operations support interface specifications
through which cable companies can achieve cross-platform functionality. In essence, DOCSIS
Table
of Contents
can guarantee
interoperability
by establishing standards for carrying IP packets over an HFC
Index
cable TV network. Figure 4-1 illustrates the DOCSIS protocol stack compared to the OSI model.
CCNP
Studies:
Remote Access
SomePractical
of the key
terminologies
and DOCSIS specifications will be explained briefly.
Figure 4-1. DOCSIS Protocol Stack

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Figure 4-2 illustrates a typical CATV and two-way data network. The Hybrid Fiber Coax (HFC)
portion
refers to
any configuration
of fiber
optic
and coaxialprepares
cable that
is used
distribute
CCNP Practical
Studies:
Remote Access
(CCNP
Self-Study)
readers
fortothe
CCNP 642broadband
such as voice,
video,
data. The HFC
network
connects
821 BCRANcommunications
exam and for workplace
challenges
inand
implementing
remote
access
network
subscribers
the cableas
headend
and videoguide
flowsofashow
analog
radioremote
frequency
or optical
signals.
applications.toDesigned
a topic-by-topic
to apply
access
concepts
in a real
Optical
brings
signal
from the
headend a
toCCNP
fiber nodes
thatfor
serve
to 2000
homes.
networkfiber
setting,
thisthe
book
is useful
in preparing
candidate
the 500
general
exam
Fiber
opticby
is providing
used because
it has
lower signal power
and is
less susceptible
to It
noise
questions
a better
understanding
of howloss
remote
access
really works.
is also
compared
coaxial cable
for longfor
distances.
Fiber node converts
optical signals
fiber
to
essential intopreparing
candidates
questions
that arefrom
on the
Cisco
electrical
signals
on Finally,
75-ohmitcoaxial
Coaxial
cable
has higher
signal power
loss than
fiber,
certification
exams.
servescable.
anyone
wanting
a guide
to real-world
application
of these
but
it is a more
cost-effective
way tointerest.
reach subscribers.
concepts,
regardless
of certification
office-based Figure
some
networking
simulation
software
programs, or
4-2. Typicallab,
CATV
and
Two-Way
Data
Network
preparation.
Table of Contents
Index


YouPub
can
see from Figure 4-2 that the regional headend and local headends are connected via the
ISBN:
high-speed 1-58720-073-2
fiber network. The video signal flows in analog or digital formats over the fiber
Pages:
528
network.
Usually
the regional headend receives national channels from satellites and transmits
them to various local headends. Local headends may receive local channels as well as national
channels from the regional headend. They selectively process and transmit them to subscribers
based on individual requests or demographic group needs. All the video channels are modulated
and sent to the combiner at the local headend. The downstream port of the CMTS is connected to
the
and the output
signal
goes
into the
combiner.
essence, for
thethe
output
(6
Gainup-converter,
hands-on experience
of CCNP
Remote
Access
topics
with labInscenarios
new signal
642-821
MHz
wide)
becomes
one
of
the
video
channels
that
is
sent
downstream
for
data
communication.
BCRAN exam.
Please note that to achieve two-way data network, bidirectional amplifiers are required.
exam concepts
Downstream and Upstream
Downstream
is thetheir
termimplementation
used for the signal received by the cable modem. In other words, the
you through
signal flows from the headend toward the subscribers. It is also called forward path. Upstream is
the term
usedset-up
for the
signalthat
transmitted
theto
cable
modem.
Review
guides
show youby
how
prepare
a labThe
for signal
study flows from the
subscribers to the headend. It is also called the return path or reverse path.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Modulation
Modes
821 BCRAN exam
Digital
is book
the physical
layer
of the DOCSIS
protocol
stack.
differentexam
types of
networkmodulation
setting, this
is useful
in preparing
a CCNP
candidate
for The
the general
modulation
modes
are
as
follows:
Quadrature
Phase
Shift Keying
(QPSK) A digital modulation method in which 2 data
concepts,
regardless
of certification
interest.
bits are represented with each baud symbol. QPSK is used for upstream transmission.
Quadrature
Modulation
(QAM) process
A digitalcan
modulation
method
whichorthe
implementation
of Amplitude
the technology.
This step-by-step
be executed
on a in
homevalue
of
a
symbol
consisting
of
multiple
bits
is
represented
by
a
carrier's
amplitude
and
office-based lab, a remote-accessible lab, some networking simulation software programs,
or
phase
states.
Typical
QAM
types
are
-16-QAM
bits
per symbol)
Used are
for upstream
transmission.
All of the topics
on the(4
new
642-821
BCRAN exam
covered, providing
comprehensive exam
preparation.
-64-QAM (6 bits per symbol) Used for downstream transmission.
-256-QAM (8 bits per symbol) Used for downstream transmission.
Spectrum Sharing
Time-division multiplexing (TDM) permits timeslots within a channel to be shared by multiple
subscribers. TDM is used for downstream transmission, in which only one transmitter is involved.
Time-division multiple access ( TDMA) allows multiple subscribers to transmit sequentially to a
common receiver. It is used for upstream or return transmission in which a number of
transmitters need to communicate with the headend.
Table of Contents
Index
DOCSIS Hardware Specifications
Tables 4-1 through 4-4 show the DOCSIS hardware specification. The DOCSIS hardware must
Publisher:
Cisco Press
meet
or exceed
the published specifications for the cable access solution to work properly.
Table 4-1
summarizes
ISBN:
1-58720-073-2key parameters of the upstream signal.
Pages: 528
Table 4-1. Upstream Characteristics

Frequency
5 to 42 MHz
BCRAN
exam.Range
Bandwidth
200, 400, 800, 1600, 3200 KHz
Modulation Mode
QPSK or 16-QAM
exam concepts
Symbol Rates
160, 320, 640, 1280, 256 Ksym/sec
TableReview
4-2 summarizes
key parameters
of the
set-up guides
that show you
howdownstream
to prepare asignal.
lab for study
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 6424-2. Downstream
Characteristics
821 BCRAN exam and Table
for workplace
challenges in implementing
Frequency Range
88 to 860 MHz
essential
in preparing candidates
Bandwidth
6 MHz
Modulation
Mode of certification
64-QAM
or 256-QAM
concepts,
regardless
interest.
Symbol Rates
5.056941 or 5.360537 Msym/sec
Table
4-3
the incoming upstream signals that need to be supported by the CMTS
even as
a summarizes
stand-alone guide.
receiver. Downstream RF output is also specified in this table.
preparation.
Table 4-3. CMTS Power Level Range
Upstream
Power Level Range
200 KHz
16 to +14 dBmV[1]
400 KHz
13 to +17 dBmV
800 KHz
10 to +20 dBmV
1600 KHz
Table of Contents
3200 KHz
Index
7 to +23 dBmV
4 to +26 dBmV
Downstream
Power Level Range
6 MHz
+50 to +61 dBmV

[1]
A dBmV
is the power of a signal in comparison to the power of a 1 mV signal when applied to 75-ohm
ISBN:
1-58720-073-2
resistance. The dBmV is used as the unit of radio frequency (RF) power in the cable industry. The coax cables
Pages:
used
in 528
the cable industry are usually 75-ohm.
Table 4-4 summarizes input and output signal levels for the cable modem.
BCRAN exam.
Table 4-4. Cable Modem Power Level Range
Output
Power Level Range
exam concepts
QPSK
+8 to +58 dBmV
16-QAM
you through their implementation +8 to +55 dBmV
Input
Power Level Range
64-QAM/256-QAM
15 to +15 dBmV
preparation.
Scenarios
Figure 4-3 illustrates the cable modem lab topology. A Cisco uBR7246 with an MC-16C cable
modem card installed in slot 3 is used in the lab. With the MC-16C card, you get one
downstream port and six upstream ports. In this lab, the downstream port is connected to the
Table of Contents
Wavecomm up-converter
at 459 MHz, and upstream port 0 is used for the upstream
transmission.Index
Note that Dynamic Host Configuration Protocol (DHCP), Time of Day (ToD), and
CCNP
Remotebut
Access
TFTP Practical
servers Studies:
are required
are not shown in Figure 4-3.
Figure 4-3. Cable Modem Lab Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
you through
implementation
Scenario
4-1: their
Cisco
CMTS Minimum Configuration Requirements
In this scenario, you will learn the minimum configuration requirements for the Cisco CMTS. You
will also
learn
the configuration's
syntax and commands
to verify
the
configuration.
Ready
yourself
questions
on the
CCNP
exams
The
Cisco
CMTSStudies:
minimum
configuration
requirements
are as
follows.readers
They are
for642link
CCNP
Practical
Remote
Access (CCNP
Self-Study)
prepares
forrequired
the CCNP
establishment
between
the
CMTS
and
the
cable
modem:
Set the upstream frequency
Enable the upstream port
concepts,
regardless
certification interest.
Configure
the IPofaddress
Each Configure
chapter includes
a review
of the applicable technology, and guides the reader through
the helper
address
Setting the Upstream Frequency
You
need to configure a fixed frequency of the upstream RF carrier for an upstream port. You
preparation.
should make sure that the upstream frequency of your RF output complies with the expected
input frequency of your Cisco MC16C cable modem card. The valid range for a fixed upstream
frequency is 5 to 42 MHz.
NOTE
You need to make sure that the upstream frequency you choose does not interfere with
the frequencies used for any other upstream applications running in the cable plant.
The cable interface will not operate until you either set a fixed upstream frequency or
create and configure a spectrum group. This is covered later in this chapter.
Table of Contents
Index
CCNP
Practical
Studies:
Remote Access
Use the
following
commands
to set
the upstream frequency in cable interface configuration

mode:
ISBN: 1-58720-073-2
Pages: 528
uBR7246(config-if)#interface cableslot/port
BCRAN exam.
uBR7246(config-if)#cable
upstreamport frequencyreturn frequency
exam concepts
InExample 4-1, the upstream frequency is set to 39 MHz. In Example 4-2, the command show
controller cable 3/0 upstream 0 displays the upstream frequency. Note that Cisco cable
interface line cards always program the upstream's center frequency in 16-KHz increments. This
is theReview
frequency
displayed
the
show
controller
cable a
upstream
command. In Example 4-2,
set-up
guidesby
that
show
you
how to prepare
lab for study
the actual center frequency is 38.992 MHz.
CCNP Practical
Studies:
Remote Access
(CCNP Self-Study)
prepares readers for the CCNP 642Example
4-1.
Upstream
Frequency
Configuration
uBR7246(config-if)#interface
cable 3/0 of how remote access really works. It is also
certification exams. Finally, it upstream
serves anyone
wanting a 39000000
guide to real-world application of these
0 frequency
Example
4-2. Verifying
guide. the Upstream Frequency
preparation.
uBR7246#show controller cable 3/0 upstream 0
Cable3/0 Upstream 0 is up
Frequency 38.992 MHz, Channel Width 3.200 MHz, 16-QAM Symbol
Rate 2.560 Msps

SNR 28.6280 dB
Nominal Input Power Level 0 dBmV, Tx Timing Offset 2744
Ranging Backoff automatic (Start 0, End 3)
Table of Contents
Interval automatic (60 ms)
Ranging Insertion
Index
Tx Backoff Start 0, Tx Backoff End 4
Modulation Profile Group 5

Pub Date: December is
22, 2003
Concatenation
enabled
ISBN: 1-58720-073-2
part_id=0x3137,
rev_id=0x03, rev2_id=0xFF
Pages: 528
nb_agc_thr=0x0000, nb_agc_nom=0x0000
Range Load Reg Size=0x58
Request Load Reg Size=0x0E
BCRAN exam.
Minislot Size in number of Timebase Ticks is = 8
Minislot
Size in Symbols = 128
exam concepts
Bandwidth
Requests
= 0xAC3C
Experience
how remote
Piggyback Requests = 0x84
Invalid BW Requests= 0x22
Minislots Requested= 0x3EAD8
BCRAN exam
and for=workplace
Minislots
Granted
0x3EAD8 challenges in implementing remote access network
network
setting,
this
is useful
Minislot
Size
inbook
Bytes
= 64 in preparing a CCNP candidate for the general exam
essential
in preparing
candidates
for the
Map Advance
(Dynamic)
: 2447
usecs
concepts,
regardless
UCD Count
= 303031
Each
includes
a review of Reg#1
the applicable
DES chapter
Ctrl Reg#0
= C000C043,
= 0
preparation.
Enabling
the Upstream Port
Each upstream port must be activated to enable upstream data from the cable modems on the
HFC network to the Cisco uBR7246.
To activate the upstream ports, use the following commands in global configuration mode:
Table of Contents
uBR7246(config)#interface
cableslot/port
Index
uBR7246(config-if)#no
cable upstream
port shutdown
Morrow, Deviprasad
Konda
ISBN:
1-58720-073-2
Example
4-3
shows how to activate upstream port 0. Recall that an MC16C card is used in this
528
lab. ItPages:
is installed
in slot 3. Upstream port 0 is used for upstream communication between the
CMTS and the cable modem.
Example 4-3. Enabling the Upstream Port

BCRAN exam.
uBR7246(config)#interface cable 3/0
exam concepts
uBR7246(config-if)#no
cable upstream 0 shutdown
To verify whether the upstream ports are enabled or disabled, enter the show interface cable
command
for
the upstream
have configured,
as shown
in Example
4-4.
Ready
yourself
for the port
new you
simulation-based
questions
on the
CCNP exams
for workplace
in implementing
Example
4-4. and
Verifying
the challenges
Upstream
Port
candidates
theupstream
uBR7246#show
interface
cablefor
3/0
0
interest.
Cable3/0:
Upstreamof0certification
is up
Each chapter
includes
a review of the
applicable
technology,
and guides
the reader through
Received
144 broadcasts,
12489
multicasts,
209258
unicasts
office-based
...
preparation.
Configuring the IP Address and Helper Address

Configuring IP address in CMTS is the same way when you configure other Cisco IOS routers.

Table of Contents
cableslot/port
Index
CCNP Practical Studies: Remoteaddress

Access IP address IP subnet mask
uBR7246(config-if)#ip

The helper address provides a way for packets from the cable modem and the PC to locate their
ISBN: 1-58720-073-2
supporting
DHCP server, from which they receive their IP address and the address of their
Pages: TFTP
528
supporting
and ToD servers.
BCRAN exam.
exam concepts
cableslot/port
Experience how remote access
concepts work
helper-address
IP address
Example 4-5 shows the syntax to configure the DHCP server's IP address.
Example
Configuring
the Helper
applications.4-5.
Designed
as a topic-by-topic
guide ofAddress
how to apply remote access concepts in a real
certification exams. Finally, it serves
cableanyone
3/0 wanting a guide to real-world application of these
uBR7246(config-if)#cable helper-address 10.1.1.5
preparation.
NOTE
DOCSIS mandates that the DHCP, ToD, and TFTP servers be part of the cable access
solutions. Cisco Network Registrar software can be used as the DHCP and TFTP servers,
or you can configure the DHCP, ToD, and TFTP services on Cisco's CMTS.
Scenario 4-2: Cisco CMTS Optional Configuration

In this scenario, you will learn how to configure some of the optional configuration for Cisco
CMTS and command syntax. Some parameters don't have to be modified, but they are listed
here for your reference.
Table of Contents
Index
Setting the Upstream Input Power Level
The uBR7246 controls the cable modems' output power levels to meet the desired upstream
input power level. The default setting of 0 dBmV is the optimal setting for the upstream power
level.
ISBN: 1-58720-073-2
Pages: 528
NOTE
If you increase the input power level, the cable modems on your HFC network increase
their transmit power level. This might cause an increase in the network's carrier-toBCRAN exam.
noise ratio (CNR). Be careful if you adjust this parameter. You might violate the
upstream return laser design parameters.
exam concepts
To setExperience
the upstream
power
level,
use thework
following
commands
cable
interface
howinput
remote
access
concepts
in a real
network in
with
practice
labs that walk
configuration
mode:
uBR7246(config-if)#interface
cableslot/port
certification exams. Finally, it serves
anyone
wanting a guide
upstream
port power-level
dBmVto real-world application of these
office-based
lab,the
a remote-accessible
simulation
or
InExample 4-6,
power level is set lab,
to 0 some
dBmVnetworking
for upstream
channel software
0. Again,programs,
it is the default
even
as
a
stand-alone
guide.
setting and is the optimal setting for the upstream power level.
preparation.
Example 4-6. Configuring the Upstream Input Power Level
uBR7246(config-if)#interface cable 3/0
uBR7246(config-if)#cable upstream 0 power-level 0
To verify the current value of the upstream input power level, enter the show controller cable
command for the upstream port you just configured, as shown in Example 4-7.
Table of Contents
Index
Example
Verifying
the Upstream Input Power Level
CCNP Practical 4-7.
Studies:
Remote Access
Publisher: Cisco controller

Press
uBR7246#show
cable 3/0 upstream 0
ISBN: 1-58720-073-2
Cable3/0
Upstream 0 is up
Pages: 528

Rate 2.560 Msps
Spectrum Group 20
BCRAN exam.
SNR 28.6280 dB
Nominal
Input
Power
0 dBmV,
Timing
Offset
2744practical understanding of
Prepare
for the
CCNP Level
642-821
BCRAN Tx
exam
and gain
a better,
exam concepts
Ranging
Insertion
Interval automatic (60 ms)
you through
set-up
guides
that
show you
how
Tx Review
Backoff
Start
0, Tx
Backoff
End
4 to prepare a lab for study
Ready yourself
for the
new 5
Modulation
Profile
Group
CCNP
Practical Studies:
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Concatenation
is enabled
applications.
Designedrev_id=0x03,
as a topic-by-topic
part_id=0x3137,
rev2_id=0xFF
questions
by providing a better
understanding of how remote access really works. It is also
nb_agc_thr=0x0000,
nb_agc_nom=0x0000
certification
exams.
it serves anyone wanting a guide to real-world application of these
Range Load
Reg Finally,
Size=0x58
Minislot Size in number of Timebase Ticks is = 8
Minislot Size in Symbols = 128
Bandwidth Requests = 0xAC3C
preparation.
Minislots Granted
= 0x3EAD8
Minislot Size in Bytes = 64

Map Advance (Dynamic) : 2447 usecs
UCD Count = 303031
Table of Contents
DES Ctrl Index

Reg#0 = C000C043, Reg#1 = 0

Pub Date: December
22, 2003
Configuring
the Upstream
Channel Bandwidth
ISBN: 1-58720-073-2
Pages: 528
By default,
the upstream RF bandwidth is set to 1600 KHz. The command to configure the
upstream channel bandwidth is as follows:
BCRAN exam.
exam concepts
uBR7246(config)#interface cableslot/port
upstreamport channel-width [200000 | 400000 | 800000 |
Review|3200000]
1600000
Example
4-8 Designed
shows youas
how
to configure the
channel
width
for upstream
port 0.concepts
You can in
also
applications.
a topic-by-topic
guide
of how
to apply
remote access
a real
use
the
show
controller
cable
command
to
view
the
channel
width
configuration
of
the
upstream
you just a
configured,
as shown inofExample
4-9. access really works. It is also
questions port
by providing
how remote
Example
4-8. Configuring
Upstream Channel Bandwidth
of certificationthe
interest.
office-based
cable lab,
3/0some networking simulation software programs, or
uBR7246(config-if)#cable upstream 0 channel-width 3200000
preparation.
NOTE
Before increasing the channel width or modulation, you should perform a thorough
analysis of your upstream spectrum using a spectrum analyzer to find a wide-enough
band with adequate CNR. Failure to do so can potentially affect other services in your
cable network.
Table of Contents
Example 4-9.
Verifying Upstream Channel Width
Index


Cable3/0
Upstream
0 is up
Pub Date: December
22, 2003
ISBN: 1-58720-073-2

Pages: 528
Rate 2.560 Msps

Spectrum Group 20
Gain
SNRhands-on
28.6280experience
dB
BCRAN exam.
Nominal Input Power Level 0 dBmV, Tx Timing Offset 2744
exam concepts
Ranging Insertion Interval automatic (60 ms)
Concatenation is enabled
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642part_id=0x3137,
rev2_id=0xFF
821
BCRAN exam andrev_id=0x03,
for workplace challenges
nb_agc_thr=0x0000,
network
setting, this booknb_agc_nom=0x0000
Range in
Load
Reg Size=0x58
essential
preparing
Requestregardless
Load RegofSize=0x0E
concepts,
Each
chapter Size
includes
review of
of the
applicable
technology,
Minislot
in anumber
Timebase
Ticks
is = 4 and guides the reader through
office-based
Minislot lab,
Sizea remote-accessible
in Symbols = 32 lab, some networking simulation software programs, or
Bandwidth Requests = 0xAC3C
preparation.
Minislots Granted
= 0x3EAD8

UCD Count = 303031
Table of Contents
DES Ctrl Reg#0 = C000C043, Reg#1 = 0

Index


Configuring
Spectrum Management
ISBN: 1-58720-073-2
Spectrum management is a way to improve performance on upstream signal traffic and to

Pages: 528
compensate
for noise and interference. The spectrum manager monitors the upstream
frequencies. If there is too much noise or interference in an upstream channel, the spectrum
manager reassigns the upstream channel to a different upstream frequency. Spectrum
management is configured and activated using spectrum groups. A spectrum group is a table of
frequencies that upstream ports can use to implement a frequency-hopping policy. The
Gain hands-on
commands
to configure
experience
spectrum
of CCNPmanagement
Remote Access
aretopics
as follows:
with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
uBR7246(config)#cable spectrum-groupgroup-number [timeday hh:mm:ss]frequency
upstream-frequency [dBmV]
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642uBR7246(config)#interface
cablechallenges
slot/portin implementing remote access network
upstream
port spectrum-group
group-number
in preparing
a CCNP candidate
InExample 4-10, three fixed frequencies29 MHz, 33 MHz, and 39 MHzare configured under
Each
chapter
includes
a reviewgroup
of the20
applicable
technology,
and guides
the
spectrum
group
20. Spectrum
is then assigned
to upstream
port
0.reader through
even
as a stand-alone
guide.
Example
4-10. Configuring
a Spectrum Group and Associating It with
the
Upstream Port
preparation.
uBR7246(config)#cable spectrum-group 20 frequency 29000000

uBR7246(config-if)#cable upstream 0 spectrum-group 20
Table of Contents
Index
You can use the show cable spectrum-group command to display the current allocation table
and frequency assignment, as shown in Example 4-11.
Publisher: Cisco
Press Displaying the Spectrum Group Configuration
Example
4-11.
ISBN: 1-58720-073-2
Pages: 528
uBR7246#show cable spectrum-group

Group
Frequency
Upstream
Weekly Scheduled
Power
Shared
No.
Band
Port
Availability
Level
Spectrum
BCRAN exam.
(Mhz)
From Time:
To Time:
(dBmV)
1
20
29.000
0 understanding
No
Prepare
for the CCNP 642-821 BCRAN exam and gain a better, practical
of
exam concepts
29.000
0
No
0
No
you29.000
20
Review
33.000
20
Ready
39.000
0
10
No
No
CCNP
Practical
Access
20
38.992Studies:
[3.20]Remote
Cable3/0
U0(CCNP Self-Study) prepares readers 0for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications.
Designed
topic-by-topic
20
29.008
[1.60]as aCable3/0
U1 guide of how to apply remote access
0 concepts in a real
questions
by providing
understanding
of how remote access really works.
It is also
20
29.008
[1.60]a better
Cable3/0
U2
0
certification
exams.
Finally,Cable3/0
it serves anyone
wanting a guide to real-world application
of these
20
29.008
[1.60]
U3
0
20
29.008 [1.60] Cable3/0 U4
0
20
29.008 [1.60] Cable3/0 U5
0
preparation.
Example 4-12 displays the current frequency assignment and spectrum group 20 for upstream
port 0.
Example 4-12. Verifying the Upstream Frequency and Its Associated
Spectrum Group Configuration

Cable3/0 Upstream 0 is up
Table of Contents
38.992 MHz, Channel Width 3.200 MHz, 16-QAM Symbol
FrequencyIndex
Rate 2.560 Msps
Spectrum Group 20
Pub Date:
December
SNR
28.6280
dB 22, 2003
ISBN: 1-58720-073-2
Nominal
Input Power Level 0 dBmV, Tx Timing Offset 2744
Pages: 528
Ranging Insertion Interval automatic (60 ms)
BCRAN exam.
Concatenation
exam conceptsis enabled
part_id=0x3137,
rev_id=0x03,
rev2_id=0xFF
access concepts
nb_agc_thr=0x0000, nb_agc_nom=0x0000
Range Load Reg Size=0x58
BCRAN exam
workplace
challenges
in implementing
Minislot
Size and
in for
number
of Timebase
Ticks
is = 4
network
setting,
this
is useful
Minislot
Size
inbook
Symbols
= 32
essential
in preparing
candidates
Bandwidth
Requests
= 0xAC3C
concepts,
regardless
of certification
interest.
Piggyback
Requests
= 0x84
Each
chapterBWincludes
a review
Invalid
Requests=
0x22
office-based
a remote-accessible
Minislotslab,
Requested=
0x3EAD8 lab, some networking simulation software programs, or
Minislots Granted = 0x3EAD8
preparation.
UCD Count = 303031
DES Ctrl Reg#0 = C000C043, Reg#1 = 0
NOTE Table of Contents

Index
The Cisco uBR MC16S Spectrum Management card and Cisco IOS Release 12.1(7)CX
together provide advanced spectrum management features such as intelligent
ByWesley
Shuo, Dmitry
Bokotey
, Raymondupstream
Morrow, Deviprasad
Kondaand proactive channel
frequency
hopping,
dynamic
modulation,
management.

ISBN: 1-58720-073-2
Configuring
Pages: 528the Downstream Cable Interface
If the external up-converter is used, the downstream frequency is an information-only
command. It should reflect the digital carrier frequency, which is the center frequency of the
downstream RF carrier for that downstream port. The configuration controlling the digital carrier
frequency
is done
in the IF-to-RF
up-converter
thattopics
must with
be installed
in the for
downstream
path
Gain hands-on
experience
of CCNP
Remote Access
lab scenarios
the new 642-821
from
theexam.
Cisco uBR7246. The commands to configure the downstream frequency are as follows:
BCRAN
exam concepts
downstream
frequency
54000000-1000000000
Access (CCNP
Self-Study)
prepares readers forBroadcast
the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
Frequency Designed
- Hz
applications.
Each NOTE
Thecable
downstream
frequency
currentlysimulation
has no effect
on external
up- or
office-based
lab,
a remote-accessible
lab,command
some networking
software
programs,
it is information
only.
even converters;
as a stand-alone
guide.
preparation.
Annex B is the MPEG framing format used in North America. By default, the downstream carrier
MPEG frame format is set to Annex B. Under normal circumstances, this setting does not have to
be changed. The commands to configure the framing format are as follows:
Table of Contents
downstream annex B
Index
Publisher: Cisco
Press to improve the bit error rate. Larger interleaving values increase noise
Interleaving
is used
Pub Date:
22, 2003
stability
butDecember
at the cost
of potentially increased transmission time. DOCSIS specifies that the
operator
can
select the interleave depth for best operational throughput. The default value is 32.
ISBN:
1-58720-073-2
Optional
values
Pages:
528 are 8, 16, 32, 64, and 128. Under normal circumstances, this setting does not
have to be changed. The commands to configure the downstream interleave depth are as
follows:
BCRAN exam.
exam concepts
cableconcepts
slot/port
uBR7246(config-if)#cable downstream interleave-depth [8 | 16 | 32 | 64 | 128]
CCNP
Practical
Studies: mode
Remote
(CCNP is
Self-Study)
prepares
readers
for the CCNP
642The
default
modulation
forAccess
downstream
64-QAM. You
can use
the following
commands
821
BCRAN
exam and for
workplace
in implementing
to
set
the downstream
modulation
tochallenges
either 64-QAM
or 256-QAM:remote access network
office-based
cableslot/port
uBR7246(config-if)#cable downstream modulation [64qam | 256qam]
preparation.
To summarize what you have learned, Example 4-13 shows the basic CMTS downstream
configuration. Use the command shown in Example 4-14 to verify the downstream configuration.
Example 4-13. Cisco CMTS Downstream Configuration

downstream annex B
Table of Contents
Index
downstream modulation 64qam
uBR7246(config-if)#cable downstream interleave-depth 32

downstream frequency 459000000
ISBN: 1-58720-073-2
Pages: 528
Example 4-14. Displaying the Downstream Characteristics

uBR7246#show
BCRAN exam. controller cable 3/0 downstream
Cable3/0 Downstream is up
exam concepts
Frequency
459.0000 MHz, Channel Width 6 MHz, 64-QAM, Symbol
Experience
how
Rate
5.056941
Msps
FEC ITU-T J.83 Annex B, R/S Interleave I=32, J=4
Downstream channel ID: 0
Scenario
4-3: Cisco Cable Modem Bridging and Routing Configuration
You
saw the exams.
basic Cisco
CMTS
configuration
the previous
scenarios.
Now application
it is time toof
learn
the
certification
Finally,
it serves
anyonein
wanting
a guide
to real-world
these
configuration
of
the
Cisco
cable
access
router.
This
scenario
presents
two
types
of
configuration:
DOCSIS-compliant bridging
Routing
DOCSIS-compliant bridging is also known as plug-and-play bridging. It is a default configuration
for most Cisco cable access routers, such as uBR924 and uBR925. In bridging mode, a Cisco
preparation.
cable access router performs as a DOCSIS 1.0 cable modem and should work with any DOCSISqualified CMTS. If you don't intend to implement any advanced data features, such as IPSec or a
firewall, bridging mode is easier to configure. You need to configure routing mode for a Cisco
cable access router if advanced data features are required. This chapter explains how you can
configure basic routing mode for a Cisco cable access router. If you need to configure NAT or
IPSec,Chapters 12, "Scaling IP Addressing with Network Address Translation," and 14,
"Securing Remote Access Networks," provide you with more information on how to configure
these features.
Cisco Cable Access Router DOCSIS-Compliant Bridging Configuration

As mentioned earlier, this is the default mode of operation for a Cisco cable access router. The
of functions
Contents in its plug-and-play DOCSIS-compliant bridging mode and
cable access Table
router
Index
performs as a
DOCSIS-compliant two-way cable modem with this configuration. A Cisco
CCNP
Practical Studies:cable
Remote
Access supports the following minimum set of features:
DOCSIS-compliant
modem
It downloads the DOCSIS configuration file from the CMTS or dedicated server at the
and configures itself automatically.
Publisher:
CiscoIt
Press
headend.
provisions
ItISBN:
operates
in bridge mode and provides Internet connectivity to the CPE devices.
1-58720-073-2
Pages: 528
NOTE
Gain The
hands-on
experience
of CCNP
Remote
topics with lab cable
scenarios
for the
new 642-821
DOCSIS
specification
requires
that Access
a DOCSIS-compliant
modem
download
a
BCRAN
exam.configuration file during its power-on or reset sequence. Cisco provides a
DOCSIS
DOCSIS cable modem configuration tool at
www.cisco.com/support/toolkit/CableModem. You need a CCO account to access this
tool.
exam concepts
through
If theyou
Cisco
cable access
router is configured in routing mode, the following steps are necessary
to convert it back to bridging mode:
Step 1. Disable IP routing on the cable access router:
uBR925(config)#no ip routing
Step
2. Remove guide.
the IP address from both the Ethernet and cable interfaces:
even as
a stand-alone
preparation.
uBR925(config)#interface Ethernet0
uBR925(config-if)#no ip address
uBR925(config-if)#interface cable-modem0
uBR925(config-if)#no ip address
Table of Contents
Index
Assign both the Ethernet and cable interfaces to a bridge spanning group. For the bridge-group
number, you can choose any integer from 1 to 63. Also disable spanning tree on the cable
interface.
ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on experience of CCNP
Remote Access topics with lab scenarios for the new 642-821
Ethernet0
BCRAN exam.
uBR925(config-if)#bridge-groupbridge-group
uBR925(config-if)#
exam concepts bridge-groupbridge-group spanning-disabled
uBR925(config-if)#
interface
cable-modem0
access
uBR925(config-if)#bridge-groupbridge-group
uBR925(config-if)#bridge-groupbridge-group spanning-disabled
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN
exam
andDOCSIS-compliant
Step 3.
Enable
bridging:
office-based
lab, ainterface
remote-accessible
uBR925(config)#
cable-modem0
uBR925(config-if)#cable modem compliant bridge
preparation.
cable modem compliant bridge is the default configuration under interface cable-modem0.
Therefore, it doesn't show up in the configuration when you enter that command.
NOTE
With Cisco IOS Release 12.0(5)T and later, a Cisco cable access router such as uBR925
supports a maximum of 254 CPE devices in bridging mode. No limit exists when the
cable access router is operating in routing mode.
Contents
The MAXTable
CPEoffield
in the DOCSIS configuration file is used to determine the maximum
number Index
of CPE devices that can connect the cable network. The default value is 1.

Figure 4-4 illustrates a typical bridging topology, and Example 4-15 displays the basic plug-andCisco Press
playPublisher:
bridging
configuration. Cisco cable access routers do not need additional configuration to
Pub
Date:
December
22, 2003
provide Internet access
for PCs and other customer premises equipment (CPE) devices.
ISBN:
1-58720-073-2
However, the PCs and CPE devices must be configured to support DHCP allocation of IP
addresses.
Pages: 528
Figure 4-4. Typical Cisco Cable Modem DOCSIS-Compliant Bridging

Gain hands-on experience of CCNP RemoteTopology
BCRAN exam.
exam concepts
Example
4-15. Cisco Cable Access Router DOCSIS-Compliant Bridging
Configuration
preparation.
no ip routing
interface Ethernet0
no ip address
bridge-group 59
bridge-group 59 spanning-disabled
!
Table of Contents
interface
cable-modem0
Index
ip address docsis
bridge-group 59
bridge-group
59 spanning-disabled
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
Cisco Cable Access Router Routing Configuration

Gain hands-on
experience
CCNPtopology.
Remote Access
scenarios
for thesuch
newas
642-821
Figure
4-5 shows
a typical of
routing
If you topics
plan towith
uselab
advanced
features
IPSec
BCRAN
exam. a Cisco cable access router needs to be configured for routing mode. All the CPE
and
a firewall,
devices need to be on a different subnet than the subnet used by the CMTS. For routing
protocols, you can configure RIP version 2 or just use the default route.
exam concepts
Figure 4-5. Typical Cisco Cable Modem Routing Topology
Keep in mind that the default configuration is bridging mode. To configure routing mode, follow
All of the
these
steps:
topics on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
Step 1. Enable IP routing:
uBR925(config)#ip routing
Table of Contents
Step 2.
Disable DOCSIS-compliant bridging on the cable interface:
Index


ISBN: 1-58720-073-2
Pages: 528
uBR925(config)#interface cable-modem0
uBR925(config-if)#no cable-modem compliant bridge
BCRAN exam.
Step 3. Remove the bridge group on the cable and Ethernet interfaces:
exam concepts
uBR925(config)#interface Ethernet0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam andno
forbridge
workplace
challenges
uBR925(config-if)#
group
number in implementing remote access network
network setting, this book
is useful
uBR925(config-if)#
interface
cable-modem0
essential in preparing no
candidates
thenumber
uBR925(config-if)#
bridge for
group
Each chapter
a review
of the
applicable
technology,
and guides
Step 4.includes
Configure
the cable
interface
to receive
an IP address
fromthe
thereader
DHCPthrough
server:
preparation.
uBR925(config)#interface cable-modem0
uBR925(config-if)#ip address docsis
Step 5. Enter the Ethernet interface's IP address and subnet mask:
Table of Contents
Index

uBR925(config)#
interface
Ethernet0
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
uBR925(config-if)#
ip addressip-address subnet-mask
Pages: 528
Step 6. Configure the routing protocol (RIP version 2) or configure the default route:
BCRAN exam.
exam concepts
uBR925(config)#router rip
uBR925(config-router)#version 2
uBR925(config-router)#networkcable-network-number
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace
challenges in implementing remote access network
uBR925(config-router)#
networkEthernet-network-number
or
preparation.
uBR925(config)#ip route 0.0.0.0 0.0.0.0ip-address
whereip-address is the IP address for the CMTS.
Example 4-16 illustrates the cable modem routing configuration. RIP version 2 is used as the
routing protocol. Two network statements exist under RIP configuration:
172.16.0.0 is for the Ethernet interface and CPE devices.
10.0.0.0 is for the cable modem interface and the CMTS.
Table of Contents
In
most cases
the default route configuration should be enough.
Index
Example 4-16. Cisco Cable Access Router Routing Configuration

ISBN: 1-58720-073-2
ip routing
Pages: 528
...
interface Ethernet0
ip
172.16.1.1
Gainaddress
hands-on
experience 255.255.255.0
BCRAN exam.
!
interface
cable-modem0
Prepare
exam concepts
ip address docsis
no cable-modem
you through their
compliant
implementation
bridge
... Review set-up guides that show you how to prepare a lab for study
Ready
router
ripyourself for the new simulation-based questions on the CCNP exams
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642version
2
applications.
network 10.0.0.0
questions
network 172.16.0.0
preparation.
Basic Cable Modem Troubleshooting Using Cisco IOS

Software Commands
This section covers some of the useful commands used to perform troubleshooting in Cisco CMTS
Table of Contents
and
cable modems.
It also goes into detail about the cable modem initialization sequences and
Index status in CMTS.

the corresponding
Basic CMTS Troubleshooting

Date:uBR7200
December 22,
2003 universal broadband routers maintain a database of flapping cable
ThePub
Cisco
series
modems
to 1-58720-073-2
assist in locating cable plant problems. It tracks the upstream and downstream
ISBN:
performance
of all DOCSIS-compliant cable modems on the network. Information such as MAC
Pages: 528
address, up and down transitions, registration events, missed periodic ranging packets,
upstream power adjustments, and the physical interface on the Cisco uBR7200 series is
maintained in the flap list. Please note that the flap list doesn't affect throughput and incur
additional overhead on the network. Cable modems are automatically added to the flap list when
any of the following conditions are detected:
BCRAN exam.
When the cable modem reregisters more frequently than the user-specified insertion time.
The default cable flap list insertion time is set to 180 seconds.
exam
When concepts
intermittent keepalive messages are detected between the CMTS and the CM. The
default cable flap list miss threshold is set to 6 seconds.

you
through
implementation
When
the CMtheir
upstream
transmit power is adjusted beyond the user-specified power
threshold. The default cable flap list power adjust is set to 2 dB.
Example 4-17 displays the sample output of the show cable flap-list command. Table 4-5
explains the flap list fields.
Example
Cable
Flap List Output
applications.4-17.
Designed
as a topic-by-topic
uBR7246#show
cable
flap-list
certification exams.
Finally,
MAC Address
Upstream
Ins
Hit
Miss CRC
P-Adj Flap Time
implementation of the
0020.4077.7e0c
Cable3/0/U0
technology. 147
This step-by-step
7080 2499
process
0
can0 be executed
293
on
Auga home10 04:53:30
or
0020.4077.2be0
Cable3/0/U0
guide.
83
7125 1619 0
0
169
Aug 10 04:13:15
All of the topics on Cable3/0/U0
the new 642-821
exam1391
are covered,
providing
exam
0020.4076.d31e
82BCRAN
7182
0
0
164comprehensive
Aug 10 04:07:02
preparation.
0020.4077.2bfe Cable3/0/U0 57
7216 977
0
0
116
Aug 10 03:30:11
Table 4-5. Explanation of Flap List Fields

Column
Description
MAC
Address
The MAC-layer address of a cable modem. It is used to identify the subscribers.
Table of Contents
Upstream
The
Indexphysical upstream interface in the Cisco uBR7200 series. In Example 4-17, the
modem card in slot 3 and upstream port 0.
is for aAccess
cable
CCNP Practical statistic
Studies: Remote
By
Wesley Shuo,The
Dmitry
Bokoteymodem's
, Raymond Morrow
, Deviprasad
Ins
flapping
insertion
count. Konda
This counts
the number of times the RF link

was abnormally reestablished. This count can indicate the following:

- Intermittent downstream sync loss
ISBN: 1-58720-073-2
Pages: 528
- DHCP or modem registration problems
Hit
Contains keepalive polling statistics. The link is kept alive using station
maintenance intervals. The station maintenance process occurs for every modem
about every 25 seconds. When the CMTS receives a response from the cable
modem, the event is counted as a hit. Otherwise, the event is counted as a miss.
The hit counts should be much greater than the miss counts.
BCRAN exam.
Miss
Contains keepalive polling statistics. High miss counts can indicate the following:
exam concepts
- Intermittent upstream because of noise
Experience how
remote
- Laser
clipping
- Too much or too little upstream attenuation
- Common-path distortion
CRC
CRC errors usually indicate noise on a plant. They can indicate the following:
- Intermittent
upstreamguide
because
of noise
applications. Designed
as a topic-by-topic
of how
to apply remote access concepts in a real
- Laser clipping
candidates
for or
the
- Impulsive
noise
interference
of certificationdistortion
interest.
- Common-path
Each
P-AdjchapterIndicates
includes a
the
review
number
of the
of times
applicable
the modem
technology,
powerand
adjustment
guides the
exceeded
reader through
the
implementation
threshold
of the value.
technology.
This count
This step-by-step
can indicate the
process
following:
- Amplifier degradation
- Poor connection
preparation.
- Attenuation problem
- Thermal sensitivity
Flap
Indicates the number of times the modem has flapped.
Time
The time stamp indicating the last time the modem flapped.
Theshow cable modem command, shown in Example 4-18, is the most useful command for
the CMTS. This command displays information on all cable modems or a particular cable modem
on the network.
Table of Contents
Index
Example 4-18.
Format and Sample Output for the show cable modem
Command
uBR7246#show
Pub Date: December
cable
22, 2003
modem
ISBN: 1-58720-073-2
Interface
Pages: 528 Prim Online
Sid
Cable3/0/U0 1
Timing Rec
State
Offset Power
online
2808
0.00
QoS CPE IP address
MAC address
0007.0e02.c9ed
30.30.30.9
Gain
hands-on2experience
of CCNP
Remote0.00
Access5 topics
lab scenarios for0003.e3a6.84a1
the new 642-821
Cable3/0/U0
online
2811
0 with
30.30.30.10
BCRAN exam.
Cable3/0/U0 3
online
2811
0.00
30.30.30.7
0007.0e02.cae1
Cable3/0/U0
4
online
2809
0.00 5
0
30.30.30.8
0002.b94a.22a7
exam concepts
TableReview
4-6 lists
messages
onthat
the show
CMTS.you
It shows
different
stages
of cable modem registration.
set-up
guides
how tothe
prepare
a lab
for study
On the CM side, you can use show controllers cable-modem 0 mac state and look at the
Readyfield.
yourself
for cable-modem
on thecommand
CCNP exams
MAC state
debug
mac log isquestions
another useful
on the CM side to
capture the CM startup sequences.
questions
providing
a better
of how remote
access
really works.
It is also
Tableby4-6.
Various
CMunderstanding
Statuses When
Entering
show
cable-modem
preparation.
Message
Description
offline
The modem is considered offline
init(r1)
The modem sent initial ranging
init(r2)
The modem is ranging
init(rc)
Ranging is complete
Table of Contents
init(d)
Index
A DHCP request was received
init(i)
A DHCP reply was received, and an IP address was assigned
init(t)
A ToD request was received

init(o)
A TFTP request was received
online
The modem was registered and enabled for data
ISBN: 1-58720-073-2
Pages: 528The modem was registered, but network access for the CM is disabled
online(d)
online(pk) The modem was registered, BPI was enabled, and KEK was assigned
online(pt) The modem was registered, BPI was enabled, and TEK was assigned
reject(m)
cable modem
attempted
register,
butwith
registration
was refused
because
of a
Gain
hands-onThe
experience
of CCNP
Remote to
Access
topics
lab scenarios
for the new
642-821
bad
Message
Integrity
Check
(MIC)
BCRAN exam.
reject(c)
The cable modem attempted to register, but registration was refused because of a
badthe
class
of service
(CoS)
Prepare for
CCNP
642-821
exam
concepts
reject(pk) The KEK modem key assignment was rejected
reject(pt)
Experience
Thehow
TEKremote
modemaccess
key assignment
concepts work
was in
rejected
a real network with practice labs that walk
Theping docsis command, shown in Example 4-19, allows you to quickly diagnose the health of
a channel
between
uBR7200
series routers
and theon
cable
This command
Ready
yourselfthe
forCisco
the new
simulation-based
questions
the interface.
CCNP exams
allows you to ping the MAC addresses of the CMs before the registration is complete. In other
words,
you can Studies:
use this Remote
command
to ping
CMs Self-Study)
that do not prepares
have an IP
address.
of
CCNP Practical
Access
(CCNP
readers
for The
the syntax
CCNP 642ping
docsis
is
as
follows:
uBR7246#ping
{IP Address lab,
| MAC
Address}
office-based lab,docsis
a remote-accessible
some
networking simulation software programs, or
preparation.
Example 4-19. ping docsis Command
uBR7246#ping docsis 0007.0e02.c9ed
Queueing 5 MAC-layer station maintenance intervals, timeout is 25 msec:

!!!!!
Success rate is 100 percent (5/5)
Table of Contents
Index
Basic
CM,Dmitry
Troubleshooting
ByWesley Shuo
Message
CRC
failures,
header CRC failures, sync losses, and pulse losses indicate downstream
Publisher:
Cisco
Press
noise,
as
shown
in
Example
Pub Date: December 22, 2003 4-20. Rerequest is useful information for upstream debugging. You
can use show interface cable-modem 0 counters to display this information.
ISBN: 1-58720-073-2
Pages: 528
Example 4-20. Displaying Cable Modem-Specific Counters
Gain
hands-on experience
of CCNP
Remote Access
topics with lab scenarios for the new 642-821
cable-modem#show
interface
cable-modem
0 counters
BCRAN exam.
Cableexam
specific
counters:
concepts
Ranging
requests
: access
28176 concepts work in a real network with practice labs that walk
Experience
howsent
remote
Downstream FIFO full
: 0
Re-requests
: 0
DS MAC Message Overruns: 0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821Data
BCRAN
DS
Overruns
: 0
network setting,
Received
MAPs this book is:useful
83089626
essential inSyncs
Received
: 17589748
concepts, CRC
regardless
of certification
interest.
Message
failures
: 0
Each
chapter
includes a review
Header
CRC failures
: 0 of the applicable technology, and guides the reader through
office-based
Data PDUs lab, a remote-accessible
: 318963 lab, some networking simulation software programs, or
DS MAC messages
: 100936055
preparation.
Valid Headers
: 101237079
Sync losses
: 0
Pulse losses
: 0
BW request failures
: 0
Max TX Rate (pps)
: 0
Max RX Rate (pps)
: 0
ACK table collisions
: 0
Table of Contents
Index
ACKs defered
: 0
ACKs dropped
: 0
Packets Concatenated
: 0
Paks
Pubnot
Date:Concatenated
December 22, 2003 : 17957
ISBN: 1-58720-073-2
Multiple Concatenations: 0
Pages: 528
Example 4-21 demonstrates another useful commandshow controllers cable-modem.

Gain
hands-on
of CCNP
Access
with
labthe
scenarios
for for
thethe
new
Notice
that the experience
signal-to-noise
ratioRemote
(SNR) must
betopics
greater
than
threshold
CM642-821
to
BCRAN
exam.
operate properly. In Example 4-21, the SNR is 32.8 dB.
Example
4-21. Cable Modem's MAC State and SNR Information
exam concepts
cable-modem#show controllers cable-modem 0
BCM Cable interface 0:
BCRAN
and for workplace
remote access
network 0x80
CM unit
0,exam
idb 0x80BF7B08,
ds 0x80BF9800,
regaddr = 0x2700000,
reset_mask
network
this
book is useful in preparing
a CCNP candidate
the general exam
station setting,
address
0003.e3a6.84a1
default station
address for
0003.e3a6.84a1
essential
in preparing
PLD VERSION:
1
concepts,
regardless
certification
interest.
Concatenation:
ON of
Max
bytes Q0:
1600 Q1: 2000 Q2: 2000 Q3: 2000
MAC State is maintenance_state, Prev States = 15
MAC mcfilter 01E02F00 data mcfilter 00000000
preparation.
MAC extended header ON
DS: BCM 3300 Receiver: Chip id = BCM3300
US: BCM 3300 Transmitter: Chip id = 3300
Tuner: status=0x00
Rx: tuner_freq 459000000, symbol_rate 5056000, local_freq 11520000
snr_estimate 328(TenthdB), ber_estimate 0, lock_threshold 26000
of Contents
QAM in Table
lock,
FEC in lock, qam_mode QAM_64
(Annex B)
Index
CCNP
Practical Studies:
Remotesymbol
Access
Tx: tx_freq
29008112,
rate 8 (1280000 sym/sec)
power_level: 9.0 dBmV (commanded)

58

ISBN: 1-58720-073-2
60
(gain in US AMP units)

(BCM3300 attenuation in .4 dB units)
Pages: 528
Theshow controllers cable-modem 0 mac state command, shown in Example 4-22,

Gain hands-on
ofcable
CCNPMAC
Remote
Access
topics with
lab scenarios
forthe
theinterface
new 642-821
summarizes
theexperience
state of the
layer.
The normal
operational
state of
is
BCRAN exam. state. This command gives you most of the information you need about the cable
maintenance_
modem's status.
exam concepts
Example 4-22. Partial Output of the show controllers cable-modem 0

macExperience
state Command
cable-modem#show controllers cable-modem 0 mac state
MAC
State:exam and for workplace
maintenance_state
network setting,
Ranging
SID: this book is useful
352
essential in preparing candidates for
the new simulation-based questions that are on the Cisco
Registered:
TRUE
concepts, Established:
regardless of certification
interest.
Privacy
FALSE
Each
... chapter includes a review of the applicable technology, and guides the reader through
preparation.
Cable Modem Initialization Process
This section discusses the events during the registration process of a DOCSIS cable modem. You
can view these events on the Cisco CM console port by entering the debug cable-modem mac
log command. You can view the corresponding events on the CMTS by using the show cable
modem command. Refer to Table 4-6 for explanations of each event that occurs on the CMTS.
Examples 4-23 through 4-32 display each event of the CM initialization process.
Event 1: Scanning for a Downstream Channel and Establishing Synchronization with

the CMTS
InExample 4-23, the cable modem acquires a downstream channel from the CMTS, saves the
Table of Contents
last operational
frequency in nonvolatile memory, and tries to reacquire the saved downstream
Indextime a request is made.

channel the next
Example 4-23. CM Begins a Downstream Scan

ISBN: 1-58720-073-2
CMAC_LOG_STATE_CHANGE
Pages: 528
ds_channel_scanning_state
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND
99/805790200/997799800/6000300
98/601780000/799789900/6000300
Gain
hands-on experience of CCNP Remote Access topics
97/403770100/595779700/6000300
BCRAN exam.
96/73753600/115755700/6000300
95/217760800/397769800/6000300
exam concepts
Experience how remote access concepts work in94/121756000/169758400/6000300
93/175758700/211760500/6000300
92/79753900/85754200/6000300
91/55752700/67753300/6000300
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing
90/177000000/213000000/6000000
network setting, this book is useful in preparing a CCNP
89/219000000/225000000/6000000
essential in preparing candidates for the new simulation-based
88/141000000/171000000/6000000
87/135012500/135012500/6000000
Each
chapter includes a review of the applicable technology,
86/123012500/129012500/6000000
office-based
lab, a remote-accessible lab, some networking
85/405000000/447000000/6000000
84/339012500/399012500/6000000
preparation.
83/333025000/333025000/6000000
82/231012500/327012500/6000000
81/111025000/117025000/6000000
80/93000000/105000000/6000000
79/453000000/855000000/6000000
CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY
459000000
CMAC_LOG_UCD_MSG_RCVD
Table of Contents
Index
CMAC_LOG_DS_64QAM_LOCK_ACQUIRED
459000000
CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED

1-58720-073-2
EventISBN:
2: Obtaining
Upstream Channel Parameters
Pages: 528
InExample 4-24, the cable modem waits for an upstream channel descriptor (UCD) message
from the CMTS. This is done to retrieve transmission parameters for the upstream channel.
Gain
hands-on
experience
of CCNP Identifying
Remote Access topics
with lab scenarios
for the new 642-821
Example
4-24.
CM Begins
the Upstream
Parameters
BCRAN exam.
wait_ucd_state
exam concepts
Experience how remote access concepts work in1a real network with practice labs that walk
1
CMAC_LOG_ALL_UCDS_FOUND
wait_map_state
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing
CMAC_LOG_FOUND_US_CHANNEL
1
network setting, this book is useful in preparing a CCNP
1 candidate for the general exam
essential in preparing candidates for the new simulation-based
CMAC_LOG_UCD_NEW_US_FREQUENCY
38992000 questions that are on the Cisco
CMAC_LOG_SLOT_SIZE_CHANGED
8
Each
CMAC_LOG_UCD_UPDATED
office-based
lab, a remote-accessible lab, some networking
CMAC_LOG_ADJUST_RANGING_OFFSET
-74
CMAC_LOG_RANGING_OFFSET_SET_TO
12276
preparation.
CMAC_LOG_MAP_MSG_RCVD
Event 3: Starting Ranging for Power Adjustments

The ranging process adjusts the cable modem's transmit power. In Example 4-25, the cable
modem performs ranging in stages, ranging state 1 and ranging state 2.
Example 4-25. CM Enters the Ranging 1 and Ranging 2 States
Table of Contents
Index

ByWesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda40
CMAC_LOG_INITIAL_RANGING_MINISLOTS
ranging_1_state
<--- init(r1)
9610
Pages: 528
CMAC_LOG_POWER_LEVEL_IS
28.0 dBmV (commanded)
ISBN: 1-58720-073-2
CMAC_LOG_STARTING_RANGING
CMAC_LOG_RANGING_BACKOFF_SET
0
BCRAN exam.
CMAC_LOG_RNG_REQ_QUEUED
0
CMAC_LOG_RNG_REQ_TRANSMITTED
exam concepts
CMAC_LOG_RNG_RSP_MSG_RCVD
Experience how remote access concepts work in a real
CMAC_LOG_RNG_RSP_SID_ASSIGNED
2 network with practice labs that walk
2408
12018
Ready yourself for the new simulation-based questions
on the CCNP exams
CMAC_LOG_ADJUST_TX_POWER
20Access (CCNP Self-Study) prepares readers for the CCNP 642CCNP Practical Studies: Remote
33.0
dBmV
(commanded)
applications. Designed as a topic-by-topic guide of how to
apply
remote
access concepts in a real
ranging_2_state
<--questions by providing a better understanding of how remote
access really works.
It isinit(r2)
also
2
certification exams. Finally, it serves anyone wanting a guide
-64
All
of the topics on the new 642-821 BCRAN exam are covered,
11954 providing comprehensive exam
preparation.
CMAC_LOG_RANGING_CONTINUE
CMAC_LOG_ADJUST_TX_POWER
-9
31.0 dBmV (commanded)
CMAC_LOG_RANGING_CONTINUE
Table of Contents
Index
CMAC_LOG_RANGING_SUCCESS
<--- init(rc)

1-58720-073-2
EventISBN:
4: Establishing
IP Connectivity
Pages: 528
InExample 4-26, the cable modem invokes DHCP requests to obtain an IP address, which is
needed for IP connectivity. The DHCP request also includes the name of a file that contains
additional configuration parameters, the TFTP server's address, and the ToD server's address.
BCRAN exam.
Example 4-26. CM Enters the DHCP State
exam concepts
dhcp_state <--- init(d)
CMAC_LOG_DHCP_ASSIGNED_IP_ADDRESS
188.188.1.62
Review set-up guides that show you how to prepare4.0.0.1
a lab for study
CMAC_LOG_DHCP_TFTP_SERVER_ADDRESS
Ready yourself for the new simulation-based questions
on the CCNP exams
CMAC_LOG_DHCP_TOD_SERVER_ADDRESS
4.0.0.32
CCNP
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CMAC_LOG_DHCP_SET_GATEWAY_ADDRESS
applications.
Designed as a topic-by-topic guide of how to
apply remote access concepts in a real
CMAC_LOG_DHCP_TZ_OFFSET
360
questions
by providing a better understanding of how remote
CMAC_LOG_DHCP_CONFIG_FILE_NAME
platinum.cm
certification
CMAC_LOG_DHCP_ERROR_ACQUIRING_SEC_SVR_ADDR
CMAC_LOG_DHCP_COMPLETE
<--- init(i)
All of the
on the new
Event
5: topics
Establishing
the642-821
Time ofBCRAN
Day exam are covered, providing comprehensive exam
preparation.
InExample 4-27, the Cisco cable modem accesses the ToD server for the current date and time,
which are used to create time stamps for logged events such as those displayed in the MAC log
file.
Example 4-27. CM Enters the Time of Day State
establish_tod_state
<--- init(t)
CMAC_LOG_TOD_REQUEST_SENT
Table of Contents
CMAC_LOG_TOD_REPLY_RECEIVED
Index
3234813212
CMAC_LOG_TOD_COMPLETE

ISBN: 1-58720-073-2
Event 6: Establishing Security

Pages: 528
Keys for privacy are exchanged between the cable modem and the CMTS. In Example 4-28, the
CM enters bypass security state. It is not defined for DOCSIS 1.0, but it will be fully defined by
DOCSIS 1.1.
BCRAN exam.
Example 4-28. CM Enters the Bypass Security State
exam concepts
security_association_state
CMAC_LOG_SECURITY_BYPASSED
Event
7: Establishing
the TFTP
CCNP Practical
Studies: Remote
Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications.
Designed
as a topic-by-topic
of howintoExample
apply remote
concepts
in a real
After
the DHCP
and security
operations areguide
successful,
4-29, access
the cable
modem
network setting,
this book
is useful from
in preparing
a CCNP file
candidate
general
exam TFTP
downloads
operational
parameters
a configuration
stored for
on athe
cable
company's
server.
concepts,
regardless
of certification
interest.
Example
4-29. CM
Enters the
TFTP State
configuration_file_state
CMAC_LOG_LOADING_CONFIG_FILE
platinum.cm
All of the topics on the new 642-821 BCRAN exam are covered,
providing comprehensive exam
preparation.
CMAC_LOG_CONFIG_FILE_PROCESS_COMPLETE
<--- init(o)
Event 8: Performing Registration

InExample 4-30, the cable modem registers with the CMTS. The cable modem is authorized to
forward traffic to the cable network after the cable modem is initialized, authenticated, and
configured.
Table of Contents
Example 4-30.
CM Enters
the Registration State
Index

registration_state
CMAC_LOG_REG_REQ_MSG_QUEUED
ISBN: 1-58720-073-2
Pages: 528
CMAC_LOG_REG_REQ_TRANSMITTED
CMAC_LOG_REG_RSP_MSG_RCVD
Gain
BCRAN exam.
CMAC_LOG_COS_ASSIGNED_SID
1/3
Prepare for the CCNP 642-821 BCRAN exam and3 gain a better, practical understanding of
exam concepts
CMAC_LOG_REGISTRATION_OK
Ready
yourself for the
Event
9: Establishing
Baseline
Privacy
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Link-level encryption keys are exchanged between the CMTS and the cable modem. In Example
4-31, baseline privacy has not been configured.
Example
4-31. CM
Beginsfor
the
Privacy questions
Processthat are on the Cisco
candidates
theBaseline
Each
chapter includes a review of the applicable technology,
establish_privacy_state
CMAC_LOG_PRIVACY_NOT_CONFIGURED
preparation.
Event 10: Entering the Operational Maintenance State

As soon as the cable modem is completely up and running, it enters operational maintenance
state, as shown in Example 4-32.
Example 4-32. CM Enters the Operational State
Table of Contents
Index
maintenance_state <--- online


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise: The CMTS and DOCSIS-Compliant

Bridging Cable Modem Configuration
The practical exercise is designed to test your knowledge of the topics covered in this chapter.
of Contents
The
practicalTable
exercise
begins by giving you some information about a situation and then asks
Index
you to work through
the solution on your own. The solution is found at the end.
Figure
4-6 presents the network topology for this Practical Exercise.
Figure 4-6. Practical Exercise: Cable Modem Lab Topology
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Before you begin this exercise, be sure the DHCP, ToD, and TFTP servers are properly configured
and that the DOCSIS configuration file is available on the TFTP server for Cisco cable access
router to download.
In this exercise, you need to configure the CMTS - Cisco uBR7246 shown in Figure 4-6 as
follows:
Activate upstream port 0 of the cable modem card in slot 3.
questions
by providing
a better
understanding
of how
remote
access
reallythree
works.
It is also
Configure
spectrum
management
using group
number
30.
Configure
upstream
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
the Cisco
frequencies29 MHz, 33 MHz, and 39 MHzand then associate this group with upstream
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of these
port 0.
Set the power level of upstream port 0 to 0.
implementation
of the
technology.
This step-by-step
process
Configure the
cable
helper address
using IP address
172.16.1.2.
even Change
as a stand-alone
guide.
the upstream
channel bandwidth to 3200000.
All of Change
the topics
the new 642-821
BCRAN
exam
covered, providing comprehensive exam
theon
downstream
modulation
mode
to are
256-QAM.
preparation.
If everything is configured correctly in this exercise, the PC in the figure will be able to obtain an
IP address from the DHCP server and will have network connectivity.

Example 4-33 displays uBR7246's working configuration.
Table of Contents
Example 4-33.
uBR7246 Configuration
Index

uBR7246#show running-config
version
12.1
Pub Date:
December 22, 2003
ISBN: 1-58720-073-2
no service pad
Pages: 528
service timestamps debug datetime msec

service timestamps log datetime msec
Gain
hands-on
service
password-encryption
BCRAN exam.
service internal
service udp-small-servers max-servers no-limit
exam concepts
service tcp-small-servers max-servers no-limit
!
hostname uBR7246
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642no
buffered
821logging
BCRAN exam
enable
cisco
network password
setting, this
!
cable
flap-list
size
1000
concepts,
regardless
of certification
interest.
Each
includes
a review
cablechapter
flap-list
aging
86400
office-based
lab,29000000
cable spectrum-group
30 frequency
cable spectrum-group 30 frequency 33000000
preparation.
cable spectrum-group 30 frequency 39000000
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
ip cef
!
interface FastEthernet0/0
Table of Contents
ip address 172.16.1.1 255.255.255.0

Index
full-duplex
!
interface
Cable3/0
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
description Connected to Wavecomm Upconverter at 459000000

Pages: 528
ip address 10.10.10.1 255.255.255.0

cable downstream annex B
Gain
experience
of CCNP
cablehands-on
downstream
modulation
256qam
BCRAN exam.
cable downstream interleave-depth 32
cable downstream frequency 459000000
exam concepts
cable upstream 0 spectrum-group 30
cable upstream 0 power-level 0
cable upstream 0 channel-width 3200000
no cable upstream 0 shutdown
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642cable
upstream
1 shutdown
821
BCRAN
exam and
for workplace challenges in implementing remote access network
cable upstream
2 book
shutdown
network
setting, this
cable upstream
3 shutdown
essential
in preparing
cable upstream
4 of
shutdown
concepts,
regardless
Each
chapter
includes
cable
upstream
5 shutdown
office-based
cable dhcp-giaddr
policy
cable helper-address 172.16.1.2
preparation.
!
ip classless
!
line con 0
line aux 0
line vty 0 4
!
Table of Contents
Index
end

Example
Publisher:
4-34
Cisco
shows
Press typical Cisco IOS configurations for a Cisco cable access router that is
operating
plug-and-play
Pub Date:inDecember
22, 2003 DOCSIS-compliant bridging mode.
ISBN: 1-58720-073-2
Pages: 528
Example 4-34. uBR925 DOCSIS-Compliant Bridging Configuration
uBR925#show running-config
BCRAN exam.
version 12.1
no service
Prepare pad
exam concepts
service timestamps debug datetime msec localtime
service
timestamps
uptime
you through
their log
implementation
Review set-up
no service
password-encryption
!
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642hostname
uBR925
applications.
!
questions
by providing
enable password
cisco
certification
!
!
!
clock timezone - -8
ip subnet-zero
preparation.
no ip routing
!
interface Ethernet0
no ip address
bridge-group 59
!
Table of Contents
Index
interface cable-modem0
Byip
Wesley
address
Shuo, Dmitry
docsis
cable-modem
Publisher: Cisco boot
Press admin 2
cable-modem boot oper 5

ISBN: 1-58720-073-2
Pages: 528
bridge-group
59
!
BCRAN
ip
classless
exam.
!
line exam
con 0concepts
line Experience
vty 0 4 how remote access concepts work in a real network with practice labs that walk
!
end Ready yourself for the new simulation-based questions on the CCNP exams
preparation.
Summary
After completing this chapter, you should have a basic understanding of the cable modem
technology. Basic Cisco CMTS and cable access router configurations were demonstrated in this
chapter so that you could learn the minimum configuration requirements for both. Some of the
Table of Contents
useful IOS commands
described here can help you troubleshoot and diagnose cable modem
Index
network problems.
Table
4-7
summarizes
the,Raymond
CMTS and
cable
access router
ByWesley
Shuo
, Dmitry Bokotey
Morrow
, Deviprasad
Konda commands used in this chapter.
ISBN: 4-7.
1-58720-073-2
Table
Summary of Cisco IOS Software Commands Used in This
Pages: 528
Chapter
Command
Description
interface cableslot/port
Specifies the cable interface and downstream
Gain hands-on experience of CCNP Remote Access
port. topics with lab scenarios for the new 642-821
BCRAN exam.
cable upstreamportfrequencyreturn
Configures the upstream frequency.
frequency
show controller cableslot/port
Displays the upstream characteristics.
exam concepts
upstreamport
how remote
access concepts Activates
work in a the
realupstream
network with
[no]Experience
cable upstream
portshutdown
port.practice labs that walk
cable helper-addressIP address
Specifies the IP address of a DHCP server to which
Review set-up guides that show you howUDP
to prepare
broadcast
a lab
packets
for study
will be sent.
cable
upstream
port
power-level
dBmV
Sets questions
the upstream
input
power
level.
Ready
yourself
for
on the
CCNP
exams
show interface cable slot/portupstream Displays upstream information on a cable
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642port
interface.
applications.
Designed
as a topic-by-topic guide
of howthe
to apply
remote
access
concepts
cable upstream
portchannel-width
Specifies
upstream
channel
width
for anin a real
network
setting,
this book
is useful
in preparing
a CCNPport.
[200000
| 400000
| 800000
| 1600000
upstream
questions
|3200000]
cable spectrum-group
group-number
Creates aand
configures
a spectrum
group.of these
certification
exams. Finally,
it serves anyone wanting
guide
to real-world
application
[time
day
hh:mm:ss]
frequency
upstream-frequency [dBmV]
cable upstreamportspectrum-group
Assigns a spectrum group to a single upstream.
group-number
even
ascable
a stand-alone
guide.
show
spectrum-group
[groupDisplays information about spectrum groups on a
number] [detail]
Cisco CMTS.
cable downstream frequency
Specifies the downstream center frequency for the
preparation.
54000000-1000000000 broadcast
cable interface line card. This command is
frequency Hz
information only for uBR7246.
cable downstream annex [A | B]
Sets the MPEG framing format for a downstream

port.
cable downstream interleave-depth [ 8 Sets the downstream interleave depth.

|16 | 32 | 64 | 128]
cable downstream modulation [64qam
|256qam]
Sets the downstream format for a downstream

port.
[no]cable-modem compliant bridge
Enables or disables DOCSIS-compliant bridging.
flap-list
show cableTable
of Contents
Displays the cable flap list on a Cisco CMTS.
Displays information for the registered and

unregistered CMs.
show cableIndex
modem
ping docsis {IP address | MACaddress}

Determines whether a specific CM can be reached

from the CMTS at the DOCSIS MAC layer.
show
interface
cable-modem
0
Pub Date:
December
22, 2003
counters
ISBN: 1-58720-073-2
Displays MIB counters on the cable interface.
528
showPages:
controllers
cable-modem 0
Displays high-level controller information for the

cable access router's cable interface.
show controllers cable-modem 0 mac

state
Displays detailed MAC layer information for the

cable access router's cable interface.
Gain
hands-on
experience
of CCNP
topics
with lab
scenarios
for the new
debug
cable-modem
mac
log Remote Access
Displays
detailed
debugging
messages
for 642-821
the
BCRAN exam.
cable interface MAC layer.
exam concepts
preparation.
Review Questions
1:
What are the downstream and upstream frequency allocations?
2:
Index type of modulation methods are used for the upstream and downstream?
What
Table of Contents
What
servers
required
for ,Deviprasad
the cable Konda
access
ByWesley3:
Shuo
, Dmitry
Bokoteyare
, Raymond
Morrow
4:
solution to work?
What are the minimum configuration requirements for the CMTS?
5:
What MPEG framing format is used in North America?
ISBN: 1-58720-073-2
Pages: 528
A. Annex A
B. Annex B
Gain hands-on
C.experience
Annex C of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
6: What configuration is recommended to deal with upstream noise and interference?
Prepare
for the
CCNP
642-821
BCRAN
exam upstream
and gain aport
better,
7: What
is the
correct
syntax
to activate
2 of practical
the cableunderstanding
modem card inof
exam concepts
slot 4?
A. interface cable 4/2 upstream no shutdown
B. interface cable 4/0 no cable upstream 2 shutdown
C. interface cable 2/0 upstream no shutdown
examisand
workplace
challenges
in aimplementing
remoterouter?
access network
8: What
thefor
default
operating
mode of
Cisco cable access
network
is usefulsteps
in preparing
a CCNP
for the
general
9:setting,
What this
are book
the required
to configure
the candidate
routing mode
on the
cableexam
access
questions by
providing a better understanding of how remote access really works. It is also
router?
certification
exams.
Finally, can
it serves
anyone
wanting
a guide
to flapping
real-world
application
of these
10: What
command
be used
at the
CMTS to
see the
cable
modems?
11: What command can be used at the CMTS to find out the registered and
Each chapter
includes a review
unregistered
cable modems?
preparation.
Chapter 5. Configuring Point-to-Point

Protocol and Controlling Network Access
of Contents
This
chapter Table
covers
Index
PPP Overview
Configuring PPP
ThisPub
chapter
explores
Date: December
22,the
2003issues and nature of the Point-to-Point Protocol (PPP) as it relates to
remoteISBN:
access.
Although PPP is applicable to other networking environments, the focus here is
1-58720-073-2
on thisPages:
side528
of it in particular.
BCRAN exam.
exam concepts
preparation.
PPP Overview
To make remote connections possible, users need to have the following components installed on
their devices: application software (such as FTP, Telnet, or a web browser), protocol stacks
(TCP/IP, IPX, AppleTalk), and link-layer protocols (such as PPP).
Table of Contents
Index
When sent out
across the dialup connection, the higher-layer protocols are framed in link-layer
CCNP
Practical
Studies:
Remote
Access
protocols
(such
as PPP)
much
like Ethernet link-layer framing encapsulates IP datagrams on a
LAN.
Figure
5-1
is
a
simplified
version
of a,Deviprasad
remote connection
from an end user to a Network
Konda
Access Server (NAS) to demonstrate the different types of framing encountered on the way.
ISBN: 1-58720-073-2
Figure 5-1. Framing Types for a Remote Connection
Pages: 528
BCRAN exam.
exam concepts
certification
Finally,
it serves concepts:
This
section exams.
introduces
the following
remote-access
Each Common
chapter includes
a reviewprotocols
PPP framing
office-based
PPP negotiation phases
LCP options
preparation.
PPP frame format
Common Remote-Access Protocols
For datagram transmission over point-to-point lines, two standard protocols exist: Serial Line
Internet Protocol (SLIP) and PPP. SLIP, described in RFC 1055, works only with IP on point-topoint serial connections. PPP, on the other hand, can facilitate multiprotocol connections over
synchronous and asynchronous circuits. Therefore, PPP is the most widely used protocol for
remote dial access.
Table of Contents
PPP
Framing
Index
As mentioned, PPP can transmit packets over asynchronous or synchronous links. The packet's
framing type is dictated by the medium in use. Asynchronous High-Level Data Link Control
(AHDLC) framing is used for asynchronous links, and bit-synchronous framing is used for
Publisher: Cisco
Press
synchronous
links.
Cisco supports the following PPP framing types for different interfaces:
ISBN: 1-58720-073-2
Asynchronous interfaces (modems) AHDLC framing

Pages: 528
Synchronous interfaces (serial or ISDN) Bit-synchronous framing

Virtual terminal (vty) connections via synchronous interface V.120 framing
Asynchronous
interfaces
with
special
V.110
modems
V.110 framing
Gain hands-on
experience
of CCNP
Remote
Access
topics
with lab scenarios
for the new 642-821
BCRAN exam.
PPPPrepare
Negotiation
Phases
exam concepts
As soon as the encapsulation type described in the preceding section has been confirmed, the
link media
type ishow
no longer
to PPP connection
PPPpractice
establishes
Experience
remoterelevant
access concepts
work in a establishment.
real network with
labs network
that walk
protocol
connectivity
in
three
functional
phases:
Link Control Protocol (LCP) Establishes and configures the data-link connection.
During
this phase,
the new
protocol
used in the next
phase is
Ready yourself
for the
simulation-based
questions
onnegotiated.
the CCNP exams
Applies security
functionality
to theprepares
connection.
CCNPAuthentication
Practical Studies: Remote
Access (CCNP
Self-Study)
Network
Controlas
Protocol
(NCP)guide
Establishes
configures
different
network-layer
applications.
Designed
a topic-by-topic
of how and
to apply
remote
access concepts
in a real
protocols,
such
as
IP,
IPX,
AppleTalk,
DECnet,
and
bridged
data.
Figure 5-2 shows the layered negotiation.
Figure
5-2.
PPP Negotiation
Phases
Each chapter includes a review
of the
applicable
technology, and
guides the reader through
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on experience
of CCNP Remote
Access topics
scenarios
for the new including
642-821
The negotiation
steps are bidirectional
and sequential.
In with
otherlab
words,
LCP negotiation,
BCRAN
exam.
authentication (if configured), must be completed before the NCP negotiation can begin. When a
PPP link is operational, it remains in this state until LCP or NCP initiates termination or the
physical link fails. When LCP closes the link, all NCP connections associated with the link close as
well. Conversely, the NCP-initiated termination is not guaranteed to close the PPP link.
exam concepts
LCP and NCP are discussed in detail in the following sections from a more theoretical
perspective. The authentication phase coverage continues in the section "Configuring PPP," along
with some authentication-related hands-on tasks.
LCP Ready yourself for the new simulation-based questions on the CCNP exams
CCNP
Practical
Remote
Access (CCNP Self-Study)
prepares readers
the CCNP LCP
642LCP deals
with Studies:
options that
are link-dependent
and protocol-independent.
Asfor
mentioned,
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
negotiation is bidirectional, which means that both ends of the connection must agree on their
applications.
Designed as its
a topic-by-topic
guide
of of
how
apply remote
access
concepts
in a real
options and acknowledge
peer's request.
Some
thetooptions
negotiated
during
the LCP
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
phase include magic number (to detect loopback), callback, multilink, link compression, and
questions
by providing
a betterinunderstanding
of how remote
access really
works. It is
authentication.
Authentication
terms of LCP translates
into whether
authentication
is also
to be
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
theactual
Cisco
used and, if so, which protocol will facilitate the authentication. However, this is not the
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of
these
authentication process.
As soon as the LCP phase has been negotiated successfully, the LCP connection is considered
Each
a reviewprocess
of the applicable
technology,
and begin.
open.chapter
Now theincludes
authentication
as determined
by LCP can
NCP
preparation.
NCP
is the final step of the PPP negotiation process. NCP deals with protocol-dependent options
such as the protocol address, protocol compression, and so forth. The individual NCP options
correspond to the type of protocol configured on the interface. For instance, if IP is the chosen
protocol, IPCP (IP Control Protocol) is negotiated.
The protocol address is the NCP option that is always negotiated. Sometimes it is the only option
negotiated. It is possible for the NAS to provide the protocol address to the dial-in client or
simply acknowledge whatever protocol address the peer requests. For a remote Cisco router to
accept an address from the NAS it has dialed into, the client router needs to be configured to do
so. The associated technique is presented in the section "Configuring PPP."
IPCP is the primary NCP and is used here to explain the NCP parameters. As part of the IPCP
process, usually three different options are negotiated: the IP address, IP/TCP header
compression, and the DNS and WINS primary and secondary servers. Keep in mind that the DNS
Table of Contents
and WINS options relate to Microsoft Windows PC clients only.
Index
CCNP
Practical
Studies:
Remote Access
During
the IPCP
negotiations,
the
roles of a client and a NAS are different. The access server is

required
By
Wesley Shuo
to supply
, Dmitry the
Bokotey
negotiation
, Raymond parameters
Morrow, Deviprasad
(IP address,
Konda
DNS and WINS address, and so on)
for itself and often for a client as well. On the other hand, the client needs to be configured to be
ablePublisher:
to retrieve
this information from the NAS.
Cisco Press
Another option in the IPCP negotiations is, as mentioned, the TCP/IP header compression. This
ISBN: 1-58720-073-2
might decrease
a header's size from 40 to 5 bytes. The negotiation of this option includes
Pages:
whether
the528
peer can accept a packet with the compressed header. This feature is recommended
for transmissions whose packet sizes are small, such as Telnet or WWW.
LCP Options
BCRAN exam.
PPP offers a number of features that are negotiated at the LCP level that can prove very useful
when implemented in an internetwork:
exam concepts
Authentication options
PPP callback
PPP compression
Multilink PPP
Bandwidth Allocation Protocol (BAP)
These services are described next. Authentication is implemented in Scenario 5-3 as well. You
will learn how to configure the remaining features in Chapter 6, "Using ISDN and DDR
Technologies to Enhance Remote Connectivity."
Authentication
Each
chapter
includes
a review
thePPP
applicable
technology,
andand
guides
the reader
Before
you begin
learning
aboutofthe
authentication
process
techniques,
youthrough
should
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a home- or
become familiar with the following terms:
Authenticator The peer demanding authentication. Specifies the authentication protocol
betopics
used on
during
the LCP
phase.
All of to
the
the new
642-821
BCRAN exam are covered, providing comprehensive exam
preparation.
Peer The opposite end of the link; an entity that is being authenticated by the
authenticator.
Remote authentication The remote PPP peer authentication of the local NAS.
Local authentication The local NAS authenticating its remote peer.
When authentication is requested by either side of the connection during LCP negotiation, the
actual authentication takes place after the LCP stage is completed. Authentication is
accomplished to check the peer's validity. This is done by verifying the preassigned name (often
called the userid or host name) and the secret (often called the password). This book calls them
name/secret pairs. The name/secret combination can be stored locally or remotely on an AAA
server.
of Contents
The two mostTable
popular
PPP authentication techniques are Password Authentication Protocol (PAP)
Index
and Challenge
Handshake Authentication Protocol (CHAP). Both ensure that unauthorized
CCNP
Practical
Studies:
Remote
individuals
can't
access
the Access
remote-access server (RAS). Their differences are discussed in
greater
detail
later.
As is the case with all other PPP negotiation phases, authentication is bidirectional. This means
Cisco Press
thatPublisher:
both ends
of the connection are required to authenticate one another. Consequently,
Pub
Date:
December
22,to
2003
authentication needs
be enabled at both ends. A notable exception to this rule is discussed in
ISBN:
1-58720-073-2
Chapter 6.
Pages: 528
The Cisco NAS differentiates among types of call direction. Depending on the type, the NAS takes
certain action when it comes to authentication. This is done to protect the network against
security violations. Table 5-1 lists the types of calls and the NAS's subsequent responses.
BCRAN exam.
Table 5-1. Call Direction Types

exam concepts
Direction
Description
NAS Reaction
Callin
Experience
Occurs
how
when
remote
the access
NAS is concepts
on
The
work
NASinrequires
a real network
the peerwith
to successfully
practice labs
complete
that walk
you through
the receiving
end of the call. local authentication before replying to any requests
for remote authentication. This is designed to avoid
Review set-up guides that show you how
to prepare
a lab for study
playback
attacks.
Callout
Occurs when
the
Cisco
NAS
The NAS
respondson
tothe
theCCNP
remote
authentication
Ready yourself
for the
new
simulation-based
questions
exams
places the call.
request without first expecting the completion of
CCNP Practical Studies: Remote Access (CCNP
local
Self-Study)
authentication.
Dedicated Occurs
when
Cisco NAS guide
The NAS
responds
to remote
the remote
authentication
applications.
Designed
as the
a topic-by-topic
of how
to apply
access
concepts in a real
does
not
recognize
to
which
request
without
first
expecting
the
completion
network setting, this book is useful in preparing a CCNP candidate for the general
exam of
direction
the
call
belongs.
local
authentication.
concepts,
The
following
regardless
subsections
of certification
describe PAP
interest.
and CHAP in more detail.
implementation
PAP
PAP is the less-secure of the two PPP authentication protocols, because the secret is sent over
the
wire
clear on
text.
if the
packetexam
is captured,
the secret
contained
in it can beexam
used
All of
theintopics
theTherefore,
new 642-821
BCRAN
are covered,
providing
comprehensive
in
a
malicious
attack.
Understandably,
because
of
this
drawback,
PAP
isn't
a
preferred
method
of
preparation.
authenticationunless, of course, it is the only one supported.
PAP implements a two-way handshake sequence to verify its peer's identity:
Step 1. The peer sends its host name and secret to be checked by the authenticator.
Step 2. The authenticator verifies the offered host name/secret combination against the
known value either locally or via an AAA server. If the authenticator determines that the
values are legitimate, the authentication is satisfied and acknowledged. If not, the
connection is terminated on the spot.
Figure 5-3 shows the handshake process.
Table of Contents
Index
Figure 5-3. PAP Authentication

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
NOTE
The secret in Step 1 does not need to be identical for both peers. They each can have
their own.
CHAP
CHAP is quite a bit more secure than PAP. During CHAP authentication, the secret itself is never
sent across the connection, some parts of communication are encrypted, and the challenges are
constantly repeated to ensure that the connection is authorized at all times. Unlike PAP, CHAP
uses a three-way handshake for identification purposes:
Step 1. The authenticator sends a challenge to the peer. The challenge contains a random
number and the authenticator's host name.
Step 2. The peer answers the challenge with a one-way hash value and its own host
name. The hash value is calculated via MD5 encryption and is derived from the random
number from the challenge message plus the secret associated with the authenticator's
host name.
preparation.
Step 3. When the authenticator receives the response to its challenge, it goes through the
same hashing process as the peer, inputting the secret and the random number as the
derivatives. After the new MD5 value is calculated, the challenger compares it to the one
that came back from the peer. If they match, the authentication is accepted and
acknowledged. Otherwise, the connection is dropped.
Figure 5-4 shows the three-way handshake process.
Figure 5-4. CHAP Authentication
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
NOTE
exam concepts
Because the hash values need to be identical for CHAP authentication to work, the
secret
valuehow
mustremote
be shared
between
both
peers.
differentlabs
form
thewalk
Experience
access
concepts
work
in aThis
real requirement
network withispractice
that
PAP
implementation.
PPP Ready
Callback
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642PPP
is an option
negotiated
LCP that
allows a caller
to request
that
a called party
821callback
BCRAN exam
and for
workplaceduring
challenges
in implementing
remote
access
network
should
place
another
callback
to
the
initiating
peer.
For
this
discussion,
the
party
requesting
applications. Designed as a topic-by-topic guide of how to apply remote access concepts in a areal
callback
the client,
and the
party in
accepting
thearequest
and making
the general
callbackexam
is the server.
network is
setting,
this book
is useful
preparing
CCNP candidate
for the
PPP
callback
is
useful
whenever
centralized
control
over
a
call
is
desired,
such
as
for
questions by providing a better understanding of how remote access really works. It the
is also
purposes
of preparing
bill consolidation,
dialup
call new
savings,
and even security,
because
are
essential in
candidates
for the
simulation-based
questions
that the
arecallbacks
on the Cisco
placed
only
to
preconfigured
numbers.
Although normally authentication is considered an optional PPP feature, it must be enabled and
passed
for theincludes
callbackafeature
Each chapter
review to
of work.
the applicable technology, and guides the reader through
The sequence of a PPP callback is as follows:
even as
a stand-alone
guide.
Step
1. The callback
client places a call to the callback server (NAS) indicating that the
callback service is requested. The callback server responds with the callback request
acknowledgment. The type of acknowledgment sent in this step signifies simply that the
preparation.
server is generally capable of accepting callback requests.
Step 2. The callback server proceeds further by authenticating the client. As usual, the
authentication can take place locally or at an AAA server.
Step 3. As soon as the client has been successfully identified, the server verifies whether
the callback service is allowed for the particular client that requested it. If so, the call
initially placed by the client is disconnected.
Step 4. After the call is disconnected, the server waits a certain amount of time. Then it
initiates a new callback to the client on a preconfigured number. If this call fails, additional
attempts are not undertaken.
Table of Contents
PPP is negotiated upon the client-initiated call only. The callback does not require a new PPP
Index
negotiation.
NOTE

1-58720-073-2
If ISBN:
the server
decides that the client is not authorized for a callback service, the
Pages: 528 depends on whether dial-on-demand routing is implemented for the
response
connection. If DDR is used, the callback server continues processing the initial call as if
there were no callback request to begin with. If you want to disconnect a user who
failed callback authorization, you can issue an optional command on the server. If the
connection is non-DDR, the callback server disconnects the initial call by default.
BCRAN exam.
PPP Prepare
Compression
exam concepts
Compression can significantly improve throughput on slow links. Cisco IOS offers PPP
compression
for all
upper-layer
protocols
through
Control
Protocol
(CCP).
Thiswalk
type
Experience
how
remote access
concepts
workCompression
in a real network
with
practice
labs that
of compression
is
considered
a
per-interface
compression.
PPP CCP
is anset-up
optional
feature
is negotiated
the a
LCP
Cisco supports two CCP
Review
guides
thatand
show
you how toafter
prepare
labphase.
for study
compression algorithms:
theRemote
data stream
redundant
stringsprepares
and replaces
them
tokens642that
CCNPSTAC
PracticalChecks
Studies:
Accessfor
(CCNP
Self-Study)
readers
forwith
the CCNP
are
smaller.
Then
it
creates
tables
of
tokens
with
information
about
where
the
original
type
occurs
within
the
data
stream.
These
tables
are
used
to
replace
redundant
strings
found
in
the
subsequent
data
streams.
This
process
uses
more
CPU
but
less
memory.
Predictor
Checks
the datafor
forthe
previous
compression. The
already-compressed
data
is
essential
in preparing
candidates
questions
that are on the
Cisco
sent
as
is.
This
process
requires
more
memory
but
fewer
CPU
cycles.
Both of these algorithms base their operation on "dictionaries" of past data compression. When
dictionaries
full,
information
renewed.technology,
The choice of
anguides
algorithm
depends
on each
Each
chapterbecome
includes
a review
of theisapplicable
and
the reader
through
individual case. of the technology. This step-by-step process can be executed on a home- or
implementation
Compression
should beguide.
used with care, because it can be a burden on system resources. Keep in
mind that the rate of compression is dependent on the data type. For instance, text files are very
good
forthe
compression
versus
already-compressed
fileproviding
formats that
would not yield
All of candidates
the topics on
new 642-821
BCRAN
exam are covered,
comprehensive
exama
better
than
1:1
compression
ratio.
Also,
whenever
possible,
hardware
compression
should
be
preparation.
chosen over software compression.
Although PPP compression can be bidirectional, it is recommended that only the remote client
side perform compression. This way, the NAS can decompress the client's communication but
doesn't compress its own. The reason for this is so that the NAS itself avoids performing
compression that can use four times as much CPU power as decompression.
Multilink PPP
Multilink PPP (MPPP) is a technique of fragmenting packets and sending them over multiple data
links to the PPP peer for reassembly. The benefit of MPPP lies in its ability to temporarily use
additional bandwidth that's available between the two peers. MPPP is identified by an additional
4-byte header
that
Table
of dictates
Contents the fragment sequencing.
Index
MPPP
can be Studies:
used inRemote
the following
CCNP Practical
Access scenarios:
In circuit-switched topologies for ISDN B channels or asynchronous connections

was not designed exclusively for ISDN networks, it can certainly be
successfully
employed
Pub
Date: December
22, 2003 in such an environment by dynamically combining multiple B
channels
into a single larger-sized link to achieve N * 64 kbps bandwidth. The most usual
ISBN: 1-58720-073-2
of the N values is 2 because it is cost-effective and widely available. Combining two B
Pages: 528
channels would yield a total bandwidth of 128 kbps. The concepts of ISDN and its
implementation of MPPP are discussed in further detail in Chapter 6.
Although
Publisher:
CiscoMPPP
Press
Leased line All group members are synchronous serial lines.

Dialed orexperience
leased lines
Separate
links
can be
of either
origin.
Gain hands-on
of CCNP
Remote
Access
topics
with lab
scenarios for the new 642-821
BCRAN exam.
Different bandwidth of individual members The maximum fragment size is computed
based on the slowest of all grouped links.
Combination
exam conceptsof applications producing different-sized datagrams Intermixing of
datagrams without a multilink header.
MPPP Terms
Before
you can
understand
and outs of MPPP,
you should
become
Ready
yourself
for thethe
newins
simulation-based
questions
on the
CCNP familiar
exams with the
following terms:
Bundle
A groupas
ofalinks
between two
PPPofpeers
for MPPP
operation.
applications.
Designed
topic-by-topic
guide
how combined
to apply remote
access
concepts in a real
Bundle master An interface in control of a bundle.
Bundle member An interface that is a part of a bundle.
concepts,
regardless
of certification
interest.
Dialer
interface
A rotary group
for multiple interfaces such as ISDN BRI/PRI.
Each Nondialer
chapter includes
a review
of theinterface.
interface
A serial
office-based
lab, somelogical
networking
simulation
programs,
or
Virtual-access
interface A temporary
interface
createdsoftware
for the purpose
of an
even MPPP
as a stand-alone
guide.
call. Its configuration is cloned from the dialer interface that placed or received the
MPPP call.
preparation.
Virtual template Used for MPPP calls over nondialer interfaces to provide configuration
information.
Max-Receive-Reconstructed Unit (MRRU) An LCP option that indicates whether the
LCP packet sender supports MPPP and the link's maximum byte limit.
Endpoint discriminator An LCP option that specifies whether an MPPP bundle exists for
the sending device.
MPPP Operation
Every MPPP bundle needs to be controlled by a single interface, the bundle master, which is a
Table
of Contents
virtual-access
interface
(see Figure 5-5).
Index

Figure 5-5. Multilink PPP Bundling

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
essential
in preparing
candidates
forwith
the new
simulation-based
questions
that are
on that
the Cisco
The
multilink
PPP process
starts out
LCP negotiation,
including
the MRRU
option
takes
certification
it serves
anyone
wantingdetermines
a guide to whether
real-world
application
of these
place
on the exams.
physicalFinally,
interface.
PPP LCP
negotiation
MPPP
can be used
on
concepts,
regardless
ofidentified
certification
interest.
the
link. The
bundle is
by a
peer's name, its endpoint discriminator, or both. Therefore,
the PPP authentication is required to complete so that the peers can identify each other, name
Each
chapterand
includes
review of
the applicable
and guides
reader
through
the bundle,
check awhether
another
bundle oftechnology,
the same name
alreadythe
exists.
If a
bundle
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
already exists, the new call simply joins in. No new negotiations of any sort are required for
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
additional calls.
At this point, the NAS sets up a virtual-access interface as the bundle master. From this
All
of the topics
the new 642-821
BCRAN exam
providingtocomprehensive
exam
moment,
all PPPon
negotiations
are transferred
from are
the covered,
physical interface
the virtual-access
preparation.
interface. The physical interface becomes a part of a bundle governed by a bundle master.
Whatever NCP parameters are negotiated for the master are automatically applied to the rest of
the bundle members.
MPPP Operation Issues
Three major issues are associated with MPPP's operation:

A new link in a bundle is brought up and added to the bundle whenever the bundle
master's saturation reaches the specified load. This value is represented as a percentage of
255, where 255 is the maximum.
Table of Contents
As mentioned,
a new bundle can be created when no other bundle is between the same two
Index in existence. A single bundle can handle multiple connections between the
peers already
CCNP Practical
Studies:
Remote So
Access
same pair
of devices.
the rules are simple: If there is no bundle, one can be built; if
there
is,Dmitry
a bundle,
the,Raymond
new callMorrow
joins ,it.
A bundle's
existence is checked by using an
ByWesley
Shuo
Bokotey
Deviprasad
Konda
expected name. The default order in which the bundles are named is first by the PPP
authenticated name and then by the endpoint discriminator if no authentication has been
negotiated.
ISBN:
1-58720-073-2
The
links
are dropped from a bundle when the bundle master's load falls below the
Pages: 528 threshold for a predetermined amount of time (the idle timer). The link that was
configured
added to the bundle last is the first one to be disconnected. With links of unequal
bandwidth, the slowest link is dropped first.
Gain hands-on
Bandwidth
Allocation
experienceProtocol
BCRAN exam.
The specification for BAP is an extension of the MPPP concept. It was created to control the
number of connections that an authorized user is allowed to establish at any time. BAP creates a
standard set of rules that let MPPP change bandwidth on demand without the need for end-user
exam concepts
participation in the configuration changes. As a result, the NAS can manage the usage of its
access
ports per how
caller.
Experience
BAP administers the method in which individual links are added to and deleted from an MPPP
bundle.
Whileset-up
LCP isguides
negotiated,
BAP is
decided
and a adistinguishing
Review
that show
you
how toon,
prepare
lab for study link discriminator is
given to every link in an MPPP bundle. It allows peers to specify which link is brought up or
disconnected
when the
increase or decrease
is requested.
Ready yourself
for bandwidth
questions
on the CCNP exams
BAP
operate
in two different
modes:(CCNP
activeSelf-Study)
and passive.
Active mode
means
that
the device
CCNPcan
Practical
Studies:
Remote Access
prepares
readers
for the
CCNP
642can
initiate
or
accept
any
type
of
connection
request
and
determine
whether
links
should
821 BCRAN exam and for workplace challenges in implementing remote access network be
added
to or removed
multilink bundle.
Active
mode
is for remote
dialer interfaces,
but notinfor
applications.
Designedfrom
as aatopic-by-topic
guide
of how
to apply
access concepts
a real
virtual-template
interfaces.
Passive
mode
means
that
the
device
only
responds
to
calls
network setting, this book is useful in preparing a CCNP candidate for the general examby
accepting
a call
request,a a
callback
request, or of
anhow
addition
or removal
of a link
by an
active
questions by
providing
better
understanding
remote
access really
works.
It is
also peer.
Passive
mode
can
be
used
for
virtual-template
interfaces
and
dialer
interfaces.
BAP
supports
ISDN and
asynchronous
serial interfaces. When talking about BAP operation over
concepts,
regardless
of certification
interest.
dialer interfaces, only legacy dial-on-demand routing (DDR) dialer configurations are discussed.
BAP does
not includes
support DDR
dialer
(covered
in detail inand
later
chapters).
Each
chapter
a review
of profiles
the applicable
technology,
guides
the reader through
even as
BAP
Operation
All
themember
topics onlink
theof
new
BCRAN
exam
are covered,
providing
exam
Theoffirst
the642-821
MPPP bundle
is not
negotiated
under
BAP. Thecomprehensive
subsequent member
preparation.
links, however, require BAP management. Although the first link does not belong to BAP, it does
carry all BAP information packets. There are a total of eight BAP packet types:
Call-Request
Call-Response
Callback-Request
Callback-Response
Link-Drop-Query-Request
Table of Contents
Link-Drop-Query-Response
Index
Call-Status-Indication
CCNP Practical
Call-Status-Response
PressMPPP implementation in its judgment of load by monitoring the bundle

BAPPublisher:
followsCisco
Cisco's
master.
Pub Date:
TheDecember
bundle 22,
load
2003
determines the need for bandwidth aggregation. Only with BAP, both
peers have
to agree on the bandwidth aggregation decision.
ISBN: 1-58720-073-2
Pages: 528
PPP Frame Format

Figure 5-6 illustrates the contents of a PPP frame. Its fields are as follows:
BCRAN exam.
The Flag, Address, and Control field values are constant.
The
Protocol
field
reveals
the protocol
(such
or IPX). understanding of
Prepare
for the
CCNP
642-821
BCRAN payload
exam and
gainas
a TCP/IP
better, practical
exam concepts
The Data field may be of variable length according to the maximum transmission unit
(MTU)
of the
PPPremote
interface.
Experience
how
FCS is the frame check sequence.
Figure 5-6. PPP Frame Format
preparation.
Configuring PPP
This section looks at configuring PPP. First, you will enable PPP for asynchronous ports using
modems, followed by verification and troubleshooting. Then, the "Scenarios" section discusses
how to implement some of PPP's more-advanced features, including authentication, PPP
Contents
compression,Table
and of
PPP
multilink.
Index

NOTE

Pub
Date:
December
2003
PPP
over
ISDN 22,
is covered
in more detail in Chapter 6.
ISBN: 1-58720-073-2
Pages: 528
Initial PPP Configuration

This section offers a brief list of the steps necessary to configure PPP for asynchronous interfaces.
These steps are described in greater detail in the "Scenarios" section. They are as follows:
BCRAN exam.
Step 1. Attach and configure the modem. Then configure the router's asynchronous port.
This step is not covered here because you already learned it in Chapter 3, "Modem
Connections and Operation Overview." Review it if you feel the need.
exam concepts
Step 2. Configure
PPP'saccess
asynchronous
PPP with
encapsulation
andthat walk
Experience
how remote
conceptsinterface,
work in aincluding
real network
practice labs
authentication
methods.
Step 3.set-up
Configure
network
layeryou
addresses,
and enable
Review
guides
that show
how to prepare
a labrouting.
for study
Step 4.
Configure
thenew
asynchronous
interface
for dial-on-demand
Ready
yourself
for the
simulation-based
questions
on the CCNProuting.
exams
Verification
and Troubleshooting
For
troubleshooting
purposes,
is important that
you remote
know and
understand
the different
packet
questions
by providing
a betteritunderstanding
of how
access
really works.
It is also
types
available
with
LCP.
This
will
assist
you
in
reading
the
debug
output.
Table
5-2
describes
the
packet types
youFinally,
are most
likely to
encounter.
certification
exams.
it serves
anyone
wanting a guide to real-world application of these
Table 5-2.
LCPnetworking
Packet Types
office-based lab, a remote-accessible
lab, some
preparation.
Packet Type Debug

Output
Description
ConfigureRequest
CONFREQ
Notifies the receiving peer of the local configuration parameters.
ConfigureAck
CONFACK
Acknowledges the receipt of CONFREQ packet. Sends back all the

options specified in the CONFREQ received from the peer.
Table of Contents
CONFNAK
Configure- Index
Responds to the unacceptable CONFREQ options with a negative

Nak
acknowledgment. Includes the unacceptable options, marked as
such, along with any values that are OK.

ISBN: 1-58720-073-2
ConfigureCONFREJ
Pages: 528
Reject
Upon receiving the CONFNAK packet, the initiating peer has the
option of sending a new CONFREQ with the changed NAKed values
or to have those values omitted altogether.
Refuses an option included in the received CONFREQ.
Upon receipt of the CONFREJ packet, the transmitting peer needs
to retransmit the CONFREQ, this time without the rejected options.
TerminateTERMREQ
Requests an existing connection termination.
Request
BCRAN
exam. TERMACK
TerminateAcknowledges the receipt of a TERMREQ packet.
Ack
EchoPrepare forEchothe CCNP 642-821
Confirms
BCRAN
connectivity
exam and
andgain
detects
a better,
loopback.
Request
exam concepts
Request
Echo-Reply
to an Echo-Request
packet.
ExperienceEcho-Reply
how remote Replies
access concepts
work in a real
network with practice labs that walk
set-upseveral
guides options
that show
you
how
prepare
labCONFREQ
for study packet.
TableReview
5-3 presents
that
can
be to
included
inathe
Table 5-3. CONFREQ Packet Options
preparation.
Packet Option
Description
MaximumReceive-Unit
Identifies the maximum receive unit (MRU) to the peer.
Note that Cisco IOS ignores the peer's request to increase the MRU above
the maximum of the interface MTU. Also, if the peer suggests an MRU that is
less than the Cisco IOS interface MTU, the CONFREQ is CONFNAKed,
indicating the Cisco IOS interface MTU. It is not recommended for a dialup
Table of Contents
peer to dynamically adjust the interface MTU to match the negotiated
Index
MRU/MRRU. Ideally, the MRU/MTU settings should be identical on both
peers.
Multilink-MRRU
Indicates that the local device supports MPPP.

AuthenticationAdvertises the desired authentication protocol.
Protocol
ISBN: 1-58720-073-2
Magic-Number
Identifies a random number to detect a loopback.
Compression
Announces PPP compression.
Callback
Requests a callback from the peer.
Pages: 528
BCRAN exam.
exam concepts
preparation.
Scenarios
As you have recently learned, PPP is widely used by many telecommuters to access their private
corporate networks remotely. In this section, you will configure a remote-access setup. Although
each scenario completes its own task, together the scenarios form one logical implementation.
Table
of Contents
Every scenario
builds
on the previous one. They are based on the topology shown in Figure 5-7.
Index

Figure 5-7. PPP Scenarios Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 scenarios
BCRAN exam
and
for
workplace
The
show
you
how
to
Configure
the PPP acommunications
protocol
questions
by providing
of for
howoperation
remote access really works. It is also
Controlexams.
network
accessitwith
PAPanyone
authentication
certification
Finally,
serves
Configure PPP compression
office-based
remote-accessible
lab, someand
networking
simulation
Scenario lab,
5-1:a Initial
Access Server
Network
Setup
Before
turning
setup,
you exam
need to
some
initial comprehensive
configuration onexam
the
All of the
topicstoonthe
thePPP-specific
new 642-821
BCRAN
areperform
covered,
providing
access
server.
The
configuration
in
this
section
is
basic
and
should
be
familiar
to
you.
preparation.
Configure the username admin password cisco combination for an administrator:
R1(config)#usernamename passwordstring
Table of Contents
Index
CCNP
Practical
Remote
Accessconfiguration
Example
5-1 Studies:
shows the
running
on R1.
Example
5-1.
show running-config Command Output
Publisher: Cisco
Press
ISBN: 1-58720-073-2
Pages: 528
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
BCRAN
exam.password-encryption
no service
!
exam concepts
username admin password cisco
hostname
R1
you through
!
line Ready
vty 0yourself
4
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642password
cisco
essential
preparing
candidates
for thetonew
simulation-based
questions
on theline
Cisco
Next,
youinuse
the absolute
line number
configure
an asynchronous
link.that
Theare
absolute
certification
exams.
Finally,
it serves
guideverify
to real-world
application
of these
number
changes
with
different
routeranyone
models,wanting
so you a
should
it. To figure
out to which
line
concepts,
regardless
certification
interest.
number
the
modem isofattached,
issue
the show line command. The line number displayed in the
output is the one that needs configuration. In Example 5-2, you can see that the line number
Each
chapterto
includes
a review
corresponds
TTY port
8.
preparation.
R6#show line
Tty Typ
*
0 CTY
Tx/Rx
A Modem
-
Roty AccO AccI

-
Uses
Noise
Overruns
0/0
Int
-
8 AUX
57600/57600 F inout
0/0
After finding the correct line number, you must configure the modem on that line. Because you
don't know the modem type, you should use the autoconfigure type default command.
Table of Contents
Index
As you can see
from Example 5-3, the modem line configuration includes the modem inout and
modem autoconfigure commands. If you remember, the default on Cisco routers is to reject the
By
Wesley Shuo
, Dmitryconnections
Bokotey, Raymond
Morrow, Deviprasad
Konda
incoming
network
to asynchronous
ports.
You are also required to specify an incoming
transport protocol or, in this case, use the transport input all command to indicate that any type
of protocol
allowed.
Publisher: is
Cisco
Press
ISBN: 1-58720-073-2
Example
5-3. Configuring a Line for the Modem
Pages: 528
R1(config)#line aux 8
Gain
hands-on experience InOut
BCRAN exam.
R1(config-line)#modem autoconfigure discovery
local
exam concepts
R1(config-line)#transport
inputconcepts
all
R1(config-line)#flowcontrol hardware
applications.
NOTE Designed as a topic-by-topic guide of how to apply remote access concepts in a real
questions
by providing
a better understanding
of how
remote
really
works.
It be
is also
Example
5-3 demonstrates
the configuration
of line
8 for access
a modem.
You
should
essential
in preparing
candidates
for the
new
simulation-based
questions
that
are on to
the Cisco
familiar
with all these
commands
from
reading
Chapter 3. Refer
to that
chapter
certification
Finally, it serves anyone wanting a guide to real-world application of these
refresh exams.
your memory.
Scenario
5-2:a Configuring
PPP
the
Asynchronous
Link programs, or
office-based lab,
remote-accessible
lab, on
some
networking
simulation software
Now that you've enabled the basic configuration on the access server, you can move on to the
All
of the topics
PPP-related
tasks.
preparation.
Enabling the Autosensing Feature

The first of these tasks is to prepare line 8 for PPP use. You enabled the modem functions on the
line in the previous scenario. Now it's time to allow a PPP session to start on the router.
A Cisco access server can be configured to accommodate (autosense) a PPP or SLIP session to
start automatically or through the user prompt. If autosensing is not configured on your access
server, the router does not recognize a connection attempt and does not respond to the client.
The following command is placed on the absolute line number (line 8 in this case), along with the
rest of the modem commands:
Table of Contents
Index


ISBN: 1-58720-073-2
R1(config-line)#autoselect
[arap | ppp | slip | during-login]
Pages: 528
By selecting one of this command's options, you allow the router to start a corresponding process
when
it receivesexperience
a starting of
character.
Each of
the three
protocols
well as the
carriage
return has
Gain hands-on
CCNP Remote
Access
topics
with labas
scenarios
for the
new 642-821
a
recognizable
BCRAN
exam. start character contained in a frame's flag. For instance, when a return character is
encountered, the access server knows to start an EXEC session.
for the frame
CCNP 642-821
BCRAN
exam and format
gain a better,
TablePrepare
5-4 shows
flag values
in hexadecimal
for the practical
protocolsunderstanding
available for of
exam concepts
autosensing.
Review set-up guides that Table
show you
howPPP
to prepare
lab for study
5-4.
Flag aValues
Protocol
Flag Value
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Return
key exam and for workplace challenges in implementing
0d
821
BCRAN
applications.
Designed
as
a
topic-by-topic
guide
of
how
to
apply
remote
ARAP
10
PPP
7Eremote access really works. It is also
questions
by providing a better understanding of how
SLIP
c0
Each
includes
a review of the
applicable
and guides
the
reader
Whenchapter
configuring
the autoselect
command,
youtechnology,
need to specify
which of
the
three through
protocols is
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a homeor
allowed to start a session. In this scenario, it is obviously PPP. Also, use the autoselect
command
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or the
with the during-login keyword to cause the username/password prompt to come up without
even
as
a
stand-alone
guide.
user's having to press Enter. Example 5-4 displays the autoselect commands used for this
scenario.
preparation.
Example 5-4. Enabling Autosensing
R1(config)#line 8
R1(config-line)#autoselect during-login
R1(config-line)#autoselect ppp
Table of Contents
Configuring
the Asynchronous Interface
Index
The
nextShuo
task
is to configure
the router's
interface and enable PPP on it. The
ByWesley
, Dmitry
Bokotey, Raymond
Morrow,asynchronous
Deviprasad Konda
asynchronous interface in question should match the modem line number. Enter interface
configuration mode by issuing the int async65 command. After you are in interface configuration
mode, you can proceed with the PPP-specific and general statements.
ISBN: 1-58720-073-2
Pages: 528
Enabling
PPP Encapsulation
To enable PPP on any type of connection, whether synchronous or asynchronous, you need to
define PPP encapsulation at the interface level of both ends of the connection by entering the
following command:
BCRAN exam.
exam concepts
R1(config-if)#encapsulation
ppp you how to prepare a lab for study
Review set-up guides that show
Configuring
Local Interface Addressing
The
next step
involves configuring
the network of
layer
the local
asynchronous
interface
questions
by providing
howaddress
remote on
access
really
works. It is also
(8,
in
this
case)
in
the
following
manner:
preparation.
R1(config-if)#ip
addressaddress mask
Configuring Interface Addressing of Remote Devices
At this point you need to create a method for assigning an IP address to the PPP client dialing into
the router. The IP address for a particular peer can be managed on the NAS in a number of ways:
Static configuration of IP addresses for each interface.
A local pool of IP addresses can be configured on the NAS. In such instances, the IP address
Table by
of Contents
is allocated
the pool.
Index
CCNP Practical
Studies: Remote
The IP address
can beAccess
assigned
by a Dynamic Host Configuration Protocol (DHCP) server.
The IP address can be assigned by an AAA server.
Publisher:
Ciscocan
Press
The peer
request
a specific IP address, in which case the NAS would only need to
Pub
Date: Decemberthe
22, 2003
acknowledge
request.
ISBN: 1-58720-073-2
As mentioned
Pages: 528earlier, you can set up your configuration so that the peer's IP address is assigned
centrally. The following command is used to specify a client's source originating address. When a
client dials into the appropriate line, the address is allocated from the specified location.
BCRAN exam.
exam concepts
R1(config-if)#peer
default
ip address
| dhcp |
pool
poolname]
access
concepts [ip-address
with
practice
labs that walk
Ready
the new
simulation-based
questions
on the CCNP
You can
see yourself
that the for
available
options
include a specific
IP address,
a localexams
pool of addresses, or a
DHCP server. If you choose to specify the pool argument, you need to configure a global address
CCNPthat
Practical
Studies:
Remote
Access
Self-Study)
prepares
readers
for the
the command
CCNP 642pool
matches
the name
of the
peer(CCNP
default
ip address
command.
Here's
821 BCRAN
exam and
workplace
syntax
to configure
thefor
local
pool: challenges in implementing remote access network
office-based
lab, local
a remote-accessible
lab,starting-address
some networking simulation
R1(config)#ip
poolpool-name
ending-address
preparation.
If you decide to go with the dhcp option, you need to configure the ip helper address and ip
dhcp-server as well.
To specify dynamic addressing (addressing requested by the user at the EXEC level upon
connection), issue the following command:
Table of Contents
Index
R1(config-if)#async
dynamic address
You may opt to include both default and dynamic options with your configuration. This way, the
user will have a choice between the two methods of address assignment. If the user enters the
1-58720-073-2
peer's ISBN:
own address,
it is used; if the user enters the default keyword, the default address is used
Pages: 528
instead.
In this scenario, the peer default ip addressip-address option is used. The peer is assigned the
address of 10.1.1.254. Example 5-5 demonstrates the interface-level commands used in this
scenario.
BCRAN exam.
Example 5-5. Enabling PPP at the Interface Level
exam concepts
R1(config)#int async65
ppp
R1(config-if)#peer default ip address 10.1.1.254
questions
Verification
Make sure that the previous steps have resulted in the proper configuration. Look at the interface
configuration by issuing the show interface async 65 command, as shown in Example 5-6.
Example
interfacelab,
async
65 Command
Output
office-based 5-6.
lab, a show
remote-accessible
some networking
simulation
preparation.
R1#show
interfaces async 65
Async65 is up, line protocol is up
Hardware is Async Serial
MTU 1500 bytes, BW 57600 Kbit, DLY 100000 usec,

reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 5 seconds on reset
LCP Open
Table of Contents
Index
Closed: BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACP, IPV6CP
Last input never, output 00:14:49, output hang never

Last
clearing
"show interface" counters 00:14:59
Pub Date:
December of
22, 2003
ISBN: 1-58720-073-2
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Pages: 528
Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Gain hands-on
experience
of CCNP
Remote Access
topics with
Conversations
0/1/16
(active/max
active/max
total)
BCRAN exam.
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 6 kilobits/sec
exam concepts
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 6420 input
errors,
CRC, 0 frame,
0 overrun,
0 ignored,
abort network
821 BCRAN
exam
and for0workplace
challenges
in implementing
remote0 access
1 packets
output,
bytes,
0 underruns
network
setting, this
book is24
useful
in preparing
0 output
errors,
0 collisions,
1 simulation-based
interface resets
essential
in preparing
candidates
for the new
0 output
buffer
failures,interest.
0 output buffers swapped out
concepts,
regardless
of certification
Each chapter
includes
0 carrier
transitions
All
of the that
topics
online
theconfiguration
new 642-821for
BCRAN
exam are
providing
comprehensive
exam
To verify
the
the modem
hascovered,
been configured
correctly,
enter the
show
preparation.
linex command, as shown in Example 5-7. Note that line 8 is used in this example.
Example 5-7. show line 65 Command Output
R1#show line 8
Tty Typ
*
Line
AUX
Tx/Rx
57600/57600
A Modem
Roty AccO AccI
F inout
Uses
-
Noise
0
Overruns
0
Int
0/0
8, Location: "", Type: ""

Table of Contents
Length: 24 Index
lines, Width: 80 columns
ByWesley
Baud
rate
Shuo(TX/RX)
, Dmitry Bokotey
is 57600/57600,
, Raymond Morrowno
, Deviprasad
parity,
Konda
2 stopbits, 8 databits
Status:
Ready,
Active, No Exit Banner, Modem Configuring,
Publisher:
Cisco Press
Modem Speed Locked, Modem Signals Polled, Autoconfig Running

ISBN: 1-58720-073-2
Pages: 528
Capabilities:
Autobaud Full Range, Hardware Flowcontrol In,
Hardware Flowcontrol Out, Modem Callout, Modem RI is CD,

Line usable as async interface, Modem Discovery
BCRAN state:
Modem
exam. Ready
Modem hardware state: CTS DSR DTR RTS
exam
concepts
Special
Chars:
Escape Hold Stop Start Disconnect Activation
Experience how
remote
access -concepts
^^x
none
- work innone
Timeouts:
Idle EXEC
Idle Session
Modem Answer Session
00:10:00
never
Ready yourself
questions on the CCNPnone
exams
Dispatch
not set
Login-sequence
User Response
(CCNP Self-Study)
00:00:30
Autoselect of
Initial
Wait access really works. It is also
how remote
Modem type is usr_sportster.
Session
limit of
isthe
not
set.
implementation
technology.
Time
since
activation:
never
even as
a stand-alone
guide.
Editing
All
of the is
topics
enabled.
preparation.
History is enabled, history size is 10.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are pad v120 telnet rlogin udptn ssh.
Allowed output transports are pad v120 telnet rlogin ssh.
Preferred transport is telnet.
No output characters are padded
Table of Contents
No
special Index
data dispatching characters

Scenario
5-3: Configuring
Interface Parameters Available with PPP
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
A number
interface-level commands can be configured as part of the PPP setup on the NAS.
Pages:of
528
Scenario 5-2 introduced interface parameters that are required with PPP. In this scenario, you will
configure optional but highly desirable and widely used PPP services.
Configuring
Authentication
Gain hands-onPPP
experience
BCRAN exam.
Probably the most implemented of all PPP interface parameters is authentication. As you learned
earlier in this chapter, PAP and CHAP are the two PPP authentication options. The command to
Prepare
for the CCNP
642-821
configure
authentication
is as
follows:
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-if)#ppp
[pap | in
chap]
821 BCRAN exam andauthentication
implementing remote access network
The
ppp authentication
command
configure
either
the PAP
or CHAP authentication
certification
exams. Finally,
it servescan
anyone
wanting
a guide
to real-world
application ofmethod.
these
The
correct
method
is
indicated
by
the
appropriate
keyword.
You
use the
ppp authentication,
ppp authorization,
accounting
at
Eachmay
chapter
includes
a review of the applicable
technology, and
and ppp
guides
the readercommands
through
an
interface
level.
Configuring Asynchronous Callback

preparation.
Cisco router interfaces support PPP asynchronous callback. This configuration assumes that other
PPP and modem-related features that were covered in previous scenarios are already enabled.
Configuring Callback PPP Clients
There are two types of clients for which you can enable the callback feature on the NAS:
Those that support PPP callback per RFC 1570
Those that do not but instead can put themselves in answer mode, which accepts the router's
callback
Table
of PPP
Contents
For clients that
are
callback-compliant, you can configure the router to accept the clients'
Indexwith the following command:

callback request

ISBN: 1-58720-073-2
Pages: 528
R1(config-if)#ppp callback accept
BCRAN exam.
Use this command to configure the callback feature for clients that are not RFC 1570-compliant:
exam concepts
Ready yourself for
the new initiate
R1(config-if)#ppp
callback
Because the client can't request callback itself, the router can initiate on behalf of the client.
Configuring
IPCP of certification interest.
Each
a review
of the
applicable
technology,
and of
guides
the reader
Thinkchapter
back to includes
the discussion
of the
NCP
IPCP near
the beginning
this chapter.
Youthrough
have an
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a such
homeoption to specifically include several IPCP parameters with your PPP configuration,
asor
the
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or on.
primary and secondary DNS and WINS server addresses, the peer-requested address, and so
even
as
a
stand-alone
guide.
Here is the general syntax for the ipcp command:
preparation.
R1(config-if)#ppp ipcp [accept-address | dns [reject | accept | primary-ip-address

[secondary-ip-address] [accept]] | ignore-map | username unique | wins [reject |
accept | primary-ip-address [secondary-ip-address] [accept]]]
Table of Contents
Index
CCNP
Studies: Remote
If youPractical
put a question
mark Access
after the
ppp ipcp interface command, a list of options appears, as

shown
Example
This
Example
shows
the IPCP
available parameters specified on R1.
ByWesleyinShuo
, Dmitry5-8.
Bokotey
, Raymond
Morrow
, Deviprasad
Konda
Example
5-8. Available
IPCP Options
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
R1(config-if)#ppp ipcp ?
accept-address
Accept any non zero IP address from our peer
Gain
hands-on experience Additional
of CCNP Remote
topics
address
ipcpAccess
address
options
BCRAN exam.
dns
Specify DNS negotiation options
header-compression IPCP header compression option
exam concepts
ignore-map
Ignore dialer map when negotiating peer IP address
mask
Specify subnet mask negotiation options
predictive
Predict peers IPCP requests/replies
username
Configure how usernames are handled
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642wins
Specify WINS
negotiation
optionsremote access network
821
BCRAN exam and for workplace
challenges
in implementing
certification
Table
5-5 explains
exams.the
Finally,
options
it serves
in Example
anyone
5-8.
some
networking
Tablelab,
5-5.
IPCP
Parameters
preparation.
Option
Description
accept-address
Accepts any nonzero IP address from the peer.
dns [accept |
reject]
Domain Name Server. Accepts a peer request for any nonzero server address.
Rejects the IPCP option if received from the peer.
ignore-map
Ignores the dialer map when negotiating the peer IP address.
Table of Contents
username
Index
unique
Ignores a common username when providing an IP address to the peer.
Wins
Windows
Internet
Naming
Service.
By
, Raymond
Morrow
, Deviprasad
Konda
Example
5-9
displays
Pub Date:
December
22,the
2003IPCP options configured on R1.
ISBN: 1-58720-073-2
Pages: 528
Example 5-9. Configuring IPCP Parameters
R1(config)#interface async65
BCRAN exam.
R1(config-if)#ppp ipcp accept-address
R1(config-if)#ppp
ipcp 642-821
header-compression
ack gain a better, practical understanding of
Prepare for the CCNP
BCRAN exam and
exam concepts
R1(config-if)#ppp ipcp dns 10.1.1.1
R1(config-if)#ppp
ipcp
wins 10.1.1.12
you through their
implementation
R1(config-if)#ppp
ipcp that
maskshow
255.255.255.0
Review set-up guides
Ready yourself for
the username-unique
R1(config-if)#ppp
ipcp
Remote
Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-if)#ppp
ipcp
ignore-map
Scenario
5-4: Configuring
the
Asynchronous
DDR of these
Finally, it serves
anyone
wanting a guideInterface
to real-worldfor
application
It's time to enable DDR tasks on your router. The commands introduced in this scenario are
Each
chapter
a review
applied
to theincludes
asynchronous
interface.
Dialer Commands
Remember
preparation.the peer default ip address command you entered earlier? This command allows the
router to accept the peer's address:
R1(config-if)#dialer in-band
Table of Contents
Index
Beware
of the order in which these commands need to be added to your configuration. The peer
default ip address command must come first, followed by the dialer in-band command. If this
order is reversed, the peer's IP address will not be accepted.
ThePublisher:
following
Cisco
commands
Press
allow the definition of interesting traffic to be associated with the
interface:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R1(config-if)#dialer-grouplist-number
R1(config-if)#dialer idle-timeoutseconds
exam concepts
The idle-timeout
period
specifies
how you
many
seconds
free of
interesting
traffic the line tolerates
Review set-up
guides
that show
how
to prepare
a lab
for study
before disconnecting.
CCNP
PracticalDedicated
Studies: Remote
Access (CCNP
Configuring
or Interactive
PPPSelf-Study)
Sessions prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
The
following
command
empowers
user to enter
PPP candidate
commands,
as the IPexam
address, at the
network
setting,
this book
is useful the
in preparing
a CCNP
forsuch
the general
EXEC
level.
If
the
async
dynamic
address
command
you
learned
earlier
is
specified,
questions by providing a better understanding of how remote access really works. It is the
alsorouter
must
be
put
into
interactive
mode.
Dedicated
mode
does
not
allow
user
input.
R1(config-if)#async
mode [dedicated | interactive]
preparation.
Example 5-10 shows all the commands covered in the preceding sections.
Example 5-10. Configuring DDR on the Interface
R1(config)#int async65
R1(config-if)#dialer
Table of Contents
in-band
Index
idle-timeout
600
Access
R1(config-if)#dialer-group 8

R1(config-if)#async
mode interactive
ISBN: 1-58720-073-2
Pages: 528
Specifying Interesting Traffic

Now that you've tied the interesting traffic list to the interface, you need to define the interesting
traffic parameters under the global configuration. In other words, you need to create a traffic rule
BCRAN exam.
that triggers asynchronous calls:
exam concepts
Ready yourself for thedialer-group
on the [permit
CCNP exams
R1(config)#dialer-list
protocolquestions
protocol-name
| deny | list
CCNP
Access (CCNP Self-Study) prepares readers for the CCNP 642access-list-number
| access-group]
essential
in see,
preparing
candidates
for the
questionsespecially
that are on
the add
Cisco
As you can
the interesting
traffic
definition
can get quite extensive,
if you
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of
these
access lists to the equation. It is not the intention of this chapter to cover DDR in detail. You
will
concepts,
regardless
of
certification
interest.
have a chance to learn more about it in subsequent chapters. For this scenario, the dialer list can
be kept to its bare minimum (IP routing), because the router is not used to initiate calls or route
over the link. Example 5-11 shows R1's complete DDR configuration.
Example 5-11. show running-config Command Output
preparation.
interface Async65
no ip address
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
Table of Contents
Index
dialer fast-idle 122
dialer string 5551212
dialer hold-queue 100

dialer-group
1 22, 2003
Pub Date: December
ISBN: 1-58720-073-2
Pages: 528
dialer-list 1 protocol ip permit
BCRAN exam.
Verification
for thethe
CCNP
642-821tasks,
BCRAN
and the
gainvalidity
a better,
practical
understanding
of
WhenPrepare
you complete
preceding
youexam
can test
of your
configuration.
You may
exam
concepts
check the modem with the debug confmodem and debug modem commands. You can examine
the result of issuing these commands in Example 5-12. The AT commands are sent by the router
to theExperience
modem. how remote access concepts work in a real network with practice labs that walk
Example 5-12. Output from the debug modem and debug confmodem
Commands
applications.
Designed
R1#clear
line
65
questions by
R1#debug
modem
certification TTY65:
exams. Finally,
it serves
15:25:51:
DSR came
up
15:25:51: tty65: Modem: IDLE->READY
implementation
of the
technology.started
15:25:51: TTY65:
Autoselect
even
as a stand-alone
guide.
15:27:51:
TTY65: Autoselect
failed
15:27:51: TTY65: Line reset <--- Clear line 65
preparation.
15:27:51: TTY65: Modem: READY->HANGUP
15:27:52: TTY65: dropping DTR, hanging up
15:27:52: tty65: Modem: HANGUP->IDLE
15:27:57: TTY65: restoring DTR

15:27:58: TTY65: DSR came up
R1#terminal monitor
Table of Contents
Index
R1#debug confmodem
Modem
Database
debugging
is on
ByWesleyConfiguration
Shuo, Dmitry Bokotey
, Raymond Morrow
, Deviprasad
Konda
*Mar
3 03:06:30.931: TTY1: detection speed (57600) response ---OK--Publisher: Cisco Press
*Mar 3 03:06:30.963: TTY1: Modem command: --AT&FS0=1-ISBN: 1-58720-073-2

528
*Mar Pages:
3 03:06:31.483:
TTY1: Modem configuration succeeded
*Mar 3 03:06:31.487: TTY1: Detected modem speed 57600

*Mar 3 03:06:31.487: TTY1: Done with modem configuration
BCRAN exam.
Prepare
theyour
CCNP
642-821
BCRAN
exam andproperly,
gain a better,
practical
of
Now that
you for
know
physical
layer
is functioning
you can
verify understanding
the upper layers.
exam
concepts
You can turn on PPP debugging using the following commands:
R1#debug
ppp
negotiation
applications.
Designed
R1#debug
ppp
authentication
questions by
providing
R1#debug
error
certificationppp
exams.
When
initiating
session to the router
by a networking
workstation,simulation
note the following
office-based
lab,a aPPP
remote-accessible
lab, some
software processes
programs,inorthe
debug
for organized
even asoutput
a stand-alone
guide.troubleshooting:
PPP initialization when the first PPP string is received
preparation.
LCP finishes the PPP negotiation
Authentication negotiation finishes successfully
The peer receives the proper IP address
Example 5-13 demonstrates PPP debugging using the debug ppp negotiation, debug ppp
authentication, and debug ppp error commands.
Example 5-13. Debugging PPP
Table of Contents
Index
R1#debug ppp
negotiation
*Mar
02:25:27.693:
Interface
ByWesley2Shuo
, Dmitry Bokotey,%LINK-3-UPDOWN:
Raymond Morrow, Deviprasad
Konda Async65, changed state to up
*Mar
2 02:25:27.693: Se0/0 PPP: Treating connection as a dedicated line
*Mar
*Mar
*Mar
2 02:25:27.693: Se0/0 PPP: Phase is ESTABLISHING, Active Open
ISBN: 1-58720-073-2
Pages: 528
2 02:25:27.693: Se0/0 LCP: O CONFREQ [Closed] id 11 len 10

2 02:25:27.693: Se0/0 LCP:
MagicNumber 0x35C4DB07 (0x050635C4DB07)
*Mar 2 02:25:27.729: Se0/0 LCP: I CONFREQ [REQsent] id 14 len 29

*Mar
02:25:27.729: Se0/0 LCP:
MagicNumber 0xBFAE7481 (0x0506BFAE7481)
BCRAN 2exam.
*Mar
2 02:25:27.729: Se0/0 LCP:

MRRU 1524 (0x110405F4)
concepts
*Mar exam
2 02:25:27.729:
Se0/0 LCP:
EndpointDisc 1 Local (0x130F01696F7377616ED3
Experience
23630
3063) how remote access concepts work in a real network with practice labs that walk
*Mar
2 02:25:27.729: Se0/0 LCP: O CONFREJ [REQsent] id 14 len 23

*Mar
2 02:25:27.729: Se0/0 LCP:

MRRU 1524 (0x110405F4)
*Mar
2 02:25:27.733:
Se0/0Access
LCP: (CCNP
EndpointDisc
1 Local readers
(0x130F01696F7377616ED3
CCNP Practical
Studies: Remote
for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
23630 3063)
applications.
*Mar
2 02:25:27.733:
Se0/0understanding
LCP: O CONFACK
[REQsent]
id 15really
len works.
10
questions
of how
remote access
It is also
*Mar
2 02:25:27.733:
LCP:
MagicNumber
0xBFAE7481
(0x0506BFAE7481)
certification
exams. Finally,Se0/0
it serves
anyone
wanting a guide
to real-world
application of these
*Mar 2 02:25:27.733: Se0/0 LCP: State is Open
*Mar
2 02:25:27.733:
Se0/0 PPP:
Phase is UPprocess can be executed on a home- or
implementation
of the technology.
This step-by-step
*Mar
Se0/0 IPCP: O CONFREQ [Closed] id 10 len 16
even as2a 02:25:27.737:
stand-alone guide.
*Mar
2 02:25:27.737:
IPCP:
VJ 15
slots comprehensive
(0x0206002D0F00)
All of the
topics on the newSe0/0
642-821
BCRAN CompressType
exam are covered,
providing
exam
preparation.
*Mar 2 02:25:27.737: Se0/0 IPCP:
Address 10.1.30.200 (0x03060A011EC8)
*Mar
2 02:25:27.745: Se0/0 LCP: I CONFACK [Open] id 11 len 10
*Mar
2 02:25:27.745: Se0/0 LCP:
MagicNumber 0x35C4DB07 (0x050635C4DB07)
*Mar
2 02:25:27.777: Se0/0 LCP: I CONFREQ [Open] id 15 len 10
*Mar
2 02:25:27.781: Se0/0 LCP:
*Mar
2 02:25:27.781: Se0/0 LCP: Dropping packet, state is Open
*Mar
2 02:25:27.813: Se0/0 IPCP: I CONFREQ [REQsent] id 105 len 28
MagicNumber 0xBFAE7481 (0x0506BFAE7481)
Table of Contents
*Mar
2 02:25:27.813:
Se0/0 IPCP:
Index
CompressType VJ 15 slots (0x0206002D0F00)
*Mar
2 02:25:27.813: Se0/0 IPCP:
Address 0.0.0.0 (0x030600000000)
*Mar
2 02:25:27.813: Se0/0 IPCP:
PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar
Pub Date:
2 02:25:27.813:
December 22, 2003 Se0/0 IPCP:
SecondaryDNS 0.0.0.0 (0x830600000000)
ISBN: 1-58720-073-2
*Mar
2 02:25:27.813:
Pages:
528
Se0/0 IPCP: Pool returned 10.1.30.109
*Mar
2 02:25:27.817: Se0/0 IPCP: O CONFREJ [REQsent] id 105 len 16
*Mar
2 02:25:27.817: Se0/0 IPCP:
PrimaryDNS 0.0.0.0 (0x810600000000)
Gain
experience Se0/0
of CCNP
Remote Access
topics with
lab scenarios
for the new 642-821
*Mar hands-on
2 02:25:27.817:
IPCP:
SecondaryDNS
0.0.0.0
(0x830600000000)
BCRAN exam.
*Mar
2 02:25:27.817: Se0/0 IPCP: O CONFNAK [REQsent] id 106 len 10
*Mar exam
2 02:25:27.817:
Se0/0 IPCP:
Address 10.1.30.109 (0x03060A011E6D)
concepts
*Mar Experience
2 02:25:27.817:
Se0/0
IPCP:
O CONFACK
id 107
16 labs that walk
how remote
access
concepts
work in[REQsent]
a real network
with len
practice
*Mar 2 02:25:27.817: Se0/0 IPCP:
*Mar 2 02:25:27.821: Se0/0 IPCP:
Address 10.1.30.109 (0x03060A011E6D)
*Mar 2 02:25:27.833: Se0/0 IPCP: I CONFACK [ACKsent] id 10 len 16
challenges
in implementing
remote
network
*Mar
2 02:25:27.833:
Se0/0 IPCP:
CompressType
VJ 15
slotsaccess
(0x0206002D0F00)
network2 setting,
this book Se0/0
is useful
in preparing
a CCNP
candidate for(0x03060A011EC8)
the general exam
*Mar
02:25:27.833:
IPCP:
Address
10.1.30.200
essential
the new
simulation-based
*Mar
2 in
02:25:27.833:
Se0/0 for
IPCP:
State
is Open
concepts,
interest.
*Mar
2 02:25:27.837:
Se0/0 IPCP:
Install route to 10.1.30.109
Each
includes a review
of IPCP:
the applicable
technology,
guides
the10.1.30.109
reader through
*Mar chapter
2 02:25:27.837:
Se0/0
Add link
info forand
cef
entry
office-based
lab,Isome
networking
software
programs, or
*Mar 2 02:25:27.861:
Se0/0 IPCP:
CONFREQ
[Open]simulation
id 106 len
16
*Mar 2 02:25:27.865: Se0/0 IPCP:
preparation.
*Mar 2 02:25:27.865: Se0/0 IPCP:
Address 0.0.0.0 (0x030600000000)
*Mar
2 02:25:27.865: Se0/0 IPCP: Dropping packet, state is Open
*Mar
2 02:25:27.881: Se0/0 IPCP: I CONFREQ [Open] id 107 len 16
*Mar
2 02:25:27.885: Se0/0 IPCP:
*Mar
2 02:25:27.885: Se0/0 IPCP:
Address 10.1.30.109 (0x03060A011E6D)
*Mar
2 02:25:27.885: Se0/0 IPCP: Dropping packet, state is Open
*Mar
2 02:25:28.733: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async65/,
Table of Contents
changed state to up
Index

R1#debug ppp authentication

MayPub
15Date:
22:05:31.868:
%LINK-3-UPDOWN: Interface Async65, changed state to up
December 22, 2003
ISBN: 1-58720-073-2
*May 15 22:05:31.892: %ISDN-6-CONNECT: Interface Async65 is now connected to

Pages: 528
5551212
*May 15 22:05:31.900: ASYNC65 PPP: Treating connection as a callout
Gain
experience ASYNC65
of CCNP Remote
Access alternate
topics with lab
scenarios
for the new 642-821
*May hands-on
15 22:05:31.900:
CHAP: Using
hostname
cisco
BCRAN exam.
*May 15 22:05:31.984: ASYNC65 CHAP: I CHALLENGE id 50 len 27 from "r8"
*May 15 22:05:31.988: ASYNC65 CHAP: Using alternate hostname cisco
exam concepts
*May 15 22:05:31.992: ASYNC65 CHAP: Username r8 found
*May 15 22:05:31.992: ASYNC65 CHAP: Using default password
*May 15 22:05:31.996: ASYNC65 CHAP: O RESPONSE id 50 len 26 from "cisco"
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1#
error
821debug
BCRANppp
exam
PPP
Async65(i):
rlqr
successes
= 15
network
setting, this
bookreceive
is usefulfailure.
in preparing
a CCNP candidate
PPP:
myrcvdiffp
= 159
peerxmitdiffp
= simulation-based
41091
essential
in preparing
candidates
for the new
PPP:
myrcvdiffo
= of
2183
peerxmitdiffo
concepts,
regardless
certification
interest. = 1714439
Each
includes
PPP: chapter
threshold
= 25a review of the applicable technology, and guides the reader through
office-based
lab, somesuccesses
networking=simulation
PPP Async65(i):
rlqr transmit failure.
15
PPP: myxmitdiffp = 41091 peerrcvdiffp = 159
preparation.
PPP: myxmitdiffo = 1714439 peerrcvdiffo = 2183
PPP: l->OutLQRs = 1 LastOutLQRs = 1
PPP: threshold = 25
PPP Async65(i): lqr_protrej() Stop sending LQRs.

PPP Async65(i): The link appears to be looped back.
Next,
you can
test your configuration by following up with pings to appropriate addresses, as
Table of Contents
shown in Example 5-14.
Index

Example 5-14. ICMP Testing

ISBN:
1-58720-073-2
R1#ping
10.10.1.2
Pages: 528
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.1.2, timeout is 2 seconds:
..!!!
BCRAN exam.
Success rate is 60 percent (3/5), round-trip min/avg/max = 112/114/120 ms
R1# Prepare for the CCNP 642-821 BCRAN exam and gain a better, practical understanding of
exam concepts
If you want to check the results of all the scenarios in R1 configuration, take a look at Example 5Review
set-upR1's
guides
thatrunning-config
show you how to
15, which
displays
show
output.
Example
5-15. show running-config Output from R1
version
questions 12.2
service
timestamps
debugit serves
datetime
localtime
certification
exams. Finally,
anyone
service timestamps log datetime localtime
no
service password-encryption
implementation
!
hostname
R1 on the new 642-821 BCRAN exam are covered, providing comprehensive exam
All of the topics
preparation.
!
interface Async65
no ip address
encapsulation ppp
no ip route-cache no ip mroute-cache
dialer in-band
dialer fast-idle 122
Table of Contents
dialer string
Index 5551212
dialer-group 1
async
Pub Date:
default
December
routing
22, 2003
ISBN: 1-58720-073-2
async
dynamic
address
Pages:
528
async dynamic routing
async mode interactive
Gain
ppp hands-on
reliable-link
BCRAN exam.
ppp encrypt mppe auto
ppp exam
authentication
chap pap ms-chap optional
concepts
ppp Experience
directionhow
callin
ppp link reorders
!
!
network
this book is useful in preparing a CCNP candidate for the general exam
line
auxsetting,
0
essential
autobaud
concepts,
regardless of certification interest.
modem InOut
Each
chapter
includes a review
modem
autoconfigure
discovery
office-based
a remote-accessible
transport lab,
input
all
autoselect during-login
preparation.
Practical Exercise: Dial In and Dial Out

In this exercise, your goal is to create a working solution to enable router Central Site to receive
calls from router Remote as well as a dial-in user. Figure 5-8 illustrates the topology for the
exercise.
Table of Contents
Index
Figure 5-8. Practical Exercise: Dial In and Dial Out

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

The first step is to build a chat script for the modem, which you learned about in Chapter 3.
Second, you apply the configuration to the modem line. Don't forget to verify the line's status
with the show line command. Configure PPP and the DDR option on the physical and dialer
Table
of Contents
interfaces that
were
discussed throughout this chapter's scenarios. Example 5-16 shows the
Index
output of the show run command on the Central Site router. You can view all commands
CCNP
Practical
Remote
Accesstask.
necessary
to Studies:
complete
the given
Example
5-16.
Publisher: Cisco
Press show running-config Output
ISBN: 1-58720-073-2
Pages: 528
chat-script rstmdm "" "AT&FS0=1&B1&C1&D2&H1&K1&M4&R2" OK

chat-script dialnum ABORT ERROR ABORT BUSY "" "ATDT \T" TIMEOUT 60 CONNECT
!
BCRAN
exam.
username
remote privilege 15 password 7 05080F1C2243
username user1 privilege 15 password 7 05080F1C2243
exam concepts
!
interface Async65
no ip
address
Review
encapsulation
ppp
Ready yourself
no ip
route-cache
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
dialer in-band
applications.
dialer rotary-group
0
questions
async default
routing
certification
exams.
async dynamic address
implementation
even
ppp as
reliable-link
All
of the
topics mppe
on theauto
ppp
encrypt
preparation.
ppp authentication chap pap ms-chap optional
ppp direction callin
ppp link reorders
!
interface Dialer0
no ip address
encapsulation ppp
Table of Contents
no ip route-cache
Index
dialer in-band
dialer map ip 10.1.1.1 name remote 5551212

Pub Date: December
dialer-group
1 22, 2003
ISBN: 1-58720-073-2
no cdp
Pages:
enable
528
ppp reliable-link
ppp encrypt mppe auto
ppp authentication
chap pap ms-chap optional
BCRAN
exam.
ppp direction callin
ppp exam
ipcp concepts
accept-address
ppp Experience
ipcp winshow
172.16.5.1
ppp ipcp mask 255.255.255.0
ppp link reorders
!
BCRAN exam
and for workplace
dialer-list
1 protocol
ip permit
network
!
essential
line auxin0preparing candidates for the new simulation-based questions that are on the Cisco
concepts,
autobaudregardless of certification interest.
modem InOut
modem autoconfigure discovery
transport
input
all
All
of the topics
on the
preparation.
autoselect during-login
stopbits 1
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
PPP is used to enable multiprotocol transport across a point-to-point link. It allows for link-level
services such as authentication, callback, and compression. Multiple PPP links can be combined
into a bundle for higher throughput that can be configured to give both peers the proper control
Table of Contents
over the resources.
Index
CCNP
Studies: Remote
Access part of remote network connectivity. It is mentioned often
PPP isPractical
a tremendously
important
throughout
this
book
with
various
ByWesley Shuo, Dmitry Bokotey, Raymondimplementations.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
Which of the following is/are valid PPP authentication methods?
Table of Contents
Index
A. PAP
B. CHAP
C. MS-CHAP
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. MS-PAP
Pages: 528
2:
True or false: The authentication process is part of LCP negotiation.
3:
List at least three possible methods for IP address assignment to the client.
Gain hands-on
4: Whenexperience
you let theofclient
CCNPchoose
Remote
hisAccess
or hertopics
own IP
with
address
lab scenarios
with thefor
async
the new
dynamic
642-821
BCRAN exam.
address command, your router needs to be in __________.
A. Dedicated mode
exam concepts
B. Interactive
mode
Experience
how remote
C. Either
D. None of the above
5: Which of the following are valid LCP packet types?
A. CONFNAK
network setting,
B. CONFREJ
certification C.
exams.
CONFREQ
D. All of the above
implementation
the Ctechnology. This step-by-step process can be executed on a home- or
E. Aofand
F. None ofguide.
the above
All of the
onfalse:
the new
642-821
exam
are covered,
providing
comprehensive
exam
6: topics
True or
BAP's
active BCRAN
mode can
operate
under dialer
interfaces,
but not under
preparation.
virtual-template interfaces.
7:
How can you hard-code the subnet mask during the IP PCP negotiation?
8:
What are the main types of compression that PPP supports?
A. Compressor
B. Stacker
Table of Contents
C. Predictor
Index
CCNP PracticalD.
Studies:
Remote Access
LZ compression
E. TCP header
9:
What command allows the router to accept the peer's address?
ISBN: 1-58720-073-2
10:
Name an interface in control of a bundle in MPPP.
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 6. Using ISDN and DDR

Technologies to Enhance Remote
Connectivity
Table of Contents
Index

ISDN Overview
DDR
ISBN: 1-58720-073-2
The
Pages:
ISDN
528 Layer Protocols
Examining ISDN Call Setup and Teardown
Configuring ISDN
Gain
hands-on
experience
of CCNPof
Remote
Access
topics with
labNetwork
scenarios
for theThe
newfirst
642-821
This chapter
provides
an overview
Integrated
Services
Digital
(ISDN).
part
BCRAN
exam.
of this chapter covers a limited amount of theory necessary for sufficient understanding of the
ISDN configuration, verification, and troubleshooting of a Cisco Network Access Server (NAS)
that follows.
exam
Included
in concepts
this discussion of ISDN are its advantages over other types of connections, services it
can offer, available bandwidth in the form of BRI and PRI, and dial-on-demand routing. When it
comes to ISDN, it is also important to comprehend the interface to the service provider cloud as
well as circuit-switched access establishment via call setup and its release via call teardown.
preparation.
ISDN Overview
This section introduces the main components of ISDN. This includes, but is not limited to, the
following topics:
Table of Contents
What are
integrated services?
Index
Advantages of ISDN
ISDN services
ISDN
Pub
Date: bandwidth
December 22, and
2003 channels
ISBN: 1-58720-073-2
Pages: 528
What Are Integrated Services?

Since the 1960s, the telecommunication networks backbone has been converting to digital. The
end-user access, however, such as the telephone and modem connections, has remained mostly
analog.
ISDN takes
advantage
of the
digitalAccess
telecommunications
some of
Gain hands-on
experience
of CCNP
Remote
topics with labbackbone
scenariosand
for replaces
the new 642-821
the
analog
service devices with new higher-speed digital equipment. So the beauty of ISDN is
BCRAN
exam.
that it makes use of the existing backbone technology while enhancing it with cost-effective
higher-speed services that were previously unavailable or unjustifiably expensive.
concepts
Whenexam
the digital
network is extended end-to-end by ISDN, it eliminates the need to translate (or
sample) the analog waveform into a digital pattern. This allows any application, whether voice,
remote access
concepts
in a real network
practice
labs that
walk
video,Experience
or data, tohow
transparently
transmit
over work
the backbone,
becausewith
there
is no longer
a need
to
you through
theirthe
implementation
differentiate
between
various types of network traffic. As a result, diverse sets of services can
be integrated into one cost-effective solution.
Advantages of ISDN
exam
and for
workplace
in implementing
remote
access
network
ISDN
provides
a viable
alternative
tochallenges
various forms
of communication
while
allowing
reliable
applications.access
Designed
asInternet
a topic-by-topic
guide
of how
to apply
remote accesshow
concepts
high-speed
to the
and other
services.
Table
6-1 demonstrates
ISDN in a real
network setting,
this
usefulofincommunication.
preparing a CCNP candidate for the general exam
compares
to a few
of book
theseisforms
Table 6-1. Advantages of ISDN
Form of Communication
ISDNAdvantage
Over the Specified
office-based
lab, some networking
simulationForm
Analog dialup modem
The transmission rate is up to four times faster.
All of the topics on the new 642-821
BCRAN
exam
are1 covered,
providing
Call setup
is less
than
second versus
30 tocomprehensive
45 seconds. exam
preparation.
Leased line
The cost is lower.
The transmission rate is double.
ISDN Services
As mentioned, ISDN can provide a number of different services:
Data A widely used ISDN service, referring to the payload type of the ISDN packet. Has
an end-to-end synchronous signal.
Table of Contents
Rate adaptation
Allows incompatible equipment to use the ISDN network for data
Index
communication.
For
instance,
devices that do not support synchronous connections or 64
Access
kbps speeds nonetheless can use ISDN services. The two rate adaptation standards are as
follows:
Publisher: -Cisco
Press
V.110
Can be applied to synchronous and asynchronous applications. It has no

or correction. It is based on TDM technology. The frame format lets
and control bits accommodate different source speeds.
ISBN: flags
1-58720-073-2
Pub Date: error

December
detection
22, 2003
Pages: 528
-V.120 Can be applied to synchronous and asynchronous applications. Unlike

V.110, it allows error detection and correction. It is based on STDM (HDLC)
technology.
Gain hands-on
experience
of CCNP Remote
with lab scenarios
for the new 642-821
Voice Analog
or asynchronous
data Access
transfertopics
over asynchronous
modems.
BCRAN exam.
DNIS Identifies a called party number.
Prepare
for the CCNP
642-821
BCRAN
CLID Identifies
a calling
party
number.
exam concepts
ISDNyouBandwidth
Channels
through their and
implementation
Review set-up
guides
that show
youtwo
how
to prepare
a lab
study
The discussion
of ISDN
revolves
around
variations:
BRI
andfor
PRI.
Before we begin, let's
examine the North American digital signal standards and their "T" assignments, because BRI and
Ready to
yourself
for the newYou
simulation-based
questions
on the
CCNP exams
PRI adhere
those standards.
will also learn the
European
equivalents
of their North
American counterparts.
BCRAN
examthe
and
for
workplace
challenges in
implementing
network
Table
6-2 shows
DS
level,
its corresponding
maximum
speed,remote
the "T"access
designation,
and the
applications.
Designed
as
a
topic-by-topic
guide
of
how
to
apply
remote
access
concepts
in a real
number of channels for each level.
of certification
interest.
Table
6-2. North
American Digital Hierarchy
Digital Signal of
Level
Speed
"T"
Designation
Channels
DS0s
implementation
the technology.
This step-by-step
process
can be executed
on a or
homeor
DS0
64 kbps
1
DS1
1.544 Mbps
T1
24
DS2
6.312 Mbps
T2
96
preparation.
DS3
44.736 Mbps
T3
672
DS4
274.176 Mbps
T4
4032
NOTE
As mentioned, some equipment is incapable of supporting the 64 kbps DS0 standard
and can extend to only 56 kbps operation.
Table of Contents
Index
ISDN-BRI
BRI specifies the following components:

Pub
ItDate:
is made
December
up of
22,three
2003
DS0s.
ISBN: 1-58720-073-2
It
has two B channels at 64 kbps each, used for data.
Pages: 528
It has one D channel at 16 kbps, used for signaling.
The remaining 48 kbps is used for framing and synchronization.
The total speed
is measured
follows:
Gain hands-on
experience
of CCNPasRemote
BCRAN exam.
64 + 64 + 16 + 48 = 192
exam concepts
ISDN-PRI
Northyou
American
PRI
specifies
the following components:
through
their
implementation
It is made up of DS1 (T1) with 24 channels.
It has 23 B channels at 64 kbps each, used for data.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642It has one D channel at 64 kbps, used for signaling, carried in timeslot 24.
applications.
Designed
as a is
topic-by-topic
guide
of how
The remaining
8 kbps
used for framing
and
synchronization.
questions
by providing
The total
speed is a
measured
as follows: of how remote access really works. It is also
certification
exams.
it serves
(23 * 64)
+ 64Finally,
+ 8 = 1544
kbpsanyone wanting a guide to real-world application of these
Two encoding schemes are possible: AMI and B8ZS.
implementation
Two separate
of the
types
technology.
of framingThis
arestep-by-step
defined: Super-Frame
process can
(SF)
be and
executed
Extended
on aSuper-Frame
home- or
office-based
(ESF). lab, a remote-accessible lab, some networking simulation software programs, or
European and other countries' PRI specifies the following components:
preparation.
It is made up of E1, the equivalent of T1, with 32 channels.
It has 30 B channels at 64 kbps each, used for data.
It has one D channel at 64 kbps, used for signaling, carried in timeslot 16.
The remaining 64 kbps is used for framing and synchronization.

The total speed is measured as follows:
(30 * 64) + 64 + 64 = 2048 kbps
Encoding is HDB3.
of Contents
FramingTable
is multiframe.
Index
BRI Functional Groups
BRIPublisher:
definesCisco
the Press
following functional groups (ISDN devices):
ISBN: 1-58720-073-2
TE1 Terminal equipment 1. Specifies an ISDN-compatible device. Can connect to an NT1

Pages: 528
or NT2 device (described in this list). Examples of a TE1 device include
- Router with a native ISDN interface
- Digital
telephone
Gain hands-on
experience
BCRAN exam.
- Digital fax
TE2
Terminal
equipment
2. Specifies
a device
ISDN-compatible.
Requires aof
Prepare
for the CCNP
642-821
BCRAN exam
andthat
gainisanot
better,
terminal
adapter (described next) for compliance with ISDN. TE2 equipment examples
exam concepts
include
- Router with no native ISDN interface
- Devices with X.21, X.25, or EIA/TIA-232 interfaces
TA Terminal adapter. Used with TE2 to convert electrical signals into the kind recognized
ISDN. Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CCNPby
Practical
NT1 Network
Termination
1. Links four-wire
ISDN
wiring
to the
two-wire
applications.
Designed
as a topic-by-topic
guide of how
to customer
apply remote
access
concepts
in a real
provider
facility.
NT2 Network Termination 2. Specifies a device that manages traffic to and from
subscriber devices and the NT1. Performs switching and concentrating.
LT Line Termination. Specifies a provider's side. Functions as an NT1.
ET Exchange Termination. Specifies a line card of a subscriber in the ISDN exchange.
office-based
lab,Exchange.
a remote-accessible
lab,
some
networking
simulation
LE Local
Specifies LT
and
ET. It
is a provider's
ISDN switch.
preparation.
NOTE
An NT1/NT2 combination device is sometimes called a Network Termination Unit
(NTU).
Which Devices Represent the BRI Reference Points

Reference points are interfaces between functional groups. They might or might not manifest in
actual physical interfaces. Reference points include the following:
Table of Contents
Index
U User
reference point. Between NT1 and LT.
TShuo
Terminal
point. Morrow
Between
NT1 and
NT2,
ByWesley
, Dmitryreference
Bokotey, Raymond
, Deviprasad
Konda
or between NT1 and TE1 (or TA) if no
NT2 is present.
S System reference point. Between NT2 and TE1 (or TA). Has the same characteristics as
Pub
Date:
December 22, 2003
the
T interface.
ISBN: 1-58720-073-2
R
Rate
Pages:
528 reference point. Between TA and TE2.
Let's spend a few moments discussing how functional groups and reference points work
together.
First, you connect the wall jack to the NT1 with a standard two-wire cable. Then you connect the
Gain
hands-on
Remote
Access
with lab
scenariosAn
foreight-wire
the new 642-821
NT1 to
an ISDNexperience
terminal orofaCCNP
terminal
adapter
withtopics
a four-wire
connector.
BCRAN
exam.
connector is used for the S/T interface because it requires both NT and TE capabilities.
An S/T interface is a combination of the S and T interfaces. It defines a reference point between
a TE1 (or TA) and an NT. You can think of it as a point-to-multipoint bus that multiple ISDN
exam concepts
devices can share.
The U interface is a two-wire interface between the NT and the provider cloud normally
terminated with an eight-pin RJ-48 connector. In this case, the NAS has built-in NT1
functionality. U interface termination is mostly used in North America.
As far as the Cisco IOS is concerned, there is no real difference between the S/T or U termination
when it comes to BRI operation. What you have to keep in mind is that BRI consists of a single D
channel
for signaling
and
two B channels
for data.
CCNP Practical
Studies:
Remote
Access (CCNP
Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
preparation.
DDR
Dial-on-demand routing (DDR) determines whether to bring up a connection that is not already
active based on interesting and uninteresting traffic coming into the router. Interesting traffic
brings up a connection, and uninteresting traffic doesn't.
Table of Contents
Index know which traffic is interesting and which isn't? Through preconfigured
How does a router
CCNP
Practical
Studies:
Remote
access
lists and
dialer
lists. Access
The section "Configuring ISDN" shows you how to configure
interesting
traffic.
Figure 6-1 displays the basic process of determining interesting traffic.


ISBN: 1-58720-073-2
Figure 6-1. Interesting Versus Uninteresting Packets
Pages: 528
BCRAN exam.
exam concepts
questions
byspecifies
providing
of how to
remote
really works.
It is also
A
dialer list
interesting
traffic that is allowed
makeaccess
a connection.
Numerous
dialer list
essentialcan
in preparing
forwith
the access
questions
that are
on thefor
Cisco
settings
be used incandidates
conjunction
lists that provide
more granular
control
a
certification
Finally,
it assigned
serves anyone
wanting
guide
to real-world
these
dialer
list. A exams.
dialer list
is then
to a dial
groupathat
refers
to it whenapplication
needed. A of
physical
concepts,
regardless
BRI
interface
belongsof
tocertification
a dial groupinterest.
and therefore carries out the instructions set up in a dialer
list.
implementation
of the
Thisneed
step-by-step
can betoexecuted
on a homeor
It is very important
to technology.
understand the
for static process
route entries
prevent routing
updates
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or a
from initiating a call and thus adding unnecessary service charges. DDR can be configured with
even
as
a
stand-alone
guide.
number of different options. For instance, an idle timer disconnects a call when no traffic has
been transmitted for a predetermined period of time.
preparation.
It
can also be used for other valuable purposes, such as backup for a leased line or Frame Relay
connection. In this case, an ISDN link may be brought up after a certain load has been reached
on the main line or a preconfigured length of time has lapsed since the line became inactive.
Another DDR concept that is discussed later in this chapter is so-called legacy DDR versus dialer
profiles. You can think of legacy DDR as the configuration that applies to the physical interface,
unlike dialer profiles, which use logical dialer interfaces to accomplish DDR.
To accomplish DDR configuration, you need to go through the following steps. Each step is
discussed further in the section "Configuring ISDN":
Specify interesting traffic.
Table of
Contents
Assign these
parameters
to an interface.
Index
CCNP Practical
Studies:
Remote Access
Define the
destination
aspects
with legacy DDR or dialer profiles.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
The ISDN Layer Protocols

ISDN spans the bottom three layers of the OSI reference model. As mentioned, ISDN uses a
multitude of protocols that fall under those layers and govern its operation.
Tablefrom
of Contents
To communicate
the local terminal equipment to the ISDN switch in the central office (CO),
ISDN uses a Index

unique collection of protocols. ITU organizes these protocols in the following
CCNP
manner:
E. series Describes telephone network standards as they relate to ISDN.

Pub
I.Date:
series
December
Describes
22, 2003
theory, terminology, interfaces, and common techniques.
ISBN: 1-58720-073-2
Q.
series Describes switching and signaling. For instance, Q.921 deals with Link Access
Pages: 528
Procedure on the D channel (LAPD) processes at Layer 2 of the OSI model. Q.931 deals
with Layer 3 of the OSI model. The D channel uses Q.931 signaling.
After the completion of call setup and connection establishment, the ISDN process is identical to
conventional calls. ISDN protocols come into play again when the call is disconnected between
Gainlocal
hands-on
of CCNP
Remote Access
topics with
laband
scenarios
fordoesn't
the new
642-821
the
switchexperience
and the terminal
equipment.
This process
is fast
typically
affect
user
BCRAN exam.
data.
ISDNexam
Layer
1
concepts
how remote
access
concepts work
in athe
realISDN
network
with
practice
labs
that
walk
LayerExperience
1 encompasses
the physical
connection
between
circuit
and
the CPE.
This
layer
is
you
their
implementation
shared
bythrough
the B and
D channels
alike.
Review
set-upback
guides
thatprotocols
show you
how
to prepare
a lab ISDN
for study
Now we
can come
to the
we
touched
on earlier.
Layer 1 is governed by the
following protocols:
CCNPI.430
PracticalFor
Studies:
Remote
(CCNP Self-Study) prepares readers for the CCNP 642BRI across
theAccess
S/T interface.
applications.
I.431Designed
For PRI. as a topic-by-topic guide of how to apply remote access concepts in a real
ANSIby
T1.601
the BRI
U interface. (The
U interface
is not standardized
byisITU-T.)
questions
providingFor
a better
understanding
of how
remote access
really works. It
also
concepts,
regardless
ISDN Layer
2 of certification interest.
Layer
2 deals with
the technology.
B and D channels
separately, offering
unique on
to each
channel.
implementation
of the
This step-by-step
process functions
can be executed
a homeor It
specifies
LAPD
asathe
framing protocollab,
used
for the
D channel.
On the other
hand,
the B channel
office-based
lab,
remote-accessible
some
networking
simulation
software
programs,
or
uses High-Level
Data Link
Control (HDLC) or PPP encapsulation.
even
as a stand-alone
guide.
Protocol
fornew
Layer
2 is asBCRAN
follows:exam are covered, providing comprehensive exam
All of theassignment
topics on the
642-821
preparation.
Q.920 Specifies the ISDN functions.
Q.921 Specifies signaling over the network.
As is the case with the conventional LAN setting, the ISDN network needs the hardware
addressing to take place between all the linked devices. ISDN Layer 2 is responsible for such
addressing. In addition, there is further discrimination within each device when it comes to
different processes running in that device. Therefore, a terminal endpoint identifier (TEI),
dynamically assigned to each router by the switch at bootup, is used in tandem with a service
access point identifier (SAPI), which is a way to identify the types of messages sent across the
network.
Table of Contents
ISDN
Layer
Index
3
AtWesley
Layer Shuo
3, the
D channel
controlled
by,Deviprasad
the Q.931Konda
protocol. The Q.931 protocol is a part of the
By
, Dmitry
Bokotey,is
Raymond
Morrow
Digital Subscriber Signaling System 1 (DSS1) protocol suite, which deals with message
exchange.
The B channel specifications include support for the network layer protocols, such as IP, IPX, and
ISBN: 1-58720-073-2
AppleTalk.
Pages: 528
BCRAN exam.
exam concepts
preparation.
Examining ISDN Call Setup and Teardown

ISDN call setup and teardown reflect the activity of the Layer 3 Q.931 protocol. While an ISDN
call is being set up, a number of messages are exchanged between the called and calling parties
that identify the progress of a call setup.
Table of Contents
Index
Call Setup Process
As you can see in Figure 6-2, the called party requests a call setup. Some steps and messages
Cisco Press
thatPublisher:
are displayed
might not necessarily be a part of your particular call setup. It depends on the
Pub
Date:
December
22,in
2003
type of switches used
the exchange and their requirements.
ISBN: 1-58720-073-2
Pages: 528
Figure 6-2. ISDN Call Setup
BCRAN exam.
exam concepts
Call
Teardown
Process
questions
by providing
The
teardown
of a call
may be
initiated
by either
party.
However,
the switchapplication
handles the
certification
exams.
Finally,
it serves
anyone
wanting
a guide
to real-world
of these
proceedings.
First,
the Disconnect
on the
D channel.
After
the the
switch
receives
the
Each chapter
includesmessage
a reviewisoftransmitted
the applicable
technology,
and
guides
reader
through
Disconnect
message,
starts the release
of the B channel
circuit
sends a Release
message
implementation
of theittechnology.
This step-by-step
process
can and
be executed
on a homeor
to
the downstream
switch. The involved
switches
eventually simulation
transmit the
Release
message or
to the
office-based
lab,
some networking
software
programs,
final
even switch.
To
the
being
disconnected
foregoing
switch
starts a T12 timer.
All make
of the sure
topics
oncall
theisnew
642-821
BCRAN properly,
exam areeach
covered,
providing
comprehensive
exam It
expects
to receive a Released message from the neighbor switch, upon which it issues a Release
preparation.
Complete message back to the neighbor. If the Release Complete isn't received within the timer
period, the Release message is reissued.
Keep in mind as you are consulting Figure 6-3 that call teardown is handled very rapidly
throughout the network.
Figure 6-3. ISDN Call Teardown
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Configuring ISDN
Configuring ISDN on a router involves setting up a number of global and interface commands.
Some are mandatory, and some are optional. The "Scenarios" section discusses both kinds.
of Contents
Typical
tasksTable
are as
follows:
Index
Global parameters(mandatory) Specify the switch type used by the CO. They set up
static routes to various ISDN destinations and select conditions for initiating an ISDN call,
such as interesting traffic.

Pub
Interface
Date: December
parameters
22, 2003
(mandatory)
Configure interface options, assign the interface to a

dialer
group, and map ISDN calls to the appropriate destinations.
ISBN: 1-58720-073-2
Pages: 528
Other parameters(optional) Include idle timers and response times to a call.

Most of these tasks aren't arranged in that particular order. You will probably go back and forth
between configuration modes while setting up your ISDN.
BCRAN exam.
exam concepts
preparation.
Scenarios
This section presents examples of ISDN configurations. Each new general command is discussed in
detail the first time it is encountered. Each subsequent mention of a command is simply shown.
This includes commands and concepts covered in previous chapters.
Table of Contents
Index
Scenario 6-1: Configuring a Simple ISDN Call

Here you will learn how to set up a simple ISDN call by using PPP encapsulation, defining
Publisher: traffic,
Cisco Press
interesting
and specifying a carrier switch type and other service provider parameters.
In thisISBN:
scenario,
DDR is configured to connect R1 to R2. Routing is achieved via a static route. The
1-58720-073-2
type of
DDR
used
is "legacy" DDR, which uses dialer maps. Figure 6-4 shows the network layout.
Pages: 528
Figure 6-4. Simple ISDN Call Topology

BCRAN exam.
exam concepts
You will
first look
at guides
R1's configuration,
followed
that ofaR2.
Review
set-up
that show you
how toby
prepare
lab for study
Step 1: Configuring the Switch Type

BCRAN
exam
for workplace
challenges
in type.
implementing
network
The first
thing
youand
should
do is specify
the switch
Table 6-3remote
shows access
a number
of switches and
applications.
Designed
as
a
topic-by-topic
guide
of
how
to
apply
remote
access
concepts
in a real
their IOS command equivalents. As you can see, there are quite a few. The types of switches
vary
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
from country to country. Also, most switches are available in either basic or primary
questions
by providing
better
understanding
implementations
for usea with
BRI
or PRI, accordingly.
Table 6-3. Types of ISDN Switches
preparation.
Command
Description
basic-1tr6
1TR6 ISDN switches (Germany)
basic-5ess
AT&T basic rate switches (U.S.)
basic-dms100
NT DMS-100 (North America)
basic-ni1
National ISDN-1 (North America)
Table of Contents
basic-ni2 Index
National ISDN-2 (North America)
basic-1tr6
1TR6 ISDN switches (Germany)
basic-nwnet3
Net3 switches (Norway)

basic-nznet3
Net3 switches (New Zealand)
basic-ts013
TS013 and TS014 switches (Australia)
ISBN: 1-58720-073-2
Pages: 528
basic-net3
NET3, also known as E-DSS1 or DSS1 switches (United Kingdom and

Europe)
ntt
NTT ISDN switch (Japan)
primary-4ess
AT&T 4ess switch (U.S.)
primary-5ess
AT&T 5ess switch (U.S.)
BCRAN
exam.
primary-dms100 NT DMS-100 switch (U.S.)
Prepare for the NET5
CCNP switches
642-821 (Europe)
primary-net5
exam concepts
vn2 to vn5
VN2, VN3, VN4, and VN5 ISDN switches (France)
Find out which one is used by your service provider. Make sure you are clear on the correct type of
switch to avoid numerous problems.
The switch type can be configured in either global or interface configuration mode. Global mode
controls
the type
of switch
for allAccess
ISDN interfaces.
The interface
mode
command
it to that
CCNP Practical
Studies:
Remote
(CCNP Self-Study)
prepares
readers
for theapplies
CCNP 642interface
only.
You've
probably
already
guessed
that
if
two
different
switches
are
specified
for
global
and
interface
configuration,
the
interface
takes
precedence
over
the
global
for
that
particular
interface.
network setting,
To configure your CO's switch type, use
R1(config)#isdn
switch-typeswitch-identifier
preparation.
or
Table of Contents
Index
R1(config-if)#isdn switch-typeswitch-identifier
Publisher:
Cisco Press
Select
the AT&T
5ess switch as the CO ISDN switch type for all ISDN interfaces with
ISBN: 1-58720-073-2
Pages: 528
BCRAN
exam.
R1(config)#isdn
switch-type basic-5ess
exam concepts
After Experience
you've specified
the typeaccess
of switch,
you can
configure
CHAP with
username
and
password
for
how remote
concepts
work
in a real the
network
practice
labs
that walk
the remote
router:
questions by providing aR2
R1(config)#username
better
password
understanding
Cisco of how remote access really works. It is also
Step
2: Configuring
the ISDN Interface
implementation
of the technology.
To
specify
the interfaceguide.
for use by ISDN, choose one of two available commands. The first one
even
as a stand-alone
applies to routers with the native ISDN interface TE1:
preparation.
R1(config)#interface brinumber
If native TE1 is not a part of your router setup, you need to designate a serial interface for use in
ISDN. It becomes
TE2
with external TA:
Table of
Contents
Index


ISBN: 1-58720-073-2
Pages: 528
R1(config)#interface serialnumber
All
subsequent
BCRAN
exam. commands that govern the interface take place in interface configuration mode.
Whether you are using legacy DDR or dialer profiles determines whether most of your interface
configuration tasks are applied to a logical or physical interface. Regardless, the ISDN interface is
assigned
a protocol
an encapsulation
option,
dialer
group practical
and, possibly,
Service Profile
Prepare
for theaddress,
CCNP 642-821
BCRAN exam
and a
gain
a better,
understanding
of
Identifier
numbers (discussed in the next scenario).
exam(SPID)
concepts
SelectExperience
the BRI 0 how
configuration
mode:concepts work in a real network with practice labs that walk
remote access
network setting, this bookbri
is useful
0
Define the BRI 0 IP address and net mask:
preparation.
Set the PPP encapsulation for BRI 0:
Table of Contents
Index

R1(config-if)#encapsulation ppp
ISBN: 1-58720-073-2
Pages: 528
Add CHAP PPP authentication for BRI 0:
BCRAN exam.
exam concepts
R1(config-if)#ppp authentication chap
Step 3: Configuring the Idle Timer
To
prevent
the Studies:
link fromRemote
staying Access
up indefinitely,
you can configure
idle timer.
If there
no
CCNP
Practical
(CCNP Self-Study)
preparesanreaders
for the
CCNPis642traffic
on
the
link
during
the
idle
timer
interval,
the
connection
is
terminated.
The
command
to
configure
the
idle
timer
is
idle-timeoutseconds
preparation.
Here's an example:
R1(config-if)#dialer idle-timeout 3600
Table of Contents
Index

ByWesley
Step
4: Shuo
Configuring
, Dmitry Bokotey
Dialer
, Raymond
Maps
To place
Publisher:
a call
Ciscoto
Press
a destination, a router needs some way of identifying it. The "DDR" section
mentioned
existence
of legacy DDR and its more advanced successor, dialer profiles. Here you
Pub Date: the
December
22, 2003
will become
familiar with the legacy DDR configuration through dialer maps.
ISBN: 1-58720-073-2
Pages: 528
In short, dialer maps associate the destination router's protocol address with a specific telephone
number called the dial string. The command lets other options be specified as well. It's important
to understand that it is applied to the physical interfacein this case, BRI 0.
BCRAN exam.
exam concepts
R1(config-if)#dialer mapprotocol next-hop-address [namehostname] [speedspeed]
[broadcast]
dial-string
Review set-up
This
syntax does
examnot
andinclude
for workplace
all the options
challenges
available
in implementing
for this command.
remote The
access
options
network
shown here
applications.
translate
as follows:
protocol
is the Layer
3 protocol
the phone numberquestions
is mapped.
essential
in preparing
candidates
for to
thewhich
that are on the Cisco
next-hop-address
the Layer 3
protocol address.
concepts,
regardless of is
certification
interest.
is the name
of the
remote
router technology,
used for authentication.
Each hostname
chapter includes
a review
of the
applicable
speed is used for rate adaptation to request a lower speed than the standard DS0 64 kbps.
even With
as a broadcast,
stand-alone broadcasts,
guide.
such as routing updates, are forwarded to this address.
All of dial-string
the topics is
onthe
thedestination's
new 642-821telephone
BCRAN exam
are covered, providing comprehensive exam
number.
preparation.
Multipledialer map statements identifying different destinations may be used on the same
physical interface.
Create the dialer map command to specify IP as the name of the protocol, 192.168.1.2 as the IP
address for the BRI interface of the next-hop router, R2 as the CHAP identification name for the
remote router, and 2125552222 as the telephone number used to reach the BRI interface on the
remote router:
Table of Contents
Index

By
Wesley Shuo, Dmitry Bokoteymap
, Raymond
Morrow, Deviprasad
Konda
ip 192.168.1.2
name
R2
speed 56 2125552222

ISBN: 1-58720-073-2
Pages:
528
Step 5:
Specifying
Interesting Traffic
You might recall the definition of interesting traffic from the "DDR" section. The dialer-list
command is used to identify interesting traffic. dialer-list has two versions: the so-called basic
version and one that refers to an access list. The basic version allows or drops only packets
Gain hands-on
belonging
to anexperience
entire protocol:
BCRAN exam.
exam concepts
R1(config)#dialer-listdialer-group-number protocolprotocol-name {permit | deny}
The
access-list
version as
adds
the richness ofguide
all the
that can
be defined
the extended
applications.
Designed
a topic-by-topic
of options
how to apply
remote
accessby
concepts
in a real
access
list:
R1(config)#dialer-listdialer-group-number protocolprotocol-name list
preparation.
access-list-number
Let's look at what each element of this command represents. dialer-group-number is the dialer-list
identifier that will be used in the next step of DDR configuration to assign this list to an interface.
protocol-name specifies the Layer 3 protocol to be used.
Theaccess-list-number argument matches an extended access list that is defined separately for
the purposes of being used with the dialer-list command. The use of access lists to define
interesting traffic is covered in the next scenario.
To define interesting traffic for R1, you need to exit interface configuration mode. Associate
of Contents
permitted IP Table
traffic
with dialer group 1. This means that the router initiates an ISDN call only for
Index
IP traffic.

ISBN: 1-58720-073-2
Pages: 528
R1(config)#dialer-list 1 protocol ip permit
BCRAN exam.
Step 6: Assigning the Dialer List to an Interface

We'veexam
already
concepts
mentioned that the dialer-group-number used in the previous command needs to
match another command's argument that applies it to an actual interface. By referencing the same
Experience
how remote interface
access concepts
workthe
in dialer-list
a real network
with practice
labs
that walk
number
in the dialer-group
command,
command
set up in
global
you through
their
implementation
configuration
mode
controls
which packets are to initiate a call through that interface.
R1(config-if)#dialer-groupdialer-group-number
Enter
interface configuration
mode This
again,
and associate
the BRI
interface
with
listor
1:
implementation
of the technology.
step-by-step
process
can0be
executed
on dialer
a homeoffice-based lab, a remote-accessible lab, some networking simulation software programs, or
preparation.
Step 7: Configuring Routing

You were previously warned that if you choose to advertise routing updates and inadvertently
don't prevent those updates from bringing up the link, you might be unpleasantly surprised when
of Contents
you receive aTable
bill from
your provider.
Index
CCNP
Practical
Studies:
Remote
Access
Do not
despair.
ISDN
technology
offers numerous options to successfully accomplish what you

need
while
keeping
charges
in check:
ByWesley
Shuo
, Dmitry Bokotey
, Raymond
Static routes and default routes
Floating
ISBN: 1-58720-073-2
static routes
Pages: 528
Dynamic routing with passive interfaces

OSPF demand circuit
Dialer watch
BCRAN
Snapshot
exam. routing
Here you will examine the static route option; the rest are discussed in later scenarios.
Whenever
examyou
concepts
have a stub network, as is the case with this scenario, there is no real need to use
dynamic routing, because all connections come from and go to the same point.
Set up
you
a static
through
route
their
to implementation
R2's 192.168.100.0/24 network using this command:
questions
by providing
of how remote
R1(config)#ip
route a192.168.100.0
255.255.255.0
192.168.1.2
Example 6-1 demonstrates R1's complete ISDN configuration that includes all previous steps.
Example 6-1. R1 ISDN Configuration
preparation.
R1#show run
hostname R1
isdn switch-type basic-5ess

username R2 password Cisco
interface bri 0
ip address 192.168.1.1 255.255.255.0
Table of Contents
encapsulation ppp
Index
dialer idle-timeout 360
dialer map ip 192.168.1.2 name R2 speed 56 2125552222

dialer-group
1 22, 2003
Pub Date: December
ISBN: 1-58720-073-2
ppp authentication chap

Pages: 528
!
ip route 192.168.100.0 255.255.255.0 192.168.1.2
Gain
hands-on1experience
dialer-list
protocol ofipCCNP
permit
BCRAN exam.
exam concepts
Let's now look at the configuration of R2. It needs to mirror R1.
Establish the CHAP username and password for the remote router:
R2(config)#username
password
Cisco of how remote access really works. It is also
questions by providing aR1
better
understanding
Identify
Each
chapter
the BRI
includes
0 IP address
a review
and
of the
net applicable
mask:
preparation.
Specify R1 as the CHAP identification name for the remote router and 2125551111 as the
telephone number used to dial up the remote router:
Table of Contents
Index


map ip 192.168.1.1 name R1 speed 56 2125551111
ISBN: 1-58720-073-2
Pages: 528
Example 6-2 shows the ISDN configuration of R2.
Example
6-2.
R2 ISDN
Configuration
Gain hands-on
experience
of CCNP
BCRAN exam.
Prepare
R1#show
run for the CCNP 642-821 BCRAN exam and gain a better, practical understanding of
exam concepts
hostname R2
through their
implementation
isdn you
switch-type
basic-5ess
Review
guides
username
R1set-up
password
Cisco
interface bri 0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642ip BCRAN
address
192.168.1.2
255.255.255.0
821
exam
and for workplace
encapsulation
pppbook is useful in preparing a CCNP candidate for the general exam
network
setting, this
dialer in
idle-timeout
360
essential
dialer map
ip 192.168.1.1
name
R1 speed 56 2125551111
concepts,
regardless
of certification
interest.
dialer-group
1
Each
chapter includes
ppp authentication
chap
office-based
!
ip
route 192.168.200.0 255.255.255.0 192.168.1.1
preparation.
Scenario 6-2: Configuring DDR with Access Lists

In this scenario, you will look at how DDR commands can be used to define an extended access list
to initiate ISDN calls. The topology used in the preceding scenario applies to this one as well.
Some changes have been requested, however, so your configuration needs to be adjusted
accordingly. The service provider switch is changed to a Northern Telecom DMS-100 model, and
DDR
must beTable
configured
on router R1 to connect to R2 for all IP traffic except Telnet and FTP.
of Contents
Index
Specify a Northern Telecom DMS-100 switch as the one used by the ISDN service provider:

ISBN: 1-58720-073-2
Pages: 528
R1(config)#isdn switch-type basic-dms100
BCRAN exam.
NOTE
exam concepts
You should reload the router after changing the switch type to make the new
configuration effective.
Ready yourself
Configuring
SPIDsfor the new simulation-based questions on the CCNP exams
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642After you've specified the switch type, you might need to specify a SPID number. Not all switches
require a SPID value, especially outside the U.S. Whenever the SPID number is required, you can
find out the exact SPID information from your ISDN service provider.
SPIDS are dial-in numbers used by some service providers with certain types of switches, such as
National ISDN1 and DMS-100. These numbers, which are similar to regular phone numbers, verify
the services provided by your contract. SPIDs are available in spid1 and spid2 categories, one for
each B channel.
Sometimes the keyword ldn might have to be placed at the end of the command line. ldn (local
directory number) is assigned by the service provider and is used to make sure that calls are
properly routed to both B channels.
The syntax for the spid commands is as follows:
preparation.
R1(config-if)#isdn spid1spid-number [ldn]

R1(config-if)#isdn spid2spid-number [ldn]
Table of Contents
Because you Index

are using a DMS-100 switch, you need to configure SPID numbers:

ISBN: 1-58720-073-2
Pages: 528
R1(config-if)#isdn spid1 5551212

R1(config-if)#isdn spid2 5551213
BCRAN exam.
PPP exam
Authentication
concepts with a Different Host Name
howyou
remote
access
work inon
a real
with practice
thatthe
walk
In theExperience
last scenario,
set up
CHAPconcepts
authentication
eachnetwork
participating
router tolabs
match
you
through
their
implementation
calling
router's
host
name.
You might run into a situation in which a username you set up for a
calling router does not match its host name. For instance, not knowing a router's host name,
Review
guides
that
showor
you
how shortening
to prepare athe
labtask
for of
study
dealing
with aset-up
rotational
host
name,
simply
storing a multitude of host
names with their respective passwords would prompt you to skip the real host name and opt for
Ready yourself
for the
new
an alternate.
Cisco offers
such
ansimulation-based
option for CHAP questions
in its IOS. on the CCNP exams
CCNP
Practical
Access (CCNP
Self-Study)
prepares
readers
642-the
To achieve
this,Studies:
performRemote
a combination
of actions.
On the called
router,
suchfor
as the
R2, CCNP
configure
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
username password command using an alternate host name:
R2(config)#username caller password Cisco
preparation.
At the same time, match this alternate host name on the calling router, R1, with the following
command:
R1(config-if)#ppp chap hostnamealternate-host-name
Table of Contents
Index

ByWesley Shuo
, Dmitry Bokotey, Raymond
Morrow, Deviprasad
Konda
Replace
the alternate-host-name
argument
in the real
configuration with the word "caller."
Configuring
Pub Date: December
DDR22, 2003
ISBN: 1-58720-073-2
Because
Pages:
you528
will configure the new dialer group number 2 for this scenario, first remove the dialer
group 1 configured in the previous scenario.
Then associate the BRI 0 interface with dialer list 2 using the dialer-group command:
BCRAN exam.
exam concepts
R1(config-if)#dialer-group
2
You can apply access lists to a dialer group to initiate dialing. The use of extended access lists
CCNP configuring
Practical Studies:
Remote
Access (CCNP
Self-Study)
preparesin
readers
for the
when
ISDN is
more common
than specifying
conditions
the dialer
list CCNP
itself. 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications.
asentries
a topic-by-topic
guide
of access-list
how to apply111
remote
concepts
in a real
Extended
TCPDesigned
access list
are defined
in the
denyaccess
commands.
They
network FTP
setting,
book
is useful
intriggering
preparingcalls.
prevent
and this
Telnet
packets
from
R1(config)#access-list 111 deny tcp any any eq ftp
preparation.
R1(config)#access-list 111 deny tcp any any eq telnet
The command access-list 111 permit allows all other IP traffic to start ISDN calls:
Table of Contents
Index
R1(config)#access-list
111 permit ip any any
The next command enables automatic DDR calling. It assigns access list 111 to dialer list 2, which
in turn is applied to the BRI 0 interface by the dialer-group command already configured:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R1(config)#dialer-list 2 protocol ip list 111
exam concepts
you 6-3
through
their
implementation
Example
shows
R1's
new configuration.
Example
6-3. R1
Configuration
Ready yourself
forRunning
R1#show
runDesigned as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
hostname
R1providing a better understanding of how remote access really works. It is also
questions by
isdn
switch-type
basic-dms100
certification
exams. Finally,
isdn spid1 5551212
implementation
isdn
spid2 5551213
username
R2 password
guide.
Cisco
All of the topics
interface
bri on
0 the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
ip address 192.168.1.1 255.255.255.0
encapsulation ppp
dialer map ip 192.168.1.2 name R2 speed 56 2125552222

dialer-group 2
ppp chap hostname caller
Table of Contents
ip
route 192.168.100.0
255.255.255.0 192.168.1.2
Index
access-list 111 deny tcp any any eq ftp
access-list 111 deny tcp any any eq telnet

Pub Date: December
22, 2003 ip any any
access-list
111 permit
ISBN: 1-58720-073-2
dialer-list
Pages: 528 2 protocol ip list 101
BCRAN exam.
NOTE
The
new for
configuration
of R2 would
follow
the and
same
logical
pattern
as thatunderstanding
of R1.
Prepare
the CCNP 642-821
BCRAN
exam
gain
a better,
practical
of
Therefore,
it's not included here.
exam concepts
Scenario
PRI
Review 6-3:
set-upConfiguring
guides that show
Ready
yourself
the new
simulation-based
exams
Figure
6-5 shows
thefor
topology
for
this scenario. R3questions
possessesona the
PRI CCNP
interface.
You need to
configure the router to allow R4 to access its Ethernet side via ISDN.
is useful
in preparing
a CCNP candidate
Figure
6-5.
PRI Configuration
Topology
evencan
You
as a
begin
stand-alone
your configuration
guide.
by enabling the Ethernet interface on R3. This includes setting an
IP address for the Ethernet interface. Here, it is 10.30.30.1/24.
preparation.
The
next step is to configure the ISDN switch type specified by the telephone company for your
PRI connection. In this case, it is primary-5ess:
R3(config)#isdn switch-type primary-5ess
Table of Contents
Index
Now
a username
and password to be used for authentication when R4 tries to connect to
CCNP configure
Practical Studies:
Remote Access
R3. Let's say that the username is "R4" and the password is "Cisco":

ISBN: 1-58720-073-2
Pages: 528
R3(config)#username R4 password Cisco

BCRAN exam.
You can
now configure
a dialer
list toBCRAN
specifyexam
IP asand
the gain
type aofbetter,
interesting
traffic
that initiates of
a call
Prepare
for the CCNP
642-821
practical
understanding
to R4:exam concepts
challenges
1 protocol
ip permit
certification
Finally,
anyone wanting
guide
to real-world
Next,
create exams.
the static
route ittoserves
R4's Ethernet
network avia
its BRI
address: application of these
preparation.
R3(config)#ip route 10.40.40.0 255.255.255.0 192.168.1.4
It's time to configure the T1 interface.
Configuring PRI
Configuring PRI interfaces involves the PRI-specific tasks discussed next, as well as the DDR-based
commands you used in BRI configurations.
Table of Contents
You
start by Index
configuring the ISDN PRI controller:


ISBN: 1-58720-073-2
Pages: 528
R3(config)#controller {t1 | e1} {slot/port | unit-number}
BCRAN exam.
Thet1 part of the command is used for North America and Japan. e1 is used for European facilities
and much of the rest of the world. The slot/port or unit-number specifies the controller's physical
slot, port
location,
orCCNP
unit number.
Prepare
for the
exam concepts
You can use the following controller configuration command to select the frame type used by the
PRI service
provider:
Experience
network setting, this book is useful in
preparing
R3(config-controller)#framing
{sf
| esf |a CCNP
crc4 candidate
| no-crc4}
Older T1 configurations use the sf (superframe) keyword. esf (extended superframe) is used for
T1 PRI configurations. The crc4 | no-crc4 (cyclic redundancy check) options are for E1 PRI
configurations.
even
as acommand
stand-alone
guide. the physical-layer signaling method. You need to satisfy the density
The next
identifies
requirement of 1s on the provider's digital facility. If there aren't enough 1s in the digital
bitstream, the network switches and multiplexers can lose their synchronization for transmitting
preparation.
signals.
R3(config-controller)#linecode {ami | b8zs | hdb3}
Table of Contents
Index
ami means alternate
mark inversion. hdb3 (high-density bipolar 3) is used for E1 PRI
CCNP
configurations.
Thelinecode and framing controller commands must match the framing and line-code types that
are used at the T1/E1 WAN provider's CO switch.

ISBN: 1-58720-073-2
Pages: 528
NOTE
When T1 is used, framing esf and linecode b8zs are usually implemented. If E1 is
used,framing crc4 and linecode hdb3 are applied.
BCRAN exam.
Choose the clock source for the T1 with the following command:
exam concepts
R3(config-controller)#clock source {line [primary | secondary]| internal}
questionsor
bysecondary
providing akeywords
how remote
access
really
works. It
also
primary
are used for of
AS5000
to select
either
the primary
orissecondary
essential
in preparing
TDM
as the
clock source.
concepts,
Now
that you've
regardless
configured
of certification
the controller,
interest.
you can specify it for the PRI operation:
preparation.
R3(config-controller)#pri-group timeslotsrange
This command identifies how many fixed timeslots the provider allocates. T1 uses values from 1 to
24, and E1 can range from 1 to 31.
The next command sets up an interface for PRI D channel operation:
Table of Contents
Index


R3(config-controller)#interface
serial {slot/port: | unit :}{23 | 15}
ISBN: 1-58720-073-2
Pages: 528
This creates a serial subinterface to a T1/E1. The 23 argument refers to a T1 interface and
designates channels 0 to 22 as the B channels and DS0 23 as the D channel. Alternatively, the 15
parameter is for an E1 interface and designates 30 B channels and timeslot 16 as the D channel.
On R3, configure your PRI as shown in Example 6-4.
BCRAN exam.
Example
Prepare6-4.
for the
PRI
CCNP
Configuration
exam concepts
R3(config)#controller
t1 1/0
Review set-up guides that show b8zs
R3(config-controller)#linecode
R3(config-controller)#clock source line
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R3(config-controller)#framing
821 BCRAN exam and for workplaceesf
R3(config-controller)#pri-group
timeslotsa CCNP
1-24 candidate for the general exam
network setting, this book is useful in preparing
R3(config-controller)#interface
serial
1/0:23
essential in preparing candidates for the
At
this point youof
can
with This
the DDR
portion of
the PRIcan
configuration.
youor
implementation
thecontinue
technology.
step-by-step
process
be executedThe
on atasks
homeconfigure
here
are
familiar to lab,
you,some
such networking
as PPP encapsulation,
interface
office-based
lab,
a already
remote-accessible
simulation authentication,
software programs,
or IP
address,
group, guide.
and dialer map to the destination. This portion of the configuration is
even as adialer
stand-alone
presented in Example 6-5.
preparation.
Example 6-5. R3 Interface Configuration
R3(config-if)#encapsulation PPP

R3(config-if)#dialer idle-timeout 90
Table of Contents
Index
map ip 192.168.1.4 name R4 2125554444
Next, you will configure dynamic routing via EIGRP.

ISBN: 1-58720-073-2
Pages: 528
Configuring
Routing
In the previous scenario, you learned how to set up routing via a static route. In most instances,
however, this solution is not sufficient to satisfy the routing requirement. In larger environments,
the scalability issue introduces the need for dynamic routing.
BCRAN
exam.
In
this example,
you can set up EIGRP routing with the following command:
exam concepts
R3(config)#router
eigrp
100 simulation-based questions on the CCNP exams
Ready yourself for
the new
This
creates
a new
problem.
you introduce
your
network
into thefor
dynamic
protocol,
your links
network
setting,
this
book is If
useful
in preparing
a CCNP
candidate
the general
exam
will
constantly
be
brought
up
by
the
routing
updates,
right?
Well,
not
if
you
configure
passive
interfaces.
passive interface
listens
to routing
updates but doesn't
forward
essential inApreparing
candidates
for the
questions
thatthem.
are on the Cisco
preparation.
R3(config-router)#passive-interface
interface
The following command adapts this syntax for the current scenario:
Table of Contents
serial 1/0:23
Index

Sometimes
a situation occurs in which other networks need to be informed of the stub network
Pub Date:So,
December
22, 2003
existence.
you need
to configure the router to redistribute the static route to other routers in
ISBN:
1-58720-073-2
the network. Therefore, the static route will be redistributed into a dynamic protocol of your
choice.
Pages:
For this
528 purpose, apply the following:
BCRAN exam.
R3(config-router)#redistribute
static
exam concepts
Verification
You can verify your ISDN configuration by using several commands. For instance, you can check
CCNP
Practical
Studies:
Remote
Access show
(CCNPisdn
Self-Study)
for the
CCNP 642the
status
of the
ISDN link
by entering
status, prepares
as shownreaders
in Example
6-6.
network
setting,
book is useful
in preparing
Example
6-6.this
Verifying
ISDN
Status a CCNP candidate for the general exam
R3#show isdn status
The current ISDN Switchtype = primary-5ess
ISDN Serial1/0:23 interface
1 Status:
All ofLayer
the topics
preparation.
ACTIVE
Layer 2 Status:
TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
Total Allocated ISDN CCBs = 0
Table of Contents
Index

By
Wesley
, Dmitry
, Raymond
Morrow, Deviprasad
Konda
You
can Shuo
check
the DBokotey
channel
configuration
by issuing
the
show interface serial 1/0:23
command, as shown in Example 6-7.

Example
6-7. Verifying the D Channel Subinterface
ISBN: 1-58720-073-2
Pages: 528
R3#show interface serial 1/0:23

Serial1/0:23 is up, line protocol is up (spoofing)
BCRAN exam.
Hardware is DSX1
Internet
is 192.168.1.3/24
Prepare address
for the CCNP
exam concepts
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation
PPP,implementation
loopback not set
you through their
Review
set-up
guides that
show00:00:04,
you how tooutput
preparehang
a labnever
for study
Last
input
00:00:04,
output
Ready
yourselfof
for"show
the new
simulation-based
questions
Last
clearing
interface"
counters
never on the CCNP exams
CCNP
Practical
Studies:
Remote
prepares
readers
for the CCNP 642Input
queue:
0/75/0
(size/max/drops);
Total output
drops:
0
applications.
a topic-by-topic
Queueing Designed
strategy:asweighted
fair guide of how to apply remote access concepts in a real
questions
providing
Output by
queue:
0/1000/64/0
(size/max total/threshold/drops)
certification
exams. Finally,
it serves
anyone wanting
a guide total)
Conversations
0/1/256
(active/max
active/max
preparation.
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
102 packets output, 571 bytes, 0 underruns
0 output errors, 0 collisions, 6 interface resets

0 output buffer failures, 0 output buffers swapped out
1 carrier transitions
Timeslot(s) Used:24, Transmitter delay is 0 flags

Table of Contents
Index

Next, you can verify the configuration of the T1 controller. Enter show controller t1 1/0 to do
this,
as shown
Example 6-8.
Publisher:
Ciscoin
Press
ISBN: 1-58720-073-2
Example
6-8. Verifying the Controller Configuration
Pages: 528
R3#show controller t1 1/0

Gain
hands-on
T1 1/0
is up.experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
Applique type is Channelized T1 - unbalanced
No exam
alarms
detected.
concepts
Framing
is ESF,
Line Code
is concepts
B8zs, Clock
Source
is Line.with practice labs that walk
Experience
how remote
access
work in
a real network
Data in current interval (580 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
exam
and3for
challenges
implementing
remote access
0 Slip
Secs,
Frworkplace
Loss Secs,
0 LineinErr
Secs, 0 Degraded
Mins network
network
setting, this
book0 isBursty
useful in
preparing
candidate
for the0general
exam
0 Errored
Secs,
Err
Secs, 3a CCNP
Severely
Err Secs,
Unavail
Secs
If you want to monitor the ISDN connection in real time so that you can see the Layer 2
Each
chapter includes
a review
ofturn
the applicable
technology,
guidesdebug
the reader
communication
process,
you can
on Q.921 debugging
byand
entering
isdn through
q921.
office-based
lab,
a remote-accessible
lab, some
simulation
programs,
or
Then you ping
R4's
Ethernet port. Assume
that itnetworking
is configured
with thesoftware
IP address
10.40.40.1.
even
as
a
stand-alone
guide.
When the ping returns successful results, you can view the rest of the connection process, because
Q.921 debugging has been turned on, as shown in Example 6-9.
preparation.
Example 6-9. Monitoring the ISDN Connection in Real Time
ISDN Q921 packets debugging is on
R3#
ISDN Se1/0:23: RX <-
RRp sapi = 0
tei = 0 nr = 20
ISDN Se1/0:23: TX ->
RRf sapi = 0
tei = 0
RRp sapi = 0
tei = 0 nr = 15
RRf sapi = 0
tei = 0
Table of Contents
Index
ISDN Se1/0:23:
RX <-
nr = 15
nr = 20

ByWesley
Shuo, DmitryRX
Bokotey
Raymond
Morrow
ISDN
Se1/0:23:
<- ,RRp
sapi
= 0 ,Deviprasad
tei = 0Konda
nr = 20
ISDN
Se1/0:23:
TX ->
Publisher:
Cisco Press
RRf sapi = 0
tei = 0
nr = 15
RRp sapi = 0
tei = 0 nr = 15
ISDN Se1/0:23: RX <-
RRp sapi = 0
tei = 0 nr = 20
RRf sapi = 0
tei = 0

ISBN: 1-58720-073-2
Pages: 528
nr = 15
ISDN Se1/0:23: RX <- RRf sapi = 0 tei = 0 nr = 20

BCRAN exam.
exam concepts
NOTE
R4's configuration follows all the logical steps discussed in this and previous scenarios. It
is
not included
to that
saveshow
space.
We
believe
that you
canfor
easily
configure R4 on your
Review
set-up here
guides
you
how
to prepare
a lab
study
own based on the information you've learned in this chapter.
Scenario
6-4: Alternative Identification Techniques
You
already
how to
configure
identification
PPP authentication
options
and
questions
byknow
providing
a better
understanding
of through
how remote
access really works.
It PAP
is also
CHAP.
You
also
encountered
the
alternate-host-name
parameter
that
can
be
used
with
CHAP.
essential in preparing candidates for the new simulation-based questions that are on the CiscoIn
this
scenario,
you will
be introduced
two more
identification
that application
can be usedofalongside
certification
exams.
Finally,
it serves to
anyone
wanting
a guide tooptions
real-world
these
or
instead
of
those
you've
previously
learned.
even NOTE
that you've
general
ISDNexam
setupare
tasks,
you can
move on
to more complex
All ofNow
the topics
on themastered
new 642-821
BCRAN
covered,
providing
comprehensive
exam
optional
ones.
This
scenario
and
the
subsequent
ones
in
this
chapter
differ
in their layout
preparation.
from the rest in that they don't provide topology examples. There is simply no need to
repeat basic ISDN setup to introduce new steps. Any of the optional configuration
parameters discussed in this scenario can be applied separately to an ISDN network,
provided that basic ISDN has already been configured as described in prior scenarios.
Caller ID
The caller identification feature allows for screening of incoming ISDN calls. When the call is
requested, the number supplied in the message is checked against a preexisting table of permitted
numbers. This way, the call is not accepted until it is verified.
The
syntax for
Table
theofISDN
Contents
caller ID command is as follows:
Index


ISBN: 1-58720-073-2
Pages: 528
Router(config-if)#isdn callernumber [callback] [exact]
This
statement
BCRAN
exam. is applied to a called router. The number argument can be up to 25 characters long
and can specify a range of numbers or partially known numbers. If you supply an X for any
position in the number, it is treated as a "don't-care" digit, where the router accepts any number
that matches
the the
same
position.
Also,
you can
assign
numbers
to an interface.
Prepare for
CCNP
642-821
BCRAN
exam
and several
gain a better,
practical
understanding of
exam concepts
Thecallback keyword is used in the callback setups. The optional exact keyword demands the
exactExperience
match to the
configured
number.
In other
words,
if you
don't have
exactlabs
option
how
remote access
concepts
work
in a real
network
withthe
practice
that walk
enabled,
router
accepts
any number of digits supplied by a caller as long as the same
you your
through
their
implementation
sequence of numbers appears in the configured telephone number.
When configuring caller identification, take care that your switch or access router supports this
Ready
yourselfno
forcalls
the will
newget
simulation-based
feature;
otherwise,
through.
Unidirectional PPP Authentication
As
mentioned
in the previous
chapter,
the PPP of
authentication
along works.
with many
questions
by providing
a better
understanding
how remote option,
access really
It is other
also PPP
options,
must
be
bidirectional.
This
means
that
both
routers
participating
in
the
connection
setup
have
to
authenticate
one
another.
There is a way to bend this rule if you add an optional callin keyword at the end of the ppp
authentication
[pap a
| chap]
This keyword
specifies
authentication
is to be used
Each chapter includes
review command.
of the applicable
technology,
and that
guides
the reader through
only
if
the
router
is
on
the
receiving
end
of
the
call.
This issue comes up when one of the routers does not support authentication. Take a look at
Figure 6-6. In this scenario, if R6 places a call to R2, it allows R2 to challenge R6, but it does not
challenge
R2 in return.
However,
if R2
placesexam
a callare
to R6
(a call providing
in), R6 makes
an authentication
All of the topics
on the new
642-821
BCRAN
covered,
comprehensive
exam
request
from
R2.
The
full
syntax
for
the
command
is
preparation.
R6(config-if)#ppp authentication [pap | chap]callin
Table of Contents
Index
Figure 6-6. One-Way PPP Authentication

ISBN: 1-58720-073-2
Pages: 528
Scenario 6-5: Alternative Routing Methods

Gain
hands-on
of to
CCNP
Remote
Access
topics
with
lab scenarios
new Here
642-821
Previously,
you experience
learned how
configure
static
routing
and
dynamic
routing for
viathe
EIGRP.
you
BCRAN
exam.
will see how you can effectively implement OSPF as your dynamic routing method and use static
routing as a backup method.
exam concepts
OSPF Demand Circuit
through
their(DC)
implementation
OSPF you
Demand
Circuit
is another feature that enables routing over ISDN without keeping the
link constantly open. Perhaps you already know that to maintain neighbor relationships and ensure
Review set-up
guides that
show youOSPF
how sends
to prepare
lab for every
study 10 seconds and link-state
the accuracy
of its link-state
databases,
Hello apackets
advertisements (LSAs) every 30 minutes. Normally, it would keep the link up indefinitely.
The OSPF DC option was created to stifle periodic Hellos and LSAs. When DC is configured on a
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642router, its Hello packets have a DC bit set, and its LSAs have a DoNotAge (DNA) bit set that
suppresses those periodic refreshers. The way this works is at first OSPF creates adjacencies and
synchronizes LSA databases in the usual manner. After this is done, OSPF keeps those adjacencies
so that the routing updates can initiate an ISDN call only after a topological change has taken
place.
certification
Finally,
it serves
anyone command
wanting a on
guide
toISDN
real-world
To configureexams.
the OSPF
DC, use
the following
your
interface:
preparation.
R1(config-if)#ip ospf demand-circuit
It has been argued by some that this command should be placed on routers at both ends of the
call. However, it needs to reside only on the calling router. It is of no use to the receiving router.
In instances where both routers can call one another, the use of OSPF DC is not recommended.
Otherwise, you might run into a situation where both routers initiate a call simultaneously after
the topological change, and the call will never get through.
A number of issues are associated with OSPF DC. If you are not careful while redistributing
protocols into OSPF, you might cause routing loops and link flapping that keep the line up
Table of Contents
indefinitely because of constant "change" in topology.
Index
CCNP
Studies:
Remote a
Access
Also, Practical
you might
encounter
scenario
where the ISDN interface's bandwidth, which figures into the

OSPF
By
Wesley
metric
Shuo,of
Dmitry
cost,Bokotey
equals
, Raymond
that of Morrow
the primary
, Deviprasad
link.Konda
OSPF cost is based on a formula: cost =
100,100,000/bandwidth (bps). To keep the ISDN interface as a backup, you would have to
manually
assign
it a very high cost to keep it from load balancing:
Publisher:
Cisco Press
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R1(config-if)#ip
ospf costcost
exam concepts
Floating
Statichow
Routes
Experience
There are situations where you want your static routes to take the back burner to dynamic routing
Review
set-up
guides
that show
you how to You
prepare
a lab
fortostudy
and be
used only
if other
routes
are unavailable.
would
have
configure floating static
routes. Normally, static routes have a default administrative distance of 1. This means that under
ordinary circumstances they are preferred over dynamic routing protocols.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642To switch this order manually, assign an administrative distance to the static route that is higher
than the one of a dynamic route. We recommend using something above 200. Employ the familiar
ip route command, but this time, add an administrative-distance argument at the end:
R1(config)#ip routedestination-network destination-subnet-mask {local-interface |
next-hop}administrative-distance
preparation.
Scenario 6-6: Configuring the Interface and the Backup Interface
The backup interface is used as an alternative to floating static routes. When an ISDN interface is
configured as a backup, its status changes to standby, and its line protocol state changes to down.
They remain that way until something happens to the main link. The command for the backup
interface is configured under the principal interface (not the ISDN interface!). The syntax for the
command is as follows:
Table of Contents
Index


R1(config-if)#backup
ISBN: 1-58720-073-2 interfaceinterface number
Pages: 528
A number of optional parameters can be configured under a backup interface setup. The backup
delay command specifies the amount of time (in seconds) that will lapse after the main interface
Gain
hands-on
of CCNP
Remote
Access
topics
with
lab scenarios
for after
the new
fails and
beforeexperience
the ISDN backup
link
is brought
up.
It also
identifies
how long
the 642-821
principal
BCRAN
exam.
link is repaired the ISDN interface stays up until it becomes inactive again. This command is used
in conjunction with the backup interface command under the chief interface configuration. If
backup delay is omitted, the ISDN interface kicks in instantaneously after the primary link failure
and deactivates after the primary link is back. This isn't a good idea when you're dealing with a
exam concepts
flapping connection.
applications. Designed asdelay
a topic-by-topic
activation-time
guide ofdeactivation-time
Each NOTE
office-based
lab,delay
someworks
networking
simulation
software
programs,
Unlike floating
static routes, backup
only when
the principal
interface
is or
even physically
as a stand-alone
guide.
down. It doesn't work under the administratively down status.
preparation.
Thebackup load command is used in a bandwidth-on-demand scenario. It controls the
percentage of the main link saturation before activating the ISDN interface as well as the
percentage in the decrease of traffic before bringing the ISDN link down. It is also used together
with the backup interface command.

Table of Contents
loadactivation-percentage deactivation-percentage
Index

backup load can be configured alongside the backup delay command. Then, each one is
responsible for its own sphere of influence.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 6-1: Dialing Out with ISDN

This configuration has an AS5300 with four PRIs to allow Async and ISDN outbound connections,
as shown in Figure 6-7. It can support 96 modem calls or a large number of ISDN calls. Static
dialer maps are configured on the dialing side for each ISDN/Async connection. Static IP routes
Tableends
of Contents
are used at both
of the connection to avoid the unnecessary overhead of a dynamic routing
Index
protocol. Adding a remote location would require the addition of a dialer map, a username, and
CCNP
Practical
Access
a static
routeStudies:
for theRemote
new destination
on the dialing side. All remote nodes have fixed IP
addresses.
By
Wesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
ISBN: 1-58720-073-2
Figure 6-7. Dialing Out with ISDN
Pages: 528
BCRAN exam.
exam concepts
Your configuration should include the following:
Ready
for the
The
PRIyourself
switch type,
framing,
and line codingquestions on the CCNP exams
CCNPThe
Practical
Studies:
Access
(CCNP
Self-Study)
prepares
for into
the CCNP 642usernames
andRemote
passwords
of all
the remote
nodes
you will readers
be dialing
applications.
The IP addressing
Designed as
scheme
a topic-by-topic guide of how to apply remote access concepts in a real
preparation.

Example 6-10 shows the solution.
Table of Contents
Example 6-10.
Configuration Output
Index

as5300#show running-config
hostname
Pub Date:as5300
December 22, 2003
ISBN: 1-58720-073-2
Pages: 528
enable password somethingSecret

!
Gain
hands-on
experience password
of CCNP Remote
username
remoteISDN01
0 open4u
BCRAN exam.
ip subnet-zero
!
exam concepts
isdn switch-type primary-5ess

!
controller T1 0
framing esf
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642clock
source
line
821 BCRAN
exam
andprimary
linecode
b8zs this book is useful in preparing a CCNP candidate for the general exam
network setting,
pri-group
timeslotscandidates
1-24
!
Each
chapter T1
includes
controller
1
office-based
framing esf
clock source line secondary 1
preparation.
linecode b8zs
pri-group timeslots 1-24
!
controller T1 2
framing esf
clock source line secondary
linecode b8zs
Table of Contents

Index
controller T1 3
framing
Pub Date:esf
December 22, 2003
ISBN: 1-58720-073-2
clock source line secondary

Pages: 528
linecode b8zs
Gain
!
BCRAN exam.
interface Ethernet0
ip address 171.68.186.54 255.255.255.240
exam concepts
no ip directed-broadcast
!
interface Serial0:23
encapsulation ppp
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642dialer
rotary-group
2 workplace challenges in implementing remote access network
821 BCRAN
exam and for
isdn
switch-type
network
setting, thisprimary-5ess
isdn
incoming-voice
modem
essential
!
Each
chapterSerial1:23
interface
office-based
lab, ppp
a remote-accessible lab, some networking simulation software programs, or
encapsulation
dialer rotary-group 2
preparation.
isdn incoming-voice modem
!
encapsulation ppp
Table of Contents
Index

encapsulation
ppp
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528

Gain
!
BCRAN exam.
interface Dialer2
ip address 10.1.1.65 255.255.255.192
exam concepts
encapsulation ppp
dialer in-band
mapexam
ip 10.1.1.66
name remoteISDN01
broadcast 6665800
821 BCRAN
and for workplace
dialer-group
network setting,1this book is useful in preparing a CCNP candidate for the general exam
ppp
authentication
chap
essential
!
Each
ip classless
office-based
lab,10.1.1.2
ip route 10.1.200.0
255.255.255.0
ip route 10.1.201.0 255.255.255.0 10.1.1.66
preparation.
!
remoteISDN01#show running-config
!
hostname remoteISDN01
!
Table of Contents
Index
enable password somethingSecret

username as5300 password 0 open4u

ip Pub
subnet-zero
ISBN: 1-58720-073-2
no ip domain-lookup
Pages: 528
!
Gain
!
BCRAN exam.
interface Ethernet0
ip address 10.1.201.1 255.255.255.0
exam concepts
!
interface BRI0
ip address 10.1.1.66 255.255.255.192
directed-broadcast
821ip
BCRAN
encapsulation
network setting, ppp
dialer-group
1
isdn
switch-type
concepts,
regardlessbasic-5ess
Each
chapter includes achap
review of the applicable technology, and guides the reader through
ppp authentication
office-based
!
no ip http server
preparation.
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.65
!
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 6-2: ISDN as a Backup

This configuration demonstrates the use of an ISDN BRI line to back up a leased-line connection,
as shown in Figure 6-8. The backup interface command places the specified interface in
standby mode until the primary interface fails.
Table of Contents
Index
Figure
6-8.
DDR
Backup
Using
BRIs and
the backup interface Command
ByWesley Shuo
, Dmitry
Bokotey
, Raymond
Morrow, Deviprasad
Konda
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
This configuration
also uses the Open Shortest Path First (OSPF) routing protocol between the
two routers. As soon as the backup connection is activated, you must ensure that the routing
how
remote
access
concepts
table Experience
is updated to
use
the new
backup
route.work in a real network with practice labs that walk
preparation.

Example 6-11 shows the solution.
Table of Contents
Example 6-11.
Configuration Output
Index

R1#show running-config
Building
Pub Date:configuration...
December 22, 2003
ISBN: 1-58720-073-2
Pages: 528
!
hostname R1
Gain
!
BCRAN exam.
aaa new-model
aaa authentication login default local
exam concepts
aaa authentication login NO_AUTHEN none
aaa authentication ppp default if-needed local
enable secret 5 <deleted>
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642username
7 <deleted>
821 BCRANadmin
exam password
and for workplace
username
R5 password
network setting,
this book7 is<deleted>
!
ip
subnet-zero
concepts,
Each
no ipchapter
fingerincludes a review of the applicable technology, and guides the reader through
office-based
!
isdn switch-type basic-ni
preparation.
!
interface Loopback0
ip address 172.17.1.1 255.255.255.0
!
interface Ethernet0
ip address 172.16.1.1 255.255.255.0
!
Table of Contents
Index
interface Serial0
backup delay 10 30
backup interface BRI0

ip Pub
address
192.168.10.2
255.255.255.252
Date: December
22, 2003
ISBN: 1-58720-073-2
encapsulation ppp
Pages: 528
no ip mroute-cache
Gain
no fair-queue
BCRAN exam.
!
interface BRI0
exam concepts
ip address 172.20.10.2 255.255.255.0
encapsulation ppp
dialer map ip 172.20.10.1 name R5 broadcast 5551111
mapexam
ip 172.20.10.1
name challenges
R5 broadcast
5551112
821 BCRAN
and for workplace
in implementing
dialer
network load-threshold
setting, this book 1
is outbound
dialer-group
1
isdn
switch-type
concepts,
regardlessbasic-ni
Each
includes a review 9969938
isdn chapter
spid1 51299699380101
office-based
a remote-accessible
isdn spid2 lab,
51299699460101
9969946
preparation.
ppp multilink
!
router ospf 5
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 172.17.0.0 0.0.255.255 area 0
network 172.20.10.0 0.0.0.255 area 0
Table of Contents
network 192.168.10.0 0.0.0.3 area 0

Index
ip classless
no Pub
ip Date:
httpDecember
server
22, 2003
ISBN: 1-58720-073-2
Pages: 528
access-list 101 remark Interesting traffic definition for backup link

access-list 101 permit ip any any
Gain
hands-on1experience
dialer-list
protocol ofipCCNP
listRemote
101 Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
Building configuration...
Current configuration:
!
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642hostname
821 BCRANR5
!
aaa
new-model
essential
aaa
authentication
default
local
concepts,
regardless oflogin
certification
interest.
Each
chapter includes alogin
reviewNO_AUTHEN
of the applicable
aaa authentication
none technology, and guides the reader through
office-based
aaa authentication
ppp default if-needed
local
enable secret 5 <deleted>
preparation.
!
username admin password 7 <deleted>
username R1 password 7 <deleted>
!
ip subnet-zero
!
Table of Contents
Index
interface Loopback0
ip address 172.22.1.1 255.255.255.0


ISBN: 1-58720-073-2
interface BRI1/0
Pages: 528
ip address 172.20.10.1 255.255.255.0

encapsulation ppp
Gain
hands-on
experience
dialer
idle-timeout
900
BCRAN exam.
dialer map ip 172.20.10.2 name R1 broadcast
dialer-group 1
exam concepts
isdn spid1 51255511110101 5551111
isdn spid2 51255511120101 5551112
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642ppp
multilink
821 BCRAN
!
interface
Serial2/0candidates for the new simulation-based questions that are on the Cisco
ip
address
192.168.10.1
255.255.255.252
concepts,
regardless
of certification
interest.
Each
chapter includes
encapsulation
ppp a review of the applicable technology, and guides the reader through
office-based
no fair-queue
clockrate 64000
preparation.
!
!
router ospf 5
network 172.20.10.0 0.0.0.255 area 0

network 172.22.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.3 area 0
!
Table of Contents
Index
ip classless
no ip http server
!
dialer-list
1 protocol
Pub Date: December
22, 2003 ip any
ISBN: 1-58720-073-2
Pages: 528
NOTE
BCRAN
exam. that shutting down the primary interface administratively via the
Remember
shutdown command will not bring up the backup link. You need to physically unplug
the cables to verify the configuration's success.
exam concepts
After the backup link is activated, the OSPF table is exchanged, and the new routes using the
backup link are installed. The traffic now flows across the backup link. Example 6-12 shows the
results
of theset-up
backupguides
link operation.
Review
Example 6-12. Verifying the Backup Link Functionality

network setting,
R1#show
ip route
essential in
candidates
forset
Gateway
ofpreparing
last resort
is not
concepts,
regardless ofis
certification
interest.
172.17.0.0/24
subnetted,
1 subnets
Each
chapter
includes ais
review
of the connected,
applicable technology,
C
172.17.1.0
directly
Loopback0and guides the reader through
office-based
172.16.0.0/24
is subnetted,lab,
1 subnets
preparation.
C
172.16.1.0 is directly connected, Ethernet0
172.20.0.0/16 is variably subnetted, 2 subnets, 2 masks
C
172.20.10.0/24 is directly connected, BRI0
172.20.10.1/32 is directly connected, BRI0

172.22.0.0/32 is subnetted, 1 subnets
172.22.1.1 [110/1563] via 172.20.10.1, 00:00:22, BRI0
R1#show interface BRI 0
Table of Contents
BRI0 is up, line protocol is up

Index
Hardware is BRI with U interface and external S bus interface
Internet address is 172.20.10.2, subnet mask is 255.255.255.0

bytes,
BW
PubMTU
Date:1500
December
22, 2003
256 Kbit, DLY 100000 usec,
ISBN: 1-58720-073-2
Pages: 528

Gain hands-on
experience
of CCNP
LCP Open,
multilink
Open Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
Open: IPCP
exam concepts
preparation.
Summary
This chapter covered the theory and configuration of ISDN. ISDN has numerous advantages over
the traditional analog service while maintaining the investment in existing technology and
providing high-speed service at a low cost. ISDN requires proper configuration for you to make
Table
of Contents
the most of its
services
and avoid pitfalls. In this chapter, you learned how to enable legacy
Index
ISDN. You also saw the use of some PPP and DDR techniques and how they relate to ISDN. Table
CCNP
Practical Studies:
Access
6-4 summarizes
the Remote
ISDN commands
used in this chapter.

Table 6-4. Summary of ISDN Commands Used in This Chapter
ISBN: 1-58720-073-2
Pages: 528
Command
Description
isdn switch-typeswitch-identifier
Specifies the central office switch type on the ISDN

interface.
interface
bri number
a BRI
interface
and enters
interface
Gain
hands-on
experience of CCNP RemoteConfigures
Access topics
with
lab scenarios
for the
new 642-821
configuration
mode.
BCRAN exam.
encapsulation ppp
Enables PPP encapsulation on an interface.
for the CCNP

exam and
a better, practical
understanding
ppp Prepare
authentication
{pap642-821
| chap}BCRANEnables
PPPgain
authentication
and specifies
the type.of
exam
concepts
[callin]
ppp Experience
chap hostname
alternate-hostAllows
authentication
through
a name
other
how remote
access concepts
workCHAP
in a real
network with
practice
labs that
walk
name
than
the
host
name.
dialer
idle-timeout
seconds
[inbound
Specifies
the duration
ofstudy
idle time before a line is
Review
set-up guides
that
show you how
to prepare
a lab for
|either]
disconnected.
Ready
questions
the CCNP
dialer
mapyourself
protocolfor
next-hop-address
Configures
a serialoninterface
or exams
ISDN interface to call
[namehostname] [speed speed]
one or multiple sites or to receive calls from multiple
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642[broadcast]dial-string
sites.
applications.
Designed as a topic-by-topic guide
of ahow
todialer
apply list
remote
accessby
concepts
a by
real
dialer-listdialer-group-number
Defines
DDR
for dialing
protocolinor
network
setting,
this book{{permit
is useful in
a CCNP candidate
for the
exam defined
protocol
protocol-name
| preparing
a combination
of a protocol
andgeneral
a previously
questions
by providing
of how
deny} | list
access-list-number}
access
list. remote access really works. It is also
dialer-group
dialer-group-number
Controls
access
by to
configuring
interface to
certification
exams.
Finally, it serves anyone
wanting
a guide
real-worldan
application
of belong
these
to
a
specific
dialing
group.
isdn spid {1 | 2}spid-number [ldn]
Associates ISDN LDNs provided by your telephone
service provider to the SPID.
office-based
a remote-accessible
networking
software
programs,
framing {sflab,
| esf
| crc4 | no-crc4}lab, some
Selects
the framesimulation
type for the
T1 or E1
data line.or
linecode {ami | b8zs | hdb3}
Defines the line code.
clock source {line [primary |
Sets the E1 line clock source for the Cisco AS5200
preparation.
secondary] | internal}
access server.
pri-group timeslotsrange
Specifies the channels to be controlled by the

primary D channel.
interface serial {slot/port: | unit

:}{23 | 15}
Specifies a serial interface created on a channelized

E1 or channelized T1 controller (for ISDN PRI,
channel-associated signaling or robbed-bit
signaling).
ip routedestination-network
destination-subnet-mask{local-interface
|next-hop} [administrative-distance]
Establishes static routes and defines the next hop for

large-scale dial-out.
Table of Contents
backup interface
Index interface number
Configures an interface as a secondary or dial

backup.
backup delayactivation-time
deactivation-time
Defines how much time should elapse before a

secondary line status changes after a primary line
status has changed.
backup loadactivation-percentage
ISBN: 1-58720-073-2
deactivation-percentage
Sets a traffic load threshold for dial backup service.
isdn caller number [callback] [exact]
Configures ISDN caller ID screening and optionally

enables ISDN caller ID callback for legacy DDR.
Pages: 528
isdn answer {1 | 2}called-partyForces the router to verify a called-party number or

number
subaddress number in the incoming setup message
Gain hands-on experience of CCNP Remotefor
Access
withiflab
fordelivered
the new by
642-821
ISDNtopics
BRI calls
thescenarios
number is
the
BCRAN exam.
switch.
show isdn status
Displays the status of all ISDN interfaces.
show
interface
interface
Displays information about the physical attributes of
exam
concepts
the ISDN interface.
show controller {t1slot/port | bri}
Displays information about the ISDN PRI or BRI.
debug isdn q921
Monitors the ISDN connection in real time.
preparation.
Review Questions
1:
Which of the following digital services does ISDN provide?
Table of Contents
Index
A. Voice
B. Data
C. Text
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. Graphics
Pages: 528
E. Music
F. Video
All of theof
above
Gain hands-onG.
experience
CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
2: Which of the following services does an NT2 device perform?
exam concepts
A. Compression
B. Switching
C. Concentrating
D. Encryption
3: What
type of
interface
can make
the R reference
point?
CCNP Practical
Studies:
Remote
Access
(CCNPup
Self-Study)
prepares
network setting,
book232-C
A. this
EIA/TIA
B. X.25 candidates for the new simulation-based questions that are on the Cisco
C. c.V.24
D. V.35 a review of the applicable technology, and guides the reader through
office-based
4: What
lab, atype
remote-accessible
of standard cable
lab,does
some
the
networking
BRI U interface
simulation
use? software programs, or
preparation. A. Two-wire
B. Four-wire
C. Six-wire
D. BRI-wire
5:
What happens when no more traffic is transmitted over the ISDN call?
A. An idle timer starts.

B. The call disconnects.
Table of Contents
Index
C. The bandwidth deteriorates.
D. Unidirectional flow changes directions.
6:
What happens if the isdn switch-type command is used in global mode?

ISBN: 1-58720-073-2
A. Only one
interface accepts that switch type.
Pages: 528
B. All ISDN interfaces assume the same switch type.

C. A few ISDN interfaces assume the same switch type.
D. Integrated services are enhanced.
BCRAN 7:
exam.
True or false: Static routes are used in stub environments to save costs.
8: What type of framing is used for modern T1 PRI configurations?
exam concepts
Experience
A. how
sf remote access concepts work in a real network with practice labs that walk
B. esf
C. crc4
D. no-crc4
for workplace
challenges
9: exam
Whichand
linecode
type is specified
for in
T1implementing
PRI configuration?
A. ami candidates for the new simulation-based questions that are on the Cisco
B. b8zs
C. hdb3a review of the applicable technology, and guides the reader through
D. aNone
of the above lab, some networking simulation software programs, or
office-based lab,
remote-accessible
10: True or false: Rate adaptation can increase the ISDN channel speed.
preparation.
Chapter 7. Optimizing the Use of DDR

with Interface Dialer Profiles and Rotary
Groups
Table of Contents
Index


ISBN: 1-58720-073-2
Dialer
Pages: 528
Profiles and Dialer Rotary Group Configuration
The drawback of legacy dial-on-demand routing (DDR), as discussed in the preceding chapter, is
that it cannot differentiate per user by specifying separate characteristics for various users. All
calls made over the same physical interface must have the same configuration parameters. To
sidestep this requirement, dialer profiles were created. They allow a user-specific profile to be
configured on the router by separating the physical interface configurations from the logical
BCRAN exam.
configurations. Such profiles establish the characteristics of a particular user and then are
dynamically allocated to the same interface for incoming or outgoing DDR calls.
exam concepts
preparation.

DDR consists of two portions: logical and physical. Network layer address, encapsulation, and
dialer parameters are part of the logical portion of DDR. The interface that places and receives
calls is the physical portion. When dialer profiles are implemented, the physical interfaces
Table of
Contents
comprise a dialer
pool
and are allocated from this pool on an as-needed basis. A physical
Index
interface is borrowed from the dialer pool when a call is made. It is returned to the pool when
CCNP
Practical
Studies: Remote
the call
is complete.
Dialer Access
profiles dynamically bind logical and physical configurations for each
call.
ThisShuo
allows
theBokotey
physical
interface
to take
on different
By
Wesley
, Dmitry
, Raymond
Morrow
, Deviprasad
Konda characteristics according to the
requirements of an incoming or outgoing call. Remember that the combination of physical and
logical
characteristics is only temporary and lasts as long as the call.
ISBN: 1-58720-073-2
Advantages
of Dialer Profiles
Pages: 528
Table 7-1 discusses the advantages of dialer profiles over legacy DDR.
BCRAN exam.
Table 7-1. Dialer Profiles Versus Legacy DDR
Prepare
exam Profiles
Legacy
DDR for the CCNP 642-821 BCRANDialer
exam concepts
All ISDN B channels have the same
There is one configured logical interface per ISDN B
Experience
remote access
concepts
configuration
ashow
the physical
interface.
channel.
One dialer map is required for every
The dialer profile is a point-to-point interface that
dialer
for every
protocol,
makes
negates
the requirement
for a Layer 3-to-Layer 2
Review
set-up
guideswhich
that show
you how
to prepare
a lab for study
multiprotocol configurations very
mapping and the subsequent complexities of
complex.
managing
multipleon
maps.
Ready yourself for the new simulation-based
questions
the CCNP exams
Dial backup
is Studies:
restricted
because
when(CCNP
Dialer
profiles save
the ISDN
B channels
CCNP
Practical
Remote
Access
Self-Study)
prepares
readers
for the by
CCNP 642a
BRI
or
PRI
is
used
to
back
up
an
permitting
the
ISDN
BRI
interfaces
belong to
821 BCRAN exam and for workplace challenges in implementing remote accesstonetwork
interface, allDesigned
the B channels
go down,
multiple
dialertopools.
allows
a backup
interface
applications.
as a topic-by-topic
guide
of how
applyThis
remote
access
concepts
in a real
and
the
whole
interface
is
idle.
to
be
nondedicated
and
useable
when
the
primary
interface
is still
up. access really works. It is also
of how
remote
concepts,
of certificationperks,
interest.
In
additionregardless
to the aforementioned
dialer profiles provide the ability to separate the logical
portion of DDR from the physical interface, allowing you to
Enable concurrent
bridging over lab,
DDRsome
interfaces
to multiple
sites software programs, or
office-based
networking
simulation
Limit the number of minimum or maximum connections taking place on a DDR interface
Assign different Layer 3 network addresses to different members of a physical interface
preparation.
Specify different encapsulations for different B channels
Configure different members of a DDR interface with different DDR parameters
Dialer profiles support only PPP or HDLC encapsulation. PPP encapsulation is the most popular
choice because it's nonproprietary and offers authentication options. This chapter's discussion
focuses on PPP.
Dialer Profile Components

A dialer profile is a combination of the following components:
Table of Contents
Index
CCNP Practical
Dialer interface
Studies: Remote
A logical
Access
portion of a dialer profile. The dialer interface governs all

configuration
settings
for
a
destination.
Each dialer
ByWesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad
Konda interface can contain multiple dialer
maps. Furthermore, different per-call parameters can be assigned to each dialer map
defined in a dialer map class. The dialer interface defines the destination network protocol
address, encapsulation type, type of PPP authentication, and dialer remote name for PPP
Pub
Date:
22, 2003specified parameters include the dialer string/map, dialer pool number,
PAP
orDecember
CHAP. Other
ISBN:
1-58720-073-2
interesting traffic lists, Multilink PPP, and optional timeouts.
Pages: 528
Dialer map class An optional portion of a dialer profile that defines call characteristics
for a specified destination. Map classes are designed to avoid having to identify the same
call characteristics repeatedly for multiple interfaces. If a map class isn't used, a separate
call characteristics definition is required for each dialer interface, even if those
characteristics are identical for several dialer interfaces. The information included in a map
class is tuned for each destination. This information can specify an ISDN speed of 56 kbps,
BCRAN exam.
whether it is a semipermanent connection, optional dialer timers such as dialer fast idle,
dialer idle timeout, and dialer wait-for-carrier time.
Dialer
pool A group of one or more physical interfaces of which each dialer interface is a
exam concepts
member. Each dialer interface is associated with a dialer pool. A physical interface can be
part
of more
than
one dialer
pool.
You can
alsoinconfigure
an optional
priority,labs
which
Experience
how
remote
access
concepts
work
a real network
with practice
that walk
determines
outbound
dialing
contention
for
specific
physical
interfaces
in
the
pool.
Physical
interfaces
Members
of one
pools.
Thefor
configuration
of a physical
Review set-up
guides that
show you
howortomore
prepare
a lab
study
interface is limited to the encapsulation parameters. If required, Multilink PPP and PPP
authentication
to enable identification
of the
pools
to which the interface
Ready yourself are
for specified
questions
on dialer
the CCNP
exams
belongs. The encapsulation method of the physical interface must match that of the dialer
CCNPinterface,
Practical Studies:
Remote
(CCNP
prepares
readers for the CCNP 642which belongs
to Access
the same
poolSelf-Study)
as the physical
interface.
Dialer
Profile Binding Sequence
As
you know,
dialer Finally,
profiles it
specify
technique
of dynamically
binding the
logical andofphysical
certification
exams.
servesthe
anyone
wanting
a guide to real-world
application
these
configuration.
It
is
the
job
of
the
NAS
to
associate
dialer
information
with
a
physical
port to
accommodate the needs of a particular user dialing in to or out of the NAS. When multiple dialer
profiles
are configured
the NAS,
it must
determine
which profile
to bind
everythrough
call. The
Each chapter
includes aon
review
of the
applicable
technology,
and guides
thefor
reader
following
two sections
the This
binding
sequence process
for dialing
dialing
implementation
of the describe
technology.
step-by-step
canout
be and
executed
onin.
a home- or
Dialing Out
preparation.
The binding process for the outgoing calls works as follows:
1. When an outgoing packet arrives at the NAS, a route table lookup is performed, and the
incoming packet from the network arrives. A route table lookup points to the destination
2.
1.
via the dialer interface.
2. When it is noted that the dialer interface is a dialer profile, the IOS determines whether an
existing connection for this profile exists. If there is none, the software identifies the pool to
which the dialer interface belongs.
3. The NAS searches for the first available physical interface of the pool that has the highest
pool priority. When it is located, this interface is identified for use in dialing. It is then
Table of Contents
bound to
the dialer interface, taking on the configuration of that dialer interface.
Index
CCNP
Studies: number
Remote Access
4. Practical
The telephone
for the
dialer profile is dialed, and the regular DDR process takes
place.
ByWesley
Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
Dialing
In December 22, 2003
Pub Date:
ISBN: 1-58720-073-2
What makes
the incoming call-binding process more complex than that for the outgoing calls is
Pages: 528
the fact that the called physical interface may be a member of multiple pools, and the pools, in
turn, may be associated with multiple dialer profiles. The incoming call-binding process is as
follows:
BCRAN
1. If the
exam.
physical interface belongs to only one pool, which is associated with one dialer
profile, the bind occurs between the physical interface and this dialer profile. If this isn't
possible, the next step is a further attempt at binding known as an approximate match .
concepts
2. exam
This attempt
looks for a match of the Call Line ID (CLID) from the call with the dialer
number from a dialer profile. However, the search involves only the profiles associated with
Experience
how remote
access
concepts
work in
a real network
practice
labs
that walk
the pool to which
the dialed
physical
interface
belongs.
If there with
is a match,
the
physical
you
through
their
implementation
interface is bound to the dialer profile that returned a match. If this step fails as well,
proceed with the further binding attempt known as a complete match.
3. If PPP authentication is configured on the physical interface, the call is answered, and the
Ready
for the new
simulation-based
questionsname
on the
exams
caller isyourself
authenticated.
In this
case, the authenticated
is CCNP
used to
match the dialer
profile that contains the same name in its configuration. Again, the only profiles that are
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642checked are those that are associated with the same pools of which the called physical
interface is a member. If the check returns a match, the physical interface is bound to the
found dialer interface. If the complete match fails, the binding cannot occur, and the call is
disconnected.
essential
preparing
candidates
for last
the new
simulation-based
questions that
on the
Cisco
You mightinhave
realized
that for the
binding
attempt to be successful,
the are
physical
interface
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of
these
needs to have PPP encapsulation and PPP authentication enabled. Also, the physical interface
concepts,
regardless
of
certification
interest.
engages in PPP Link Control Protocol (LCP) layer negotiations (described in Chapter 5,
"Configuring Point-to-Point Protocol and Controlling Network Access") before binding to a profile.
This means that if a dialer profile is using Multilink PPP, the physical interface must be
configured for Multilink PPP as well because LCP negotiations might take place before the dialer
profile is located.
After the bind has occurred, this does not mean that the connection has occurred as well. Just
because the physical interface found the logical configuration to use, this does not imply that the
preparation.
call cannot be disconnected for other reasons. One such reason can be the maximum threshold
configured for inbound calls. When the NAS locates an appropriate profile for an incoming call, it
checks whether the profile has reached its maximum connection limit. If the current incoming
call puts the profile's connection limit over its configured maximum, the call is disconnected.
Dialer Profile Limitations

Dialer profiles have certain limitations:
Dialer profiles do not support dynamic encapsulation.
The only
supported
encapsulation types are PPP and HDLC. X.25 and Frame Relay are not
Table
of Contents
currently
supported.
Index
The physical and dialer interfaces both require PPP authentication to be enabled.
The maximum threshold for incoming calls is checked only after the call has been
charge applies regardless of whether the call is later disconnected
because
of the22,
exceeded
limit.
Pub
Date: December
2003
Publisher:
answered,
Cisco Press
so the
ISBN: 1-58720-073-2
Each dialer interface takes up an interface description block (IDB). IDB is an internal
Pages: 528
structure that manages an interface. Because a limited number of IDBs are available (the
exact number depends on the hardware platform), dialer profiles might have certain
scalability constraints.
BCRAN exam.
exam concepts
preparation.

Dialer rotary groups are designed to simplify configuration for multiple callers and multipledestination environments by binding a single configuration to multiple physical interfaces.
Synchronous, asynchronous, ISDN BRI, and ISDN PRI interfaces can make up a dialer rotary
Table of
Contents that is configured as a member of a rotary group assumes
group. A physical
interface
Index
configuration parameters for the group. A rotary group consisting of multiple physical interfaces
CCNP
Practical
Studies: Remote
applies
the configuration
ofAccess
a logical dialer interface, also called a virtual dialer interface, to all
itsWesley
members.
By
When rotary groups are used, such characteristics as the IP address, interesting traffic definition,
and call parameters are connected with the dialer interface rather than the physical interface.
When
a call comes into the router, the dialer interface selects a physical interface from the pool
ISBN: interfaces.
1-58720-073-2
of physical
Pages: 528
With rotary groups, users of several BRIs or PRIs might get a single phone number from the
service provider. Therefore, they allocate all their interfaces to a single rotary group so that only
one number needs to be dialed. This kind of setup requires the remote routers to have only one
set of dialer map statements for your destination. In turn, debugging and management on the
user
are less
complicated.
Gain side
hands-on
experience
BCRAN exam.
exam concepts
preparation.
Dialer Profiles and Dialer Rotary Group Configuration

This section is divided into two portions:
Configuring
Table dialer
of Contents
profiles
Index
Configuring
dialer
rotary
groups
CCNP Practical
Studies:
Remote
Access
Each part briefly describes the general configuration tasks involved in setting up dialer profiles
and rotary groups. These tasks and the specific commands needed to configure them are
Publisher:inCisco
Press
described
more
detail in the "Scenarios" section for both dialer profiles and rotary groups.
ISBN: 1-58720-073-2
Pages: 528
Configuring
Dialer Profiles
Dialer profile configuration involves three separate stages:
1. Configure
BCRAN
exam. the logical dialer interface.
2. Configure the physical interface as a member of a dialer pool. At this stage you also specify
the
service
for the BCRAN
physicalexam
interface.
Prepare
for parameters
the CCNP 642-821
exam concepts
3. Optionally define the map class.
Let's you
briefly
look attheir
some
commands that let you configure dialer profiles. A number of
through
implementation
commands involved in this process create relationships between the elements of a dialer pool.
SomeReview
of these
commands
to the
physical
set-up
guidesbelong
that show
you
how to interface
prepare aconfiguration
lab for studyportion, and others
belong to the dialer interface.
Among the dialer interface commands is the dialer string command, which specifies the
destination's
phone
number.
Multiple
phone
numbers
may prepares
be included
using for
dialer
string.
CCNP Practical
Studies:
Remote
Access
(CCNP
Self-Study)
readers
the CCNP
642Starting
withexam
Ciscoand
IOSfor
Release
12.2(8)T,
you can
specify the order
in which
these
phone
821 BCRAN
workplace
challenges
in implementing
remote
access
network
numbers
are Designed
to be used.
the dialer guide
stringofcommand,
youremote
can include
the
optionalin a real
applications.
asWithin
a topic-by-topic
how to apply
access
concepts
keyword
followed
byis
the
map-class-name
When used,
specify
a particular
network class,
setting,
this book
useful
in preparing parameter.
a CCNP candidate
for thethey
general
exam
map
class by
andproviding
pull the configurations
from thatofmap
for the
call.really works. It is also
questions
howclass
remote
access
Another
portion
of the
dialeritprofile
is toaspecify
the
pool of physical
interfaces
certification
exams.
Finally,
servesconfiguration
anyone wanting
guide to
real-world
application
of these
used
to
reach
the
target
network.
The
pool
is
identified
by
a
number
between
1
and
255.
You
then includes
associateaareview
physical
with atechnology,
numbered and
pool guides
and place
interface
in that
Eachcan
chapter
of interface
the applicable
the the
reader
through
pool
using a special
physical
interface
described
in can
Scenario
7-1.
implementation
of the
technology.
Thiscommand
step-by-step
process
be executed
on a home- or
To
make
configuration
even
as ayour
stand-alone
guide.completely functional, two extra steps need to be taken:
1. Specify "interesting" traffic that will cause the link to be brought up.
preparation.
2. Define the static routes to be used.
Configuring Dialer Rotary Groups

Five configuration stages set up dialer rotary groups:
1. Define interesting traffic.
2. Create a
Table
dialer
of Contents
interface.
Index
3. Practical
Configure
the physical
interfaces
CCNP
Studies:
Remote Access
as a rotary group.
4. Configure static routes.
Cisco Press
5.Publisher:
Disable
routing updates.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Scenarios
This section presents three scenarios. The first teaches you how to configure dialer profiles with
a BRI interface. The second describes dialer profile configuration on a PRI interface. The third
offers a dialer rotary group configuration example.
Table of Contents
Index
Scenario 7-1: Configuring Dialer Profiles
In this scenario, you enable DDR between R1 and R2, as shown in Figure 7-1.
ISBN: 1-58720-073-2
Pages: 528
Figure 7-1. Dialer Profile Configuration Topology
BCRAN exam.
exam concepts
implementation
of the technology.
This
step-by-step
can be
executed
on a homeor
R2 has been preconfigured
for legacy
DDR,
as shownprocess
in Example
7-1.
Every command
shown
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
should already be familiar to you from Chapter 6, "Using ISDN and DDR Technologies to or
even
as aRemote
stand-alone
guide.
Enhance
Connectivity."
preparation.
Example 7-1. Configuration of R2
hostname R2
!
!Output omitted for brevity
!
Table of Contents
Index
interface BRI0
ip address 192.168.1.2 255.255.255.0
encapsulation ppp
dialer
idle-timeout
120
Pub Date:
December 22, 2003
ISBN: 1-58720-073-2

Pages: 528
dialer-group 1
Gain
!
BCRAN exam.
exam concepts
Your assignment
to configure
R1 with dialer profiles. As you know, to configure dialer profiles,
you throughistheir
implementation
you need to do the following:
Configure
one or
dialer
interfaces.
Ready yourself
formore
the new
simulation-based
an optional
dialerAccess
map class
to Self-Study)
define different
characteristics
onthe
a per-call
basis.
CCNPConfigure
Practical Studies:
Remote
(CCNP
prepares
readers for
CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
Configure the physical interfaces, and add them to a dialer pool.
Configuring
the Dialer
Interface
candidates
concepts,
You
can now
regardless
begin the
of dialer
certification
profileinterest.
configuration on R1. Before you can configure any
commands for the dialer interface, you need to create it using the following command:
preparation.
R1(config)#interface dialernumber
Theinterface dialer command puts you in dialer interface configuration mode. You can choose
a number from 1 to 1000. After the dialer interface is created, you can set up the entire
configuration for a destination inside it.
Under the dialer interface configuration, you need to specify the IP address of the dialer interface
that the physical interface will later assume when the binding occurs. To assign an IP address to
Table of Contents
the dialer interface, use the following command:
Index


ISBN: 1-58720-073-2
Pages: 528
R1(config-if)#ip addressaddress mask
BCRAN
exam.
Thedialer
remote-name command identifies the name of the remote router, R2. This name is
checked by CHAP authentication.
exam concepts
R1(config-if)#dialer remote-namename
questions
The
next command
by providing
defines
a better
the destination
understanding
router's
of how
phone
remote
number.
access
You
really
alsoworks.
have the
It isoption
also to
essential
define
map
in classes.
preparing candidates for the new simulation-based questions that are on the Cisco
preparation.
R1(config-if)#dialer stringnumber classmap-class-name
You can use multiple phone numbers with the dialer string command. Before Cisco IOS Release
12.2(8)T, the first telephone number in the dial string list was always the one used for a specific
outgoing call. However, Release 12.2(8)T introduced the Rotating Through Dial Strings feature,
which lets you customize the dial string usage order. By using this feature, you can specify the
dialing order of multiple dial strings.
The syntax to configure the Rotating Through Dial Strings feature is as follows:
Table of Contents
Index


R1(config-if)#dialer order {sequential | round-robin | last-successful}

ISBN: 1-58720-073-2
Pages: 528
The options are as follows:

sequential
The call uses the first dial string in the multiple strings list.
BCRAN
exam.
round-robin The call uses the next dial string in the list after the most recently
Prepare forstring.
successful
exam concepts
last-successful The call uses the most recently successful string.
Thedialer
load-threshold
command specifies the traffic load, which causes additional links to
you through
be brought up for Multilink PPP:
for the new
simulation-based
questions| that
are on the Cisco
load-threshold
load
[outbound | inbound
either]
Validload values are between 1 and 255, with 255 being 100% load. You also can choose to
specify the direction of traffic for which the load is calculated.
Thedialer wait-for-line-protocol command forces the dialer to wait a specified amount of time
for a line protocol after establishing a physical connection. If a call is dropped before the timer
preparation.
has expired, the call is considered unsuccessful, which creates conditions for a redial (if this is
configured). This command is used only for the PPP encapsulation, because Cisco HDLC
encapsulation is the default line protocol and always comes up. To set up the line protocol timer,
use the following syntax:
R1(config-if)#dialer wait-for-line-protocolseconds
Table of Contents
Index

Theseconds value can range from 1 to 2147483.

Use the dialer hold-queue command to set the number of packets in queue while the line is
coming up:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R1(config-if)#dialer hold-queuenumber
exam concepts
you through
theirisimplementation
Thenumber
argument
a value between 1 and 100.
Review
set-up
guidesisthat
show
you how atodialer
prepare
a lab for
study
Thedialer
pool
command
used
to associate
interface
with
a dialer pool:
R1(config-if)#dialer poolnumber
Substitute
the number guide.
argument with a value between 1 and 255.
To
thetopics
dialeron
interface
dialer
list toexam
use toare
determine
interesting
traffic parameters,
All tell
of the
the newwhich
642-821
BCRAN
covered,the
providing
comprehensive
exam
use
the
following
command:
preparation.
R1(config-if)#dialer-groupdialer-list-number
Table of Contents
The
group numbers
should be in the range of 1 to 10.
Index
You specify that Multilink PPP is to be used on the dialer interface with the following command:

ISBN: 1-58720-073-2
Pages: 528
R1(config-if)#ppp multilink
BCRAN exam.
When the ppp multilink command is placed on the logical interface, it deals with outgoing
calls; when placed on the physical interface, it is applied to incoming calls. For both incoming
exam concepts
and outgoing calls, place this command on both physical and dialer interfaces.
Example 7-2 shows the dialer interface configuration portion of R1. Notice the following
elements in the output:
The phone number of the destination is 0002, with the map class DEPT.
The dialer interface is assigned to pool 5.
The IP address and mask are specified under the dialer interface configuration.
network
book
is useful
Thesetting,
remote this
router
name
is setin
forpreparing
CHAP authentication.
essential
preparing
candidates
List in
number
1 is specified
forfor
interesting
traffic definition. questions that are on the Cisco
Example
7-2. Dialer Interface Configuration of R1
!
preparation.
interface dialer1
ip address 192.168.1.1 255.255.255.0
encapsulation ppp
dialer remote-name R2
dialer string 0002 class DEPT
dialer wait-for-line-protocol 10
Table of Contents
Index
dialer load-threshold 60 either
By
Wesley Shuo
, Dmitry Bokotey
dialer
hold-queue
12 ,Raymond Morrow,Deviprasad Konda
dialer
pool
5 Press
Publisher:
Cisco
dialer-group
1
ISBN: 1-58720-073-2
Pages: 528
dialer order round-robin

no cdp enable
BCRAN
exam.
ppp multilink
!
exam concepts
Configuring the Map Class
Now
can configure
optional
map(CCNP
class. The
map-class
dialerreaders
command
is used
to642define
CCNPyou
Practical
Studies: an
Remote
Access
Self-Study)
prepares
for the
CCNP
a
map
class
and
subsequently
enter
map
class
configuration
mode:
R1(config)#map-class
dialerclass-name
preparation.
In the preceding step, you specified DEPT as the class name. This means that the dialer1
interface on R1 is associated with map class DEPT, created by the map-class dialer command.
Class names are case-sensitive.
As soon as you enter map class configuration mode, you can define parameters for the map
class. Such commands may vary from one environment to the next. The commands used in this
scenario are only examples, not requirements.
For instance, use the dialer isdn speed command to set an ISDN bit rate to 56 kbps for use in
the map class:
Table of Contents
Index

R1(config-map-class)#dialer
isdn speedspeed
ISBN: 1-58720-073-2
Pages: 528
Thedialer idle-timeout command causes the call to be disconnected if there is no activity on

the link for the time specified. This helps you avoid unnecessary charges.
BCRAN exam.
exam concepts
R1(config-map-class)#dialer idle-timeoutseconds
Theidle-timeout
CCNP
Practical Studies:
defaultRemote
is 20 seconds.
The
dialer fast-idle
command
is used when
a call
waiting
for the
interface
butconcepts
the idle in a real
applications.
Designed
as a topic-by-topic
guide
of ishow
to apply
remote
access
timeout
hasn't
yet
expired.
If
the
fast-idle
command
is
specified,
the
current
call
network setting, this book is useful in preparing a CCNP candidate for the general is
exam
disconnected
much faster
so that
the waiting call
can get
through.
The
syntax
for this
a better
understanding
of how
remote
access
really
works.
It iscommand
also
is
as
follows:
preparation.
R1(config-map-class)#dialer
fast-idleseconds
The default fast idle time is 20 seconds.
Thedialer wait-for-carrier-time command causes the call to be dropped if no carrier is

detected within the specified amount of time. Use the following syntax to issue the command:
Table of Contents
Index

R1(config-map-class)#dialer wait-for-carrier-timeseconds
ISBN: 1-58720-073-2
The default
value is 30 seconds. However, for asynchronous lines, the value should be at least 60
Pages: 528
seconds to allow for delays in the telephone network.
Example 7-3 shows the configuration of map class DEPT. This is the same map class that is
associated with the dialer1 interface. One of the set parameters is for the call to disconnect after
2 minutes of no data traffic.
BCRAN exam.
Example 7-3. Map Class DEPT on R1

exam concepts
Experience
R1#show
running-config
!
interface dialer1
!
! Output omitted for brevity
!
map-class dialer DEPT
dialer isdn speed
56
implementation
of the technology.
dialer
idle-timeout
120
even as a
stand-alone guide.
dialer
All
of the fast-idle
topics on the20
preparation.
dialer wait-for-carrier-time 30
!
Configuring the Physical Interface

The final of the three dialer profile configuration tasks is configuring the physical interface and
applying it to a dialer pool.
of Contents
The first partTable
of the
physical interface configuration is to assign the interface in question to a
Index
dialer pool. Dialer pools can use a combination of synchronous, serial, BRI, or PRI interfaces. To
CCNP
Practical
Studies: in
Remote
Access
include
an interface
a dialer
pool,
issue the following command:

ISBN: 1-58720-073-2
Pages: 528
R1(config-if)#dialer pool-membernumber [prioritynumber] [min-linknumber]

[max-link
number]
Gain
hands-on
BCRAN exam.
exampool-member
concepts
Thedialer
command can be used several times to assign the interface to more
than one dialer pool. If you use the optional priority keyword, you can assign a priority to this
Experience
remotepool.
access
concepts
work in
a real network
with practice
interface
within ahow
particular
The
valid priority
numbers
range between
1 and labs
255.that
The walk
you
through
their
implementation
higher the number, the higher the likelihood that the interface will be chosen over other
interfaces. The prioritization of interfaces within a pool applies only to dialing out. The min-link
and max-link options reserve the minimum and maximum number of ISDN B channels for an
interface.
The
lowestfor
number
requirement
is 1, andquestions
the highest
is 255.
Ready
yourself
the new
simulation-based
on the
CCNP exams
As
mentioned,
important
to set
PPP (CCNP
encapsulation,
authentication,
and multilink
options
on a
CCNP
Practical it's
Studies:
Remote
Access
Self-Study)
prepares readers
for the CCNP
642physical
interface
for
LCP
negotiations
to
be
successful
and
for
subsequent
profile
binding
to
take
place.
When
configuring
the
physical
interface,
don't
forget
to
include
these
settings.
Example 7-4 shows R1's physical interface configuration. Here a physical interface is assigned to
pool number 5. Notice that the Layer 2 protocol parameters have been configured as well.
Example 7-4. Physical Interface Configuration of R1
R1#show
even as a running-config
stand-alone guide.
!
preparation.
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 5
ppp multilink
!
Table of Contents
interface
dialer1
Index
dialer pool 5
!
Pub Date:omitted
December 22,
2003
! Output
for
brevity
ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on
experience
of CCNP Remote
topics
Scenario
7-2:
Configuring
Dialer Access
Rotary
Groups
BCRAN exam.
In this scenario you will learn all five stages of rotary group configuration. You will do so by
reconfiguring
R2,the
previously
used in BCRAN
Scenario
7-1.and
Figure
illustrates
the current
topology.of
Prepare for
CCNP 642-821
exam
gain7-2
a better,
practical
understanding
exam concepts
Figure
7-2. Rotary Group Configuration Topology
you through
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Ready
yourself forTraffic
Defining
Interesting
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642The first step in the rotary group configuration is to define interesting traffic. You learned how to
do so in Chapters 5 and 6. This section is a brief reminder. Packets that are considered
interesting trigger a DDR call. Interesting traffic criteria can vary. The choices include protocol
type, source address, destination address, and port number. To create an interesting traffic
definition, you use the following command:
dialer-group-number protocolname [permit | deny | list
preparation.
access-list-number]
Key components of this command are described in Table 7-2.
Table 7-2. Interesting Traffic Command Arguments

Argument Table of Description
Contents
Index
dialer-groupthis
CCNP
Practical Studies:References
Remote Access
number
dialer list using the same number as in the dialer-group
command.
protocol name
Specifies which protocol packets are considered interesting for DDR,

Publisher: Cisco Pressincluding IP, IPX, AppleTalk, DECnet, and VINES.

permit
| deny
Permits or forbids the named protocol to initiate DDR. Can also optionally
ISBN: 1-58720-073-2
specify an access list.
list
Pages: 528
References an access list created for greater precision in interesting traffic

definition.
R2's
traffic definition,
shown
in Example
7-5, allows
IP scenarios
traffic to initiate
but not
Gain interesting
hands-on experience
of CCNP
Remote
Access topics
with lab
for the DDR
new 642-821
IPX.
BCRAN exam.
Prepare7-5.
for the
CCNP 642-821
BCRAN exam
and gain
better, practical understanding of
Example
Defining
Interesting
Traffic
ona R2
exam concepts
!
hostname R2
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642!
dialer-list
1 protocol
permit
network setting,
this book isip
useful
dialer-list
1 protocol
ipx deny
candidates
!
All ofNOTE
the topics on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
In this scenario, IPX traffic would be denied with or without the list statement, because
interesting traffic must be explicitly permitted.
Creating the Dialer Interface for Dialer Rotary Groups

The dialer interface created for rotary groups should include all configuration parameters that
will later be applied to a physical interface when a call is made. Therefore, configuring a dialer
interface has several stages of its own:
Step 1. Create a dialer interface with the following command:
Table of Contents
Index


ISBN: 1-58720-073-2
dialernumber
Pages: 528
Thenumber element is used to produce a dialer interface. It also is used as a reference number
for
a hands-on
rotary group.
All subsequent
steps
in this
take place
in dialer
interface
Gain
experience
of CCNPconfiguration
Remote Access
topics
withsection
lab scenarios
for the
new 642-821
configuration
mode.
BCRAN exam.
Step 2. Configure a local network address and mask. This address will be applied to the
physicalfor
interface
at the
time of
the call.
Prepare
the CCNP
642-821
BCRAN
exam concepts
Step 3. Configure the encapsulation type, such as PPP.
you
Step
through
4. When
their
PPP
implementation
is used, configure PPP authentication.
Review
that show
how modems,
to prepareuse
a lab
study command:
Step 5.set-up
Whenguides
using internal
or you
external
thefor
following
certification
exams. Finally,
it serves
anyone
wanting
in-band
[no
parity
| odda parity]
This command does not apply to ISDN interfaces, because they use out-of-band dialing on the D
channel.
Step
6. Connect
the dialer-list
interesting
definition
with thecomprehensive
dialer-group exam
All of the
topics
on the new
642-821 BCRAN
examtraffic
are covered,
providing
command.
preparation.
Step 7. Map the destination parameters with the dialer map command:
R2(config-if)#dialer mapprotocol next-hop-address namehostname [broadcast]
dialer-string
Table of Contents
Index

ByWesley
Shuo8.
, Dmitry
, Raymond
Morrow
, Deviprasad
Konda
Step
ForceBokotey
a dialer
interface
to be
connected
at
all times with the new dialer

persistent command. For all intents and purposes, it achieves the same effect as the
dialerCisco
idle-timeout
0 command. The dialer idle-timeout command should not be
Publisher:
Press
when
the dialer persistent command is present.
Pubconfigured
Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R2(config-if)#dialer persistent [delay [initial]seconds | max-attempts
number]
exam concepts
The optional delay keyword sets the delay in seconds before a persistent connection attempts to
reestablish
a network
error.
The you
initial
keyword
delays
a persistent
Reviewafter
set-up
guides that
show
how
to prepare
a lab
for study connection
establishment after configuration or bootup and without interesting traffic. max-attempts is the
maximum
offor
reconnecting
attempts after aquestions
network error.
Readynumber
yourself
on the CCNP exams
CCNP Step
Practical
Studies: Remote
Access
Self-Study)
the attempts,
CCNP 6429. Configure
the number
of (CCNP
redial attempts,
theprepares
interval readers
betweenfor
redial
821 BCRAN
exam
and
workplace
challenges
inredial
implementing
access network
and how
long
thefor
interface
is disabled
if all
attemptsremote
fail:
office-based
lab, some
networking
simulation
programs, or
redial interval
seconds
attempts
redials software
[re-enable
disable-time-seconds]
preparation.
Example 7-6 shows the dialer interface configuration on R2. If you compare this output with
Example 7-1, you'll notice that the network address, encapsulation-related commands,
interesting traffic, and destination coordinates have all moved from the physical interface into
the dialer interface.
Example 7-6. Configuring the Dialer Interface on R2
R2#show
running-config
Table of Contents
Index
!
interface dialer1
Press
ip Publisher:
addressCisco
192.168.1.2
255.255.255.0
ISBN: 1-58720-073-2
encapsulation
ppp
Pages: 528
dialer-group 1
BCRAN exam.
dialer persistent delay initial 60
dialer
persistent
delay
10
Prepare
for the CCNP
642-821
exam concepts
dialer persistent max-attempts 5
dialer
redial interval
20 attempts 5 re-enable 3600
you through
ppp authentication
chapthat show you how to prepare a lab for study
!
Configuring
Physicala Interfaces
as a Rotary
Group
of how
certification
Finally, it serves
anyone
guide toinreal-world
application
thesean
This
portion exams.
of the configuration
includes
the wanting
physical ainterface
a rotary group.
First,of
select
certification
interest.
interface,
BRI0 in thisofcase,
to comprise
a rotary group. After you enter the configuration mode
of that interface, create a dialer rotary group:
preparation.
R2(config-if)#dialer rotary-groupnumber
Thenumber argument should match the dialer interface number that you want your rotary group
configuration to come from. No further configuration of the physical interface is required. All
other parameters come from the dialer interface.
Configuring
Static
Routes
Table
of Contents
Index
CCNP
Practical
Studies:
Access
The last
two steps
inRemote
the dialer
rotary group setup are not rotary group-specific and are needed
for
general
DDR
deployment.
The
step
is to configure
ByWesley Shuo, Dmitry Bokotey, Raymondfirst
Morrow
, Deviprasad
Konda a static route for each DDR calling
destination:
ISBN: 1-58720-073-2
Pages: 528
R2(config)#ip
routenetwork
mask
{address
interface}
Gain hands-on experience
of CCNP
Remote
Access| topics
with lab[distance]
BCRAN exam.
exam concepts
Defining Passive Interfaces
The final
is totheir
stop implementation
routing updates from triggering a DDR call by making your dialer
you step
through
interface passive:
essential
in preparing candidates for the new
simulation-based
dialer
number
NOTE
You can also create certain conditions with an access list that prevent updates of a
preparation.
particular routing protocol from passing. You can then add the access list to the dialerlist statement.
Scenario 7-3: Configuring the PRI Interface to Receive Asynchronous

Calls and ISDN Calls
In this scenario you will learn how to configure a PRI interface on R3 to receive asynchronous
calls and existing ISDN calls from R4, as shown in Figure 7-3. R3 is a Cisco 3640 with a Fast
Ethernet network module, a T1/ISDN PRI network module, and a 30-modem network module
with
five modems
installed.
Table of
Contents This study combines some configuration tasks learned in this chapter
and
those
learned
in
previous chapters.
Index
Figure 7-3. PRI Interface Configuration Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Experience
access
conceptstowork
in aconfigured
real network
practice
labs
that PRI
walk
Assume
that you how
haveremote
previously
connected
R3 and
thewith
serial
interface
ISDN
you
through
their
implementation
channel with certain parameters. You can also assume that a PC has already been configured for
asynchronous calls and R4 for BRI calls. While working on the R3 configuration, you will have to
remove some of the existing statements as well as configure some new parameters.
As mentioned, R3 has been preconfigured to receive ISDN calls. Therefore, you should start by
removing
someStudies:
of the old
configuration.
Example
7-7 shows
the statements
in need
of removal.
CCNP Practical
Remote
Access (CCNP
Self-Study)
prepares
readers for
the CCNP
Example
7-7.this
Removing
the
Configuration
from
network setting,
book is useful
in Old
preparing
a CCNP candidate
for R3
the general exam
serial 1/0:23
interest.
Each
chapter includes
a review
of the applicable
R3(config-if)#no
dialer
idle-timeout
180 technology, and guides the reader through
office-based
R3(config-if)#no
dialer map ip 10.1.1.4
name R4 5551134
R3(config-if)#no dialer-group 1
preparation.
R3(config-if)#no ppp authentication chap
R3(config-if)#no ip address
R3(config-if)#router eigrp 100
R3(config-router)#no passive-interface serial 1/0:23

R3(config-router)#no redistribute static
R3(config-rotuer)#no ip route 10.44.0.0 255.255.255.0 10.1.1.4
Table of Contents
Index
Now that the old configuration has been erased, you are ready to configure a PRI interface to
receive ISDN and asynchronous calls. This process involves the following steps:
Reconfiguring
Publisher:
Cisco Pressthe
PRI interface and adding it to dialer pool 4
Creating an asynchronous group interface for use with internal modems

ISBN: 1-58720-073-2
Pages: 528
Creating
a dialer interface
Configuring modem line characteristics

Disallowing routing protocol updates to trigger DDR calls
BCRAN
Verifying
exam. static routes
exam concepts
Configuring the PRI Interface
Enter you
serial
1/0:23their
configuration
mode, and configure the D channel to switch incoming analog
through
implementation
calls to the internal modems:
for the modem
R3(config-if)#isdn
incoming-voice
implementation
of the
technology.
This
process can be executed on a home- or
Next you can assign
the
PRI interface
tostep-by-step
dialer pool 4:
preparation.
R3(config-if)#dialer pool-member 4
Configuring an Asynchronous Group Interface

Here you need to configure an asynchronous group interface for R4's internal modems. Table 7-3
of Contents
describes theTable
commands
needed to configure an asynchronous group interface.
Index

Table 7-3. Asynchronous Group Interface Commands
Command
ISBN: 1-58720-073-2
Description
Pages: group-async
528
interface
1
Creates an asynchronous group interface.
ip unnumbered ethernet
0/0
Forces the group interface to use the IP address of the Ethernet

port.
encapsulation ppp
Enables the use of PPP encapsulation on the interface.
ppp authentication
chap
Specifies the PPP authentication type.
BCRAN
exam.
dialer in-band
Enables DDR on the interface and sends the data and the DDR
control information over the same line.
exam
concepts 180
dialer
idle-timeout
Specifies a timeout of 3 minutes if no data is detected on the
line.
dialer-group
1 their implementation
Refers the interface to dialer list 1 for interesting traffic
you through
definition.
Lets the dial-in user run Serial Line Internet Protocol (SLIP) and
at EXEC level on
the line.on the CCNP exams
Ready yourself for the newPPP
simulation-based
questions
peer default ip address
Specifies that the interface allocates an IP address to any
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642pool bigpool
incoming call from the address pool bigpool.
applications.
Designed as a topic-by-topic
guide
of Discovery
how to apply
no cdp enable
Disables the
Cisco
Protocol.
group-range
6065 a better understanding
Identifies the modem
in this
group
interface.
questions
by providing
of how lines
remote
access
really
works. It is also
Creating a Dialer Interface
implementation
the technology.
This step-by-step
process
can be
executed
oninterface.
a home- Table
or
At this stage youofcreate
the dialer interface
to allow R4
to connect
using
its BRI
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
7-4 describes the usual configuration tasks.
preparation.
Table 7-4. Dialer Interface Configuration Commands
Command
Description
interface dialer 1
Creates the dialer interface.
ip address 10.1.1.3
255.255.255.0
Configures the dialer interface's IP address and mask.
Sets an idle timer.
Table of Contents
Index
dialer-group 1
Recalls the dialer list that defines interesting traffic.
CCNP
Practical Studies:
encapsulation
pppRemote Access
Sets the encapsulation to PPP.
Sets the PPP authentication to CHAP.
noPublisher:
peer default
ip address
Cisco Press
Stops the dialer interface from trying to assign an IP address

to incoming calls.

ISBN: 1-58720-073-2
ppp multilink
Pages: 528
Enables Multilink PPP.
Identifies the remote router.
Supplies R4's phone number.
dialer pool 4
Sets the dialer interface to use pool 4.
BCRAN exam.
Configuring Modem Line Features

Now you
need
to configure the internal modem lines and their physical characteristics. Table 7-5
exam
concepts
shows the list of commands needed to accomplish this.
Table 7-5. Modem Line Configuration Commands
Command
Description
CCNP
line 60 65
Enters modem line configuration mode, which is used for
asynchronous calls coming into the PRI interface.
questions
by during-login
providing a better
understanding
of how remote
access
It is
also
autoselect
Lets
the router automatically
select
the really
correctworks.
protocol
during
login.
autoselect
ppp
Specifies
PPP as the autoselect protocol.
concepts,
regardless
of certification
interest.
login local
Tells the router to check a local login username and password.
implementation
Thismodem
step-by-step
executed
on outgoing
a home- calls.
or
modem inout of the technology.
Sets the
lines toprocess
accept can
bothbe
incoming
and
modem
even
as a autoconfigure
stand-alone guide. Tells the router that the modem type is to be automatically
discovery
discovered and configured for operation.
transport input all
Specifies that the lines will accept all protocols.
preparation.
stopbits 1
Sets the number of stop bits for the data.
Configures the router to control flow by using RTS CTS signal

lines.
Preventing Routing Updates from Triggering DDR Calls

The last stage of this scenario's configuration is preventing routing updates from making a DDR
call. You must ensure that such updates will not be sent over the dialer interface. Table 7-6 lists
the needed commands.
Table of Contents
Index
Table 7-6. Routing Configuration Commands
Command
Description
Pub Date:
December
router
eigrp
100 22, 2003
Enters routing protocol configuration mode.
ISBN: 1-58720-073-2
passive-interface dialer 1
Specifies the dialer 1 interface as passive.
ip route 10.44.0.0
255.255.255.0 dialer 1
Assigns a static route to R4's Ethernet network address

over the dialer 1 interface.
Pages: 528
Verification
BCRAN exam.
You know that to see the commands you've entered, you can enter show running-config.
Prepare
CCNP
BCRAN
exam
gain of
a better,
of
However,
youfor
canthe
use
other642-821
methods
to verify
theand
success
your configuration.
Here are some
examtesting
concepts
additional
techniques:
You
can dial into
ISDN PRI interface from the PC modem. The PRI interface should
you through
theirR3's
implementation
pass the call from the PC to the internal modems to be answered. If this action results in
Review
set-up
guides
that show
you how
toaprepare
a lab for
study
the "User
access
verification"
message
and
login prompt,
the
connection has been
correctly established.
You can dial in over the ISDN line from R4 by pinging R3's Ethernet port. To reach the
CCNPEthernet
Practicalnetwork,
Studies: R4
Remote
(CCNP
prepares
readers establishment.
for the CCNP 642dials Access
into R3's
ISDNSelf-Study)
PRI interface
for connection
You
821 BCRAN
exam
workplace
in implementing
remote
access
network
can watch
theand
callfor
setup
activitychallenges
and the ping
response on R4
to verify
whether
the call was
applications.
successful.
questions
by providing
a better
understanding
of how
You can
use the debug
command
you learned
in remote
Chapteraccess
6.
preparation.
Practical Exercise: Configuring Dialer Profiles

In this exercise you provide DDR configuration for the three routers pictured in Figure 7-4. R3 is
the central router that R1 (remote branch) and R2 (telecommuter) dial into.
Table of Contents
Index
Figure 7-4. Configuring Dialer Profiles

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

To complete this exercise you need to configure two dialer profiles on R3one for each caller.
Use the map class with the dialer string on R3 for R1. You also have to configure a dialer profile
on R1 for its communication with the central site. R2 needs to be configured for legacy DDR.
Table of Contents
Index
The addressing
scheme is shown in Figure 7-4. Use the EIGRP protocol when configuring R3.
CCNP
Remote
Accessconfiguration, you can verify it against Examples 7-8,7-9, and
After Practical
you areStudies:
finished
with your
7-10.
Example 7-8 shows the configuration of R3.


ISBN: 1-58720-073-2
Example
7-8. Central Site Configuration
Pages: 528
hostname
R3 experience of CCNP Remote Access topics with lab scenarios for the new 642-821
Gain hands-on
BCRAN exam.
!
aaa new-model
exam concepts
you through their ppp
implementation
aaa authentication
default local
!
username admin privilege 15 password 7 cisco
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642username
password
cisco
821 BCRANR1
exam
and for7workplace
username
R2 password
network setting,
this book7 iscisco
!
isdn
switch-type
concepts,
regardlessbasic-5ess
!
interface
office-basedEthernet0
ip address 192.22.80.4 255.255.255.0
!
preparation.
interface BRI0
no ip address
encapsulation ppp
Table of Contents
ppp multilink
Index
interface Dialer0
ip
192.22.85.1
255.255.255.0
Pubaddress
Date: December
22, 2003
ISBN: 1-58720-073-2
encapsulation ppp
Pages: 528
dialer pool 1
Gain
hands-on
experience
of class
CCNP Remote
dialer
string
6661000
mapclass1
BCRAN exam.
dialer load-threshold 128 outbound
dialer-group 5
exam concepts
ppp multilink
!
interface Dialer1
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642ipBCRAN
address
192.22.86.1
255.255.255.0
821
exam
and for workplace
encapsulation
ppp
network
setting, this
dialerinpool
1
essential
preparing
dialer regardless
remote-name
R2
concepts,
of certification
interest.
Each
chapter
includes
dialer
string
6662000
office-based
lab, a5remote-accessible lab, some networking simulation software programs, or
dialer-group
preparation.
!
router eigrp 67
redistribute static
passive-interface Dialer0
passive-interface Dialer1
network 192.22.0.0
auto-summary
Table of Contents
Index
ip classless
ip route 192.22.95.0 255.255.255.0 Dialer1

ip Pub
route
255.255.255.0 Dialer0
Date:192.22.96.0
December 22, 2003
ISBN: 1-58720-073-2
Pages: 528
map-class dialer mapclass1

Gain
hands-on
experience
dialer
fast-idle
5 of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
!
exam concepts
!
Example
7-9yourself
shows the
of R1.
Ready
for configuration
for workplace
challenges
Example
7-9. and
Remote
Branch
Configuration
essential
R1#show in
running-config
concepts,
hostname regardless
R1
!
aaa new-model
preparation.
aaa authentication ppp default local
!
username R3 password 7 cisco

!
ip subnet-zero
!
Table of Contents
Index

interface Ethernet0
ip Pub
address
192.22.96.1
Date: December
22, 2003 255.255.255.0
ISBN: 1-58720-073-2
Pages: 528
interface BRI0
no ip address
Gain
hands-on experience
encapsulation
ppp
BCRAN exam.
exam concepts
ppp multilink
!
interface Dialer1
ip address 192.22.85.2 255.255.255.0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642encapsulation
821 BCRAN examppp
dialer
10this book is useful in preparing a CCNP candidate for the general exam
network pool
setting,
dialer
R3
essentialremote-name
dialer
string
6663000
concepts,
regardless
Each
chapter
includes a review
dialer
load-threshold
128 outbound
office-based
lab,5 a remote-accessible lab, some networking simulation software programs, or
dialer-group
preparation.
ppp multilink
!
ip classless
ip route 192.22.0.0 255.255.0.0 192.22.80.0

ip route 192.22.80.0 255.255.255.0 Dialer1
!
Table of Contents
Index

Example
Publisher:
7-10
Cisco
shows
Press the configuration of R2.
ISBN: 1-58720-073-2
Example
7-10. Telecommuter Configuration
Pages: 528
hostname R2
BCRAN exam.
!
aaa new-model
exam concepts
aaa authentication
login access
default
localwork in a real network with practice labs that walk
concepts
aaa authentication ppp default local
!
BCRANR3
exam
and for7workplace
username
password
cisco
network
!
essential
in preparing
isdn switch-type
basic-5ess
concepts,
!
interface Ethernet0
ip address 192.22.95.1 255.255.255.0
!
preparation.
interface BRI0
ip address 192.22.86.2 255.255.255.0
encapsulation ppp
dialer map ip 192.22.86.1 name R3 6663000

dialer-group 1
Table of Contents
Index
ip classless
ip route 0.0.0.0 0.0.0.0 192.22.86.1


ISBN: 1-58720-073-2

Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
In this chapter you learned how to configure dialer profiles. Dialer profiles allow separation of
logical configurations from the physical interfaces that are later bound together when a DDR call
is made. Dialer profile components include a dialer interface, dialer pool, physical interfaces, and
Table of
Contents
an optional dialer
map
class.
Index
CCNP
Practical Studies:
Remote Access
To
configure
dialer profiles,
you follow these steps:
Step 1. Configure a dialer interface.
Step 2. Configure an optional map class to be applied to the dialer interface.

ISBN: 1-58720-073-2
Step
3. Configure the physical interfaces, and attach them to the same dialer pool as the
Pages:
appropriate
528
dialer interface.
You also learned how to configure dialer rotary groups. Dialer rotary groups let you call multiple
destinations at the same time by allowing a single logical interface configuration to be applied to
a set of physical interfaces. Many of the rotary group configuration elements are identical to
those of legacy DDR and dialer profiles. To configure dialer rotary groups, you follow these
BCRAN exam.
steps:
Step 1.for
Define
interesting
traffic.
Prepare
the CCNP
642-821
exam concepts
Step 2. Create a dialer interface.
Step
3. Configure
the physical interfaces.
you
through
Step 4.set-up
Configure
static
Review
guides
thatroutes.
show you how to prepare a lab for study
Ready
Step 5.
yourself
Disable
for
routing
the new
updates.
preparation.
Review Questions
1:
What is another name for a dialer interface?
Table of Contents
Index
A. Backup dialer interface
B. Ancillary dialer interface

C. Surrogate
Pub Date: December
22, 2003
dialer interface
ISBN: 1-58720-073-2
D. Virtual dialer interface
Pages: 528
2:
True or false: When a call is triggered, the dialer interface selects a physical
interface from the pool.
3: Which of the following cannot be used in the logical configuration?

BCRAN exam.
A. The network layer address
B. Encapsulation
exam concepts
C. The
media concepts
type
Experience
howinterface
remote access
D. Dialer parameters
4: True or false: When dialer profiles are used, an active BRI interface can function as
dial backup.
Readyayourself
CCNP Practical
5: Which
Studies:
of the Remote
following
Access
interfaces
(CCNP
can
Self-Study)
be used with
prepares
dialer pools?
readers(Choose
for the CCNP
all that
642821 BCRANapply.)
A. Framecandidates
Relay
B. Serial
C. BRI
implementation
the technology. This step-by-step process can be executed on a home- or
D. of
PRI
preparation.
6:
What is the correct syntax to prohibit routing updates from being sent on the dialer
1 interface?
A. no routing update dialer 1

B. passive-interface dialer 1
Table of Contents
Index
C. dialer 1 no update
ByWesley Shuo,D.
Dmitry
interface-passive
Bokotey, Raymond Morrow
dialer
, Deviprasad
1
Konda
7: What
is the
Publisher:
Cisco Press
main advantage of using dialer rotary groups?

ISBN: 1-58720-073-2
Pages: 528
A.
They simplify configuration for multiple callers and calling destinations.
B. They organize interface selection in a round-robin fashion.

C. They allow Multilink PPP to be implemented, but only on identical interfaces.
Gain hands-on
of CCNP for
Remote
topics selection.
D. experience
They are required
ISDNAccess
PRI channel
BCRAN exam.
8:
What is the correct syntax for assigning a physical interface to a rotary group?
exam concepts
A. dialer rotary 1
you through
B. rotary-group
1
Review C.
set-up
guides
that show you
dialer
rotary-group
1 how to prepare a lab for study
Ready yourself
for the new
D. dialer-group
1 simulation-based questions on the CCNP exams
preparation.
Chapter 8. Using DSL to Access a Central

Site
of Contents
This
chapter Table
covers
Index
ADSL Overview

Cisco
UAC
Pub
Date: 6400
December
22,Overview
2003
ISBN: 1-58720-073-2

Pages: 528
This chapter focuses on Digital Subscriber Line (DSL) technology. DSL, like cable modem, is one
of the most popular broadband access methods and will be a new topic on the CCNP exam.
After completing this chapter, you will understand the basic Asymmetric DSL (ADSL) technology,
Cisco
6160 DSLexperience
Access Multiplexer
configuration,
andlab
Cisco
6400 Universal
Access
Gain hands-on
of CCNP (DSLAM)
Remote Access
topics with
scenarios
for the new
642-821
Concentrator
BCRAN exam.(UAC) configuration. You will also understand different access architectures and
protocols such as Integrated Routing and Bridging (IRB), Routed Bridge Encapsulation (RBE),
Point-to-Point Protocol over ATM (PPPoA), and Point-to-Point Protocol over Ethernet (PPPoE).
Note exam
that there
concepts
are different flavors of DSL technologies. This chapter focuses on ADSL
technology.
preparation.
ADSL Overview
DSL technology introduces a new family of products that can provide high-speed data and voice
service over existing copper pairs. Several flavors of DSL exist, but each type can be categorized
as either SDSL or ADSL. Symmetric DSL(SDSL) provides equal bandwidth from the customer
Table
of Contents
premises to the
service
provider (upstream) and from the service provider to the customer
Index
(downstream).ADSL provides higher downstream speeds than upstream.
Traditionally,
ADSL Bokotey
has been
used to
provide
high-speed
, Raymond
Morrow
, Deviprasad
Konda data service by encoding data on the
local loop by using frequencies (up to 1 MHz) greater than voice (up to 4 kHz) so that existing
telephone service would be preserved and would travel simultaneously with the data. At the
central office (CO), the voice would be routed to the public switched telephone network (PSTN)
using
a low-pass frequency filter called a POTS splitter chassis (PSC).
ISBN: 1-58720-073-2
FigurePages:
8-1 depicts
528
a typical end-to-end ADSL system. Beginning at the customer premises, the
user's general-purpose computer is connected to the ADSL Terminating Unit-Remote (ATU-R)
over an Ethernet connection.
Figure 8-1. Typical End-to-End ADSL System
BCRAN exam.
exam concepts
applications.
as a topic-by-topic
guidesplitter
of how device.
to applyInremote
accesshowever,
concepts the
in a real
The
ATU-R is Designed
typically connected
to an external
some cases,
network setting,
this
book is useful
a CCNP
candidate
forand
the microfilters
general exam
external
splitter is
eliminated
in lieuinofpreparing
an internal
filter in
the ATU-R
attached to
questions
by providing
a better
understanding
of how
remote
reallythe
works.
also to a
plain
old telephone
service
(POTS)
devices in the
home.
From access
the splitter,
loopItisiswired
essential Interface
in preparing
candidates
for serves
the new
are on the Cisco
Network
Device
(NID) that
assimulation-based
the demarcation questions
point into that
the customer
certification
exams.
Finally,
serves
anyone wanting
a guide
to real-world
application
of these
premises.
From
the NID,
theitloop
is connected
to a splitter
device
in the central
office that
splits
concepts,
regardless
of certification
interest.
off
voice traffic
and routes
it to the PSTN.
Data is connected to the ADSL Terminating UnitCentral Office (ATU-C). The user's data traffic is then typically routed across the ATM network to
Each
chapter includes
a review
an aggregation
gateway
or router.
Modulation Methods
preparation.
Three
modulation methods for encoding data onto the local loop are Carrierless Amplitude and
Phase (CAP), Discreet MultiTone 2 - Issue 2 (DMT2), and G.lite. DMT was selected as the
preferred standard for ADSL modulation. CAP technology is cost-effective and readily available.
G.lite is a simplified DMT encoding scheme that provides limited features to facilitate
interoperability and minimize end-user interaction.
Table 8-1 shows the maximum data rates for downstream and upstream, line-coding
technologies, and maximum reach. Note that the maximum-reach number is best-case,
assuming "clean copper."
Table of Contents
Index
Table 8-1. ADSL Data Rates
CCNP
Practical Data
Studies:
Remote
Access
Maximum
Rate
Downlink/Uplink
Line Coding Technology
Maximum Reach
8 Mbps/1 Mbps
CAP, DMT
18,000 feet/5.5 km
1.5Publisher:
Mbps/640
Ciscokbps
Press
G.lite
18,000 feet/5.5 km

ISBN: 1-58720-073-2
Pages: 528
Sources
of Interference
Many sources of interference can degrade the quality of DSL. For instance, loading coils are used
as a low-frequency (300 to 3300 Hz) filter but cannot be present for ADSL operation.
Gain
experience
of CCNP
Remote
Otherhands-on
sources of
interference
include
the following:
BCRAN exam.
Impedance changes
exam concepts
Bridged
taps
Crosstalk
Impulse hits
Techniques to Solve Interference
Several
techniques
exam and
exist
forfor
workplace
adjustingchallenges
to interference:
Rate-Adaptive
(RADSL)
Used to of
adjust
transmission
rate.works. It is also
questions
by providingDSL
a better
understanding
how the
remote
access really
Reed-Solomon
Forward
Erroranyone
Correction
(FEC)
The
of correcting
errors
certification
exams. Finally,
it serves
wanting
a guide
toprocess
real-world
application
of these
mathematically
at
the
receiving
end
of
a
transmission
path
rather
than
calling
for
a
retransmission.
Bit interleaving
Used to avoid
consecutive
errors
delivered
to the
algorithm
implementation
of the technology.
This having
step-by-step
process
can be
executed
on aFEC
homeor
at
the
receiving
end
of
the
circuit.
Trellis coding A modulation error-correction technique to improve error performance
reception.
All of during
the topics
preparation.

This section provides an overview of the Cisco 6160 DSLAM system and hardware components
and discusses basic Cisco DSLAM configuration.
Table of Contents
Index
System
and Hardware Components
The Cisco 6160 can be operated as a carrier class DSLAM with ADSL, SDSL, and Integrated
Services Digital Network DSL (IDSL) interfaces. The Cisco 6160 is intended for use in North
Publisher:
Cisco Press
American
central
office facilities. The Cisco 6160 DSLAM can support up to 256 subscribers and
Pub
Date:
December
22, 2003
concentrate traffic onto
a single high-speed WAN trunk.
ISBN: 1-58720-073-2
Examine
Figure
Pages:
528 8-2. The chassis has 32 short slots for line cards and two double-length slots for
Network Interface (NI-2) cards. Slots 10 and 11 hold the NI-2 cards. Slots 1 to 9 and 12 to 34
hold the line cards. Some of the essential functions the NI-2 card provides are ATM switching,
WAN interface, and subtending.
BCRAN exam.
Figure 8-2. Cisco 6160 DSLAM Chassis
exam concepts
WAN
All
of interfaces
the topics can
on the
be new
either
642-821
OC-3c or
BCRAN
DS3 and
exam
canare
becovered,
used for providing
trunking or
comprehensive
subtending. exam
preparation.allows up to 12 other chassis to be subtended to a single host DSLAM system,
Subtending
aggregating the subtended systems through a single network uplink.
DSL line cards come in several varieties. In this chapter, the Quad Flexicard is used. It supports
four ADSL connections and can be configured with CAP, DMT2, or G.lite line coding.
NOTE
You can install line cards of two or more different types in a single Cisco 6160 chassis.
However, mixing different types of cards (Flexi ADSL, SDSL, and/or IDSL) on the same
side of the chassis might result in decreased performance.
Table of Contents
Index
Basic
Cisco 6160 DSLAM Configuration
In this
section, you will learn all the necessary information to successfully configure the Cisco
6160 DSLAM.
ISBN: 1-58720-073-2
Pages: 528
Interface
Numbering
Before you begin the configuration, it is important to know the interface numbering scheme used
by the Cisco IOS software in the 6160. Interfaces whose names begin with ATM0 (ATM0/0,
ATM0/1, and so forth) are NI-2 card WAN interfaces. ATM0/0 is the ATM switch's interface with
Gain
hands-on There
experience
of CCNP
Remote Access
topics
with
lab
scenarios
for the new 642-821
the processor.
is no need
to configure
ATM0/0
unless
you
plan
to use in-band
BCRAN
exam.
management. ATM0/1 is the trunk port. ATM0/2 and ATM0/3, if present, are subtending
interfaces.
Table 8-2 illustrates the interface numbering scheme for Cisco 6160 DSLAM.
exam concepts
Table
8-2.that
Cisco
DSLAM
Interface
Numbering
Review set-up
guides
show6160
you how
to prepare
a lab for study
Ready yourself
Interface
Description
CCNP
PracticalThe
Studies:
Remote interface
Access (CCNP Self-Study) prepares readers for the CCNP 642ATM0/0
ATM switch's
ATM0/1
Trunk interface
applications.
Designed
network
setting,
this
book
ATM0/2
Subtend
essential
ATMA/B in preparing
A = 1 tocandidates
34 (slot); B
for=the
1 tonew
4 (port)
simulation-based questions that are on the Cisco
Ethernet0/0
Management
Ethernetinterest.
port
concepts,
regardless
of certification
implementation
of 8-2,
the technology.
This step-by-step
can be
executed
on a
homeor
As shown in Table
interfaces whose
names beginprocess
with ATM1
through
ATM34
are
line card
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
interfaces. Ethernet0/0 is the interface for the LAN that connects the Cisco 6160 to its
even
as
a
stand-alone
guide.
management system. For line card interfaces, the number before the slash indicates the slot
number. The number after the slash indicates the interface or port number. For example,
All
of theistopics
ATM5/4
port 4on
in the
slotnew
5. 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
Configuring Line Cards

Before you can use the Flexicard, you need to configure a slot for a specific card type. Use this
command:
Table of Contents
Index
slotslot# cardtype

slot#
the December
slot number;
the range is 1 to 34. cardtype is the card type for which you want to
PubisDate:
22, 2003
configure
the
slot. You must indicate the type of card. To configure the Quad Flexicard in slot 1
ISBN:
1-58720-073-2
to usePages:
DMT 528
modulation, you would enter the following:
BCRAN exam.
lab-6160(config)#slot 1 ATUC-4FLEXIDMT
exam concepts
NOTE
CCNPYou
Practical
can use
Studies:
show hardware
Remote Access
command
(CCNPto
Self-Study)
find out which
prepares
cardsreaders
are installed
for theinCCNP
the 642821 BCRAN
Cisco 6160
exam
DSLAM.
essential
preparing
CreatinginDSL
Profiles
Except for a few dynamic operational modes, port configuration takes place through a
configuration
profile rather
thanofby
direct
configuration.
A profile
is a named
list of configuration
Each
chapter includes
a review
the
applicable
technology,
and guides
the reader
through
parameters withof
a the
value
assigned to
each
parameter.process
You cancan
change
the value
implementation
technology.
This
step-by-step
be executed
onof
a each
home- or
parameter inlab,
the aprofile.
To configure lab,
a subscriber,
you needsimulation
only attach
the desired
profileor
to
office-based
remote-accessible
some networking
software
programs,
that subscriber.
When you
change a parameter in a profile, you change the value of that
even
as a stand-alone
guide.
parameter on all ports using that profile. If you want to change a single port or a subset of
ports,
youtopics
can copy
thenew
profile,
change
the desired
parameters,
and then assign
the new profile
All of the
on the
642-821
BCRAN
exam are
covered, providing
comprehensive
exam
to
the desired ports. Multiple ports can share the same profile, but one port cannot have more
preparation.
than one profile. If you modify an existing profile, that change takes effect on every ADSL port
linked to that profile.
Every port is attached to a special profile named "default" by default. You can modify the default
profile (but not delete it). This is useful when you want to modify one or two default parameters
and apply this to every port in the system (rather than creating a new profile with minor
changes and attaching it to every port in the system).

When you create a profile, it inherits all the configuration settings of the default profile at the
time of creation. If you subsequently modify the special profile default, the new changes to the
default do not propagate to the previously created profiles.
To create a DSL profile, or to select an existing profile for modification, use the following
command:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
dsl-profile
profile-name
Gain
hands-on
CCNP
Remote
To
delete
a DSLexperience
profile, useofthe
following
command:
BCRAN exam.
exam concepts
no dsl-profileprofile-name
In
both examples,
profile-name
is the name
of the
want
to create,
orconcepts
an existing
applications.
Designed
as a topic-by-topic
guide
of profile
how toyou
apply
remote
access
in a real
profile
you
want
to
delete
or
modify.
To
create
a
DSL
profile
called
ccnp,
you
would
enter the
following:
All of the topics on the terminal
lab-6160#configure
preparation.
lab-6160(config)#dsl-profile ccnp
After the DSL profiles are created, you can customize them with the following parameters:
Bit rate
DMT margin
Check bytes
Table of Contents
Interleaving
Index delay
Training mode
The following sections discuss these parameters in more detail.

ISBN:
Setting
the1-58720-073-2
Bit Rate
Pages: 528
To set the maximum and minimum allowed bit rates for the fast-path and interleaved-path
profile parameters, use the following command:
BCRAN exam.
exam concepts
Experience
how
remote access
concepts dmt-bitrate
work in a realupstream
network dmt-bitrate
dmt bitrate
max
interleaved
downstream
dmt-bitrate is a multiple of 32 kbps. If you enter a nonmultiple of 32 kbps, the Cisco IOS
software
abortsStudies:
the command.
CCNP Practical
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
InExample 8-1, the command sets the maximum interleaved-path bit rate of the ccnp profile to
8032 kbps downstream and 832 kbps upstream.
Example
Bitanyone
Ratewanting a guide to real-world application of these
certification 8-1.
exams.Setting
Finally, itthe
serves
implementation of the technology.
lab-6160#configure
terminal This step-by-step process can be executed on a home- or
lab-6160(config)#dsl-profile
ccnp
All of the topics on the new 642-821bitrate
BCRAN exam
are covered, providing
comprehensive
exam
lab-6160(config-dsl-prof)#dmt
interleaved-path
downstream
8032
preparation.
upstream 832
Setting the Margins

To set upstream and downstream signal-to-noise ratio (SNR) DMT margins, use the following
command:
Table of Contents
Index

dmt margin downstreamdmt-margin upstreamdmt-margin

ISBN: 1-58720-073-2
Pages: 528
dmt-margin is equal to the upstream and downstream SNR margins in decibels. Values must be
nonnegative integers. The range is from 0 to 127 dB.
BCRAN exam.
NOTE
Research
has shown that the optimum margins for DMT service are 6 dB downstream
exam concepts
and 6 dB upstream.
InExample
8-2,
the guides
command
theyou
DMT
SNR
thefor
ccnp
profile to 6 dB upstream
Review
set-up
thatsets
show
how
to margins
prepare of
a lab
study
and 3 dB downstream.
CCNP
Practical
Studies:
Remote
Access
(CCNP Self-Study) prepares readers for the CCNP 642Example
8-2.
Setting
the
Margin
lab-6160#configure terminal
lab-6160(config-dsl-prof)#dmt margin downstream 3 upstream 6
All
of theCheck
topics on
the new 642-821 BCRAN exam are covered, providing comprehensive exam
Setting
Bytes
preparation.
Check bytes are also called FECbytes. They are added to the user data stream to improve error
correction, but they slow performance. To set upstream and downstream check bytes, use the
following command:
dmt check-bytes interleaved downstreambytes upstreambytes
Table of Contents
Index

bytes values can be 0, 2, 4, 6, 8, 10, 12, 14, and 16. The default is 16 in each direction.
InExample 8-3, the command sets the interleaved check bytes for the ccnp profile to 6
upstream and 12 downstream.
ISBN: 1-58720-073-2
Pages: 528
Example 8-3. Setting the Check Bytes
Gain
hands-on experience
lab-6160#configure
terminal
BCRAN exam.
lab-6160(config-dsl-prof)#dmt check-bytes interleaved
exam concepts
downstream 12 upstream 6
Ready
yourself forDelay
Setting
Interleaving
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642To
the interleaving
delay
parameter,
use thisincommand:
821set
BCRAN
exam and for
workplace
challenges
dmt
interleaving-delay
downstream
delay-in-secs
upstream
delay-in-secs
office-based
lab,
some networking
simulation
preparation.
delay-in-secs specifies the interleaving delay in microseconds. The default value is 16000
microseconds in each direction. Allowable values are 0, 500, 1000, 2000, 4000, 8000, and
16000 microseconds.
InExample 8-4, the command sets the interleaving delay of the ccnp profile to 2000
microseconds downstream and 4000 microseconds upstream.
Example 8-4. Setting the Interleaving Delay
lab-6160#configure
terminal
Table of Contents
Index
lab-6160(config)#dsl-profile
CCNP Practical Studies: Remote Access ccnp
lab-6160(config-dsl-prof)#dmt interleaving-delay downstream 2000 upstream 4000

ISBN: 1-58720-073-2
Pages: 528
Setting
the Training Mode
Two training modes are availablestandard and quick. Standard train relates to a training
procedure specified in ANSI standards document T1.413, which is considered the standards
reference for DMT ADSL. Quick train, also called fast train, uses a vendor-specific training
Gain
hands-on
experience
of CCNP
Remote training
Access topics
sequence
that is
shorter than
the standard
sequence.
BCRAN exam.
To modify the training mode in a DMT profile, use the following command:
exam concepts
dmt training-mode {standard/quick}
questions
In
Exampleby
8-5,
providing
the command
a bettersets
understanding
the ccnp profile's
of howtraining
remotemode
access
toreally
quick.works. It is also
of certification
interest. Mode
Example
8-5. Setting
the Training
lab-6160#configure terminal
preparation.
lab-6160(config-dsl-prof)#dmt training-mode quick
Cisco 6400 UAC Overview

This section provides an overview of 6400 Universal Access Concentrator (UAC) hardware
components (see Figure 8-3). Functional descriptions are provided for each component. How all
the components work together within the system is also described.
Table of Contents
Index
Figure 8-3. Cisco 6400 UAC Hardware Component

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
The
6400 is aDesigned
broadband
thatguide
supports
Cisco's
ATM remote
services,
PPP termination,
applications.
as concentrator
a topic-by-topic
of how
to apply
access
concepts in aand
real
tunneling.
The
Cisco
6400
combines
ATM
switching
and
routing
in
a
modular
and
network setting, this book is useful in preparing a CCNP candidate for the general scalable
exam
platform.
The
6400 UAC
comprises
three
majoranyone
functional
components:
certification
exams.
Finally,
it serves
wanting
Node Line Card (NLC) A half-height line card. It features two OC-3 ATM interfaces and
supports SONET APS 1+1 redundancy.
office-based
lab,The
some
networking
simulation
software
programs,
or
Node Switch
Processor (NSP)
centerpiece
of the
6400 system.
It performs
ATM
even switching
as a stand-alone
guide.
and per-flow queuing for the ATM virtual circuits.
All of Node
the topics
on Processor
the new 642-821
BCRAN
exam
areCisco
covered,
comprehensive
Route
(NRP)
Based
on the
7200providing
series router.
It supportsexam
a
preparation.
variety of configurations, including PPP over ATM and RFC 1483 bridging. It is a full-height
line card.
Figure 8-4 illustrates how these components work together.
Figure 8-4. Typical Traffic Flow for the Cisco 6400 UAC
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
The NLC receives traffic from the DSLAM or other ATM network. The NLC sends this traffic to the
NSP. The NSP acts as an ATM switch. The ATM cells must be sent from the NSP to the NRP. The
NRP handles routing functions for the 6400. The NRP reassembles the ATM cells into data
packets and determines where the data needs to be sent. Direct data connections can be made
via
Fast Ethernet
port onof
the
NRP.Remote
Other data
packets
sent
through
the
Gaina hands-on
experience
CCNP
Access
topicsare
with
labback
scenarios
for the
the NSP
new to
642-821
NLC,
where
these
packets
may
be
routed
through
the
ATM
network.
BCRAN exam.
Understanding interface numbering is also important before you configure the 6400. The
interface
slot/subslot/port
is used
for both
NLC and
NRP.practical
For NLC,understanding
the valid subslot
Prepare
for the CCNP convention
642-821 BCRAN
exam
and gain
a better,
of
and port
number
are 0 and 1. Because NRP is a full-height card, the subslot and port are always
exam
concepts
0. In Example 8-6, NRP is installed in slot 1 and NLC is installed in slot 8, subslot 1.
Example 8-6. Cisco 6400 UAC Interface Numbering
interface
atmStudies:
1/0/0 Remote
NRP in
slot(CCNP
1
CCNP Practical
Access
interface
8/1/0 as aNLC
in slot 8,guide
sub-slot
port remote
0
applications.atm
Designed
topic-by-topic
of how 1,
to apply
All
line cards
are connected
to the ATM
backplane to the NSP. This interface is known as
concepts,
regardless
of certification
interest.
interface ATM0/0/0 and can be thought of as the interface to the NSP from an NLC or NRP card's
perspective.
showsof
information
about
the NSP's and
ATM guides
backplane.
Each chapterExample
includes8-7
a review
the applicable
technology,
the reader through
Example
8-7. Internal
guide. Connection to the CPU Card
preparation.
lab-6400NSP#show interface atm 0/0/0
ATM0/0/0 is up, line protocol is up
Hardware is CPU card
MTU 4470 bytes, sub MTU 4470, BW 155520 Kbit, DLY 0 usec,
Encapsulation ATM, loopback not set
Keepalive not supported
Table of Contents
Encapsulation(s):
Index
4096 Shuo
maximum
VCs, 0 Morrow
current
VCCs Konda
ByWesley
, Dmitryactive
Bokotey, Raymond
, Deviprasad
VC idle disconnect time: 300 seconds
Pub Date: December

22,35,
2003 vpi = 0, vci = 16
Signalling
vc =
ISBN: 1-58720-073-2
528
UNIPages:
Version
= 3.0, Link Side = user
To
create
an ATM
PVC on the
Cisco Remote
6400, you
can use
thewith
following
command
Gain
hands-on
experience
of CCNP
Access
topics
lab scenarios
forsyntax:
the new 642-821
BCRAN exam.
exam concepts
Reviewatm
set-up
interface
slot/subslot/port
atm pvcvpi vci interface atmslot/subslot/port vpi vci
Example
shows youahow
to create
an ATM PVC.
From
the NSP,
toreally
createworks.
PVC 1/100
coming
questions8-8
by providing
better
understanding
of how
remote
access
It is also
from
NLC
8/0/0
to
NRP
1/0/0,
the
6400
commands
are
as
shown.
Example 8-8. Creating an ATM PVC from the NLC to the NRP
even
as a stand-alone
interface
atm 8/0/0guide.
All
the 1
topics
the new 1
642-821
atmofpvc
100 on
atm1/0/0
100
preparation.

The following sections show you the different access architectures and protocols for the DSL
service. Four types of access architectures and protocols are covered in this chapter.
Table of Contents
IRB
Index
RBE
PPPoA
PPPoE
Pub
ISBN: 1-58720-073-2
Pages: 528
RFC 1483 Bridging and IRB Overview

When configured for RFC 1483 bridging, the ATU-R acts as a half bridge, forwarding all MAC
frames not present on the LAN side to the WAN interface. In the case of 1483 bridging, 802.3
MAC
areexperience
encapsulated
alongRemote
with anAccess
LLC/SNAP
header
intoscenarios
cells using
Gain frames
hands-on
of CCNP
topics
with lab
forAAL5
the new 642-821
segmentation.
BCRAN exam. The LLC/SNAP header is used to identify the protocols encapsulated to the remote
end. Bridge groups are defined by associating VCs with each other. Bridge groups can be defined
in several ways. Bridge members can communicate only with a network host, between each
Prepare
for the
642-821
member
and use
IRBCCNP
to route
out of BCRAN
the bridge.
exam concepts
Bridge Group Virtual Interface (BVI) is a virtual interface that resides in the Cisco 827 and NRP.
Experience
how remote
access
concepts
in routed
a real network
practice
labs that
walk
It acts
as an interface
between
a bridge
groupwork
and a
interface.with
When
configured
for IRB,
youisthrough
implementation
the BVI
assignedtheir
a number
that corresponds to the bridge group that is used to associate the
bridge group with the BVI. BVI is used as routed interface with network-layer attributes such as
Reviewfiltering,
set-up guides
yourouting
how toisprepare
labafor
study
IP address,
and sothat
on. show
On BVI,
enableda on
per-protocol
basis. BVI allows
you to route a given protocol between routed interfaces and bridge groups. Figure 8-5 illustrates
the RFC 1483 bridging protocol stack.
Figure
RFC
1483 Bridging
Protocol
Stack
book is8-5.
useful
in preparing
a CCNP candidate
for the
general exam
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
To configure IRB, follow these steps:
BCRAN exam.
Step 1. Enable IRB with the following code:
exam concepts
bridge irb
network
setting,
this book
is useful
in preparing
a CCNP
candidate
for theTree
general
exam
Step
2. Specify
the bridge
protocol
to define
the type
of Spanning
Protocol:
bridgebridge-group protocol {ieee | dec}
preparation.
Step 3. Specify a protocol to be routed in a bridge group:
bridgebridge-group routeprotocol
Table of Contents
Index
CCNP Practical
Studies:
Remote
Step 4.
Configure
theAccess
ATM
subinterface and aal5snap encapsulation:

ISBN: 1-58720-073-2
Pages: 528
interface atmslot/0.subinterface-number {multipoint | point-to-point}

pvchands-on
[name]vpi/vci
Gain
BCRAN exam.
encapsulation aal5snap
exam concepts
Step 5. Assign a network interface to a bridge group:
bridge-group
bridge-group
network setting,
Stepregardless
6. Enables
bridge group
virtual interface:
concepts,
ofacertification
interest.
preparation.
interface bvibridge-group
Example 8-9 demonstrates the IRB configuration of the Cisco 6400 NRP.
Example 8-9. IRB Configuration
bridge
irb Table of Contents
Index
CCNP Practical
Studies: Remote
bridge
1 protocol
ieee Access
bridge 1 route ip

ISBN: 1-58720-073-2
interface
ATM0/0/0.133 point-to-point
Pages: 528
description Integrated
pvc hands-on
1/33
Gain
BCRAN exam.
exam concepts
bridge-group 1
!
!
ReviewBVI1
interface
Ready yourself
for the
ip address
10.1.1.1
255.255.255.0
questions
RBE
Overview
When configured for RBE, the CPE configuration remains the same as that in IRB. RBE is
intended to address most of the RFC 1483 bridging issues, such as broadcast storms and
security.
The ATU-R
behaves
like
interface and
thatguides
is connected
to anthrough
Ethernet
Each chapter
includes
a review
of the
the routed-bridge
the reader
LAN.
For
packets
sending
from
the
customer
side,
the
destination
IP
address
is
examined,
and
the
Ethernet
header
is
skipped.
If
the
destination
IP
address
is
in
the
route
cache,
the
packet
office-based lab, a remote-accessible lab, some networking simulation software programs, or is
fast-switched
to the outbound
guide. interface. If the destination IP address is not the route cache, the
packet is queued for process switching.
For
packets destined for the customer devices, the destination IP address is examined first, and
preparation.
then the destination interface is determined from the IP routing table. To place a destination
MAC address in the Ethernet header, the router checks the ARP table for that interface. If the
MAC address is not found, the router generates an ARP request for the destination IP address
and forwards the ARP request to the destination interface only. If an unnumbered interface is
used and multiple subscribers are on the same subnet, the routed-bridge interface uses proxy
ARP. All of these can be achieved without using a bridge group or BVI in the aggregation
gateway and therefore are more scalable. Figure 8-6 illustrates the RBE protocol stack.
Figure 8-6. RBE Protocol Stack
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Experience
how
remote
access
To configure
RBE,
follow
these
steps:concepts work in a real network with practice labs that walk
Step 1. Configure the ATM subinterface, and use aal5snap encapsulation. ip unnumbered
Review
guides that are
show
prepare
a lab
for studyIP address space. You
is used set-up
when subscribers
onyou
the how
sametosubnet
and
to conserve
can use the ip address command if subscribers are on different subnets.
concepts,
interfaceregardless
atmslot/0.subinterface-number
{multipoint | point-to-point}
ip unnumberedinterface-name-number
pvc [name]vpi/vci
Allencapsulation
of the topics on aal5snap
preparation.
Step 2. Associate the RBE command with the ATM subinterface:
atm route-bridged ip
Table of Contents
Index
Step 3. Define the static host route. It is required if the IP unnumbered configuration is
ByWesley
used.
ISBN: 1-58720-073-2
Pages: 528
ip routenetwork-number [network-mask] {address | interface} [distance]

BCRAN
[nameexam.
name]
exam concepts
Example 8-10 demonstrates the RBE configuration of the Cisco 6400 NRP.
Example
RBE Configuration
Review8-10.
set-up guides
CCNP Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642interface
Loopback0
applications.
as a topic-by-topic
ip addressDesigned
192.168.1.1
255.255.255.0
questions
!
interface ATM0/0/0.1 point-to-point
implementation
the technology. This step-by-step process can be executed on a home- or
ip unnumbered of
Loopback0
even
as a
stand-alone guide.
no ip
directed-broadcast
preparation.
pvc 1/35
!
ip route 192.168.1.2 255.255.255.255 ATM0/0/0.1
PPPoA Overview
Table of Contents
Index for PPP over ATM, the ATU-R acts as a router, and additionally provides DHCP
When configured
CCNP
Practical
Studies:
and NAT
services
to Remote
the LANAccess
side.
In the case of PPP routing, IP packets are encapsulated into a

PPP
frame
and
thenBokotey
are segmented
into ATM
cells through
By
Wesley
Shuo
, Dmitry
, Raymond Morrow
, Deviprasad
Konda AAL5. The PPP sessions initiated by
the subscriber are terminated at the service provider that authenticates users, either using a
local
database on the router or through a RADIUS server. After the user is authenticated, IPCP
negotiation takes place, and then the IP address gets assigned to the CPE. Figure 8-7 illustrates
the PPPoA protocol stack.
ISBN: 1-58720-073-2
Pages: 528
Figure 8-7. PPPoA Protocol Stack

BCRAN exam.
exam concepts
Follow the next steps to configure PPPoA. (Note that local authentication is used here and that
Each
review
of the applicable
technology,
the
the IPchapter
addressincludes
for the a
CPE
is assigned
by the router.
RADIUSand
can guides
be used
forreader
these through
tasks.)
office-based
lab,
a remote-accessible
lab,password
some networking
Step 1.
Configure
a username and
for local simulation
authentication:
preparation.
usernamename passwordsecret
Step 2. Create an ATM subinterface and PVC:
Table of Contents
Index

interface
{multipoint | point-to-point}
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
pvcPages:
[name]
528 vpi/vci
Step 3. Configure PPPoA encapsulation, and associate a virtual template with it:
BCRAN exam.
exam concepts
encapsulation aal5mux ppp virtual-templatenumber
aal5mux encapsulation is used for the PPPoA configuration. virtual-template serves as the
CCNP Practical
Studies:
Remote Access
(CCNP
Self-Study)
prepares
readers for the CCNP 642template,
and the
virtual-access
interface
is cloned
from the
virtual template.
applications.
a topic-by-topic
Step 4.Designed
Create a as
virtual
template interface:
even
as a stand-alone
guide. number
interface
virtual-template
preparation.
Step 5. Conserve IP addresses by configuring the ATM subinterface as unnumbered, and
assign the IP address of the interface type you want to leverage:
Table of Contents
Index
Step 6. Create the local IP address pool:

ISBN: 1-58720-073-2
Pages: 528
ip local poolname begin-ip-address-range [end-ip-address-range]

BCRAN exam.
Step 7. Specify the pool for the interface to use:
exam concepts
peer default ip address poolpoolname
Step
8. Enable
CHAPisor
PAP authentication
thecandidate
interface: for the general exam
network
setting,
this book
useful
in preparing a on
CCNP
ppp authentication {chap | pap | chap pap | pap chap} [if-needed]
preparation.
{default | list-name} [callin]
Example 8-11 demonstrates the PPPoA configuration of the Cisco 6400 NRP.
Example 8-11. PPPoA Configuration
username cisco password 0 cisco
Table of Contents
Index
CCNP
PracticalATM0/0/0.133
interface
point-to-point
pvc 1/33
ISBN: 1-58720-073-2
encapsulation
aal5mux ppp Virtual-Template1
Pages: 528
!
interface Virtual-Template1
description
PPPoATM of CCNP Remote Access topics with lab scenarios for the new 642-821
Gain
hands-on experience
BCRAN exam.
ip unnumbered FastEthernet0/0/0
Prepare
no ip
directed-broadcast
exam concepts
peer default ip address pool ccnp
ppp you
authentication
chap
!
ip local pool ccnp 10.1.1.10 10.1.1.50
questions
PPPoE Overview
For
PPPoE,regardless
the ATU-Rofiscertification
transparentinterest.
to this function, bridging the MAC/PPP frames across the
concepts,
WAN interface. The PPPoE feature allows a PPP session to be initiated on a simple bridging
Ethernet-connected
client.
The session
is transported
over the
ATM
link via
Each
chapter includes
a review
of the applicable
technology,
and
guides
theencapsulated
reader through
Ethernet-bridgedofframes.
The session
be terminated
at either
a local
exchange
carrier or
implementation
the technology.
Thiscan
step-by-step
process
can be
executed
on a homecentral officelab,
or an
Internet service provider
point
of presence.
The termination
is a Cisco
office-based
a remote-accessible
lab, some
networking
simulation
software device
programs,
or
6400 as
UAC.
even
In
PPPoE
architecture,
IP address
allocation
forcovered,
the individual
host comprehensive
running the PPPoE
All the
of the
topics
on the newthe
642-821
BCRAN
exam are
providing
exam
client
is
based
on
the
same
principle
of
PPP
in
dial
modethat
is,
via
IPCP
negotiation. Where
preparation.
the IP address is allocated from depends on the type of service the subscriber has subscribed to
and where the PPP sessions are terminated. The PPPoE uses the dialup networking feature of
Microsoft Windows. The IP address assigned is reflected with the PPP adapter. The IP address
assignment can be either by the UAC or the home gateways if L2TP is used. The IP address is
assigned for each PPPoE session. Figure 8-8 illustrates the PPPoE protocol stack.
Figure 8-8. PPPoE Protocol Stack
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
To configure
PPPoE, follow these steps. (Note that local authentication is used here, and the
exam concepts
router assigns IP addresses for the hosts. RADIUS can be used for these tasks.)
Step
1. Make
sure
Cisco Express Forwarding is enabled. If it isn't, use the following
you
through
their
implementation
command to enable it:
essential
ip
cef in preparing candidates for the new simulation-based questions that are on the Cisco
Each chapter
a review
of the applicable
technology,
Step 2.includes
Configure
the username
and password
for localand
authentication:
preparation.
usernamename passwordsecret
Step 3. Enable the virtual private dialup network (VPDN) configuration:
Table of Contents
Index

vpdn enable
ISBN: 1-58720-073-2
Step 4. Configure the VPDN group to accept the dial-in and to be used to establish PPPoE
Pages: 528
sessions. Also specify the virtual template that will be used to clone virtual-access
interfaces:
BCRAN exam.
exam concepts
vpdn-groupnumber
accept-dialin
protocol pppoe
virtual-templatetemplate-number
Step
5. Create
the ATM
subinterface
and PVC.
Alsocandidate
configurefor
AAL5SNAP
encapsulation
and
network
setting,
this book
is useful
in preparing
a CCNP
the general
exam
specify
the
PPPoE
protocol
that
the
VPDN
group
will
use:
All of the topics
on the new 642-821 BCRAN exam
are covered,|providing
comprehensive exam
interface
{multipoint
point-to-point}
preparation.
pvc [name]vpi/vci
protocol pppoe
Step 6. Create the virtual template interface:
Table of Contents
Index

interface virtual-templatenumber

ISBN: 1-58720-073-2
Pages:
Step 528
7. Conserve
IP addresses by configuring the ATM subinterface as unnumbered, and

assign the IP address of the interface type you want to leverage:
BCRAN exam.
exam concepts
Review
guides
show you
how to prepare
a lab for study
Step 8.set-up
Configure
thethat
maximum
transmission
unit (MTU):
ip mtu 1492
Because
Ethernet
a maximum payload
size of
1500 bytes,
the PPPoE
headerprograms,
is 6 bytes and
office-based
lab, ahas
remote-accessible
lab, some
networking
simulation
software
or
the
PPP
ID
is
2
bytes,
so
the
PPP
MTU
must
not
be
greater
than
1492
bytes.
Step
9. Create
local642-821
IP address
pool:exam are covered, providing comprehensive exam
All of the
topics
on thea new
BCRAN
preparation.
ip local poolname begin-ip-address-range [end-ip-address-range]
Step 10. Specify the IP address pool for the interface to use:
Table of Contents
Index


ISBN: 1-58720-073-2
peer Pages:
default
528 ip address poolpoolname
Step 11. Enable CHAP or PAP authentication on the interface:

BCRAN exam.
exam concepts
ppp authentication {chap | pap | chap pap | pap chap} [if-needed]
applications.
as a topic-by-topic
guide of how
to apply
Example
8-12Designed
demonstrates
the PPPoE configuration
of the
Ciscoremote
6400 NRP.
candidates
Example
8-12. PPPoE
Configuration
!
vpdn
enable
All of the
preparation.
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
ip cef
Table of Contents
Index

pvc
Pub1/33
ISBN: 1-58720-073-2
Pages: 528
protocol pppoe
!
Gain
hands-on
interface
Virtual-Template1
BCRAN exam.
ip unnumbered FastEthernet0/0/0
exam concepts
ip mtu 1492
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642ip
10.1.1.10
10.1.1.50
821local
BCRANpool
examccnp
and for
workplace
preparation.
Scenarios
This section presents several examples of DSL access configurations. The scenarios cover the
configuration for a DSLAM, a Cisco 6400 UAC NSP, a Cisco 6400 UAC NRP, and a DSL CPE Cisco 827.
Table of Contents
Index
Scenario 8-1: Configuring IRB over DSL
In this scenario, you will configure the DSL solution to support data transport using IRB. When
Publisher: Cisco
Press 827 should train up with the DSLAM, and you should be able to ping and
completed,
the Cisco
Pub
Date:
December
22, 2003 services from a client PC attached to the DSL CPE modem. Figure 8-9
access all normal network
ISBN:
1-58720-073-2
illustrates how these devices are interconnected.
Pages: 528
Figure 8-9. IRB Lab Scenario

BCRAN exam.
exam concepts
CCNP
Practical
Studies:
Remote
Access
(CCNP
Self-Study)
prepares
readers
for thetoCCNP
642InExample
8-13,
the PVC
is mapped
from
the Cisco
827 DSL
connection
(ATM1/1)
the DSLAM
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
trunking port (ATM0/1).
Example
8-13. ATM PVC Configuration for the Cisco 6160 DSLAM
interface
Each chapterATM1/1
description
Architecture lab, some networking simulation software programs, or
office-based
lab,IRB
a remote-accessible
no ip address
no atm ilmi-keepalive
preparation.
atm pvc 1 51
interface
ATM0/1 1 51
InExample 8-14, the PVC is configured from the DSLAM to the NSP and NRP. Interface
ATM8/0/0 is the network line card, and interface ATM1/0/0 is the NRP.
Example 8-14. ATM PVC Configuration for the NSP
Table of Contents
Index
interface
ATM8/0/0
OC3Bokotey
connection
lab-6160
Bydescription
Wesley Shuo, Dmitry
, Raymondto
Morrow
, Deviprasad Konda
no ip address
December 22, 2003

noPub
ipDate:
directed-broadcast
ISBN: 1-58720-073-2
Pages:
528
no atm
ilmi-keepalive
atm pvc 1 51
interface
ATM1/0/0 1 51
BCRAN exam.
A bridge group is configured for IP, and a BVI is created for IRB. The BVI becomes the default
gateway for the remote device attached to the CPE equipment (which will be in subnet
Prepare for A
the
CCNP 642-821
BCRAN
and
a better,
of
10.1.121.0/24).
subinterface
is created
forexam
a PVC
to gain
the NSP.
(See practical
the NSP understanding
configuration. The
exam this
concepts
NSP maps
PVC to another PVC from the DSLAM, which maps to the subscriber PVC.) In this
case, the 1/51 PVC is mapped across the NSP to the 6160. The subinterface is also put in the
Experience
how remote
accessthe
concepts
work in a real
bridge
group. Example
8-15 shows
IRB configuration
fornetwork
the NRP.with practice labs that walk
Example
8-15. IRB Configuration for the NRP
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642bridge
irbexam and for workplace challenges in implementing remote access network
821 BCRAN
!
interface
BVI1
ip
address
10.1.121.1
255.255.255.0
concepts,
regardless
of certification
interest.
no ipchapter
Each
directed-broadcast
!
bridge 1 protocol ieee
preparation.
bridge 1 route ip
!
interface ATM0/0/0
no ip address
!
Table of Contents
Index
description IRB Configuration

pvc 1/51
encapsulation
aal5snap
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
bridge-group 1
BCRAN
Exampleexam.
8-16 shows the bridging configuration for the DSL CPE.
Example
8-16. RFC 1483 Bridging Configuration for the Cisco 827
exam concepts
hostname lab-827A
!
ip subnet-zero
BCRAN
no ip
routing
network
!
essential
in preparing
interface
Ethernet0candidates for the new simulation-based questions that are on the Cisco
concepts,
regardless
of certification
interest.
ip address
10.1.121.2
255.255.255.0
no ip mroute-cache
bridge-group 1
preparation.
!
interface atm0
mac-address 0001.96a4.8fae
<--- MAC Address from Ethernet 0
ip address 10.1.121.2 255.255.255.0

no ip mroute-cache
pvc 1/51
Table of Contents
Index
!
bundle-enable
ISBN: 1-58720-073-2
bridge-group 1
Pages: 528
hold-queue 224 in
!
Gain
ip classless
BCRAN exam.
no ip http server
!
exam concepts

Scenario
8-2: Configuring RBE over DSL
scenario,
the
DSL solution
to support data
transport
RBE. When
821this
BCRAN
examyou
andwill
forconfigure
workplace
challenges
in implementing
remote
accessusing
network
completed,
Cisco 827
train up with
the
and you
should
be able
to pinginand
applications.the
Designed
as should
a topic-by-topic
guide
ofDSLAM,
how to apply
remote
access
concepts
a real
access
allsetting,
normalthis
network
a client a
PCCCNP
attached
to thefor
DSL
CPE
modem.
Figure 8-10
network
book services
is useful from
in preparing
candidate
the
general
exam
illustrates
how
these devices
areunderstanding
interconnected.
questions by
providing
a better
Figure 8-10. RBE Scenario

preparation.
InExample 8-17, the PVC is mapped from the Cisco 827 DSL connection (ATM1/2) to the DSLAM
trunking port (ATM0/1).
Example 8-17. ATM PVC Configuration for the Cisco 6160 DSLAM
Table of Contents
Index

ByWesley ShuoATM1/2
interface
, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
description
Publisher: Cisco RBE
Press Architecture
no ip address
ISBN: 1-58720-073-2
Pages: 528
no atm
ilmi-keepalive
atm pvc 1 52
interface
ATM0/1 1 52
BCRAN exam.
exam concepts
Example
8-18.
PVC
Configuration
the
NSP with practice labs that walk
Experience
howATM
remote
access
concepts work infor
a real
network
interface ATM8/0/0
description OC3 connection to lab-6160
no BCRAN
ip address
network
essential
no atm in
ilmi-keepalive
concepts,
of certification
interest.
atm pvc regardless
1 52 interface
ATM1/0/0
1 52
even
as a8-19
stand-alone
guide.
Example
shows the
RBE configuration for the NRP. You saw the configuration steps in the
previous section.
preparation.
Example 8-19. RBE Configuration for the NRP
interface Loopback1
ip address 10.1.121.1 255.255.255.0

!
interface ATM0/0/0
Table of Contents
Index
no ip address

By
noWesley
ip directed-broadcast

interface
ATM0/0/0.52 point-to-point
ISBN: 1-58720-073-2
Pages: 528
description RBE Configuration

ip unnumbered Loopback1
BCRAN
exam.
pvc 1/52
exam concepts
ip route 10.1.121.2 255.255.255.255 ATM0/0/0.52
Example 8-20 shows the bridging configuration for the DSL CPE. As you can see, the CPE
CCNP PracticalisStudies:
configuration
the same
Remote
when you
Access
configure
(CCNP the
Self-Study)
IRB over prepares
DSL.
network setting,
thisRFC
book 1483
is usefulBridging
in preparing
a CCNP candidatefor
for the
Example
8-20.
Configuration
thegeneral
Ciscoexam
827
concepts,
hostname regardless
lab-827B of certification interest.
!
ip subnet-zero
no ip routing
preparation.
!
interface Ethernet0
ip address 10.1.121.2 255.255.255.0
no ip mroute-cache
bridge-group 1
!
Table of Contents
Index
interface atm0
mac-address 0001.96a4.8fae
ip address 10.1.121.2 255.255.255.0

noPub
ipDate:
directed-broadcast
December 22, 2003
ISBN: 1-58720-073-2
no ip mroute-cache
Pages: 528
pvc 1/52
Gain
hands-on experience
encapsulation
aal5snap
BCRAN exam.
!
bundle-enable
exam concepts
bridge-group 1
hold-queue 224 in
!
ip classless
httpexam
server
821ip
BCRAN
!
bridge
essential1inprotocol
preparing ieee
Scenario
8-3:a Configuring
PPPoA
over
DSL simulation software programs, or
office-based lab,
remote-accessible
lab, some
networking
In this scenario, you will configure the DSL solution to support data transport using PPPoA.
All
of the
topics onthe
theCisco
new 827
642-821
BCRAN
are
covered,
comprehensive
exam
When
completed,
should
train exam
up with
the
DSLAM,providing
and you should
be able to
ping
preparation.
and access all normal network services from a client PC attached to the DSL CPE modem. Figure
8-11 illustrates how these devices are interconnected.
Figure 8-11. PPPoA Lab Scenario
Table of Contents
Index


InExample
8-21, the PVC is mapped from the Cisco 827 DSL connection (ATM1/3) to the DSLAM
ISBN:
1-58720-073-2
trunking
port
(ATM0/1).
Pages: 528
Example 8-21. ATM PVC Configuration for the Cisco 6160 DSLAM
BCRAN exam.
interface
ATM1/3
description PPPoA Architecture
exam
concepts
no ip
address
atm pvc 1 53 interface ATM0/1 1 53
Example
configured
from thein
DSLAM
to the NSP
and NRP.
Interface
821
BCRAN8-22,
examthe
andPVC
for is
workplace
challenges
implementing
remote
access
network
ATM8/0/0
is
the
network
line
card,
and
interface
ATM1/0/0
is
the
NRP.
candidates
Example
8-22. ATM
PVC Configuration
for the NSP
Each
chapterATM8/0/0
interface
office-based
lab,OC3
a remote-accessible
description
connection to lab-6160
no ip address
preparation.
atm pvc 1 53
interface
ATM1/0/0 1 53
Example 8-23 shows the PPPoA configuration for the NRP.
Example 8-23. PPPoA Configuration for the NRP
Table of Contents
Index

!
interface
ATM0/0/0
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
no ipPages:
address
528
!
Gain
hands-on
experience point-to-point
interface
ATM0/0/0.53
BCRAN exam.
description PPPoA Configuration
pvc 1/53
exam concepts
encapsulation
aal5mux
Virtual-Template1
Experience how
remote ppp
access
description PPPoA
ip BCRAN
unnumbered
exam Ethernet0/0/0
network
peer default
setting, ip
thisaddress
book is useful
pool in
ccnp
essential
ppp authentication
chap papfor the new simulation-based questions that are on the Cisco
implementation
of thethe
technology.
This step-by-step
Example 8-24 shows
PPPoA configuration
for the process
DSL CPE.
Example
8-24. PPPoA Configuration for the Cisco 827
preparation.
hostname lab-827C
!
ip subnet-zero
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
Table of Contents
Index
no ip mroute-cache
!
interface
ATM0 22, 2003
Pub Date: December
ISBN: 1-58720-073-2
no ip address
Pages: 528
no ip mroute-cache
Gain
hands-on
no atm
ilmi-keepalive
BCRAN exam.
pvc 1/53
encapsulation aal5mux ppp dialer
exam concepts
!
interface Dialer1
address
negotiated
821
exam
network
encapsulation
ppp candidates for the new simulation-based questions that are on the Cisco
essential
in preparing
dialer pool
1
concepts,
regardless
Each
chapter includes
dialer-group
1
office-based
ppp authentication
chap callin lab, some networking simulation software programs, or
ppp chap hostname cisco
preparation.
ppp chap password cisco
!
ip classless
!
When
a PPP connection
is made, a virtual interface is created, as shown in Example 8-25. The
Table of Contents
connection is authenticated with PAP/CHAP (using username "cisco" and password "cisco"). IP
Index
addresses are negotiated and handed out from the address pool named ccnp.
Example 8-25. Verifying the Virtual Interface

ISBN: 1-58720-073-2
lab-6400NRP#show
interface virtual-access 1
Pages: 528
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
Description: PPPoA
BCRAN exam.
Interface is unnumbered. Using address of Ethernet0/0/0 (10.1.1.190)
MTUexam
1500concepts
bytes, BW 100000 Kbit, DLY 100000 usec,
reliability
txload
1/255,
rxload
1/255
Experience
how255/255,
remote access
concepts
work
in a real
Keepalive set (10 sec)
BCRAN
LCP
Openexam and for workplace challenges in implementing remote access network
network
Open: setting,
IPCP this book is useful in preparing a CCNP candidate for the general exam
essential
candidates
new
Bound in
topreparing
ATM0/0/0.53
VCD: for
3, the
VPI:
1,simulation-based
VCI: 53
concepts,
Cloned regardless
from virtual-template:
1
Last input 00:00:03, output never, output hang never
Last clearing of "show interface" counters 14:05:57
Queueing strategy: fifo
preparation.
Output queue 0/40, 0 drops; input queue 0/75, 0 drops

Table of Contents

Index
ISBN: 1-58720-073-2
Pages: 528
Scenario 8-4: Configuring PPPoE over DSL

In this scenario, you will configure the DSL solution to support data transport using PPPoE. When
completed, the Cisco 827 should train up with the DSLAM, and you should be able to ping and
Gain
hands-on
experience
of CCNP from
Remote
Access
withtolab
the new
642-821
access
all normal
network services
a client
PCtopics
attached
thescenarios
DSL CPEfor
modem.
Figure
8-12
BCRAN
exam.
illustrates how these devices are interconnected.
exam concepts
Figure 8-12. PPPoE Lab Scenario
InExample 8-26, the PVC is mapped from the Cisco 827 DSL connection (ATM1/4) to the DSLAM
Each
chapter
trunking
port includes
(ATM0/1).
even
as a stand-alone
guide.
Example
8-26. ATM
PVC Configuration for the Cisco 6160 DSLAM
preparation.
interface ATM1/4
description PPPoE Architecture
no ip address
atm pvc 1 54
interface
ATM0/1 1 54
Table of Contents
Index
Example 8-27. ATM PVC Configuration for the NSP

ISBN: 1-58720-073-2
interface
ATM8/0/0
Pages: 528
description OC3 connection to lab-6160
no ip address
BCRAN exam.
atm exam
pvc 1concepts
54 interface ATM1/0/0 1 54
Example
Review
8-28set-up
showsguides
the PPPoE
that show
configuration
you howfor
to the
prepare
NRP.a lab for study
Example 8-28. PPPoE Configuration for the NRP
!
vpdn enable
!
vpdn-group
1
guide.
accept-dialin
All
of the topics on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
protocol pppoe
virtual-template 1
interface ATM0/0/0
no ip address
!
Table of Contents
description LAB PPPoE Configuration

Index
pvc 1/54
protocol
pppoe 22, 2003
Pub Date: December
ISBN: 1-58720-073-2
Pages: 528
description PPPoE
Gain
hands-on experience
ip unnumbered
Ethernet0/0/0
BCRAN exam.
ip mtu 1492
exam concepts
ppp Experience
authentication
chap access
pap concepts work in a real network with practice labs that walk
how remote
For PPPoE
DSL, for
thethe
DSLnew
CPEsimulation-based
is also configured
for pure on
RFCthe
1483
bridging,
Readyover
yourself
questions
CCNP
exams as shown in
Example 8-29.
applications.8-29.
Designed
as a1483
topic-by-topic
guide
of how to apply remote
access
concepts
Example
RFC
Bridging
Configuration
for the
Cisco
827 in a real
certification
hostname lab-827D
!
ip subnet-zero
no ip routing
!
preparation.
interface Ethernet0
no ip address
no ip mroute-cache
bridge-group 1
!
interface atm0
Table of Contents
Index
mac-address
0001.96a4.8fae

Byip
Wesley
Shuo, Dmitry
Bokotey, Raymond
address
10.1.121.2
255.255.255.0
noPublisher:
ip directed-broadcast
Cisco Press
no ip mroute-cache
ISBN: 1-58720-073-2
Pages: 528
pvc 1/52
BCRAN
exam.
!
bundle-enable
exam concepts
bridge-group
1
hold-queue 224 in
!
ip classless
no
ip Practical
http server
CCNP
!
bridge
1 by
protocol
questions
providingieee
Whenchapter
Each
a PPP connection
includes a is
review
made,ofathe
virtual
applicable
interface
technology,
is created,and
as guides
shown the
in Example
reader through
8-30. The
implementation
connection
is authenticated
of the technology.
with PAP/CHAP
This step-by-step
(using username
process "cisco"
can be and
executed
password
on a "cisco").
home- orIP
office-based
addresses
are
lab,
negotiated
a remote-accessible
and handed lab,
out some
from the
networking
address pool
simulation
namedsoftware
ccnp. programs, or
All
of the topics
on the
new 642-821
exam
Example
8-30.
Verifying
theBCRAN
Virtual
Interface
preparation.
lab-6400NRP#show int Virtual-Access3


Description: PPPoE
Interface is unnumbered. Using address of Ethernet0/0/0 (10.1.1.190)
Table of Contents
Index
reliability
255/255, txload 1/255, rxload 1/255
Encapsulation
PPP, loopback
not set
ByWesley
, Raymond Morrow
, Deviprasad Konda
Keepalive
set (10 sec)

ISBN: 1-58720-073-2
LCPPages:
Open528
Open: IPCP
Bound to ATM0/0/0.54 VCD: 4, VPI: 1, VCI: 54
Cloned
from virtual-template: 1
BCRAN
exam.
exam
conceptsof "show interface" counters 00:01:34
Last
clearing
Experience
how remote
Queueing
strategy:
fifoaccess concepts work in a real network with practice labs that walk
5 minute
output
rate
0 bits/sec,
0 packets/sec
CCNP
Practical
Studies:
Remote
Access (CCNP
40 packets
input,
bytes, 0guide
no buffer
applications.
Designed
as a 2923
topic-by-topic
of how to apply remote access concepts in a real
Received
0 broadcasts,
0 runts, 0 of
giants,
0 throttles
questions
by providing
how remote
0 input
errors,
0 CRC,
0 frame,
overrun,
0 ignored,
0 abort
certification
exams.
Finally,
it serves
anyone 0wanting
a guide
to real-world
0 output of
errors,
0 collisions,
0 interface
resets
implementation
the technology.
This step-by-step
process
0 a
output
buffer
failures, 0 output buffers swapped out
even as
stand-alone
guide.
0 carrier
All of the
topics ontransitions
preparation.
Practical Exercise 8-1: PPPoA over DSL

In this practical exercise, both lab-827A and lab-827B are connected to the DSLAM, as shown in
Figure 8-13. You need to create two different DSL profilespremium and standard. Each of them
has a different downstream and upstream speed. Assign a premium DSL profile to lab-827A and
Table
of Contents
a standard DSL
profile
to lab-827B. In this exercise, you will configure local authentication. IP
Index
addresses are assigned to the DSL CPEs from the IP pool configured in the Cisco 6400.
Figure 8-13. Practical Exercise: PPPoA over DSL

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Examples 8-31 through 8-35 show the PPPoA configurations for the DSL CPEs, Cisco 6160 DSLAM,
and Cisco 6400.
Table of Contents
Index
Example 8-31.
Configuration Output for lab-827A
lab-827A#show
running-config
version
12.2
ISBN:
1-58720-073-2
Pages: 528
no service pad
BCRAN
exam.password-encryption
no service
!
exam concepts
hostname lab-827A
!
ip subnet-zero
!
interface
Ethernet0
CCNP Practical
no ip address
applications.
shutdownby providing a better understanding of how remote access really works. It is also
questions
hold-queueexams.
100 out
certification
!
implementation
interface ATM0of the technology. This step-by-step process can be executed on a home- or
even
as a
stand-alone guide.
no ip
address
All
the ilmi-keepalive
noofatm
preparation.
pvc 0/35
!
dsl operating-mode auto
dsl power-cutback 0
!
Table of Contents
interface
Dialer1
Index
ip address negotiated
encapsulation ppp
Pub Date:
December
dialer
pool
1 22, 2003
ISBN: 1-58720-073-2
ppp Pages:
chap 528
hostname cisco
ppp chap password 0 cisco
!
ip
classless
BCRAN
exam.
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http
server
exam
concepts
!
!
!
call rsvp-sync
!
network
setting,
voice-port
1 this book is useful in preparing a CCNP candidate for the general exam
essential
!
concepts,
regardless
voice-port
2
!
voice-port 3
!
preparation.
voice-port 4
!
!
line con 0
stopbits 1
line vty 0 4
login
Table of Contents
Index
scheduler max-task-time 5000

end
ISBN: 1-58720-073-2
Pages: 528
Example 8-32. Configuration Output for lab-827B
lab-827B#show
running-config
BCRAN exam.
version 12.2
Prepare pad
no service
exam concepts
service timestamps debug uptime
you through
their log
implementation
service
timestamps
uptime
Review set-up
no service
password-encryption
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642hostname lab-827B
!
!
ip subnet-zero
!
!
!
!
preparation.
!
interface Ethernet0
no ip address
shutdown
hold-queue 100 out
!
Table of Contents
Index
interface ATM0
no ip address
pvc
Pub0/35
ISBN: 1-58720-073-2

Pages: 528
!
Gain
experience
dsl hands-on
operating-mode
auto
BCRAN exam.
!
interface Dialer1
exam concepts
encapsulation ppp
dialer pool 1
ppp chap hostname cisco
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642pppBCRAN
chap password
0 cisco
821
exam and for
!
ip
classless
essential
ip
route regardless
0.0.0.0 0.0.0.0
Dialer1
concepts,
of certification
interest.
Each
chapter
ip http
server
office-based
ip pim bidir-enable
!
preparation.
!
!
!
line con 0
stopbits 1
line vty 0 4
login
Table of Contents
Index

end
ISBN: 1-58720-073-2
Pages: 528
InExample 8-33, two DSL profiles, premium and standard, are defined. As you can see, each of
them is configured with different downstream and upstream speeds.
Example 8-33. Configuration Output for lab-6160
BCRAN exam.
lab-6160#show
Prepare for running-config
exam concepts
version 12.2
no service
pad their implementation
you through
Review
set-up guides
that
service
timestamps
debug
uptime
Ready
yourself forlog
the uptime
service
timestamps
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642no service
password-encryption
applications.
!
questions
hostname by
lab-6160
certification
!
slot 1 ATUC-4FLEXIDMT
slot 10 NI-2-155SM-DS3
!
!
preparation.
dsl-profile default
!
dsl-profile premium
dmt bitrate maximum fast downstream 8064 upstream 864

dmt bitrate maximum interleaved downstream 0 upstream 0
!
dsl-profile standard
Table of Contents
dmt bitrate
Index
maximum fast downstream 6400 upstream 640
Bydmt
Wesley
bitrate
Shuo, Dmitry
maximum
Bokoteyinterleaved
, Raymond Morrow
downstream
, Deviprasad Konda
0 upstream

network-clock-select 1 ATM0/1
ISBN: 1-58720-073-2
Pages: 528
redundancy
ip subnet-zero
!
BCRAN exam.
!
no atm oam intercept end-to-end
exam concepts
atm address
47.0091.8100.0000.0030.96fe.db01.0030.96fe.db01.00
Experience
atm router
pnni
no aesa embedded-number left-justified
nodeReady
1 level
56 lowest
yourself
redistribute
atm-static
CCNP
Practical Studies:
!
!
!
!
interface
ATM0/0
implementation
no ip
address
even
as a
stand-alone guide.
All
atm
of the
maxvp-number
topics on the0 new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
atm maxvc-number 4096
atm maxvci-bits 12
!
interface Ethernet0/0
no ip address
shutdown
!
Table of Contents
interface
ATM0/1
Index
no ip address

ISBN: 1-58720-073-2
interface
ATM0/2
Pages: 528
no ip address
!
BCRAN exam.
interface ATM0/3
no ip
address
exam
concepts
no atm
ilmi-keepalive
Experience
!
interface ATM1/1
no ip address
exam
dslBCRAN
profile
premium
network
no atm setting,
ilmi-keepalive
essential
candidates
for the1new
atm pvcin0preparing
35 interface
ATM0/1
35 simulation-based questions that are on the Cisco
!
Each
chapterATM1/2
interface
office-based
no ip address
dsl profile standard
preparation.
atm pvc 0 35
!
interface
ATM0/1 2 35
interface ATM1/3
no ip address
!
Table of Contents
Index
interface ATM1/4
no ip address

ISBN: 1-58720-073-2
ip classless
Pages: 528
no ip http server
ip pim bidir-enable
Gain
!
BCRAN exam.
!
!
exam concepts
line con 0
line aux 0
line vty 0 4
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642end
Example 8-34. Configuration Output for lab-6400NSP
lab-6400NSP#show
running-config lab, some networking simulation software programs, or
version 12.2
no
service pad
preparation.
service timestamps log uptime
no service password-encryption
!
hostname lab-6400NSP
!
Table of Contents
Index
facility-alarm intake-temperature major 49

facility-alarm intake-temperature minor 40

facility-alarm core-temperature major 53

facility-alarm
core-temperature
minor 45
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
ip subnet-zero
Pages: 528
!
ip cef
Gain
!
BCRAN exam.
atm address 47.0091.8100.0000.0050.7359.3581.0050.7359.3581.00
atm router pnni
exam concepts
no aesa embedded-number left-justified
node 1 level 56 lowest
redistribute atm-static
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642interface
821 BCRAN ATM0/0/0
no ip address
network
atm maxvp-number
essential
in preparing 0candidates for the new simulation-based questions that are on the Cisco
!
Each
chapterEthernet0/0/0
interface
office-based
no ip address
bridge-group 1
preparation.
!
interface ATM1/0/0
no ip address
!
interface ATM1/0/1
no ip address
Table of Contents
Index
interface ATM2/0/0
noPub
ipDate:
address
December 22, 2003
ISBN: 1-58720-073-2
Pages: 528
!
interface ATM2/0/1
Gain
hands-on
no ip
address
BCRAN exam.
!
exam concepts
interface ATM3/0/0
no ip address
atm pvc 1 35 interface ATM1/0/1 1 35
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642atmBCRAN
pvc 2exam
35 interface
ATM1/0/1
2 35 in implementing remote access network
821
and for workplace
challenges
!
!
!
Each
ip classless
office-based
ip http server
ip pim bidir-enable
preparation.
!
line con 0
line 1 16
line aux 0
line vty 0 4
!
end
Table of Contents
Index

Example 8-35. Configuration Output for lab-6400NRP

ISBN: 1-58720-073-2
lab-6400NRP#show
running-config
Pages: 528
version 12.2
service
timestamps
log ofuptime
Gain hands-on
experience
BCRAN exam.
exam concepts
hostname lab-6400NRP
!
!
Review
set-up guides
that show
you how
logging
rate-limit
console
10 except
errors
no logging console
redundancy
main-cpu
auto-sync
standard
Each
chapter includes
no secondary
enable
office-based
lab, console
a remote-accessible
ip subnet-zero
!
preparation.
!
!
!
!
!
interface Loopback1
Table of Contents
ip address 20.1.1.1 255.255.255.255

Index
interface ATM0/0/0
noPub
ipDate:
address
December 22, 2003
ISBN: 1-58720-073-2
Pages: 528
hold-queue 500 in
!
Gain
hands-on
experience ofpoint-to-point
interface
ATM0/0/0.135
BCRAN exam.
pvc 1/35
encapsulation aal5mux ppp Virtual-Template1
exam concepts
!
!
pvc 2/35
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642encapsulation
aal5mux
ppp Virtual-Template1
821
BCRAN exam and
for workplace
!
network
!
interface
Ethernet0/0/1
Each
chapter includes
ip address
negotiated
office-based
!
interface Ethernet0/0/0
preparation.
no ip address
shutdown
!
interface FastEthernet0/0/0
no ip address
half-duplex
!
Table of Contents
Index
mtu 1460
peer
default
ip 22,
address
pool ccnp
Pub Date:
December
2003
ISBN: 1-58720-073-2

Pages: 528
!
ip local pool ccnp 20.1.1.2 20.1.1.10
Gain
ip classless
BCRAN exam.
ip http server
!
!
!
exam concepts
!
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642line
con 0exam and for workplace challenges in implementing remote access network
821 BCRAN
line
auxsetting,
0
network
line
vtyin0preparing
4
essential
login regardless of certification interest.
concepts,
Each
!
office-based
end
preparation.
Example 8-36 shows that lab-827A has successfully passed the PPP negotiation and authentication.
An IP address is assigned to the DSL connection.
Example 8-36. Output of show ip interface brief for lab-827A
lab-827A#show ip interface brief

Interface
IP-Address
OK? Method Status
unassigned
YES NVRAM
administratively down down
unassigned
YES NVRAM
up
up

Dialer1
20.1.1.3
Morrow, Deviprasad
YES
Konda
BOOTP
up
up
Virtual-Access1
Ethernet0
Table of Contents
ATM0
Index
Protocol
unassigned
YES unset
up
up
Virtual-Access2
unassigned
YES unset
up
up
Pages: 528
Virtual-Access3
unassigned
YES unset
up
up

ISBN: 1-58720-073-2
Gain hands-on
experience
of CCNP Remote
Access topics
with
scenarios
for the
642-821
Example
8-37 shows
that lab-827B
has successfully
passed
thelab
PPP
negotiation
andnew
authentication.
BCRAN
exam. is assigned to the DSL connection.
An
IP address
Example
8-37. Output of show ip interface brief for lab-827B
exam concepts
lab-827B#show ip interface brief
Interface
IP-Address
OK? Method Status
Protocol
Ethernet0
unassigned
YES NVRAM administratively down down
access network
ATM0
unassigned
YES NVRAM remote
up
up
in preparing a CCNP
Dialer1
20.1.1.2
YES candidate
BOOTP upfor the general exam
up
essential in preparing candidatesunassigned
Virtual-Access1
YES unset questions
up
up
interest.
Virtual-Access2
unassigned
YES unset up
up
Each
chapter includes a review ofunassigned
the applicable technology,
and up
guides the reader through up
Virtual-Access3
YES unset
InExample 8-38, two virtual interfaces are cloned from the virtual template. They are served as
preparation.
Layer 3 termination for the DSL CPEslab-827A and lab-827B. Examples 8-39 and 8-40 show the
details of two virtual interfaces.
Example 8-38. Output of show ip interface brief for lab-6400NRP
lab-6400NRP#show ip interface brief

Interface
IP-Address
OK? Method Status
Protocol
ATM0/0/0
unassigned
YES NVRAM
up
up
unassigned
YES unset
up
up
YES unset
up
up
up
Table of Contents
Index
ATM0/0/0.135
ATM0/0/0.235
unassigned
Ethernet0/0/1
unassigned
YES NVRAM
up
unassigned
YES NVRAM
administratively down down
FastEthernet0/0/0
unassigned
YES NVRAM
up
up
Virtual-Access1
20.1.1.1
YES TFTP
up
up
Virtual-Template1
20.1.1.1
YES TFTP
down
down
Ethernet0/0/0
ISBN: 1-58720-073-2
Pages: 528
Gain
Remote AccessYES
topics
with lab
Virtual-Access2
20.1.1.1
TFTP
up scenarios for the new 642-821
up
BCRAN exam.
Loopback1
20.1.1.1
YES NVRAM up
up
exam concepts
you through
their
implementation
Example
8-39.
Verifying
the Virtual Interface for lab-827A
lab-6400NRP#show interface virtual-access1
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Virtual-Access1 is up, line protocol is up
Interface is unnumbered. Using address of Loopback1 (20.1.1.1)
reliability
255/255,
1/255, rxload
1/255
Each chapter
includes
a review txload
of the applicable
technology,
Encapsulation
PPP, loopback not
office-based
lab,set
preparation.
LCP Open
Open: IPCP

Cloned from virtual-template: 1
Table of Contents

Index

5Pub
minute
output
Date: December
22,rate
2003 0 bits/sec, 0 packets/sec
ISBN: 1-58720-073-2
Pages: 528

Gain hands-on
experience
of CCNP
200 packets
output,
49806Remote
bytes,Access
0 underruns
BCRAN exam.
exam concepts
Ready yourself
questions on
thelab-827B
CCNP exams
Example
8-40. Verifying
the Virtual Interface
for
lab-6400NRP#show interface virtual-access2
Interface
is unnumbered.
address technology,
of Loopback1
Each
chapter includes
a review ofUsing
the applicable
and (20.1.1.1)
MTU 1460 lab,
bytes,
BW 100000 Kbit,
100000
usec,simulation software programs, or
office-based
a remote-accessible
lab,DLY
some
networking
preparation.
LCP Open
Open: IPCP
Cloned from virtual-template: 1
Table of Contents

Index

Output
0/40,
0 drops; input queue 0/75, 0 drops
Pub Date:queue
December
22, 2003
ISBN: 1-58720-073-2

Pages: 528

Gain hands-on
of CCNP
topics0with
Receivedexperience
0 broadcasts,
0 Remote
runts, Access
0 giants,
throttles
BCRAN exam.
exam concepts
applications.
Example
8-41Designed
displays as
theaDSL
topic-by-topic
profile status
guide
for of
thehow
default
to apply
profile,
remote
premium
access
profile,
concepts
andin
standard
a real
networkKeep
profile.
setting,
in mind
this book
that the
is useful
premium
in preparing
and standard
a CCNP
profiles
candidate
are created
for thein
general
this exercise.
exam You can
questions
use
show dsl
by providing
profile [profile-name]
to display of
a specific
how remote
profile,
access
all ports
really
toworks.
which It
the
is profile
also is
essential in
currently
attached,
preparing
and
candidates
those portfor
settings.
Example 8-41. Output of show dsl profile
lab-6160#show dsl profile
dsl profile default:
preparation.
Link Traps Enabled: NO
Alarms Enabled: NO
ATM Payload Scrambling: Enabled
DMT profile parameters

Maximum Bitrates:
Interleave Path:
downstream:
640 kb/s,
upstream:
128 kb/s
IndexPath:
Fast
downstream:
0 kb/s,
upstream:
0 kb/s
Table of Contents

ByWesleyMinimum
Shuo, Dmitry
Bitrates:
Publisher:Interleave
Cisco Press
Path:
downstream:
0 kb/s,
upstream:
0 kb/s
downstream:
0 kb/s,
upstream:
0 kb/s
Margin:
downstream:
6 dB,
upstream:
6 dB
Interleaving Delay:
downstream: 16000 usecs,
Fast Path:
ISBN: 1-58720-073-2
Pages: 528
upstream: 16000 usecs
Check Bytes (FEC):

BCRAN exam.
Interleave Path:
downstream:
16,
upstream:
16
Fast Path:
downstream:
0,
upstream:
0
exam
R-S concepts
Codeword Size:
downstream: auto,
upstream: auto
Experience
remote access Disabled
Trellis how
Coding:
Overhead Framing:
Mode 3
Operating
Automatic
Ready
yourselfMode:
Training
Mode:Remote Access
Quick
CCNP Practical
Studies:
(CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
Minrate
blocking:
Disabled
applications.
Designed
as a topic-by-topic
SNRbyMonitoring:
Disabled of how remote access really works. It is also
questions
providing a better understanding
Powerexams.
Management
Margin:
certification
Finally, Additional
it serves anyone
downstream:
0 dB,
upstream:
0 dB
dsl
premium:
even profile
as a stand-alone
guide.
All of the
Link
topics
Traps
on the
Enabled:
new 642-821
NO
preparation.
Alarms Enabled: NO

Maximum Bitrates:
Interleave Path:
downstream:
0 kb/s,
upstream:
0 kb/s
Fast Path:
downstream:
8064 kb/s,
upstream:
864 kb/s
Interleave Path:
downstream:
0 kb/s,
upstream:
0 kb/s
Fast Path:
downstream:
0 kb/s,
upstream:
0 kb/s
downstream:
6 dB,
upstream:
6 dB
Table of Contents
Minimum
IndexBitrates:


Pub Date:
December 22, 2003
Margin:
ISBN: 1-58720-073-2
Interleaving
Pages:
528
Delay:
downstream:
upstream:
Check Bytes (FEC):

Interleave Path:
16,
16
Fast Path:
downstream:
0,
upstream:
0
BCRAN exam.
R-S Codeword Size:
downstream:
auto,
upstream:
auto
Trellis
Coding:
Disabled
exam
concepts
Overheadhow
Framing:
3 work in a real network with practice labs that walk
Experience
remote access Mode
concepts
Operating Mode:
Automatic
Training Mode:
Quick
Minrate blocking:
Disabled
exam and for workplaceDisabled
SNR Monitoring:
networkPower
setting,
this book isAdditional
useful in preparing
Management
Margin:a CCNP candidate for the general exam
essential in preparing candidates for
questions
that are 0ondB
the Cisco
downstream:
0 dB,
upstream:
concepts,
regardless
dsl
profile
standard:
Each chapter
includes
a review NO
Link Traps
Enabled:
office-based
lab,Enabled:
a remote-accessible
Alarms
NO
preparation.
Maximum Bitrates:
Interleave Path:
downstream:
0 kb/s,
upstream:
0 kb/s
Fast Path:
downstream:
6400 kb/s,
upstream:
640 kb/s
downstream:
0 kb/s,
upstream:
0 kb/s
downstream:
0 kb/s,
upstream:
0 kb/s
downstream:
6 dB,
upstream:
6 dB
Minimum Bitrates:
Interleave Path:
Table of Contents
Fast Path:
Index
Margin:
Interleaving Delay:
Interleave Path:
downstream:
16,
upstream:
16
Fast Path:
downstream:
0,
upstream:
downstream:
auto,
upstream:
auto
Check
Bytes
Pub Date:
December
22,(FEC):
2003
ISBN: 1-58720-073-2
Pages: 528
R-S Codeword Size:
Gain hands-on
Trellisexperience
Coding: of CCNP Remote
Disabled
BCRAN exam.
Overhead Framing:
Mode 3
Operating Mode:
Automatic
exam concepts
Training Mode:
Quick
Minrate blocking:
Disabled
SNR Monitoring:
Disabled
Power Management Additional Margin:
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642downstream:
0 dB,
upstream:
0 dB
remote
access network
certification
lab-827A
is patched
exams. Finally,
to port 1/1,
it serves
and anyone
lab-827B
wanting
is patched
a guide
to port
to real-world
1/2. Example
application
8-42 displays
of these
the
concepts,
status
of the
regardless
DSL subscriber
of certification
ports oninterest.
a 6160 chassis.
implementation
of the
technology.
This step-by-step
process
can be executed
on a homeExample 8-42.
Using
the show
dsl status
Command
to Display
the or
Status
of DSL Ports
preparation.
lab-6160#show dsl status
Subtend Node ID: 0
DOWNSTREAM
UPSTREAM
SUBSCRIBER
CIRCUIT ID
NAME
ADMIN/OPER
(Kb)
(Kb)
(truncated)
(truncated)
----
----------
--------
--------
-----------
-----------
8064
864
6400
640
ATM1/1
Table of Contents
UP/
Index
UP
ATM1/2
UP/
UP
ATM1/3
UP/DOWN
ATM1/4
UP/DOWN
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
Theshow dsl interface atmslot#/port# command allows you to display DSL, DMT, and ATM status
for a port, as shown in Example 8-43.
BCRAN
exam.
Example
8-43. Displaying DSL, DMT, and ATM Status for Port 1/1
exam concepts
lab-6160#show dsl interface atm 1/1
Port you
Status:
Subscriber
Review set-up
Name:
guides that show
Circuit
you how
ID:
Ready
yourself
new UP
simulation-based
questions
on the CCNP exams
IOS
admin:
UP for the
oper:
Card status:
ATUC-4FLEXIDMT
CCNP
Practical
Studies:
Remote
Self-Study)
prepares
readers for
Last
Change:
00 days,
00Access
hrs, (CCNP
50 min,
28 sec No.
of changes:
12 the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications.
Designed
Line Status:
TRAINED
questions
by providing
Test Mode:
NONE a better understanding of how remote access really works. It is also
ADSL Chipset Self-Test: NONE
implementation
of theVersion:
technology.
CO Modem Firmware
5.38
even
Configured:
DMT Profile Name: premium
preparation.
Link Traps Enabled: NO
Alarms Enabled: NO

Maximum Bitrates:
Interleave Path:
downstream:
0 kb/s,
upstream:
0 kb/s
downstream:
8064 kb/s,
upstream:
864 kb/s
Table of Contents
IndexPath:
Fast
Bitrates:
ByWesleyMinimum
Shuo, Dmitry
Interleave Path:
downstream:
0 kb/s,
upstream:
0 kb/s
downstream:
0 kb/s,
upstream:
0 kb/s
Margin:
downstream:
6 dB,
upstream:
6 dB
Interleaving Delay:
Fast Path:
ISBN: 1-58720-073-2
Pages: 528
Check Bytes (FEC):

Interleave Path:
downstream:
16,
upstream:
16
BCRAN exam.
Fast Path:
downstream:
0,
upstream:
0
exam
R-S concepts
Codeword Size:
downstream: auto,
upstream: auto
Experience
remote access Disabled
Trellis how
Coding:
Overhead Framing:
Mode 3
Operating Mode:
Automatic
Training
Mode:Remote Access
Quick
CCNP Practical
Studies:
Minrate
blocking:
Disabled
applications.
Designed
as a topic-by-topic
SNRbyMonitoring:
Disabled of how remote access really works. It is also
questions
Powerexams.
Management
Margin:
certification
Finally, Additional
it serves anyone
downstream:
0 dB,
upstream:
0 dB
Status:
even Bitrates:
Interleave
Path:
downstream:
kb/s, providing
upstream:
0 kb/s exam
All of the topics
on the new
642-821
BCRAN exam are0 covered,
comprehensive
preparation.
Fast Path:
downstream: 8064 kb/s,
upstream:
864 kb/s
Attainable Aggregate
Bitrates:
downstream:
9440 kb/s,
upstream:
928 kb/s
Margin:
downstream:
12 dB,
upstream:
11 dB
Attenuation:
downstream:
1 dB,
upstream:
2 dB
Interleave Delay:
downstream:
0 usecs,
upstream:
0 usecs
Table of Contents
Transmit
Power:
Index
downstream:
9.5 dB,
upstream:
12.1 dB
Check Bytes (FEC):
Interleave Path:
downstream:
0,
upstream:
downstream:
0,
upstream:
downstream:
1,
upstream:

Pub Date:Fast
December
Path:
22, 2003
ISBN: 1-58720-073-2
R-S
Codeword
Size:
Pages:
528
Trellis Coding:
In Use
Overhead Framing:
Mode 3
Gain Line
hands-on
experience of CCNP Remote
Fault:
NONE Access topics with lab scenarios for the new 642-821
BCRAN exam.
Operating Mode:
ITU G dmt Issue 1
Line
Fast Only
exam Type:
concepts
Alarms:
status:
NONE
ATM Statistics:
Interleaved-Path Counters:
remote
access network154
Cells:
downstream:
20
upstream:
networkHEC
setting,
this book is useful
in preparing a CCNP candidate
for the general exam 2
errors:
downstream:
0
upstream:
essential
in preparing
theend:
questions
that are on the 0
Cisco
LOCD
events: candidates for
near
1
far end:
concepts,
regardless
Fast-Path
Counters:
Each chapter
the applicable technology,
the reader through
Cells:includes a review of downstream:
1729 and guides
upstream:
660
office-based
lab, some networking1simulation
software programs,
HEC errors:
downstream:
upstream:
1 or
LOCD events:
near end:
1
far end:
0
preparation.
DSL Statistics:
Init Events:
Far End LPR Events:
Transmitted Superframes: near end:
161749170
far end:
Received Superframes:
near end:
161748691
far end:
Corrected Superframes:
near end:
176
far end:
Uncorrected Superframes: near end:
369
far end:
near end:
far end:
near end:
far end:
10
far end:
Table of Contents
LOS Events:
Index
LOF/RFI Events:
ES Events:
near end:
CPEPub
Info:
ISBN: 1-58720-073-2
Version Number:
Vendor ID:
34
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 8-2: RFC 1483 Bridging over DSL

In this practical exercise, lab-827A and lab-827B are connected to the DSLAM and will be
configured using RFC 1483 bridging, as shown in Figure 8-13. DSLAM and NSP configuration
remain the same as in the previous exercise. For this exercise, you will assign the ATM interface
Tablesubinterfaces
of Contents
of the CPEs and
of the NRP to Bridge group 1. You will see the configuration output
Index
as well as some useful commands to verify the bridging configuration.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Examples 8-44 and 8-45 show the bridging configurations of both DSL CPE devices.
Table of Contents
Example 8-44.
Configuration Output for lab-827A
Index

lab-827A#show running-config
Building
Pub Date:configuration...
December 22, 2003
ISBN: 1-58720-073-2
Current configuration : 763 bytes

Pages: 528
!
version 12.2
Gain
hands-on
no service
pad
BCRAN exam.
exam concepts
!
hostname lab-827A
!
821subnet-zero
no
ip routing
network
!
interface
Ethernet0
Each
chapter includes
a review
ip address
10.2.2.2
255.255.255.0
office-based
no ip route-cache
bridge-group 1
preparation.
hold-queue 100 out
!
interface ATM0
mac-address 0001.96a4.84ac
ip address 10.2.2.2 255.255.255.0
no ip route-cache
pvc 0/35
Table of Contents
Index
!
dsl
auto
Puboperating-mode
ISBN: 1-58720-073-2
dsl power-cutback 0
Pages: 528
bridge-group 1
!
Gain
ip classless
BCRAN exam.
ip http server
!
exam concepts

call rsvp-sync
!
line con 0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642stopbits
821
BCRAN 1
line
vtysetting,
0 4 this book is useful in preparing a CCNP candidate for the general exam
network
!
scheduler
max-task-time
5000 interest.
of certification
Each
end chapter includes a review of the applicable technology, and guides the reader through
Example
preparation.8-45. Configuration Output for lab-827B
lab-827B#show running-config
!
version 12.2
Table of Contents
Index
no service pad


no Pub
service
password-encryption
Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
hostname lab-827B
!
Gain
hands-on
no logging
console
BCRAN exam.
!
ip subnet-zero
exam concepts
no ip routing
!
interface Ethernet0
ip address 10.2.2.3 255.255.255.0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642no BCRAN
ip route-cache
821
bridge-group
network
setting, 1
hold-queue
100 outcandidates for the new simulation-based questions that are on the Cisco
essential
in preparing
!
Each
chapterATM0
interface
office-based
lab,0001.96a4.8fae
mac-address
ip address 10.2.2.3 255.255.255.0
preparation.
no ip route-cache
pvc 0/35
!
dsl operating-mode auto
bridge-group 1
Table of Contents
Index
ip classless
ip http server
ip Pub
pimDate:
bidir-enable
December 22, 2003
ISBN: 1-58720-073-2
Pages: 528

!
Gain
line hands-on
con 0
BCRAN exam.
stopbits 1
line vty 0 4
exam concepts
!
end
applications.
Example
8-46Designed
shows the
asbridging
a topic-by-topic
configuration
guideof
ofthe
howCisco
to apply
6400.
candidates for theOutput
Example
8-46. Configuration
for lab-6400NRP
lab-6400NRP#show running-config
preparation.
!
version 12.2

!
hostname lab-6400NRP
Table of Contents
Index
logging rate-limit console 10 except errors

no logging console

ISBN: 1-58720-073-2
redundancy
Pages: 528
main-cpu
auto-sync standard
Gain
hands-on experience
no secondary
console enable
BCRAN exam.
ip subnet-zero
!
exam concepts
bridge irb
!
interface ATM0/0/0
no ip address
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642no BCRAN
atm ilmi-keepalive
821
hold-queue
500
inbook is useful in preparing a CCNP candidate for the general exam
network
setting,
this
!
interface
ATM0/0/0.135
point-to-point
of certification
interest.
Each
pvc chapter
1/35 includes a review of the applicable technology, and guides the reader through
office-based
encapsulation
aal5snap
!
preparation.
bridge-group 1
!
pvc 2/35
!
bridge-group 1
Table of Contents
Index

ISBN: 1-58720-073-2
Pages: 528
no ip address
shutdown
Gain
!
BCRAN exam.
interface FastEthernet0/0/0
no ip address
exam concepts
half-duplex
interface BVI1
ip address 10.2.2.1 255.255.255.0
ip
classless
network
ip
http in
server
essential
!
Each
!
office-based
!
!
preparation.
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
!
Table of Contents
Index
end

Example
Publisher:
8-47
Cisco
shows
Press that Bridge group 1 is running the IEEE Spanning Tree Protocol.
ISBN: 1-58720-073-2
Example
8-47. Displaying the Spanning Tree Protocol (IEEE)
Pages: 528
lab-6400NRP#show spanning-tree 1
Bridge group 1 is executing the ieee compatible Spanning Tree protocol
BCRAN exam.
Bridge Identifier has priority 32768, address 0000.0c7f.70fc
Configured
hello time 2, max age 20, forward delay 15
exam concepts
We Experience
are the root
of the access
spanning
treework in a real network with practice labs that walk
how remote
concepts
Topology change flag not set, detected flag not set
Number of topology changes 4 last change occurred 00:35:16 ago
from ATM0/0/0.235
BCRAN hold
exam 1,
andtopology
for workplace
challenges
in implementing
Times:
change
35, notification
2 remote access network
network setting,
this
useful
preparingdelay
a CCNP
hello
2,book
max isage
20,inforward
15candidate for the general exam
essential
in preparing
the new
Timers:
hello 0, candidates
topology for
change
0, simulation-based
notification 0,questions
aging 300
concepts,
interest.
Port 6 (ATM0/0/0.135)
of Bridge
group 1 is forwarding
Port path cost 14, Port priority 128, Port Identifier 128.6.
Designated root has priority 32768, address 0000.0c7f.70fc
Designated bridge has priority 32768, address 0000.0c7f.70fc
preparation.
Designated port id is 128.6, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 1663, received 2

Port 8 (ATM0/0/0.235) of Bridge group 1 is forwarding
Port path cost 14, Port priority 128, Port Identifier 128.8.
Designated root has priority 32768, address 0000.0c7f.70fc
Table of Contents
Designated bridge has priority 32768, address 0000.0c7f.70fc

Index
Designated port id is 128.8, designated path cost 0
Timers: message age 0, forward delay 0, hold 0

Number
of transitions
Pub
Date: December
22, 2003
to forwarding state: 1
ISBN: 1-58720-073-2
BPDU: sent 1527, received 1

Pages: 528
Example 8-48 shows the IP and MAC addresses of lab-827A and lab-827B. show arp is a useful
Gain
hands-on
experience
CCNP Remote
Access properly.
command
to verify
whetherofbridging
is configured
BCRAN exam.
Example
Information
Prepare8-48.
for theDisplaying
CCNP 642-821ARP
BCRAN
exam concepts
lab-6400NRP#show
arpimplementation
you through their
ReviewAddress
set-up guides that show
you howHardware
to prepareAddr
a lab for
study Interface
Protocol
Age (min)
Type
Ready 10.2.2.2
yourself for the new simulation-based
questions on the
CCNP BVI1
exams
Internet
31
0001.96a4.84ac
ARPA
CCNP
Practical
Studies: Remote Access (CCNP
readers
for the CCNP 642Internet
10.2.2.3
31
0001.96a4.8fae
ARPA
BVI1
applications.
Designed as a topic-by-topic- guide
of how to apply remote
Internet 10.2.2.1
0050.7359.35a6
ARPA access
BVI1 concepts in a real
concepts,
regardless
of certification
interest.
Example 8-49
illustrates
that both subinterfaces
are in the same bridge group (Bridge group 1),
and traffic is passed among them. show bridge is another useful command to debug RFC 1483
bridging.
Example 8-49. Displaying Classes of Entries in the Bridge Forwarding

Database
All
preparation.
lab-6400NRP#show bridge verbose

Total of 300 station blocks, 298 free
Codes: P - permanent, S - self

BG Hash
Address
Action
Interface
VC
Age
RX count
TX count
1 21/0
0001.96a4.8fae forward
ATM0/0/0.235
1 28/0
0001.96a4.84ac forward
ATM0/0/0.135
100
100
Table of Contents
Flood
portsIndex
(BG 1)
RX count
TX count
ATM0/0/0.135
ATM0/0/0.235


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
This chapter covered ADSL technology, Cisco DSL hardware components, and the configuration
of various DSL access architectures, such as IRB, RBE, PPPoA, and PPPoE. Keep in mind that
each DSL access architecture has its advantages and disadvantages. You should further research
Table of to
Contents
these architectures
discover the best implementation for your DSL network environment.
Index
CCNP Practical
Studies: Remote
Access
Table
8-3 summarizes
the commands
used in this chapter.

Table 8-3. Summary of Commands Used in This Chapter
ISBN: 1-58720-073-2
Pages: 528
Command
Description
slotslot# cardtype
Configures a slot for a specific card type.
dsl-profileprofile-name
Creates a DSL profile.
Gain
experience
of CCNP Remote
Access
topics withand
labminimum
scenariosallowed
for the new
642-821
dmthands-on
bitrate max
interleaved
Sets
the maximum
bit rates
for
BCRAN
exam. dmt-bitrate upstream
downstream
the fast-path and interleaved-path profile parameters.
dmt-bitrate
dmtPrepare
marginfor
downstream
the CCNP 642-821
dmtBCRAN
Sets
exam
the and
upstream
gain aand
better,
downstream
practical SNR
understanding
DMT
of
margin
exam
upstream
concepts
dmt-margin
margins.
dmtExperience
check-bytes
Sets work
the upstream
and downstream
checklabs
bytes.
howinterleaved
remote access concepts
in a real network
with practice
that walk
downstream
bytes
upstream
bytes
dmt interleaving-delay
Sets the interleaving delay parameter.
downstreamdelay-in-secs
upstream
Readydelay-in-secs
dmt training-mode {standard |
Sets the training mode in a DMT profile.
CCNP
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642quick}
applications.
bridge irb Designed as a topic-by-topicEnables
guide ofIRB.
bridgebridge-group
protocol
|
Specifies
the remote
bridge protocol
to define
theIttype
of
questions
by providing
a better{ieee
understanding
of how
access really
works.
is also
dec}
Spanning
Tree
Protocol.
certification
exams. Finally,
it serves anyone
wanting
a guide to
to be
real-world
of these
bridgebridge-group
routeprotocol
Specifies
a protocol
routed inapplication
a bridge group.
bridge-groupbridge-group
Assigns a network interface to a bridge group.
interface bvibridge-group
Enables a bridge
group
interface.
implementation
of the technology. This step-by-step
process
can virtual
be executed
on a home- or
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
RBE command. Typically used to associate
with anor
interface.
All
username
of the topics
name
on
password
the new 642-821
secret BCRAN
Configures
exam are
a username
covered, providing
and password
comprehensive
for local exam
preparation.
authentication.
encapsulation aal5mux ppp
Virtual-Templatenumber
Configures PPPoA encapsulation and associates a

virtual template with it.
interface virtual-template number
Creates a virtual template interface.
ip unnumberedinterface-namenumber
Conserves IP addresses by configuring the interface as

unnumbered, and assigns the IP address of the
interface type you want to leverage.
ip local pool name begin-ip-addressrange [end-ip-address-range]
Creates the local IP address pool.
peer default ip address pool
Specifies the pool for the interface to use.
poolname
Table of Contents
Index
pppPractical
authentication
{chap
| pap
CCNP
Studies: Remote
Access
|
Enables CHAP or PAP authentication on the interface.
chap pap | pap chap} [if-needed]
ip Publisher:
cef
Cisco Press
Enables Cisco Express Forwarding switching.
Pub Date:
December 22, 2003
vpdn
enable
Enables VPDN configuration.
ISBN: 1-58720-073-2
vpdn-group
Pages: 528number
accept-dialin
protocol pppoe
Configures a VPDN group to accept the dial-in and to

be used to establish PPPoE sessions. Specifies the
virtual template that will be used to clone virtualaccess interfaces.
virtual-template
template-number
Gain
hands-on experience
BCRAN exam.
ip mtubytes
Sets the MTU size of IP packets sent on an interface.
show dsl profile
Displays the DSL profile you changed.
exam
concepts
show
dsl status
Displays the status of the DSL subscriber ports on a
chassis.
show
dsl
interface
slot/port
Shows the status of a DSL port.
you
through
theiratm
implementation
show spanning-tree bridge-group
Displays information on which Spanning Tree Protocol
is running.
Ready
questions
exams
show
arp yourself for the new simulation-based
Displays the
entrieson
in the
the CCNP
ARP table.
CCNP
Remote Access (CCNP
Self-Study)
prepares
for theinCCNP
642showPractical
bridge Studies:
group [verbose]
Displays
the status
of each readers
bridge group
detail.
preparation.
Review Questions
1:
Which of the following modulation methods is not used for ADSL technology?
Table of Contents
Index
A. CAP
B. 2B1Q
C. DMT-2
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. G.lite
Pages: 528
2:
RFC 1483 when implemented is __________.
A.experience
Bridged of CCNP Remote Access topics with lab scenarios for the new 642-821
Gain hands-on
BCRAN exam.
B. Routed
C. the
Decrypted
Prepare for
exam concepts
D. Encrypted
3:through
PPPoAtheir
whenimplementation
implemented is __________.
you
A. Bridged
B. Routed
C. Decrypted
network setting,
D. this
Encrypted
essential
candidates
4:in preparing
Which of the
followingfor
interferences
degrades DSL services?
Each chapter A.
includes
Impedance
a review
changes
B. a
Bridged
taps
office-based lab,
remote-accessible
C. Crosstalk
preparation. D. Impulse hits
E. All of the above
5:
What is the function of the POTS splitter?
A. It separates low and high frequencies.

B. It manages ADSL signaling.
Table of Contents
Index
C. It generates ringing voltage.

Remote the
Access
D. It boosts
ADSL
signal.
6:
The DSL interface on a Cisco 827 is __________.

ISBN: 1-58720-073-2
A. An FDDI
interface
Pages: 528
B. A Frame Relay interface

C. A serial interface
D. An ATM interface
BCRAN 7:
exam.
With PPP over ATM, __________. (Choose all that apply.)
exam concepts
A. MAC frames are encapsulated into ATM cells
Experience
concepts work
in RFC
a real
B. how
UDPremote
frames access
are encapsulated
using
1483
C. IP packets are encapsulated into PPP frames and then into ATM cells
D. IP packets are encrypted
8: With RFC 1483 bridging, __________.
A. this
MACbook
frames
are passed
across the
bridge
after LLC/SNAP
information
network setting,
is useful
in preparing
a CCNP
candidate
for the general
examis
appended
B. IP frames
passed
acrosswanting
the bridge
unchanged
Finally, are
it serves
anyone
a guide
C. MAC frames are passed across the bridge unchanged
D. ofIPthe
packets
are encrypted
implementation
technology.
preparation.
9:
Which of the following cards in the Cisco 6400 can be used for Layer 3 packet
services?
A. NSP
B. NLC
Table of Contents
Index
C. NRP

D. NI-2
10: Cisco
Which
of
Publisher:
Press
the following is part of PPPoA configuration?

ISBN: 1-58720-073-2
Pages: 528
A.
encapsulation aal5mux ppp Virtual-Template 1
B. encapsulation aal5snap
C. atm route-bridged ip
Gain hands-on
CCNP Remote
D.experience
bridge 1 of
protocol
ieee Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
preparation.
Chapter 9. Frame Relay Connectivity and

Traffic Flow Control
This chapter Table

looksofatContents
the configuration of Frame Relay and the different traffic flow control
options. ThisIndex
chapter covers many topics related to Frame Relay:
Publisher:
Press
FrameCisco
Relay
Terminology
Frame
Relay Devices
ISBN: 1-58720-073-2
Pages: 528

Disabling
BCRAN
exam. or Reenabling Reverse ARP
Network-to-Network
Interface
exam concepts
User-Network
Interface
Experience how
preparation.

Before you begin your adventure with Frame Relay, you need to understand what it is. Frame
Relay is an industry-standard switched data link layer protocol operating at the physical and
data link layers of the OSI model. It can handle multiple virtual circuits (VCs) between Frame
Table
of Contents
Relay-capable
devices.
Figure 9-1 illustrates an American National Standards Institute (ANSI)
Index
T1.618 Frame Relay frame.
Figure 9-1. ANSI T1.618 Frame Relay Format

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
All
the topics
the new
642-821
BCRAN
Theoffields
of the on
Frame
Relay
frame are
as follows:
preparation.
Flag Used to identify the beginning and end of a frame.
Data-link connection identifier (DLCI) Identifies the path through the network to the
destination.
Command/response (C/R) Not generally used.

Extended address (EA) Identifies whether the header octet is followed by another
header octet. A value of 0 means that another octet follows. 1 identifies the last octet.
Forward explicit congestion notification (FECN) Used to inform the connected
devices of congestion in the network.
Tableexplicit
of Contents
Backward
congestion notification (BECN) Used to inform the connected
Index
devices of congestion in the network.
Discard
eligible
(DE)
UsedMorrow
to identify
a packet
ByWesley
Shuo, Dmitry
Bokotey
, Raymond
, Deviprasad
Kondathat
is eligible for discard during
congestion.
Data Can be used to carry any type of information.

ISBN: 1-58720-073-2
Cyclic
redundancy check (CRC) Used to detect transmission errors and cover the
header
and data fields.
Pages: 528
The 10-bit DLCI value is a logical number in the range of 16 to 107 used to identify the logical
connection or permanent virtual circuit (PVC) that will be multiplexed into the physical circuit.
The DLCI has significance only between your customer premises equipment (CPE) and your
provider's Frame Relay switch. Because the DLCI is used to differentiate between different
conversations on the same physical circuit, you can think of it as the heart of the Frame Relay
BCRAN exam.
header. Without it, your Frame Relay access device (FRAD) could not identify the different data
streams passing through it.
Frame Relay provides you with a packet-switching data communications capability that is used
exam concepts
across a data network interface to identify how the traffic will be formatted between your devices
(suchExperience
as routers,how
switches,
multiplexers,
and concentrators)
and yourwith
service
provider's
network
remote
access concepts
practice
labs that
walk
equipment
(such
as
Frame
Relay
switching
nodes).
You
need
to
know
a
couple
terms
used
in
Frame Relay. Your devices are often called data terminal equipment (DTE), and your service
provider's
network
oftenyou
called
data
circuit-terminating
equipment (DCE).
Review
set-upequipment
guides thatisshow
how
to prepare
a lab for study
As the
interface
between
thenew
DTEsimulation-based
and DCE, Frame questions
Relay must
a technique
Ready
yourself
for the
onprovide
the CCNP
exams that can
statistically multiplex many logical data conversations over your single physical transmission
link.
you are Studies:
familiar with
systems
that
use only
time-division
multiplexing
(TDM)
techniques
CCNPIfPractical
Remote
Access
(CCNP
Self-Study)
prepares
readers for
the CCNP
642to
support
data
this
techniqueinmight
seem alien
to you.
Because
Frame Relay
821
BCRANmultiple
exam and
forstreams,
workplace
challenges
implementing
remote
access
network
was
conceived
to replace
protocols,
itshow
statistical
multiplexing
provides
morein a real
applications.
Designed
as less-efficient
a topic-by-topic
guide of
to apply
remote access
concepts
flexible
efficient
ofisavailable
a traditional
circuit.
Youexam
should be
networkand
setting,
this use
book
useful inbandwidth
preparing than
a CCNP
candidateTDM
for the
general
aware
thatby
you
can run aFrame
on top of the
channels
provided
by a TDM
circuit,
you
questions
providing
betterRelay
understanding
of how
remote
access really
works.
It is or
also
can
run Frame
Relay without
any for
TDM
techniques.
essential
in preparing
candidates
the
Frame
Relay
is a high-performance
protocol. It is standardized in the U.S. as an ANSI
concepts,
regardless
of certification WAN
interest.
standard and internationally as an International Telecommunication Union Telecommunication
Standardization
Sectora(ITU-T)
standard.
It operates
at the physical
andthe
data
link layers
of the
review of
the applicable
technology,
and guides
reader
through
OSI
reference model,
like Ethernet
and Token Ring.
implementation
of themuch
technology.
This step-by-step
Frame
was created
to develop the next-generation protocol to replace X.25 that would be
even asRelay
a stand-alone
guide.
carried across an ISDN interface, but it has been adapted to operate successfully over a wide
variety
of topics
other on
network
interfaces
asBCRAN
well. Originally,
technology
was
developed to operate
All of the
the new
642-821
exam are WAN
covered,
providing
comprehensive
exam
over
low-quality transmission lines. Frame Relay can exploit the recent advances in WAN
preparation.
transmission technology. Because the earlier transmission lines were predominately analog
transmission facilities, protocols such as X.25 were overengineered with extensive error checking
and correction techniques to combat the quality of the communications across copper
transmission lines. Although Frame Relay does not implement error checking, it does frame error
checking and sends any error information to upper-layer protocols for any necessary actions,
such as a TCP retransmission.

Today's links are much more reliable, often running across fiber media/digital transmission links.
Because of this, Frame Relay can leave error detection and correction up to the higher protocol
layers. Frame Relay does include a CRC algorithm for use in detecting corrupted bits so that the
data can be discarded, but it does not include any protocol mechanisms for correcting bad data.
Frame Relay does not need to provide the explicit, per-VC flow control that X.25 implements. In
Table of Contents
its place, Frame
Relay uses a simple congestion-notification mechanism that allows a network to
Index
inform a FRAD
that the network resources are close to a congested state. This notification can
CCNP
Practical
Access
also be
used Studies:
to alertRemote
the higher-layer
protocols that flow control might be needed.
By using Frame Relay, you can reduce your network complexity and simplify your network
architecture
by supporting the three-tiered network model of core, distribution, and access
layers. Frame Relay supports many different topologies for the placement of your network
equipment, including full, partial, and hybrid meshing.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Frame Relay Terminology

Before continuing with the discussion of Frame Relay, you should take a moment to familiarize
yourself with the terms listed in Table 9-1. You will see these terms throughout this chapter.
Table of Contents
Index
Table 9-1. Frame Relay Key Technical Terms

Acronym
Definition
Bc
Be
Committed burst rate
ISBN: 1-58720-073-2
Pages: 528
Excess burst rate
BECN
Backward explicit congestion notification
CIR
Committed information rate
DCE
Data communications equipment
BCRAN
exam. Discard eligible
DE
DLCI
Data-link connection identifier
DTE exam concepts
Data terminal equipment
FECN
Forward explicit congestion notification
Frame
you
Relay
throughIdentifies
the maximum, or peak, Frame Relay data rate. This is computed
Data Rate
using the following formula: (Bc + Be) / Be * CIR.
LMI
Local Management Interface
MaxR
Maximum data rate
CCNP
Remote Access
(CCNP Self-Study) prepares readers for the CCNP 642NNI Practical Studies:
Network-to-Network
Interface
PVC
Permanent
virtual circuit guide of how to apply remote access concepts in a real
applications.
Designed
as a topic-by-topic
SVC
Switched virtual circuit
essential
in preparing
candidates
UNI
User-Network
Interface
0-CIR service
Some
providers
offer a 0 CIR. Not exceeding CIR in this case means
concepts,
regardless
of service
certification
interest.
providers
that traffic is not sent across the line. This is ideal for voice implementations,
(SPs)chapter includes
but Service
Level
Agreements
(SLAs)
must be
negotiated
with
yourthrough
SP to
Each
a review
of the
applicable
technology,
and
guides the
reader
ensure
that good quality
is maintained
across
your
implementation of
the technology.
This step-by-step
process
can
be circuit.
executed on a home- or
preparation.
Frame Relay Devices

All Frame Relay devices that can attach to a Frame Relay WAN fall into only two general
categories:
Table of Contents
DTE
Index
DCE
DTE
ISBN: 1-58720-073-2
DTE is commonly the terminating equipment for a specific network that communicates directly
Pages: 528
with an end user or network. DTE typically is located on the customer premises, usually close to
the SP's demarcation point. DTE usually is owned and operated by the customer.
DCE
BCRAN exam.
DCE provides clocking and switching services in a network. The DCE converts user data from
your DTE into an acceptable form for the WAN service facility. DCEs are usually the carrierPrepare
for the CCNP
642-821
exam and
better, practical
understanding
owned
internetworking
devices
that BCRAN
are responsible
forgain
the a
transmission
of data
in the WAN. of
exam
concepts
Figure 9-2 illustrates the relationship between a DCE and DTE.
Figure 9-2. DTE/DCE Relationship
preparation.
Relationship Between DTE and DCE

The connection between the DTE device and the DCE device exists as a physical layer
component, but it also contains a link layer component. The link's physical layer component
defines the specifications used to connect the devices. The link's link layer component specifies
how the connection is established between the DTE device and the DCE device.
of Contents
The DTE/DCETable
interface
is typically used to identify the boundary of responsibility for the traffic
Index
passing between you and your service provider. The physical standards used to specify the
CCNP
Practical
Studies:include
Remote EIA/TIA-232,
Access
DTE/DCE
interface
X.21, EIA/TIA-449, V.24, V.35, and HSSI (Ciscoproprietary).

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

One of the first items you need to consider when designing a Frame Relay network, or any type
of regional WAN, is how the connectivity will be laid out. When you are considering your Frame
Relay for your choice in WAN mediums, you can choose from three basic design approaches:
Table of Contents
Index
Star topology
A topology
CCNP Practical
Studies: Remote
Access
in which endpoints on a network are connected to a common

central
switch
by
point-to-point
links. The star topology's advantages include simplified
management and minimized tariff costs. Unfortunately, its disadvantages are considerable.
For example, the core router represents a single point of failure and limits overall
performance for access to your backbone resources, because each end device arrives
Pub
Date: December
22, physical
2003
through
a single
connection. Another disadvantage is that a star topology is not
ISBN:
1-58720-073-2
scalable.
Pages: 528
Full-mesh topology A topology in which devices are organized in a mesh, with each
network node having either a physical circuit or a virtual circuit connecting it to every other
network node. The full-mesh topology offers some advantages over the star topology, such
as a high level of redundancy and support for all network protocols. One disadvantage is
the large number of virtual circuits required (one for every connection between routers),
resulting in higher costs. Other disadvantages are replication of a large number of
BCRAN exam.
packets/broadcasts and the problems associated with it, and the complexity of
configuration resulting from multicast capabilities in nonbroadcast environments.
Partial-mesh
exam conceptstopology A topology in which devices are organized in a mesh. Some
network nodes are organized in a full mesh, but others are connected to only one or two
other
nodeshow
in aremote
network.
Whenconcepts
you combine
topology
with thelabs
star that
topology,
Experience
access
work the
in a full-mesh
real network
with practice
walk
you
can
enjoy
the
advantages
offered
by
both
topologies
for
your
network
environment,
including improved fault tolerance, without sacrificing performance and management
problems.
Several
forms
partial-mesh
are considered to provide
Review set-up
guides
thatofshow
you how topologies
to prepareexist.
a lab They
for study
the best balance for regional topologies in terms of the number of virtual circuits,
Ready yourself
redundancy,
and
forperformance.
As youPractical
CCNP
can see,Studies:
each of Remote
these topologies
Access (CCNP
has itsSelf-Study)
advantagesprepares
and disadvantages.
readers for the
YouCCNP
should
642821 BCRAN
consider
these
exam
in your
and for
overall
workplace
network
challenges
design. in implementing remote access network
preparation.

One reason for Frame Relay's popularity is its capability to logically create multiple connectionoriented data link layer communication paths between two devices across a single physical
interface. These VCs provide you with a bidirectional communications path that can exist
Table pair
of Contents
between a single
of equipment, commonly called a point-to-point connection, or between
Index
multiple pairs of equipment, also known as a partial or full mesh. Each of these VCs is identified
CCNP
Practical data
Studies:
Access identifier (DLCI) that differentiates the communications
by a unique
linkRemote
connection
between
different
By
Wesley Shuo
, Dmitrydevices.
VCs can be mapped across any service provider's Frame Relay network without regard for the
number of hops the connection will cross. A VC is not limited to three devices, two DTEs, and a
DCEPub
when
traveling from source to destination. Just remember that each hop adds to your
ISBN:
1-58720-073-2
circuit's overall
delay because of the processing that each device needs to do to read the packet
Pages:
528
and send
the
packet toward its destination.
VCs can be divided into two separate categorizesswitched virtual circuits (SVCs) or permanent
virtual circuits (PVCs).
BCRAN exam.
SVCs
The SVC gives you a way to automatically create temporary connections between DTE devices in
the Frame Relay network that can be used in on-demand situations, such as those requiring only
exam concepts
sporadic data transfer. An SVC's communication component consists of the following four
operational
states:
Experience
Call setup Indicates that the establishment of the SVC between two Frame Relay DTE
devices is currently being negotiated.
Data transfer Indicates that data is being transmitted between DTE devices over an
CCNPSVC.
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
Idle Indicates that the SVC between DTE devices is still active, but no data is currently
being transferred.
Call termination Indicates that the SVC between DTE devices is being terminated.
NOTE
office-based
a remains
remote-accessible
lab, some
simulation
When anlab,
SVC
in an idle state
for a networking
defined period
of time,software
the SVC programs,
can be tornor
even down
as a stand-alone
guide.
and the call terminated.
preparation.
After the termination of an SVC is complete, if additional data needs to be transmitted between
the DTE devices, a new SVC is established. Cisco devices use the same signaling protocols used
by ISDN to establish, maintain, and terminate SVCs.
PVCs
The PVC, unlike the SVC, establishes a permanent connection between your DTE devices. This
type of circuit is typically used for frequent and consistent data transfers across the Frame Relay
network. Because PVC establishment does not require call setup or termination, it is always up.
PVCs have only two operational states:
Table of Contents
Data transfer
Indicates that data is currently being transmitted between the DTE
Index
devices Studies:
over the
PVC. Access
CCNP Practical
Remote
Idle Indicates that the connection between DTE devices is active, but no data is currently
being transferred between DTE devices.

ISBN: 1-58720-073-2
Pages: 528
NOTE
Because a PVC connection has no call setup or termination, it is not terminated under
any circumstances when in an idle state, unlike the SVC idle state. SVCs encounter
startup delays after an idle period.
BCRAN exam.
As soon as the PVC is established, your DTE devices may transfer data whenever they are ready,
Prepare
for the
CCNP 642-821
BCRAN
exam and
a better, practical understanding of
without
the delay
associated
with the
establishment
of gain
an SVC.
exam concepts
preparation.

The actual configuration of Frame Relay when you use IOS is fairly simple. Frame Relay requires
that you configure only two items, assuming that Inverse ARP is used, to establish a connection
and start passing traffic. The tasks described in the following sections are required for Frame
Table of Contents
Relay to function.
Index
Enabling Frame Relay Encapsulation
Cisco
ThePublisher:
first step
in Press
configuring Frame Relay on your FRAD is to enable Frame Relay encapsulation
Pub
Date:
December
2003
on the interface that22,you
will use for the connection.
ISBN: 1-58720-073-2
You can
configure
Frame Relay to support encapsulation of all protocols that conform to RFC
Pages:
528
1490 to create interoperability between multiple vendors. You can use the Internet Engineering
Task Force (IETF) form of Frame Relay encapsulation if your FRAD is connected to another
vendor's equipment across a Frame Relay network. You can use IETF encapsulation on the
interface level or on a per-VC basis.
Gain
hands-on
experience
of CCNP Remote
Access
withshut
lab down
scenarios
for the new
642-821
One optional
item
often overlooked
is the fact
that topics
you must
the interface
before
BCRAN
exam.
changing encapsulation types. By doing this, you ensure that the interface is reset and is using
the new encapsulation type.
exam concepts
DLCI
youthe
through
their
implementation
You use
DLCI to
differentiate
the Frame Relay VCs from each other. The DLCI value is
usually assigned by the service provider of your Frame Relay circuit.
Frame Relay DLCIs have only local significance to the DTE/DCE pair that they are configured on,
which means that their values need only be unique in the LAN. Because of this, any Frame Relay
DLCIs
may be reused
throughout
the WAN.
CCNP Practical
Studies:
Remote Access
Figure 9-3 illustrates how two different DTE devices can be assigned the same DLCI value within
one Frame Relay WAN.
Figure 9-3. Duplicate DLCIs on Each End of a VC
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Frame
Relay Signaling
Frame Relay was not designed to include a built-in mechanism to address network outages.
Instead, the Local Management Interface (LMI) signaling protocol was developed to exchange
keepalives and to pass administrative information, such as the addition, deletion, or failure of
PVCs. These messages are exchanged only between the DTE/DCE pair and are never transmitted
BCRAN exam.
across the network in-band of the PVC.
Within IOS, you can assign the LMI type by using a static assignment or a feature called LMI
autosense. A statically defined LMI type comes in three different standards:
exam concepts
ansi The Annex D standard defined by the ANSI standard T1.617.
q.933 The ITU-T Q.933 Annex A standard.
cisco The original LMI type defined by the Gang of Four: Cisco, Digital Equipment
Corporation, Northern Telecom, and StrataCom. cisco is the default LMI type on a Cisco
router.
NOTE
certification
Finally,
it serves
anyone
The LMIexams.
autosense
feature
is covered
in wanting
the next asection.
implementation
of the
This step-by-step
process
can of
bethe
executed
on LMI
a homeThe term LMI refers
to technology.
a specific signaling
protocol, but
all three
definable
typesor
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
available in IOS are generally referred to as LMI. Be careful when deciding which type you will
even
as
a
stand-alone
guide.
use. Even though all the LMI types are designed to support the same basic functionality, there
are enough differences between them that the interfaces on your DTE/DCE pair must run the
same LMI type, or you will experience unpredictable results.
preparation.
By default, the FRAD sends LMI status messages to the WAN every 10 seconds. A full status
request is sent as every sixth LMI status query. The WAN responds with a long status message,
including any new events that have occurred since the last long status message.
You can use the following command to set the LMI type that your interface will use to
communicate with the Frame Relay switch:
Table of Contents
Index
R4(config-if)#frame-relay lmi-type [cisco | ansi | q933a]


ISBN: 1-58720-073-2
LMI Autosense
Pages: 528
Cisco FRADs running Cisco IOS Release 11.2 and above support the LMI autosense feature. LMI
autosense lets you "sense" the LMI sent by one device that has the LMI type configured, usually
on your service provider's WAN equipment, preventing possible misconfiguration.
Gainautosense
hands-on is
experience
of CCNP
Remote
Access
topicssituations:
LMI
automatically
enabled
in the
following
BCRAN exam.
The router is powered up or the interface changes state to up.
The
line
protocol is down, but the line is up.
exam
concepts
The
interface
is aremote
Frameaccess
Relay DTE.
Experience
how
The LMI type is not explicitly configured on the interface.
When LMI autosense is active, the FRAD sends a full status request in all three LMI message
formats
to the
WAN equipment.
starts with ANSI,
and thenon
uses
and
finally Cisco in rapid
Ready
yourself
for the new It
simulation-based
questions
theITU,
CCNP
exams
succession. LMI information is passed on DLCI 0 for both the Cisco LMI and Q.933a LMI types.
CCNPinformation
Practical Studies:
Remote
Access
prepares
forworks
the CCNP
642LMI
is passed
on DLCI
1023(CCNP
for theSelf-Study)
ANSI LMI type.
LMI readers
autosense
because
821 Frame
BCRANRelay
examcode
and in
forIOS
workplace
challenges
in implementing
access
network
the
can listen
to both DLCI
1023 and 0 remote
at the same
time.
When
thesetting,
three messages
theinswitch,
one a
orCCNP
more candidate
of them elicit
a reply,
sentexam
back in the
network
this book reach
is useful
preparing
for the
general
form
of a status
message.
Your FRAD
then decodes
theremote
reply'saccess
formatreally
to configure
the
questions
by providing
a better
understanding
of how
works. It
is interface's
also
LMI
type in
automatically.
Accommodating
switches that
can support
LMICisco
types
essential
for the intelligent
questions
that multiple
are on the
and
send more
than Finally,
one reply
is handled
by the
FRAD,
configures
itself
using theoflast
LMI
certification
exams.
it serves
anyone
wanting
a which
guide to
real-world
application
these
type
received.
Now, ifofyou
look backinterest.
at the sequence in which the LMI messages are sent, the
concepts,
regardless
certification
order should make more sense to you.
If
LMI autosenseoffails
detect the This
correct
LMI type, a
retry interval
is initiated.
every or
N391
implementation
theto
technology.
step-by-step
process
can be executed
onFor
a hometime
interval,lab,
which
has a 60-second default,
LMI
autosensesimulation
retries its software
automaticprograms,
LMI
office-based
a remote-accessible
lab, some
networking
or
configuration
sequence.
guide.
preparation.
Disabling or Reenabling Inverse ARP

Inverse ARP is used to build dynamic address mappings in Frame Relay networks running
AppleTalk, Banyan VINES, DECnet, IP, Novell IPX, and XNS. Inverse ARP allows your FRAD to
discover the protocol address of a device associated with the VC.
Table of Contents
Inverse ARP Index

is enabled by default, but you have the option of explicitly disabling it for a given
CCNP
Practical
Remote
protocol
and Studies:
DLCI pair.
YouAccess
should disable or reenable Inverse ARP under the following
conditions:
Publisher:
Cisco Press
You should
disable
Inverse ARP for a selected protocol and DLCI pair when you know that
on the other end of the connection.
Pub
Date:
December
the
protocol
is22,
not2003
supported
ISBN: 1-58720-073-2
You
should
reenable Inverse ARP for a protocol and DLCI pair if conditions or equipment
Pages:
528
change and the protocol is then supported on the other end of the connection.
Inverse ARP is not required if you use a point-to-point interface, because there is only a single
destination, and discovery is not required.
Gain
hands-on
experience
ofspecific
CCNP Remote
topics
with
labthe
scenarios
forcommand:
the new 642-821
To
enable
Inverse
ARP for a
protocolAccess
and DLCI
pair,
use
following
BCRAN exam.
exam concepts
R4(config-if)#frame-relay inverse-arpprotocol dlci
To
disable Frame
Relayas
Inverse
ARP for a specific
and DLCI
pair,access
use the
following
applications.
Designed
a topic-by-topic
guide ofprotocol
how to apply
remote
concepts
in a real
command:
R4(config-if)#no frame-relay inverse-arpprotocol dlci
preparation.

To support a partially meshed Frame Relay network, you should use Cisco IOS's subinterface
capabilities. Most protocols in use today need to believe that they have transitivity on a logical
network. They assume that if Station A can talk to Station B, and Station B can talk to Station C,
Tablebe
of Contents
Station A should
able to talk directly to Station C. Although this concept of transitivity is
Index
mostly true on LANs, it is not true on a Frame Relay network unless Station A is directly
CCNP
Practical
Access
connected
to Studies:
StationRemote
C.
One other item that certain protocols have an issue with on partially meshed networks, such as
AppleTalk and transparent bridging, is split horizon. Split horizon states that when a packet is
received on an interface, it cannot be sent out the same interface, even if it is received and
transmitted
on different VCs.
ISBN: 1-58720-073-2
FramePages:
Relay
528
uses subinterfaces to overcome the issues raised by split horizon by ensuring that a
single physical interface is treated as multiple virtual interfaces.
Virtual interfaces are seen as being separate from other virtual interfaces. This allows packets
that are received on one virtual interface to be forwarded out another virtual interface, even if
the virtual interfaces are configured on the same physical interface.
BCRAN
exam. also address the limitations of Frame Relay networks by giving you a way to
Subinterfaces
subdivide your partially meshed Frame Relay network into a number of smaller, fully meshed (or
point-to-point)
You assign
each
subnetwork
own network
numbers,
making of
it
Prepare forsubnetworks.
the CCNP 642-821
BCRAN
exam
and gainits
a better,
practical
understanding
appear
to
the
protocols
as
if
these
networks
can
be
reached
through
a
separate
interface.
If
you
exam concepts
have transparent bridging in your networking environment, each subinterface is viewed as a
separate
bridge port.
Experience
NOTE
point-to-point
subinterface
can be
implemented
as an
unnumbered
interface
when 642CCNPAPractical
Studies:
Remote Access
(CCNP
Self-Study)
prepares
readers
for the CCNP
used
with
IP,
reducing
the
addressing
burden
that
might
otherwise
result.
Subinterface
Addressing
When you use point-to-point subinterfaces, the destination is identified or implied by the use of
the
frame-relay
interface-dlci
command.
Whentechnology,
you use multipoint
subinterfaces,
the
Each
chapter includes
a review of
the applicable
and guides
the reader through
destinations
can of
bethe
dynamically
resolved
through theprocess
use of Frame
Inverse
or can
implementation
technology.
This step-by-step
can beRelay
executed
on aARP
homeor be
statically
mapped
the use of the
map simulation
command. software programs, or
office-based
lab, athrough
remote-accessible
lab,frame-relay
some networking
All
of the topics on
new 642-821 BCRAN
Addressing
onthe
Point-to-Point
Subinterfaces
preparation.
You can use the following command to address a point-to-point subinterface:
R2(config-subif)#frame-relay interface-dlcidlci
Table of Contents
Index

NOTE
If Date:
you define
a 22,
subinterface
Pub
December
2003
as a point-to-point subinterface, you cannot reassign the

same
subinterface
number
as
a multipoint subinterface without first rebooting the
ISBN: 1-58720-073-2
device.
Pages: 528
Inverse ARP on Multipoint Subinterfaces

Inverse
ARP provides dynamic address mapping for Frame Relay. Inverse ARP sends a request
BCRAN exam.
to map the next-hop protocol address for a specific connection given a DLCI. Responses to the
Inverse ARP request are entered in an address-to-DLCI mapping table on the FRAD. The table
Prepare
for used
the CCNP
642-821
BCRAN exam
and address
gain a better,
of
entries
are then
to supply
the next-hop
protocol
or the practical
DLCI for understanding
outgoing traffic.
exam concepts
Because you now have a physical interface that is logically divided into multiple subinterfaces,
Experience
remote access
work
in a real network
with practicefrom
labs the
that walk
you must
providehow
information
so thatconcepts
a specific
subinterface
can be distinguished
youinterface
through and
theircan
implementation
physical
be associated with a specific DLCI.
Review
set-up
guidescommand
that showtoyou
how to prepare
a lab for study
You can
use the
following
accomplish
this task:
R2(config-if)#frame-relay interface-dlcidlci
Inverse
is enabledguide.
by default for all the protocols it supports, but you can disable it for
even as ARP
a stand-alone
specific protocol-DLCI pairs. Because of this option, you can use dynamic mapping for some
protocols
and static
mapping
for others
on the
same
DLCI.
You can
also explicitly
disable Inverse
All of the topics
on the
new 642-821
BCRAN
exam
are
covered,
providing
comprehensive
exam
ARP
for
a
protocol-DLCI
pair
if
you
know
that
the
protocol
is
not
supported
on
the
other end of
preparation.
the connection.
Static Address Mapping on Multipoint Subinterfaces
You can use a static map to link a specified next-hop protocol address to a specified DLCI. When
you use static mapping, inverse ARP is automatically disabled for the specified protocol on the
specified DLCI.
You are required to use static mapping if the router at the other end either does not support
inverse ARP or does not support inverse ARP for a specific protocol you want to use.
You can use the following commands to establish static mapping according to your network
Table of Contents
needs:
Index


ISBN: 1-58720-073-2
Pages: 528
R2(config-if)#frame-relay mapprotocol protocol-address dlci [broadcast] [ietf]

[cisco]
Gain hands-on experience of CCNP
Access
R2(config-if)#frame-relay
map Remote
clnsdlci
[broadcast]
BCRAN exam.
R2(config-if)#frame-relay map bridgedlci [broadcast] [ietf]
exam concepts
Table 9-2 lists the supported protocols and their corresponding keywords.
Table 9-2. Supported Protocols for Static Mapping
Supported Protocol
Corresponding Keyword
network
setting, this book is useful in preparing
IP
ip a CCNP candidate for the general exam
DECnet in preparing candidates for the new simulation-based
decnet
essential
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world application of these
AppleTalk
appletalk
XNS
xns
Novell IPX
ipx
implementation
of the technology. This step-by-step
office-based
lab,
a
remote-accessible
lab,
some
networking
VINES
vines
ISO CLNS
clns
preparation.
You must use the broadcast keyword for routing protocols such as OSI protocols and the Open
Shortest Path First (OSPF) protocol.
Configuring a Backup Interface for a Subinterface

You can use a backup interface with both a point-to-point subinterface and a multipoint Frame
Relay subinterface. This allows individual PVCs to be backed up in case of failure rather than
depending on the entire Frame Relay connection to fail before any redundancy takes over. You
can configure a subinterface for backup on failure only, not for backup based on loading of the
line.
Table of Contents
Index
Any backup interface
you configure for the main interface has precedence over any subinterface
CCNP
Practical
Studies:
Access
backup
interface
youRemote
have configured
when a complete loss of connectivity is experienced.
Because
of
this,
a
subinterface
backup
is ,activated
Deviprasad only
Kondaif the main interface is up or if it is down
and does not have a backup interface defined. If a subinterface fails while the backup interface is
in use, and the main interface goes down, the backup subinterface remains connected.
Date:
22, 2003commands to configure a backup interface for a Frame Relay
YouPub
can
useDecember
the following
ISBN:
1-58720-073-2
subinterface:
Pages: 528
BCRAN exam.
R2(config)#backup
interface
type
number
642-821
BCRAN
exam concepts
R2(config-if)#backup delayenable-delay disable-delay
preparation.
Network-to-Network Interface
One item of concern for a service provider is the possibility that a Frame Relay network might
cross between two networks that might not be Cisco equipment. Because each vendor supports
Frame Relay standards, they are also given the option of providing customizations that
Contents
differentiate Table
their of
product
form another vendor's product.
Index
CCNP
Practical intervendor
Studies: Remote
Access
To facilitate
communication,
the Network-to-Network Interface (NNI) port was
defined
as
a
bidirectional
protocol
to
allow
configuration,
Konda administration, and control information
to be communicated between two networks. NNI consists of two independent unidirectional
signaling protocols, one from each network, to provide bidirectional communication.
Date: December
2003
NNIPub
supports
status22,
exchanges
between the two networks, much like the exchanges between a
ISBN:
1-58720-073-2
DTE/DCE pair. The biggest difference between NNI communications and DTE/DCE pair
communications
Pages: 528
is that both sides can initiate a query message exchange, and both sides can
respond with either a short or long status message.
BCRAN exam.
exam concepts
preparation.
User-Network Interface
The User-Network Interface (UNI) port defines a unidirectional protocol that allows your FRAD to
request information about all available PVCs in your service provider's Frame Relay equipment.
Your FRAD can then use this information to ensure its proper configuration for the transmission
Table
of Contents
or acceptance
of any
DLCI defined on your service provider's equipment.
Index
CCNP
Practical
Studies:
Because
of the
UNI'sRemote
natureAccess
(it is the signaling protocol used between the DTE and the DCE), it
does
not
allow
for
full
configuration,
administration,
and control between two peer devices.
, Deviprasad Konda

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Congestion is a problem that plagues the WAN environment more than the LAN environment in
networking today. With the speed of today's LAN networks (up to 10 Gb on some interfaces),
congestion is not as big a problem in the LAN environment as it has been in the past. Congestion
Table
of Contents
usually occurs
when
you try to shove 10 Gb of information through a 1.5 Mbps T1 Frame Relay.
Index
CCNP
Practicalthat
Studies:
Remote Access
One reason
congestion
still is a problem in today's environment is that the developers of
WAN
protocols
must
deal
with
the overhead
associated
with any type of congestion control,
Morrow, Deviprasad
Konda
causing an increase in congestion. When you are paying a premium for limited speed, you don't
want a significant amount of management traffic taking resources away from the critical data
that the link was originally purchased for. Frame Relay can reduce this network overhead by
implementing
a simple congestion-notification mechanism rather than explicit, per-VC flow
ISBN: 1-58720-073-2
control.
Pages: 528
Shortcomings of CIR
Frame Relay networks provide guaranteed throughput to your critical traffic as long as your data
rate falls below the established CIR. If your data rate exceeds the established CIR, the network
BCRAN exam.
devices can set a DE bit on the exceeded frames. The DE bit is covered in more detail later in
this chapter.
Unfortunately, CIR is not an adaptable setting that can provide flexibility when your traffic rates
exam concepts
vary. Service providers often offer their customers the option of bursting above CIR for a defined
period
of time to how
handle
the bursty
of LAN
crossing
a serial
Committed
Experience
remote
accessnature
concepts
worktraffic
in a real
network
with interface.
practice labs
that walk
burst you
(Bc)through
size andtheir
excess
burst
(Be)
size
define
the
amount
of
traffic
you
can
burst
above your
implementation
CIR.
Bc defines the maximum amount of bursty traffic under normal conditions. Be defines the
maximum
offor
bursty
traffic
in excess of Bc that
Frameon
Relay
attempts
to transfer over a
Readyamount
yourself
the new
simulation-based
questions
the CCNP
exams
set period of time. If the number of frames entering the Frame Relay network is greater than Bc
+
Be, Practical
and the DE
bit is set
to 1, Access
these frames
discarded.
CCNP
Studies:
Remote
(CCNP are
Self-Study)
NOTE
essential
Be is regardless
used to determine
the maximum
concepts,
of certification
interest.data rate (MaxR) for the Frame Relay circuit.
MaxR is measured in bits per second and uses the following formula:
MaxR = [(Bc
Be)
/ Bc] * CIRThis step-by-step process can be executed on a home- or
implementation
of+the
technology.
If
is encountered
in a Frame
Relay
network,
two different
congestion-notification
Allcongestion
of the topics
on the new 642-821
BCRAN
exam
are covered,
providing
comprehensive exam
mechanisms
can
be
used
to
inform
the
devices
on
the
circuit:
preparation.
FECN
BECN
Figure 9-4 illustrates the directions of FECN and BECN. Notice that FECN travels in the direction
of congestion, and BECN travels in the opposite direction of congestion.
Figure 9-4. FECN and BECN Directions
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
FECN and BECN each use a single bit in the Frame Relay frame header for congestion
notification. Frame Relay also reserves another bit in the header, the DE bit, to mark traffic that
may be discarded in the event of congestion.
BCRAN exam.
The FECN Bit
Prepare
forlocated
the CCNP
642-821
BCRAN
exam
and gain
a better,
practical
understanding
The FECN
bit is
in the
Address
field of
the Frame
Relay
header.
The FECN
mechanism,of
exam
concepts
used when a DTE device sends frames into the Frame Relay network, is set to 1 when congestion
is present. After the frames reach the destination DTE device, the Address field (with the FECN
Experience
how remote
access
in a real
network with
practicealong
labs that
walk
bit set)
can be examined.
If the
bit isconcepts
set to 1,work
the frame
experienced
congestion
the path
you
through
their
implementation
from the source DTE to the destination DTE. This information can then be sent to a higher-layer
protocol for processing. Depending on the implementation of the higher-layer protocol, this
information may be used to initiate some type of flow control, or it may be ignored.
The
BitStudies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CCNPBECN
Practical
applications.
topic-by-topic
how toRelay
applyheader.
remoteThe
access
concepts
in a real
The
BECN bit Designed
is locatedas
in athe
Address fieldguide
of theofFrame
value
of the BECN
is
network
setting,
thisdevice
book is
in traveling
preparingina the
CCNP
candidate
for the
set
to 1 by
the DCE
foruseful
frames
opposite
direction
ofgeneral
frames exam
that have their
questions
by providing
a bettertells
understanding
of DTE
howdevice
remotethat
access
works.
It through
is also the
FECN
bit set.
This information
the receiving
this really
particular
path
essential is
incurrently
preparingexperiencing
candidates for
questions
that
are
the Cisco
network
congestion.
This information can
then be
sent
to on
a higher-layer
certification
exams. Finally,
it serves
wanting a guide
to real-world
application
these
protocol
for processing.
Depending
onanyone
the implementation
of the
higher-layer
protocol,of
this
of certification
interest.
information
may be used
to initiate some
type of flow control, or it may be ignored.
even NOTE
All ofAthe
topics
on the
newFECN/BECN
642-821 BCRAN
exam
providing
comprehensive
exam
quick
review
of the
bit tells
you are
thatcovered,
a set FECN
bit indicates
that a
preparation.
frame encountered congestion, and a set BECN bit notifies the sender of congestion
conditions on the circuit. The BECN frame might or might not have encountered any
congestion of its own.
Frame Relay Discard Eligibility

Just like traffic that traverses your LAN, certain traffic crossing your WAN needs to have a higher
priority than other traffic. There has to be a mechanism for you to ensure that traffic used for
business purposes has a higher priority than traffic used to update someone's stock ticker
(unless, of course, the stock market is your business). The Frame Relay DE bit indicates frames
of priority lower than frames you identify as business-essential. The DE bit is located in the
of Contents
Address fieldTable
in the
Frame Relay header.
Index
CCNP
Studies:
WhenPractical
your DTE
setsRemote
the DEAccess
bit to 1, it indicates to the network that this is a frame of lower
priority
that
is
eligible
for
discard
that you
have negotiated this in your SLA). On
ByWesley Shuo, Dmitry Bokotey, Raymond(assuming
Morrow, Deviprasad
Konda
notification of congestion, the DCE begins discarding frames that have the DE bit set before
discarding those that do not. This simple management mechanism reduces the likelihood that
business-critical traffic will be dropped during periods of congestion.
ISBN:
1-58720-073-2
You can
create
DE lists that identify the characteristics of packets you want to be eligible for
discarding.
Pages: 528
You can also specify DE groups to identify the DLCI that is affected.
You can use the following command to define a DE list to specify the packets that can be
dropped when the Frame Relay switch is congested:
BCRAN exam.
exam concepts
R2(config)#frame-relay
de-listlist-number {protocolprotocol | interface
Review set-up
typenumber}
characteristic
BCRAN
exam
for workplace
challenges
implementing
remote
access network
You can
base
yourand
DE lists
on the protocol
or theininterface,
and on
characteristics
such as
applications.
Designed
as
a
topic-by-topic
guide
of
how
to
apply
remote
access
concepts
in a real
fragmentation of the packet, a specific TCP or User Datagram Protocol (UDP) port,
an access
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
control list (ACL) number, or a packet size.
essential
in preparing
candidates
for to
the
questions
that
the Cisco
You
can use
the following
command
define
a DE group specifying
the DE
listare
andonDLCI
affected:
preparation.
R2(config-if)#frame-relay de-groupgroup-number dlci
Frame Relay Error Checking

Frame Relay uses the CRC, used in many applications such as the file systems in today's popular
operating systems, to provide an error-checking mechanism. The CRC works by comparing two
calculated values to determine if any errors in the frames were encountered along the
transmission path from source to destination. Frame Relay uses the CRC to reduce network
overhead caused by error-checking mechanisms. By leaving the extensive error checking up to
Tableprotocols
of Contentsyou run, Frame Relay is not required to retransmit a packet. Instead,
the higher-layer
Index
the upper-layer protocols retransmit any required packets.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Traffic shaping with Frame Relay applies to both PVCs and SVCs. You can configure Frame Relay
traffic shaping by performing the following tasks:
Table of Contents
Enable Frame
Index Relay encapsulation on an interface (covered earlier in this chapter).
Define VCs for different types of traffic.
Enable Frame Relay traffic shaping on an interface.

Enable
LMI. 22, 2003
Pub
Date: December
ISBN: 1-58720-073-2
Specify a traffic-shaping map class for an interface.

Pages: 528
Define a map class with queuing and traffic-shaping parameters.

Define an ACL.
Define priority
queue of
lists
for the
map Access
class. topics with lab scenarios for the new 642-821
Gain hands-on
experience
CCNP
Remote
BCRAN exam.
Define custom queue lists for the map class.
The following
traffic-shaping
features
are available
when
you
use Cisco
IOS Release
11.2 or of
Prepare for
the CCNP 642-821
BCRAN
exam and
gain
a better,
practical
understanding
above:
exam concepts
Rate
enforcement
on a per-VC basis The peak rate for your outbound traffic. This
you through
value can be set to match CIR or any other value.
Dynamic traffic throttling on a per-VC basis When BECN packets indicate congestion
on
the yourself
network,for
thethe
outbound
traffic rate is automatically
down;
when congestion
Ready
questions on stepped
the CCNP
exams
eases, the outbound traffic rate is increased.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Enhanced
support on
a per-VCinbasis
Either custom
or priority
821 BCRAN
examqueuing
and for workplace
challenges
implementing
remotequeuing
access network
queuing
can
be
configured
for
individual
VCs.
the newof
simulation-based
Defining
VCs for candidates
DifferentforTypes
Traffic
You can perform virtual TDM on the same line by defining separate VCs for different types of
traffic and specifying queuing and an outbound traffic rate for each VC. In this manner, you can
provide guaranteed bandwidth for each traffic type that crosses the line. This enhances your
ability to throttle outbound traffic from a high-speed LAN line in your central office to a loweroffice-based lab, a remote-accessible lab, some networking simulation software programs, or
speed WAN line going to your remote locations, easing congestion and data loss in your network.
Enhanced queuing mechanisms can also prevent congestion-caused data loss.
preparation.
Enabling Frame Relay Traffic Shaping on the Interface

By enabling Frame Relay traffic shaping on an interface, you enable both traffic shaping and perVC queuing on all PVCs and SVCs defined on the interface. Remember that traffic shaping lets
your FRAD control the circuit's output rate and, if configured, react to congestion notification
information.
You can use the following command to enable Frame Relay traffic shaping on a specified
interface:
Table of Contents
Index

traffic-shaping
ISBN: 1-58720-073-2
Pages: 528
Specifying a Traffic-Shaping Map Class for the Interface

When you specify a Frame Relay map class for a main interface, all the VCs you define on its
Gain hands-onalso
experience
of CCNP
Remote Access
topicsdefined
with labfor
scenarios
for the new 642-821
subinterfaces
inherit the
traffic-shaping
parameters
the class.
BCRAN exam.
You can use the following command to specify a map class for a specified interface:
exam concepts
R2(config-if)#frame-relay classmap-class-name
You
can override
the default
for understanding
a specific DLCIof
onhow
a specific
byworks.
using It
theisclass
questions
by providing
a better
remotesubinterface
access really
also VC
command
to
explicitly
assign
the
DLCI
to
a
different
class.
Defining a Map Class with Queuing and Traffic-Shaping Parameters
You can specify the average and peak rates, in bits per second, that you want to allow on a VC
by defining and associating it with a map class. You can also specify a custom queue list or a
priority queue group for use by the VC associated with the map class. You can use the following
commands
to define
a map
class:
All of the topics
on the
new 642-821
preparation.
This command specifies a map class:
R2(config)#map-class frame-relaymap-class-name
Table of Contents
Index
This command
defines the traffic rate:

ISBN: 1-58720-073-2
Pages: 528
R2(config-map-class)#frame-relay traffic-rateaverage [peak]
BCRAN exam.
This command specifies a custom queue list:
exam concepts
R2(config-map-class)#frame-relay custom-queue-listlist-number
This
command
specifiesaabetter
priority
queue list: of how remote access really works. It is also
questions
by providing
understanding
All
of the topics on the new 642-821 BCRAN
exam are covered,
R2(config-map-class)#frame-relay
priority-group
list-number
preparation.
To select BECN or ForeSight as a congestion backward-notification mechanism to which traffic

shaping adapts, use this command:
Table of Contents
adaptive-shaping {becn | foresight}
Index
Defining
Pub Date: December
ACLs22, 2003
ISBN: 1-58720-073-2
When Pages:
you use
528 custom queuing, you can specify an ACL to identify the traffic it will use. You
associate the lists through the list numbers. For more information on defining ACLs, refer to the
Traffic Filtering and Firewalls configuration guide for the IOS version you are using.
Defining
Priority
QueueofLists
the Map
Class
Gain hands-on
experience
CCNPfor
Remote
Access
BCRAN exam.
You have the option of defining a priority list for a protocol and also a default priority list. You
use the number you specified for a specific priority list to associate it to the Frame Relay priority
CCNP 642-821
groupPrepare
definedfor
forthe
a specified
map class.
exam concepts
For example, when you enter the frame-relay priority-group 2 command for the map class
Experience
how
remote
access
concepts work
in a real
network
with
practice labs
walk
fast_vcs,
and then
you
enter the
priority-list
2 protocol
decnet
high
command,
thatthat
priority
you
through
their
implementation
list is used for the fast_vcs map class. The average and peak traffic rates you defined for the
fast_vcs map class are used for DECnet traffic.
Defining Custom Queue Lists for the Map Class
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 have
BCRAN
and
workplace
challenges
implementing
remote queue
accesslist.
network
You
theexam
option
of for
defining
a queue
list for ainprotocol
and a default
You also have
applications.
a maximum
topic-by-topic
guide
how to
to be
apply
remote access
in aYou
real
the
option of Designed
specifyingas
the
number
ofof
bytes
transmitted
in any concepts
given cycle.
network
setting,you
thisspecified
book is useful
in preparing
CCNP
candidateitfor
exam custom
use
the number
for a specific
queuea list
to associate
to the
the general
Frame Relay
questions
providing
queue
list by
defined
for a aspecified
map class.
certification
Finally,
it the
serves
anyone
wanting
a guide to real-world
application
these
For
example,exams.
when you
enter
frame
relay
custom-queue-list
1 command
for theof
map
concepts,
regardless
of certification
interest.
class
slow_vcs
and then
you enter the
queue-list 1 protocol ip list 100 command, that queue
list is used for the slow_vcs map class. The access-list 100 definition is also used for that map
Each
includes
a reviewand
of the
applicable
technology,
and for
guides
the reader
through
class chapter
and queue.
The average
peak
traffic rates
you defined
the slow_vcs
map
class are
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
used for IP traffic that meets the access-list 100 criteria.
preparation.

Now that your Frame Relay is configured, there might come a time when you need to ensure
that it is working correctly. Fortunately, Cisco provides many different ways to verify
configurations. Two easy ways to accomplish this through a CLI are the show and debug suite
of Contents
of commandsTable
available
in Cisco IOS.
Index
CCNP
Practical
Studies:
Remote
Becoming
familiar
with
the Access
show and debug commands available for Frame Relay allows you to
quickly
troubleshoot
and
correct
most
problems
without
Morrow
, Deviprasad
Kondabecoming overloaded with a lot of
excess information. In this chapter, only commands that relate to the information already
covered are explored. For a complete list of available show and debug commands, refer to the
IOS WAN Configuration Guide for the IOS version you will be using.
ISBN: 1-58720-073-2
Pages: 528
show
frame-relay lmi Command
Because all traffic crossing a Frame Relay circuit rides over the LMI configured for that circuit,
theshow frame-relay lmi command can provide you with valuable information. The output of
this command contains a lot of information. When you start to troubleshoot a connectivity
problem or verify that the circuit is operational, two fields, Num Status Enq. Sent and Num
BCRAN exam.
Update Status Rcvd, give you an idea of the circuit's health. Example 9-1 shows the output of
this command as issued on the R4 router.
exam concepts
Example 9-1. Output of the show frame-relay lmi Command
Review
set-up guides
R4#show
frame-relay
lmithat show you how to prepare a lab for study
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0
Invalid Prot Disc 0
Invalid dummy Call Ref 0
Invalid Msg Type 0
Invalid Status Message 0
Invalid Lock Shift 0
Invalid
ID 0 of the applicable Invalid
Report
IE Lenthe0 reader through
Each
chapterInformation
includes a review
technology,
and guides
Invalid Report
Request 0
Keep
IE Lensoftware
0
office-based
lab, some Invalid
networking
simulation
programs, or
Num Status Enq. Sent 296
Num Status msgs Rcvd 293
Num Update Status Rcvd 0
Num Status Timeouts 0
preparation.
Looking at Example 9-1, you can see that the circuit is sending and receiving Status messages
without any timeouts, which are vital to the operation of Frame Relay. This output also supplies
the LMI type that the circuit is using for operationin this case, ANSI. If you were experiencing
a problem with the configured LMI type, you would see output similar to Example 9-2.
Example 9-2. Mismatched LMI
Table of Contents
R4#show
frame-relay
lmi
Index
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI
Pub Date: December
22, 2003
Invalid
Unnumbered
info 0
Invalid Prot Disc 0
ISBN: 1-58720-073-2
Invalid
dummy Call Ref 0
Pages: 528
Invalid Msg Type 0
Invalid Status Message 0
Invalid Lock Shift 0
Invalid Information ID 0
Invalid Report IE Len 0
Invalid Report Request 0
Invalid Keep IE Len 0
BCRAN exam.
Num Status Enq. Sent 96
Num Status msgs Rcvd 3
Numexam
Update
Status Rcvd 0
Num Status Timeouts 93
concepts
Review
set-up
that show
you how
prepare aindicating
lab for study
As you
can see,
yourguides
Num Status
Timeouts
areto
increasing,
a misconfigured circuit.
show
frame-relay
pvc Command
CCNP Practical
Studies: Remote
applications.
Designed
as that
a topic-by-topic
guide of
how
to apply
remoteyou
access
in you
a real
After
you have
confirmed
your LMI matches
the
service
provider's,
can concepts
verify that
network
this book
is useful in
preparing
a CCNP
candidate
for[dlci
the |general
exam
have
thesetting,
proper PVC(s)
configured.
Use
the show
frame-relay
pvc
interface]
command
questions
providingabout
a better
how remote
access
really works.
It is also
to
display by
information
theunderstanding
DLCIs that theofrouter
is aware
of. Example
9-3 shows
output
essential
from
this in
command.
Example 9-3. Output of the show frame-relay pvc Command
R4#show frame-relay pvc
preparation.
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active
Inactive
Deleted
Static
Local
Switched
Unused
Table of Contents
DLCI = 110,Index
DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0.1
input
pkts
Publisher:
Cisco 78
Press
output pkts 78
in bytes 21770
dropped pkts 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bytes 22404
ISBN: 1-58720-073-2
Pages: 528
out bcast pkts 63

out bcast bytes 20844
BCRAN
exam. time 01:00:23, last time pvc status changed 00:59:45
pvc create
concepts
DLCI exam
= 120,
DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0.2
input pkts 10
output pkts 20
in bytes 1040
outReady
bytes
2080 for the new dropped
pkts 0 questions onin
0
yourself
simulation-based
theFECN
CCNPpkts
exams
in BECN
pkts
0
out FECN
pkts
0
out BECN
pkts
CCNP
Practical
Studies:
Remote Access
(CCNP
Self-Study)
prepares
readers
for 0the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
in DE pkts
0
out DE pkts
0 of how to apply remote access concepts in a real
applications.
Designed
as a topic-by-topic
guide
out bcast
pkts 0 a better understanding
out bcast bytes
0 remote access really works. It is also
questions
by providing
of how
pvc create
timeFinally,
01:00:17,
last
time wanting
pvc status
changed
00:59:47
certification
exams.
it serves
anyone
a guide
to real-world
DLCI
= 130, DLCI
USAGE
= LOCAL,
STATUS = process
ACTIVE,
= on
Serial0.2
implementation
of the
technology.
ThisPVC
step-by-step
canINTERFACE
be executed
a home- or
Allinput
of the pkts
topics 15
on the new 642-821
BCRAN
exam
providing
comprehensive exam
output
pkts
16 are covered,in
bytes 1560
preparation.
out bytes 1620
dropped pkts 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
in DE pkts 0
out DE pkts 0
out BECN pkts 0
out bcast pkts 0
out bcast bytes 0
pvc create time 01:00:19, last time pvc status changed 00:59:49
Table of Contents
Index
NOTE

Notice that the output of the show frame-relay pvc command displays information
about all the PVCs the router knows about. If you want more-specific information about
Publisher:
Cisco
Press
a specific
interface
or DLCI, you can supply the proper keyword with the command and
Pub
Date:
December
22, information.
2003
receive only that
ISBN: 1-58720-073-2
Pages: 528
If you analyze the output of the show frame-relay pvc command in Example 9-3, you will
notice that all the configured PVCs are in an active state. PVCs are in one of three states at any
given time:
BCRAN
exam. Your PVC is active and can pass traffic.
ACTIVE
INACTIVE Your local connection to Frame Relay is operational, but the remote router's
Prepare
for is
the
CCNP
connection
not
operational.
exam concepts
DELETED You are not receiving LMIs, or the physical layer is encountering a problem.
through
their in
implementation
Otheryou
areas
of interest
this output include the pvc create time, which tells you when the PVC
was created, and the last time pvc status changed time, which tells you the last time the PVC
set-up guides
show
youcan
how
to prepare
a lab for
study
state Review
time changed.
Both ofthat
these
items
provide
invaluable
troubleshooting
information.
yourself
questions
oncommand
the CCNPto
exams
If youReady
are looking
forfor
information
about congestion,
this is the
use, because it
shows the counters related to FECN and BECN packets the router has processed.
debug
frame-relay
Command
network setting,
this booklmi
is useful
essential
new
simulation-based
questions
that are of
onnumerous
the Cisco
Like
mostintechnologies
supported for
by the
Cisco
IOS,
Frame Relay supports
debugging
serves command
anyone wanting
a guide
to real-world
application
of these
configuration
items. Finally,
The oneitdebug
this chapter
examines,
debug
frame-relay
lmi,
concepts,
certification
is
a useful regardless
command of
when
you startinterest.
troubleshooting (see Example 9-4). If you require the use of
other debugging commands for Frame Relay, refer to the IOS WAN Configuration Guide for your
Each
IOS version.
Example 9-4. Output of the debug frame-relay lmi Command
preparation.
R4#debug frame-relay lmi
Frame Relay LMI debugging is on
Displaying all Frame Relay LMI data
R4#
01:51:51: Serial0(out): StEnq, myseq 31, yourseen 31, DTE up
01:51:51: datagramstart = 0xE30BD8, datagramsize = 14
01:51:51: FR encap = 0x00010308
Table of Contents
Index
01:51:51: 00 75 95 01 01 01 03 02 1F 1F

01:51:51:
01:51:51:
Serial0(in):
Status, myseq 31
Publisher: Cisco
Press
01:51:51:
RT IE 1, length 1, type 1
ISBN: 1-58720-073-2
Pages: 528
01:51:51: KA IE 3, length 2, yourseq 32, myseq 31

01:52:01: Serial0(out): StEnq, myseq 32, yourseen 32, DTE up
01:52:01: datagramstart = 0xE30BD8, datagramsize = 14
BCRAN exam.
01:52:01:
FR encap = 0x00010308
01:52:01: 00 75 95 01 01 01 03 02 20 20
exam concepts
01:52:01:
01:52:01: Serial0(in): Status, myseq 32
01:52:01:
IE 1,
length
type
ReviewRT
set-up
guides
that 1,
show
you1how to prepare a lab for study
01:52:01:
IE 3,
yourseq 33, myseq
32 on the CCNP exams
Ready KA
yourself
forlength
the new2,
simulation-based
questions
01:52:11:
Serial0(out):
StEnq,
myseq
33,
yourseenprepares
33, DTEreaders
up
CCNP Practical
Studies: Remote
Access
(CCNP
Self-Study)
01:52:11:
= 0xE30BD8, guide
datagramsize
= 14 remote access concepts in a real
applications.datagramstart
Designed as a topic-by-topic
of how to apply
01:52:11:
encap =a better
0x00010308
questions byFR
providing
01:52:11:
75 95
01 01it 01
03 anyone
02 21 21
certification 00
exams.
Finally,
serves
01:52:11:
implementation
01:52:11:
Serial0(in):
of the technology.
Status,
This
myseq
step-by-step
33
01:52:11:
RT IE 1, guide.
length 1, type 1
All of the topics
on 3,
the length
new 642-821
BCRAN 34,
exammyseq
are covered,
01:52:11:
KA IE
2, yourseq
33
preparation.
R4#
You can see from this output that this router is successfully exchanging LMIs with the service
provider's Frame Relay switch. You know this because the fields myseq and yourseq are
increasing. The router adds 1 to the received sequence number with each successive message
sent. If this field were not increasing, LMI exchanges would not be occurring. If three successive
LMI messages are sent without a reply, where only one field is increasing, the link is reset, and
the process restarts.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Scenarios
The Scenarios presented in this chapter help you gain a better understanding of modem
operation and configuration through practical application. You will go through the necessary
configuration tasks in their logical progression. The two Scenarios cover the following topics:
Table of Contents
Index
Enabling
FrameRemote
Relay Access
CCNP Practical
Studies:
Subinterface types
Publisher:
Cisco IP
Press
Assigning
addressing
and DLCI
Addressing
on multipoint subinterfaces
ISBN: 1-58720-073-2
Pages: 528
Inverse ARP
Configuring multipoint subinterfaces
Configuring traffic shaping on a PVC
Configuring
guaranteed rates on an interface
BCRAN
exam.
Before configuring Frame Relay, you need to perform an initial configuration of your routers. You
perform
your for
initial
onBCRAN
router R1.
You
need
toacomplete
this section
on the
Prepare
theconfiguration
CCNP 642-821
exam
and
gain
better, practical
understanding
of
remaining
in this chapter when you use them. Your initial configuration can be done from
examrouters
concepts
a terminal attached to its console port (line 0). You begin by entering global configuration mode.
You then
Experience
configure
how
the
remote
router access
name using
concepts
the work
hostname
in a real
command.
network It
with
is also
practice
useful
labs
to that
disable
walk
the IPyou
domain
through
name
their
system
implementation
with the no ip domain-lookup command. This keeps the system
from trying to translate domain names that have typing errors.
You can use the enable secret command to enable a password for entering privileged EXEC
Ready
for the
simulation-based
questions
on the
exams
mode.
Here yourself
the password
is new
cisco.
This secret password
provides
anCCNP
additional
layer of security
on the router. Passwords are case-sensitive strings that can be up to 80 characters long. They
CCNP Practical
Studies:
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642cannot
begin with
a number.
applications.
Designed
asconsole
a topic-by-topic
guide line
of how
to apply
in a real
To
begin configuring
the
line, you enter
console
0. remote
You are access
now inconcepts
line
network setting,
this You
book
is useful
preparing a CCNP
candidate
for thethe
general
exam
configuration
mode.
use
the noinexec-timeout
command
to prevent
console
from
a better
understanding
of how remote
accesstimeout
really works.
It is alsoThe
automatically
disconnecting
after
a period of inactivity.
The default
is 10 minutes.
essential
in preparing
for the new
questions
initial
configuration
of candidates
R1 is now complete,
assimulation-based
shown in Example
9-5.
implementation
NOTE
even Don't
as a stand-alone
forget to reset
guide.
the exec-timeout after the configuration is completed. Leaving it
open is a potential security risk.
preparation.
Example 9-5. Initial Configuration of R1
Router#configure terminal
R1(config)#no ip domain-lookup
R1(config)#enable secret cisco
Table of Contents
Index
R1(config-line)#no exec-timeout

ISBN: 1-58720-073-2
Scenario
9-1: Enabling Frame Relay
Pages: 528
Enabling Frame Relay is the logical place for you to start your configurations. In this Scenario,
you will enable Frame Relay on the necessary serial interfaces of Routers R1 and R3. You will
configure the interface for Router R4 in Scenario 9-2. Figure 9-5 illustrates the Frame Relay cloud
that you will be configuring in this Scenario. R4 is the hub router, and R1 and R3 are spoke
Gain
routers.
BCRAN exam.
Figure 9-5. Frame Relay Cloud Topology
exam concepts
implementation
of theFrame
technology.
step-by-step
process
Step 1. Enable
Relay This
encapsulation
on the
interface:
preparation.
R1(config)#interface type number
R1(config-if)#encapsulation frame-relay [ietf]
Example 9-6 shows the commands necessary to complete this Scenario.
Table of Contents
Index Enabling Frame Relay for R1 and R3

Example
9-6.
Configuration
items for R1:
interface serial 0
ISBN: 1-58720-073-2
Pages: 528
encapsulation
frame-relay
Configuration items for R3:

interface
serial 0
BCRAN exam.
encapsulation frame-relay
exam concepts
Scenario 9-2: Subinterface Types
You have two choices of subinterface types: point-to-point and multipoint, neither of which is the
default. Follow these steps to configure a subinterface for use on a Frame Relay network:
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Step 1. Create the subinterface:
typenumber.subinterface-number
{multipoint
| programs, or
lab, some networking simulation
software
point-to-point}
preparation.
Step 2. Enable the Frame Relay encapsulation:
R4(config-if)#encapsulation frame-relay [ietf]
Table of Contents
Index
In this Scenario, you will enable Frame Relay on R4's serial 0 interface. You will configure two
By
Wesley Shuo, Dmitry
, Deviprasad
Konda 0.2 for R1. Example 9-7 shows the
point-to-point
subinterfacesserial
0.1 for
R3 and serial
required steps to complete this Scenario.
Example
9-7. Creating Subinterfaces for R4
ISBN: 1-58720-073-2
Pages: 528

interface serial 0.1 point-to-point
BCRAN exam.
!
exam concepts
encapsulation
you throughframe-relay
Scenario
9-3:
Assigning
IP Addressing
and DLCIs
CCNP Practical
Studies:
Remote Access
(CCNP Self-Study)
applications.
Designed
as a topic-by-topic
guide
of how to apply
access concepts
infinish
a real
After
configuring
this Scenario,
you will have
a functioning
Frameremote
Relay topology.
You will
network
setting, this
is useful
in preparing
a CCNP
candidateand
for DLCIs.
the general
exam
your
configuration
of book
the three
routers
by assigning
IP addresses
Use the
IP
questions by
providing
a better
understanding
of how
reallyconfigurations
works. It is also
addresses
and
DLCIs shown
in Figure
9-5.Example
9-8remote
shows access
the needed
to
essential in
preparing
complete
this
task.
Example
9-8. Assigning IP Addresses and DLCIs
interface
preparation.serial 0
ip address 133.100.41.2 255.255.255.252
frame-relay interface-dlci 104
interface serial 0
ip address 133.100.43.2 255.255.255.252
Table of Contents
Index

By
Wesley Shuoserial
, Dmitry Bokotey
interface
0.1 point-to-point
ip Publisher:
addressCisco
133.100.41.1
255.255.255.252
Press
frame-relay
interface-dlci 401
ISBN: 1-58720-073-2
!
Pages: 528

ip address 133.100.43.1 255.255.255.252
BCRAN
exam. interface-dlci 403
frame-relay
exam concepts
Experience
remote accesson
concepts
work in Subinterfaces
Scenario
9-4:how
Addressing
Multipoint
WhenReview
you useset-up
a multipoint
subinterface,
a few choices
of study
how you can address the
guides that
show youyou
howhave
to prepare
a lab for
subinterface. You can use Inverse ARP to dynamically map the IP-to-DLCI, or you can statically
defineReady
the IP-to-DLCI
mapping,
off the Inverse
ARP feature.
Be aware
that not all
yourself for
the new turning
simulation-based
questions
on the CCNP
exams
protocols support dynamic address mapping and must use static address mapping.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642You
create
an and
IP-to-DLCI
mapping
using theinfollowing
command:
821 can
BCRAN
exam
for workplace
challenges
implementing
map [ip
Apollo
| appletalk
| bridge
| clns
| decnet
|
lab,|some
networking
simulation
software
programs,
or
dlsw | ip | ipx | llc2 | qllc | rsrb | stun | vines | xns] {a.b.c.d}
preparation.
{dlci-number} [active | broadcast | cisco | ietf | nocompress |
payload-compression | tcp]
Remember that Frame Relay by default does not forward a Layer 3 broadcast. Several routing
protocols that you can use with Frame Relay do not operate correctly unless you use the
broadcast keyword when you create your map.
Figure 9-6 illustrates the topology you will use for this Scenario.
Table of Contents
Index
Figure 9-6. frame-relay map Topology


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
In this
Scenario, how
you configure
R4 with
a multipoint
thiswith
case,
the physical
serial
0
Experience
remote access
concepts
work ininterfacein
a real network
practice
labs that
walk
interface.
You
will
create
IP-to-DLCI
mappings
for
R1
and
R3
to
communicate.
Example
9-9
illustrates the configuration needed to accomplish this task.
Ready yourself
Example
9-9. Multipoint
Interface Example
applications.
Designed
a topic-by-topic
Configuration
items as
for
R1:
questions
providing
interfacebyserial
0 a better understanding of how remote access really works. It is also
certification
Finally, it255.255.255.240
ip address exams.
133.100.41.2
frame-relay map ip 133.100.41.3 104 broadcast
preparation.
interface serial 0
ip address 133.100.41.3 255.255.255.240
Table of Contents
Index
Configuration
items for R4:
ByWesley Shuoserial
, Dmitry Bokotey
interface
0
ip Publisher:
addressCisco
133.100.41.1
255.255.255.240
Press
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 9-1: Unnumbered Frame Relay

In this Practical Exercise, you will configure IP unnumbered over subinterfaces at both ends of a
point-to-point connection. You will use the IP addresses of the loopback interfaces for each end
of the Frame Relay. Figure 9-7 illustrates the topology you will work with in this Practical
Table of Contents
Exercise.
Index

Figure 9-7. IP Unnumbered Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Follow these steps to configure your Frame Relay topology:
Step 1. Create your loopback interface. You can choose to create a loopback interface with
Tableany
of Contents
just about
number you want to use. In this Practical Exercise, you will use 0. Address
Index interface as shown in Figure 9-7.
the loopback


ISBN: 1-58720-073-2
Pages: 528

R1(config)#interface loopback 0
R1(config-if)#ip
address 133.254.1.1 255.255.255.0
BCRAN exam.
Configuration
items for R4:
exam concepts
access 0concepts work in a real network with practice labs that walk
loopback
Step 2. You can enable Frame Relay on your serial interfaces. Although it is not necessary
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642to enter the ip address command, it is shown here for completeness:
R1(config)#interface serial 0
R1(config-if)#no
ip address
preparation.
R1(config-if)#encapsulation frame-relay IETF
R4(config-if)#no ip address
R4(config-if)#encapsulation frame-relay IETF
Table of Contents
Index
Step 3. Create your subinterfaces, and turn them into unnumbered interfaces. You also
need to assign the appropriate DLCIs to your subinterfaces:

ISBN: 1-58720-073-2
Pages: 528

Gain hands-on experienceserial
of CCNP
Remote
0.2
point-to-point
BCRAN exam.
R1(config-if)#ip unnumbered loopback0
BCRAN exam20
interface-dlci
exam concepts
R4(config)#interface serial 0.2 point-to-point
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R4(config-if)#frame-relay
interface-dlci
challenges in30
preparation.
Practical Exercise 9-2: Configuring Multipoint

Subinterfaces
In this Practical Exercise, you will configure a multipoint subinterface on R4 with point-to-point
of Contents
subinterfacesTable
on R1
and R3. You will configure the necessary static mapping to allow IP
Index the circuits. Figure 9-8 illustrates your next topology, similar to the topology
connectivity across
CCNP
Practical
Studies:
Accessis that here you use a multipoint interface to complete the
you used
earlier.
TheRemote
difference
configuration.
Figure 9-8. Multipoint Interface Topology
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Follow these steps to configure your multipoint subinterface Frame Relay topology:
Step 1. Enable Frame Relay on your serial interfaces:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Configuration
items for R1:
R1(config-if)#encapsulation frame-relay
BCRAN exam.
serial 0
exam concepts
frame-relay
Step 2. Create your subinterfaces, and place the appropriate IP addresses on them:
preparation.

Table of Contents
Index
R4(config)#interface serial 0.1 multipoint

R4(config-if)#ip
address
133.100.41.1 255.255.255.240
2003
ISBN: 1-58720-073-2
Pages: 528
Step 3. Configure the DLCI for R4:
BCRAN exam.
exam concepts
R4(config)#interface serial 0.1 multipoint
R4(config-if)#frame-relay interface-dlci 401
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Step 4.
Create
mappings in
forimplementing
R1 and R3: remote access network
821 BCRAN
exam
andthe
for appropriate
workplace challenges
office-based lab, items
Configuration
a remote-accessible
for R1:
preparation.
map ip 133.100.41.3 104 broadcast
R1(config-if)#frame-relay map ip 133.100.41.1 104 broadcast

Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 9-3: Configuring Traffic Shaping on a

PVC
In this Practical Exercise, you will configure traffic shaping for a PVC that will carry voice over
of Contents
Frame Relay Table
traffic.
You will use the Cisco-proprietary fragmentation on the class associated
with the PVC.Index

You will use 100 for the fragmentation value, 64 Kb for CIR, and 25 Kb for voice.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Step 1. Create your map class called vofr-class with the specified settings:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Configuration
items for R2:
R2(config)#map-class frame-relay vofr-class

R2(config-map-class)#frame-relay fragment 100
fair-queue
BCRAN exam.
R2(config-map-class)#frame-relay cir 64000
voice bandwidth 25000
exam concepts
Step 2. Enable Frame Relay on the serial interface:
Step
3. Enable
Relay traffic
shaping,
assign the
map class
to the serial exam
All of the
topics
on theFrame
new 642-821
BCRAN
exam and
are covered,
providing
comprehensive
interface:
preparation.

R2(config-if)#frame-relay traffic-shaping
Table of Contents
Index
R2(config-if)#frame-relay interface-dlci 108

By
Wesley Shuo, Dmitry Bokotey, Raymond
Morrow
, Deviprasad Konda
class
vofr-class
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 9-4: Configuring Guaranteed Rates

on an Interface
In this Practical Exercise, you will configure a hub with a physical rate of 192 Kbps and a
Tableof
of32
Contents
guaranteed rate
Kbps and a remote site with a physical rate of 64 Kbps and a guaranteed
IndexYou will configure traffic shaping so that each end has an average transmit rate
rate of 32 Kbps.
CCNP
Remote
of 64Practical
Kbps. IfStudies:
needed,
yourAccess
hub site can burst above this. In case of congestion, it can drop to a
minimum
of
32
Kbps.
Traffic
shaping
will ,be
configured
to adapt to BECN congestion notification.
Morrow
Deviprasad
Konda
Figure 9-9 illustrates your next topology.
ISBN: 1-58720-073-2
Figure 9-9. Frame Relay Traffic-Shaping Topology
Pages: 528
BCRAN exam.
exam concepts
preparation.

Step 1. Create your map class with the specified rates:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Configuration
items for R1:
R1(config)#map-class frame-relay cisco

mincir 32000
BCRAN exam.
R1(config-map-class)#frame-relay adaptive-shaping becn
bc 8000
exam concepts
Experience how remote access concepts
be 16000
R4(config)#map-class frame-relay cisco
R4(config-map-class)#frame-relay mincir 32000
R4(config-map-class)#frame-relay adaptive-shaping becn
R4(config-map-class)#frame-relay bc 8000
Step
2. Enable Frame
even as
a stand-alone
guide.Relay encapsulation and traffic shaping on your serial interfaces:
preparation.

R1(config)#interface Serial0
Table of Contents
Index
frame-relay
ISBN: 1-58720-073-2
Pages: 528
Step 3. Create your subinterfaces, and apply the appropriate IP addresses and DLCIs:
BCRAN exam.
exam concepts
R1(config)#interface Serial0.1 point-to-point
R1(config-subif)#frame-relay interface-dlci 16
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-subif)#frame-relay
class
ciscoin implementing remote access network
challenges
Configuration
itemscandidates
for R4: for the new simulation-based questions that are on the Cisco
Serial0.1interest.
point-to-point
Each
chapter includes a review of the
R4(config-subif)#frame-relay
interface-dlci
16
office-based
lab, cisco
class
preparation.
Step 4. Apply your map class to the appropriate subinterfaces:
R1(config-subif)#interface Serial0.1 point-to-point

R1(config-subif)#frame-relay class cisco
Table of Contents
Index
Configuration
items
forAccess
R4:
Remote
R4(config-subif)#interface Serial0.1 point-to-point

class cisco
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 9-5: Configuring Frame Relay

Switching
Frame Relay switching is the process of switching packets based on their assigned DLCI values.
of Contents
You have theTable
option
of configuring your FRAD to perform switching in a Frame Relay network.
Index
There are two
parts you need to be concerned with in a Frame Relay network:
Frame Relay DTE (the router or access server)
Publisher:
Press
FrameCisco
Relay
DCE
switch
This step
is 1-58720-073-2
required before you can configure Frame Relay switching on a Frame Relay DTE or
ISBN:
DCE, or
with
NNI support. You can use the following command to enable packet switching:
Pages: 528
BCRAN exam.
Frame_Switch(config)#frame-relay switching
exam concepts
You can
configure
interface
a DTE
or prepare
a DCE switch,
or study
as a switch connected to a
Review
set-upanguides
thatas
show
youdevice
how to
a lab for
switch, to support NNI connections. You can use the following command to accomplish this task:
Frame_Switch(config-if)#frame-relay
concepts, regardless of certification interest.intf-type [dce | dte | nni]
even
as aswitching
stand-alone
guide. you must specify a static route:
For PVC
to operate,
preparation.
Frame_Switch(config-if)#frame-relay routein-dlci interfaceout-interface-type

out-interface-number out-dlci
Table of Contents
Index
NOTE

You cannot configure static routes over a tunnel interface on the Cisco 800 series, 1600
series, and 1700 series platforms. You can configure static routes only over tunnel
interfaces on platforms that have the Enterprise feature set.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

In this Practical Exercise, you will configure R10 to switch DLCIs 100, 110, 120, and 130
between three interfaces. Follow these steps:
Table
of Contents
Step 1.
Enable
Frame Relay switching on your router:
Index


ISBN: 1-58720-073-2
Pages: 528
R10(config)#frame-relay switching
Step 2. Enable
Frame
each of
your topics
interfaces:
Gain hands-on
experience
of Relay
CCNP on
Remote
Access
BCRAN exam.
exam concepts
Review set-up guidesSerial0
frame-relay questions on the CCNP exams
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R10(config)#exit
R10(config-if)#exit
Step 3. Specify the interfaces' clock rate:
preparation.
R10(config-if)#clockrate 2000000
R10(config-if)#exit
Table of Contents
Index
By
R10(config-if)#clockrate
2000000
R10(config-if)#exit
Serial2
ISBN: 1-58720-073-2
Pages: 528
R10(config-if)#clockrate 2000000
Step 4. Specify the role the interface will play in the Frame Relay networkin this case,
Gain hands-on
the DCE: experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
R10(config-if)#frame-relay intf-type dce
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R10(config-if)#exit
network setting, this book Serial1
essential in preparing candidatesintf-type
for the newdce
R10(config-if)#exit
Each
Serial2
office-based
lab, some
intf-type
dcenetworking simulation software programs, or
preparation.
Step 5. Configure the mapping for the Frame Relay switching:
R10(config-if)#frame-relay route 130 interface Serial1 110
R10(config)#exit
Table of Contents
Index
CCNP Practical Studies: RemoteSerial1
Access

route 110 interface Serial0 130
ISBN: 1-58720-073-2
R10(config-if)#exit
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
This chapter looked at the Frame Relay technology as supported by Cisco devices. Cisco IOS
supports the Frame Relay standard as defined by both ANSI and the ITU-T. The chapter started
by reviewing the configuration items needed to support a sample network. The theory behind the
Table
of Contentsand a configuration of the items was reviewed. The chapter then
commands was
examined,
Index
looked at the many different commands you can use to troubleshoot and maintain your Frame
CCNP
RelayPractical
network.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
Frame Relay is what kind of technology?
Table of Contents
Index
A. Packet-switched
B. Frame-switched
C. Time-switched
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. DVC-switched
Pages: 528
2:
Name and briefly describe the two kinds of packet-switching techniques discussed
in this chapter.
3: Describe the difference between SVCs and PVCs.

BCRAN 4:
exam.
What is a data-link connection identifier (DLCI)?
5: Describe how LMI Frame Relay differs from basic Frame Relay.
exam
6: concepts
True or false: IP unnumbered can be used with Frame Relay.
Experience
how remote
concepts
in adevices
real network
with practice
7: Can Cisco
routersaccess
connect
to otherwork
vendor
over Frame
Relay? labs that walk
8: Is Frame Relay inverse-arp on by default?
9: Is
specialfor
configuration
required to runquestions
OSPF overonFrame
Relay?
Ready
yourself
the CCNP
exams
Is TCP
header
compression
for use with
priorityreaders
queuing?
CCNP 10:
Practical
Studies:
Remote
Access available
(CCNP Self-Study)
prepares
preparation.
Chapter 10. Enabling a Backup to the

Permanent Connection
of Contents
This
chapter Table
covers
Index
Backup Overview
Triggering Dial Backup

Redundancy
is a crucial
requirement in today's networks. It is especially important in WANs,
Pub Date: December
22, 2003
where ISBN:
leased
lines provide permanent connections. In these situations, backup interfaces can be
1-58720-073-2
configured
to provide valuable redundancy to permanent connections.
Pages: 528
BCRAN exam.
exam concepts
preparation.
Backup Overview
As you can see from Figure 10-1, a backup interface can be either a physical interface, such as
an ISDN BRI interface, or an interface assigned to a dialer pool. When a backup interface is
specified, it remains in standby mode until activated. When the interface is in standby mode, it
Contents
remains idle,Table
and of
the
backup route between the routers does not appear in the routing table.
Index

Figure 10-1. Backup Interfaces

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
As soon
a backup
interface
is configured, the router monitors the following on the primary
youas
through
their
implementation
link:
Carrier
detect signal
Ready yourself
CCNPKeepalives
If
the router misses
either
carrier detect guide
signal of
orhow
a keepalive,
primary
linkconcepts
is assumed
applications.
Designed
as aa topic-by-topic
to apply the
remote
access
in a to
real
be
down,
and
the
route
is
withdrawn
from
the
routing
table.
When
this
happens,
the
backup
interface
activated,
the backup
route appears
the routing
table.
questionsisby
providingand
a better
understanding
of howinremote
access
Routers
can exams.
also be Finally,
configured
to bring
up a backup
when
the loadapplication
on the primary
certification
it serves
anyone
wantinginterface
a guide to
real-world
of these
interface
meets
or
exceeds
a
certain
limit.
This
limit
can
be
configured.
Backup
interfaces
can a
bereview
activated
when
certain technology,
events occur.
Backup
interfaces
canthrough
include
Each chapter
includes
of the
applicable
and
guides
the reader
Serial interfaces
ISDN interfaces
preparation.
Asynchronous interfaces
Dialer pools
Triggering Dial Backup

Dial backup can be triggered in two main ways:
FailureTable
of the
of Contents
primary link In this scenario, shown in Figure 10-2, the primary serial or
Frame Relay
Index link has failed. The backup ISDN interface can be configured to come up and
provideStudies:
redundancy.
soon as the ISDN link is up, traffic flows across the backup link.
CCNP Practical
RemoteAs
Access
Figure 10-2. Dial Backup When the Primary Link Fails

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Traffic on the primary link reaches or exceeds a threshold In this scenario, shown
in
Figureset-up
10-3, guides
the loadthat
on show
the primary
link
monitored,
5-minute moving average
Review
you how
toisprepare
a laband
for a
study
is computed. As soon as this average exceeds a threshold, the backup link is activated.
and for10-3.
workplace
challenges
implementing
remote
access network
Figure
Dial
Backupinto
Support the
Primary
Link
preparation.
Using Physical Interfaces for Backup
As mentioned, when a backup interface is configured, it is placed in standby mode until it is

activated. When in standby mode, it cannot be used. If the need arises for this interface to
connect to another site, this is not possible.
InFigure 10-4, R1 has a primary link to R2 via its serial interface, S0. R1 also has an ISDN
interface BRI0 configured as a backup interface. In this situation, BRI0 is placed in standby
mode and is idle. If the network administrator wants to use the BRI0 interface to connect to R3,
because
the Table
BRI0 of
interface
Contents is in standby mode, it is not possible. This is a limitation of using a

physical
interface
for
backup. The workaround is to use dialer profiles, as described in the
Index
following
section.
Figure 10-4. Using a Physical Interface for Backup

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
questions
by providing
a better
Using Dialer
Profiles
forunderstanding
Backup of how remote access really works. It is also
One
way of
overcoming
the shortcoming
just discussed is to use dialer profiles. Using dialer
concepts,
regardless
of certification
interest.
profiles, the ISDN BRI interface can be used to back up the primary serial interface. It can also
be used
to simultaneously
connect
to R3
via DDR.
Each
chapter
includes a review
of the
applicable
You
can configure
dialer profile tolab,
act some
as thenetworking
backup interface.
It issoftware
then placed
in standby
office-based
lab, aone
remote-accessible
simulation
programs,
or
mode,
as
just
described.
You
can
then
configure
another
dialer
profile
for
Legacy
DDR
to connect
to R3. As soon as the two dialer profiles have been configured, the physical BRI interface has to
be
member
of both
dialer pools.
All made
of the atopics
on the
new 642-821
preparation.
Floating Static Routes as a Backup

Floating static routes can also be used to back up a primary link. With this method, a static route
is configured to the destination network whose administrative distance is greater than that of the
dynamic route.
In the scenario shown in Figure 10-5, R1 is connected to R2 via a primary serial link as well as
an ISDN BRI interface. OSPF is being used to advertise the Ethernet networks across the serial
link. On R1, a static route is configured to Ethernet network 192.168.2.0 /24 via the BRI
interface. This static route is configured as follows:
Table of Contents
Index


R2(config)#ip route 192.168.2.0 255.255.255.0 10.0.2.2 150

ISBN: 1-58720-073-2
Pages: 528
Figure 10-5. Using a Floating Static Route for Backup
BCRAN exam.
exam concepts
This
staticregardless
route is configured
with an
administrative distance of 150. Because the administrative
concepts,
of certification
interest.
distance of the OSPF route (110) is more attractive, the static route is not used. If the primary
link
the dynamic
is removed,
and the technology,
static route and
is installed
in the
routing
table.
Eachfails,
chapter
includes aroute
review
of the applicable
guides the
reader
through
even
as a stand-alone
Routing
with the guide.
Load Backup Feature
When
the load backup feature is on, load sharing occurs in different ways, depending on the
preparation.
routing protocol used.
Load Backup with OSPF
If both the primary and backup links are up at the same time and OSPF is the routing protocol
being used, the load backup feature tries to load-share between the two links.
However, this is dependent on the respective costs of the two links. Because cost is the deciding
metric in OSPF, it tries to pick the path with the lesser cost. So if load sharing is to occur, both
links must have an equal cost. If one path has a lesser cost, all traffic uses that link.
OSPF load-shares only if both paths have an equal cost. This is illustrated in Figure 10-6.
Table of Contents
Index
Figure 10-6. Load Sharing with OSPF

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Each
chapter
a equal
reviewon
ofboth
the applicable
technology,
and
guides
the
reader through
InFigure
10-6,includes
if cost is
links, traffic
is sent over
both
links.
However,
if one path's
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on a home- or
cost is less, all traffic is sent over that link.
Load
Backup
IGRP
and EIGRP
All of the
topics with
on the
new 642-821
preparation.
If IGRP or EIGRP is configured, and both the primary and backup links are up, the load backup
feature tries to load-share between the two links. However, the metric of both the links must be
equal for this to happen. This is similar to the behavior of OSPF.
However, the variance command can be used in the case of IGRP and EIGRP to load-share
between links of unequal metrics.
Themultiplier number specified after the variance command determines which paths to use. For
instance, in a simple scenario, if the number is 2, even if the backup path is twice as worse as
the primary path, it is used to load-share traffic. This is usually dependent on other factors as
well.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Scenarios
This section provides two scenarios of how backup lines can be configured to provide redundancy for
primary lines. Each scenario outlines the steps involved in the setup. The results are shown and then
verified. Finally, the complete configuration of the routers is shown.
Table of Contents
Index
Scenario 10-1: Configuring Dial Backup for Primary Line Failures

In this scenario, Routers R1 and R2 are connected via a serial link. The serial link is the primary link.
Cisco Press
ThePublisher:
two routers
are also connected via an ISDN line, which is designated as the backup link. This
Pub
Date:
December
22,redundancy
2003
backup link provides
in case the primary link fails.
ISBN: 1-58720-073-2
The following
Pages: 528steps are required to configure dial backup for line failures:
Step 1. Define the primary interface:
BCRAN exam.
exam concepts
Router(config)#interface
Experience how remote type
accessnumber
Step 2. While in interface configuration mode on the primary interface, define the backup
Ready
interface
yourself
to be for
used:
Router(config-if)#backup interfacetype number
even as
a stand-alone
guide.
Step
3. Specify how
long to wait after the primary link goes down before enabling the backup
link:
preparation.
Router(config-if)#backup delay {enable-delay | never} {disable-delay |

never}
Table of Contents
Index
NOTE
This assumes that you have already successfully configured both the primary and backup links.

ISBN: 1-58720-073-2
Pages:
528 illustrates the configuration.
Example
10-1
Example 10-1. Configuring Dial Backup for Primary Link Failures

BCRAN exam.
R1#config t
for the CCNP
642-821 one
BCRAN
and End
gain with
a better,
EnterPrepare
configuration
commands,
perexam
line.
CNTL/Z.
exam concepts
R1(config)#int s0/0
interface bri0/0
R1(config-if)#
00:39:163208757247: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0/0, TEI 66
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642changed
down
821
BCRAN to
exam
00:39:158913789952:
%ISDN-6-LAYER2DOWN:
for Interface
BR0/0, exam
TEI 66
is useful in preparing Layer
a CCNP2candidate
for the general
changed
to down candidates for the new simulation-based questions that are on the Cisco
essential
in preparing
00:39:37:
%LINK-5-CHANGED:
Interface
of certification
interest. BRI0/0, changed state to standby mode
delay of5 the
10 applicable technology, and guides the reader through
R1(config-if)#^Z
preparation.
The commands in Example 10-1 designate BRI0/0 as the backup interface for S0/0. The backup link is
set to come up 5 seconds after the primary link goes down and is disabled 10 seconds after the primary
link comes back up.
It is noteworthy that the backup interface immediately gets placed in standby mode when the backup
interface command is issued.

Example 10-2 shows that the BRI0/0 interface is now in standby mode.
Example 10-2. Backup Interface in Standby Mode
Table of Contents
Index
R1#show
interface
bri0/0
CCNP Practical
Studies: Remote
Access
BRI0/0 is standby mode, line protocol is down

Publisher: Cisco
Hardware
is Press
PQUICC BRI with U interface
Internet
address is 10.0.2.1/24
ISBN: 1-58720-073-2
Pages: 528

Encapsulation HDLC, loopback not set
BCRAN exam.
Last
clearing
ofCCNP
"show
interface"
Prepare
for the
642-821
BCRAN counters
exam and never
exam concepts
Queueing
strategy:
weighted fair
you through
Output
queue:
(size/max
Review
set-up0/1000/64/0
guides that show
you howtotal/threshold/drops)
Ready
yourself for 0/1/16
the new (active/max
simulation-based
questions total)
on the CCNP exams
Conversations
active/max
CCNP Reserved
Practical Studies:
Remote Access
(CCNP Self-Study)
prepares readers for the CCNP 642Conversations
0/0 (allocated/max
allocated)
applications.
as a0 topic-by-topic
5 minute Designed
input rate
bits/sec, 0 guide
packets/sec
questions
by output
providingrate
a better
understanding
5 minute
0 bits/sec,
0 packets/sec
certification
exams. Finally,
serves
anyone
606 packets
input, it2497
bytes,
0 wanting
no buffer
implementation
of the technology.
step-by-step
process
can be executed
on a home- or
0 input errors,
0 CRC, 0This
frame,
0 overrun,
0 ignored,
0 abort
even as
a stand-alone
guide. 2502 bytes, 0 underruns
607
packets output,
preparation.
The process is illustrated in Figure 10-7. The primary link between Routers R1 and R2 fails. The backup
ISDN interface is then brought up to restore connectivity.
Figure
Table of Contents
Index
10-7. Primary Link Failure Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
Example 10-3 shows what happens on R1 when a primary line fails.
exam concepts
Example
10-3.
Interface
the
Fails
Experience
howBackup
remote access
conceptsComes
work in aUp
realWhen
network
withPrimary
practice labs
that walk
R1#
02:27:31: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN %OSPF-5-ADJCHG:
challenges
in implementing
accessfrom
network
02:27:31:
Process
111, Nbr
10.0.2.2 onremote
Serial0/0
FULL to
network
thisDown:
book isInterface
useful in preparing
CCNP candidate for the general exam
DOWN, setting,
Neighbor
down or adetached
candidates for the
new
simulation-based
questions
that are on
the Cisco
02:27:32:
%LINEPROTO-5-UPDOWN:
Line
protocol
on Interface
Serial0/0,
changed
concepts,
regardless
state to
down
Each
chapter%LINK-3-UPDOWN:
includes a review Interface
of the applicable
technology,
and state
guides to
the down
reader through
02:27:36:
BRI0/0:1,
changed
office-based
lab, some
networking
simulation
02:27:36: %LINK-3-UPDOWN:
Interface
BRI0/0:2,
changed
statesoftware
to downprograms, or
02:27:156792760292: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 66 changed
preparation.
to up
02:27:36: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
02:28:02: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
02:28:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state

to up
02:28:08: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 4082222222
02:28:12: %OSPF-5-ADJCHG: Process 111, Nbr 10.0.2.2 on BRI0/0 from LOADING to
Table of Contents
FULL, Loading Done

Index

InExample
Publisher: 10-3,
Cisco Press
you can see that when the s0/0 link on R1 goes down, the BRI0/0 interface, which is
configured
its backup,
Pub Date: as
December
22, 2003comes up to take its place. When the BRI0/0 interface comes up, it establishes
an OSPF
adjacency
with R2 so that routing updates can be exchanged.
ISBN:
1-58720-073-2
Pages: 528
Running the show interface command on the backup interface tells you that it is now active, as shown
inExample 10-4 . Note that it is no longer in standby mode.
Example 10-4. Backup Interface Is Now Active
BCRAN exam.
R1#show
interface
bri0/0
Prepare
for the CCNP
exam concepts
BRI0/0 is up, line protocol is up (spoofing)
Hardware
is PQUICC
BRI with U interface
you through
Internet
address
is 10.0.2.1/24
Review set-up
guides
simulation-based
MTUReady
1500yourself
bytes, for
BWthe
64 new
Kbit,
DLY 20000 usec,
CCNP reliability
Practical Studies:
Remotetxload
Access (CCNP
prepares readers for the CCNP 642255/255,
1/255,Self-Study)
rxload 1/255
applications.
Designed
as aloopback
topic-by-topic
Encapsulation
HDLC,
not set
questions
by providing
a better
understanding
of howhang
remote
Last input
00:00:00,
output
never, output
never
certification
exams.of
Finally,
anyone
wanting anever
Last clearing
"showit serves
interface"
counters
implementation
of the technology.
Queueing strategy:
weightedThis
fair
even
as a stand-alone
guide.
Output
queue: 0/1000/64/0
(size/max total/threshold/drops)
Conversations 0/1/16 (active/max active/max total)
preparation.

Table of Contents
Indexerrors, 0 collisions, 3 interface resets

0 output
0 Shuo
output
buffer
0 output
buffers
ByWesley
, Dmitry
Bokoteyfailures,
, Raymond Morrow
, Deviprasad
Konda
swapped out

ISBN: 1-58720-073-2
Pages: 528
When the primary line is restored, the backup again transitions back to standby mode, as shown in
Example 10-5. Note in the output of the show ip route command that the remote network 192.168.2.0
/24 is now advertised via the serial link.
The
of the
show ip of
ospf
neighbor
shown
Example
10-5,
that
R2 is visible
Gainoutput
hands-on
experience
CCNP
Remotecommand,
Access topics
withinlab
scenarios
for shows
the new
642-821
only
via
the
primary
serial
link.
BCRAN exam.
Prepare10-5.
for thePrimary
CCNP 642-821
BCRAN
Example
Link
Getsexam
Restored
exam concepts
R1#
02:30:03: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
02:30:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642state
toexam
up and for workplace challenges in implementing remote access network
821
BCRAN
02:30:13:
%ISDN-6-DISCONNECT:
Interface
disconnected
from 4082222222
,
network setting,
this book is useful in
preparing BRI0/0:1
a CCNP candidate
for the general
exam
call lasted
131 seconds
essential
in preparing
02:30:13:
%LINK-3-UPDOWN:
Interface
of certification
interest.BRI0/0:1, changed state to down
02:30:13:
Each
chapter%OSPF-5-ADJCHG:
includes a review Process
of the applicable
111, Nbr
technology,
10.0.2.2and
on guides
BRI0/0thefrom
reader
FULL
through
to DOWN,
office-based
Neighbor lab,
Down:
a remote-accessible
Interface down lab,
or some
detached
02:30:55834574848: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0/0, TEI 66
preparation.
changed to down
02:30:55834574848: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0/0, TEI 66
changed to down
02:30:13: %OSPF-5-ADJCHG: Process 111, Nbr 10.0.2.2 on Serial0/0 from LOADING to

FULL, Loading Done
02:30:13: %LINK-5-CHANGED: Interface BRI0/0, changed state to standby mode
to down
Table of Contents
Index
R1#
R1#
R1#show
ipDecember
route 22, 2003
Pub Date:
ISBN: 1-58720-073-2
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

Pages: 528
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
Gain hands-on
experience
of CCNP
with lab
scenarios
the new 642-821
E1 - OSPF
external
typeRemote
1, E2 Access
- OSPFtopics
external
type
2, E -forEGP
BCRAN exam.
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
exam concepts
P - periodic downloaded static route
Gateway of last resort is not set
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 64210.0.0.0/24
isfor
subnetted,
1 subnetsin implementing remote access network
821 BCRAN
exam and
workplace challenges
C
10.0.1.0
directly
network setting,
thisis
book
is usefulconnected,
in preparing Serial0/0
C
192.168.1.0/24
is directly
connected,
FastEthernet0/0
essential
for the
O
192.168.2.0/24
[110/74] via
10.0.1.2, 00:14:57, Serial0/0
concepts,
interest.
Each
chapter
includes
R1#show
ip ospf
neighbor
Neighbor ID
Pri
State
Dead Time
Address
Interface
preparation.
10.0.2.2
1
FULL/ 00:00:33
10.0.1.2
Serial0/0
R1#
Example 10-6 provides the complete configuration of R1 for backup in the case of a primary link failure.
Example 10-6. R1's Configuration
Table of Contents
Index
CCNP
Practical
Building
configuration...
Current
configuration : 1070 bytes
!
ISBN: 1-58720-073-2
Pages: 528
version 12.1
hostname
Gain
hands-on
R1 experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
isdn switch-type basic-net3

!
!
address
192.168.1.1
255.255.255.0
821
exam
and for workplace
no ip redirects
network
speed 100
essential
full-duplex
concepts,
!
interface
office-basedSerial0/0
backup delay 5 10
preparation.
backup
interface BRI0/0
ip address 10.0.1.1 255.255.255.0
no ip redirects
clockrate 512000
!
interface BRI0/0
ip address 10.0.2.1 255.255.255.0
Table of Contents
dialer map ip 10.0.2.2 broadcast 4082222222

Index
dialer-group 1


ISBN: 1-58720-073-2
router ospf 111

Pages: 528
network 10.0.1.0 0.0.0.255 area 0
Gain
hands-on
experience
of CCNP
Remote
network
10.0.2.0
0.0.0.255
area
0 Access topics with lab scenarios for the new 642-821
BCRAN exam.
network 192.168.1.0 0.0.0.255 area 0
exam concepts
ip classless
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642end
certification
Example
10-7
exams.
provides
Finally,
the complete
it serves anyone
configuration
wanting
of R2
a guide
for backup
to real-world
in the case
application
of a primary
of these
link failure.
Each
chapter10-7.
includes
a review
Example
R2's
Configuration
preparation.
version 12.1
hostname R2
!
ip subnet-zero
Table of Contents
Index
!
interface
Ethernet0/0
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
ip address 192.168.2.1 255.255.255.0

Pages: 528
no ip redirects
!
Gain
hands-on
interface
Serial0/0
BCRAN exam.
backup delay 5 10
backup interface BRI1/0
exam concepts
ip address 10.0.1.2 255.255.255.0
no ip redirects
no fair-queue
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642interface
821 BCRAN BRI1/0
ip address
10.0.2.2
network
setting,
this book255.255.255.0
dialer in
map
ip 10.0.2.1
broadcast
essential
preparing
candidates
for the 4081111111
dialer-group
1
concepts,
regardless
Each
includesbasic-net3
isdnchapter
switch-type
office-based
!
preparation.
router ospf 111
network 10.0.1.0 0.0.0.255 area 0
network 10.0.2.0 0.0.0.255 area 0

network 192.168.2.0 0.0.0.255 area 0
!
ip classless
Table of Contents
Index

!
endPub Date: December 22, 2003

ISBN: 1-58720-073-2
Pages: 528
Scenario 10-2: Configuring Dial Backup for Load Sharing

Gain
hands-on
ofand
CCNP
Access via
topics
with lab
for the new
642-821
In this
scenario,experience
Routers R1
R2Remote
are connected
a serial
line scenarios
that is designated
as the
primary link.
BCRAN
exam.
The two routers are also connected via an ISDN line that is the backup link. This backup link is supposed
to be activated when the load on the primary line crosses a set threshold.
Prepare for
theare
CCNP
642-821
BCRAN exam
and gain
better, high
practical
understanding
of link:
The following
steps
required
to configure
dial backup
toasupport
loads
on the primary
exam concepts
Step 1. Define the primary interface:
type number
Stepregardless
2. While in
configuration
concepts,
of interface
certification
interest. mode on the primary interface, define the backup
interface to be used:
preparation.
Router(config-if)#backup interfacetype number
Step 3. Specify the traffic load threshold at which the backup link is to be activated:
Table of Contents
Index

By
, Deviprasad Konda
Router(config-if)#backup
loadMorrow
{enable-threshold
| never} {disable-load |
never}
ISBN: 1-58720-073-2
Pages: 528
This assumes that you have already successfully configured both the primary and backup links.
BCRAN
exam.
NOTE
Because load is calculated on an interface basis, the backup load command cannot be used
Prepare
on
subinterfaces.
exam concepts
you 10-8
through
Example
illustrates
the configuration.
Example
10-8. Configuring
Dial Backup
to Support
Primary
Ready yourself
questions
on the CCNP
examsLinks
R1#config
applications.tDesigned as a topic-by-topic guide of how to apply remote access concepts in a real
Enter
configuration
one per line.
with
CNTL/Z.
questions
by providing acommands,
of how End
remote
access
serial0/0
certification exams. Finally,
R1(config-if)#backup interface bri0/0
R1(config-if)#
03:03:206158430208:
%ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0/0, TEI 66
Allchanged
of the topics
to down
preparation.
03:03:206158430208: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0/0, TEI 66
changed to down
03:03:48: %LINK-5-CHANGED: Interface BRI0/0, changed state to standby mode
R1(config-if)#
R1(config-if)#
R1(config-if)#backup load 25 20
R1(config-if)#^Z
Table of Contents
Index

InExample 10-8, the S0/0 interface is supported by the BRI0/0 interface. Note that BRI0/0 is again
placed in standby mode. Also, the backup load command specifies that the BRI 0/0 interface will be
activated
when the load on the primary link exceeds 25 percent and will be deactivated when the load
Pub below
Date: December
22, 2003
drops
20 percent.
ISBN: 1-58720-073-2
FigurePages:
10-8528
illustrates how the ISDN interfaces on Routers R1 and R2 are used to provide backup for the
primary serial interfaces.
Figure 10-8. Primary Link Support Topology
BCRAN exam.
exam concepts
questions
providing
a betterlink
understanding
how remote
accessthe
really
works.
When
the by
load
on the primary
is below theof
specified
threshold,
backup
linkItisisinalso
standby mode.
essential
in preparing
candidates
for configured
questions
that are 10-9.
on the Cisco
On
the primary
link you
can see the
parameters, as shown
in Example
Example 10-9. Primary and Backup Interfaces with Low Traffic
R1#show interface s0/0
Serial0/0
preparation.is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 10.0.1.1/24
Backup interface BRI0/0, failure delay 0 sec, secondary disable delay 0 sec,
kickin load 25%, kickout load 20%


Table of Contents
Index

ByWesley
, Dmitry
Bokotey, Raymond
, Deviprasad
Kondahang
Last Shuo
input
00:00:06,
outputMorrow
00:00:01,
output
never
Last
clearing
Publisher:
Cisco Pressof "show interface" counters never
Input
queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
ISBN: 1-58720-073-2
Pages: 528

Conversations 0/1/256 (active/max active/max total)
BCRANReserved
exam.
Conversations 0/0 (allocated/max allocated)
exam concepts
5 minute
output rate 0 bits/sec, 0 packets/sec
Received
7 broadcasts,
0 runts,
0 to
giants,
Review
set-up
guides that show
you how
prepare0 athrottles
lab for study
1 input
errors,
0 CRC,
1 frame, 0 overrun,
0 ignored,
0 abort
Ready
yourself
for the
questions
on the CCNP
exams
packets
output,
3143
bytes,
0 underruns
CCNP 21
Practical
Studies:
Remote
Access
(CCNP
0 output
errors,
collisions, guide
2 interface
applications.
Designed
as a0 topic-by-topic
of how toresets
apply remote access concepts in a real
0 output
buffera better
failures,
0 outputofbuffers
swapped
questions
by providing
understanding
how remote
accessout
0 carrier
transitions
certification
exams.
DCD=up DSR=up DTR=up RTS=up CTS=up
even as a interface
R1#show
stand-alonebri0/0
guide.
All of theis
topics
on themode,
new 642-821
BCRAN exam
BRI0/0
standby
line protocol
is down
preparation.
Hardware is PQUICC BRI with U interface

Last input never, output never, output hang never
Last clearing of "show interface" counters never
Table of Contents
Input queue:
Index 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

PubConversations
0/0/16
(active/max active/max total)
ISBN: 1-58720-073-2
Reserved
Pages:
528

BCRAN exam.
0 input
errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
exam
concepts
0 packetshow
output,
0 access
bytes,concepts
0 underruns
Experience
remote
questions
providing
a betterlink
understanding
how remote
access really
works.
It is alsois brought into
When the by
load
on the primary
exceeds the of
configured
threshold,
the backup
interface
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
the Cisco
action, as shown in Example 10-10.
Example
Istechnology,
Brought and
Up guides the reader through
Each chapter10-10.
includes Backup
a review ofInterface
the applicable
R1#
00:08:00:
preparation.%LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:08:00: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:08:00: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:08:4294967295: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 66 changed

to up
to down
Table of Contents
Index

to down
R1#
ISBN: 1-58720-073-2
Pages: 528
Example 10-11 shows that the load on the primary link has exceeded the specified threshold. Also, when
you look at the backup link, you can see that it is now up.
Example 10-11. Primary and Backup Interfaces When the Load Threshold Is
Exceeded
BCRAN exam.
R1#show
interface
exam
concepts s0/0
Experience
howline
remote
access concepts
Serial0/0
is up,
protocol
is up work in a real network with practice labs that walk
Backup interface BRI0/0, failure delay 0 sec, secondary disable delay 0 sec,
kickin load 25%, kickout load 20%
Last input 00:00:00, output 00:00:00, output hang never
interface"
AllLast
of theclearing
topics on of
the "show
new 642-821
BCRANcounters
exam are never
preparation.
Conversations
1/2/256 (active/max active/max total)

Table of Contents

Index

packets
output,
Pub215234
Date: December
22, 2003
24533109 bytes, 0 underruns
ISBN: 1-58720-073-2
Pages: 528

Gain hands-on
of CCNP RTS=up
Remote Access
DCD=up experience
DSR=up DTR=up
CTS=uptopics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
R1#show interface bri0/0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642MTU
1500exam
bytes,
Kbit, DLY
20000 in
usec,
821
BCRAN
andBW
for64
workplace
challenges
reliability
txload
1/255, rxload
1/255
network
setting, this255/255,
book is useful
in preparing
a CCNP candidate
Encapsulation
HDLC,
loopback
notnew
setsimulation-based questions that are on the Cisco
essential
in preparing
candidates
for the
Last input
00:00:00,
output interest.
never, output hang never
concepts,
regardless
of certification
Each
chapter
includes
reviewinterface"
of the applicable
technology,
Last
clearing
of a"show
counters
never and guides the reader through
office-based
lab, a0/75/0/0
remote-accessible
lab, some networking simulation
software
programs,
or
Input queue:
(size/max/drops/flushes);
Total output
drops:
0
preparation.
Conversations

Table of Contents

Index

output
buffer
failures,
Pub0Date:
December
22, 2003
0 output buffers swapped out
ISBN: 1-58720-073-2
Pages: 528
When the load drops below the specified disable load, the backup interface is again put back in standby
Gain
hands-on
of 10-12.
mode,
as shownexperience
in Example
BCRAN exam.
Example
Backup
Interface
Is Put
Back
in Standby
Prepare10-12.
for the CCNP
642-821
BCRAN exam
and gain
a better,
practical Mode
understanding of
exam concepts
R1# you through their implementation
that show you how toLayer
prepare
a labInterface
for study BRI0/0, TEI 66
00:11:240518168575:
%ISDN-6-LAYER2DOWN:
2 for
Ready to
yourself
changed
down for the new simulation-based questions on the CCNP exams
CCNP
prepares
readers
for the TEI
CCNP
00:11:236223201280:
%ISDN-6-LAYER2DOWN:
Layer 2 for
Interface
BR0/0,
applications.
Designed
changed to
down as a topic-by-topic guide of how to apply remote access concepts in a real
questions
of how remote
works. It mode
is also
00:11:55:by%LINK-5-CHANGED:
Interface BRI0/0,
changedaccess
statereally
to standby
certification
R1#
R1#
R1#
R1#show interface bri0/0
BRI0/0 is standby mode, line protocol is down
preparation.


Table of Contents
Input queue:
Index 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
ByWesley
Queueing
Shuo, Dmitry
strategy:
Bokoteyweighted
, Raymond Morrow
fair ,Deviprasad Konda
Output
Publisher:queue:
Cisco Press0/1000/64/0 (size/max total/threshold/drops)
Conversations
ISBN: 1-58720-073-2
Pages: 528

BCRAN83exam.
packets input, 391 bytes, 0 no buffer
exam
concepts
0 input
errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
Experience
how
remote 531
access
concepts
90 packets
output,
bytes,
0 underruns
0 output
buffer
failures,
0 output buffers
swapped
Ready
yourself
for the
questions
on the out
CCNP exams
carrier
transitions
CCNP 2
Practical
Studies:
Example
provides
the complete
configuration
of R1 for load
backup.that are on the Cisco
essential 10-13
in preparing
candidates
for the
questions
Example 10-13. R1's Configuration for Load Backup

even
as a running-config
stand-alone guide.
R1#show
All
of the topics
Building
configuration...
preparation.

!
version 12.1
!
hostname R1
!
Table of Contents
Index
ip
subnet-zero
!

ISBN: 1-58720-073-2
Pages: 528
interface
FastEthernet0/0
ip address 192.168.1.1 255.255.255.0

no ip redirects
speed exam.
100
BCRAN
full-duplex
exam concepts
!
Experience
interface
Serial0/0
backup load 25 20
ip address 10.0.1.1 255.255.255.0
no ip redirects
clockrate 512000
!
interface BRI0/0
ip address 10.0.2.1
255.255.255.0
implementation
of the technology.
dialer
ip 10.0.2.2
even
as a map
stand-alone
guide.broadcast 4082222222
dialer-group
1 the new 642-821 BCRAN exam are covered, providing comprehensive exam
All
of the topics on
preparation.
!
router ospf 111
network 10.0.1.0 0.0.0.255 area 0
network 10.0.2.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
Table of Contents
Index
ip classless
!
dialer-list
1 protocol
Pub Date: December
22, 2003 ip permit
ISBN: 1-58720-073-2
Pages: 528
end
BCRAN
Exampleexam.
10-14 provides the complete configuration of R2 for load backup.
Example
10-14. R2's Configuration for Load Backup
exam concepts
BCRAN
version
12.1
network
!
essential
hostnameinR2
concepts,
!
ip subnet-zero
!
isdn
switch-type
basic-net3
All of the
topics on the
preparation.
!
ip address 192.168.2.1 255.255.255.0
no ip redirects
!
interface Serial0/0
backup load 25 20
Table of Contents
Index

ip address 10.0.1.2 255.255.255.0
no ip redirects
noPub
fair-queue
ISBN: 1-58720-073-2
Pages: 528
interface BRI1/0
ip address 10.0.2.2 255.255.255.0
Gain
hands-on
experience
of broadcast
CCNP Remote
dialer
map ip
10.0.2.1
4081111111
BCRAN exam.
dialer-group 1
exam concepts
!
router ospf 111
network 10.0.1.0 0.0.0.255 area 0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642network
area
0
821
BCRAN10.0.2.0
exam and0.0.0.255
for workplace
challenges
networksetting,
192.168.2.0
0
network
this book0.0.0.255
is useful inarea
preparing
!
ip
classless
concepts,
Each
!
office-based
a remote-accessible
dialer-listlab,
1 protocol
ip permitlab, some networking simulation software programs, or
!
preparation.
end
Scenario 10-3: Configuring Dialer Profiles for Backup

As mentioned, the use of dialer profiles allows the use of a physical interface for both backup and DDR
connections to another site. In this scenario, Routers R1 and R2 are connected via a primary serial line.
The routers are also connected via an ISDN line, which has been designated as the backup link. This
scenario shows the use of dialer profiles to provide backup for the primary link.
of Contents
The
followingTable
steps
are required to configure the backup using dialer profiles:
Index
Step 1.
CreateRemote
and configure
CCNP Practical
Studies:
Access
a dialer interface:

ISBN: 1-58720-073-2
Pages: 528
Router(config)#interface dialernumber
Router(config-if)#encapsulation
ppp Access topics with lab scenarios for the new 642-821
Gain hands-on experience of CCNP Remote
BCRAN exam.
Router(config-if)#dialer remote-namename
Router(config-if)#dialer
string
BCRAN
stringexam and gain a better, practical understanding of
exam concepts
Router(config-if)#dialer poolnumber
Router(config-if)#dialer-group
number
Step 2. Specify the physical interface that will support the backup. Configure it for PPP
CCNP encapsulation:
type number
implementation of the technology.
Router(config-if)#encapsulation
ppp
Router(config-if)#ppp
All of the topics on the newauthentication
642-821 BCRAN chap
preparation.
Step 3. Make the backup interface a member of the dialer pool:
Router(config-if)#dialer pool membernumber
Table of Contents
Index
Step 4. Specify the primary interface to be backed up. Specify the dialer interface configured in
Step 1 to be used for backup:

ISBN: 1-58720-073-2
Pages: 528
Router(config)#interfacetype number
BCRAN exam.
Router(config-if)#backup interface dialernumber
exam concepts
Step 5. Specify what kind of backup is required. For primary link failures, use the backup delay
Experience
command. how
For load
remote
sharing,
access
use
concepts
the backup
work in
load
a real
command:
network
setting, this book is useful
preparing a CCNP
Router(config-if)#backup
delayin{enable-delay
| candidate
never} {disable-delay
|
essential
never}in preparing candidates for the new simulation-based questions that are on the Cisco
Router(config-if)#backup load {enable-threshold | never} {disable-load |
never}
Step
6. Specify
traffic
that exam
will bring
the backup
interface
using the dialer-list
All of the
topics
on theinteresting
new 642-821
BCRAN
are up
covered,
providing
comprehensive
exam
command:
preparation.
Router(config)#dialer-listdialer-group protocolprotocol-name {permit |

deny | listaccess-list-number | access-group}
Table of Contents
Index
Example 10-15 shows the use of dialer profiles for backup.

Publisher: Cisco
Press Configuring the Dialer Interface for Dialer Profiles
Example
10-15.
ISBN: 1-58720-073-2
Pages: 528
R1(config)#interface dialer 0
BCRAN exam.
R1(config-if)#dialer remote-name R2
pool
1
642-821
exam concepts
R1(config-if)#dialer string 4082222222
R1(config-if)#dialer-group
1
R1(config-if)#exit
Ready yourself for the 1new
simulation-based
protocol
ip permit
CCNP
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-if)#^Z
essential
in 10-15,
preparing
for the
arelegacy
on theDDR
Cisco
InExample
the candidates
dialer interface
is configured.
You can seequestions
how mostthat
of the
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of
these
commands that used to be configured on a BRI interface are now configured here. You can
also see how
concepts,
regardless
of
certification
interest.
thedialer-list command is used to define interesting traffic. The number following the dialer-list
command should be the dialer-group number specified under the interface.
implementation
of the the
technology.
This step-by-step
process
can be executed
on a homeExample 10-16 shows
configuration
of the physical
BRI interface
used for backup.
Noteorthat the
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
dialer pool-member command is used to match the physical BRI backup interface to the logical
dialer
even
as
a
stand-alone
guide.
interface.
preparation.
Example 10-16. Configuring the Physical BRI Interface for Dialer Profiles
R1(config)#interface bri0/0
R1(config-if)#dialer pool-member 1
R1(config-if)#^Z
Table of Contents
Index

Example 10-17 shows the configuration of the primary link to be backed up. Notice that the backup
interface specified is the virtual dialer interface instead of the physical BRI interface.
Example
ISBN: 1-58720-073-2
10-17. Configuring the Primary Interface for Dialer Profiles
Pages: 528
R1(config)#int serial 0/0

dialerAccess
0
Gain hands-on experienceinterface
of CCNP Remote
BCRAN exam.
R1(config-if)#backup delay 5 10
R1(config-if)#^Z
exam concepts
As soon as the configuration steps are complete, running show commands on the various interfaces
set-up
guides
that show
givesReview
the results
shown
in Example
10-18.
Example
10-18.
Output
of show
interface
Commands
on for
the
Interfaces
CCNP Practical
Studies:
Remote Access
(CCNP
Self-Study)
prepares readers
the
R1#show
questions interface
by providings0/0
Serial0/0
up, Finally,
line protocol
is up wanting a guide to real-world application of these
certification is
exams.
it serves anyone
Internet address
is 10.0.1.1/24
implementation
of the technology.
Backup
interface guide.
Dialer0, failure delay 5 sec, secondary disable delay 10 sec,
even
as a stand-alone
Allkickin
of the topics
load on
not
theset,
new kickout
642-821 BCRAN
load not
exam
set
preparation.

Last input 00:00:03, output 00:00:03, output hang never
Table of Contents
strategy: weighted fair
Queueing Index
Conversations

PubReserved
Date: December
22, 2003
Conversations
0/0 (allocated/max allocated)
ISBN: 1-58720-073-2
5 minute
input rate 0 bits/sec, 0 packets/sec
Pages: 528
BCRAN exam.
5472 concepts
packets output, 364550 bytes, 0 underruns
exam
0 output how
errors,
0 collisions,
2 interface
resets
Experience
remote
access concepts
work in a real
DCD=up DSR=up DTR=up RTS=up CTS=up
network setting,
this book
R1#show
interface
dialer0
essential in
forprotocol
Dialer0
ispreparing
standby candidates
mode, line
is down
concepts,
regardless
Hardware
is Unknown
Each
chapter includes
a review ofUsing
the applicable
and (10.0.3.1)
Interface
is unnumbered.
address technology,
of Loopback0
office-based
a remote-accessible
lab,20000
some usec,
MTU 1500 lab,
bytes,
BW 56 Kbit, DLY
preparation.
Last input never, output never, output hang never

Table of Contents
Conversations
Index

5Pub
minute
output
Date: December
22,rate
2003 0 bits/sec, 0 packets/sec
ISBN: 1-58720-073-2
0 packets input, 0 bytes
Pages: 528
0 packets output, 0 bytes
Gain
hands-on
experience
R1#show
interface
bri0/0
BCRAN exam.
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Last
clearing
of for
"show
interface"
counters
00:01:58 remote access network
821
BCRAN
exam and
workplace
challenges
in implementing
Input setting,
queue:this
0/75/1/0
Total for
output
drops:exam
0
network
book is (size/max/drops/flushes);
useful in preparing a CCNP candidate
the general
Queueing
strategy:
weighted
essential
in preparing
candidates
forfair
Output regardless
queue: 0/1000/64/0
(size/max
concepts,
of certification
interest. total/threshold/drops)
Each chapter
includes a 0/1/16
review of(active/max
the applicable
technology,total)
Conversations
active/max
office-based
lab, Conversations
a remote-accessible
some networking
Reserved
0/0 lab,
(allocated/max
allocated)
preparation.

Table of Contents
Index

Notice
Publisher:
that Cisco
the serial
Press interface now specifies the dialer interface as its backup. Also note that while the
dialer
is in22,
standby
mode, the BRI interface is up.
Pub interface
Date: December
2003
ISBN: 1-58720-073-2
When the primary link goes down, the dialer interface comes up, as shown in Example 10-19.
Pages: 528
Example 10-19. Backup Using Dialer Profiles

BCRAN exam.
R1#
07:50:04:
%LINK-3-UPDOWN:
Interface
changed
state
to down
Prepare
for the CCNP 642-821
BCRAN Serial0/0,
exam and gain
a better,
practical
understanding of
exam concepts
07:50:04: %OSPF-5-ADJCHG: Process 111, Nbr 192.168.2.1 on Serial0/0 from FULL to
DOWN,
Neighbor
Down:
Interface down or detached
you through
their
implementation
07:50:05:
protocol
on Interface
Serial0/0, changed
Review%LINEPROTO-5-UPDOWN:
set-up guides that show Line
you how
to prepare
a lab for study
Ready
state
toyourself
down for the new simulation-based questions on the CCNP exams
CCNP Practical
Studies: RemoteInterface
Access (CCNP
Self-Study)
prepares
readers
07:50:11:
%LINK-3-UPDOWN:
Dialer0,
changed
state
to upfor the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications. Designed %LINK-3-UPDOWN:
as a topic-by-topic Interface
guide of how
to apply remote
access
concepts
07:50:49411108400:
BRI0/0:1,
changed
state
to upin a real
questions by providing %DIALER-6-BIND:
of how BR0/0:1
remote access
works. It Di0
is also
07:50:51539607551:
Interface
boundreally
to profile
certification %LINEPROTO-5-UPDOWN:
exams. Finally, it serves anyone
wanting aon
guide
to real-world
application
of these
07:50:14:
Line protocol
Interface
BRI0/0:1,
changed
state to up
07:50:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 4082222222 R2
implementation
of the technology.
This step-by-step
process can be
a homeor
07:50:31: %OSPF-5-ADJCHG:
Process
111, Nbr 192.168.2.1
onexecuted
Dialer0on
from
LOADING
to
even
as a Loading
stand-alone
guide.
FULL,
Done
R1#
preparation.
InExample 10-19, you can see that when the primary serial link goes down, the dialer interface comes
up. Also, you can see that OSPF reconverges to run over the dialer interface. This is demonstrated via
the output of the show ip route command, as shown in Example 10-20.
Example 10-20. Output of show ip route After the Backup Link Is Up
R1#show
ip Table
route
of Contents
Index
Codes:
C - Studies:
connected,
- static, I - IGRP, R - RIP, M - mobile, B - BGP
CCNP Practical
RemoteSAccess
Publisher:
Press
N1 Cisco
- OSPF
NSSA external type 1, N2 - OSPF NSSA external type 2

ISBN:
E1 1-58720-073-2
- OSPF external
type 1, E2 - OSPF external type 2, E - EGP
Pages: 528

BCRAN exam.
Gateway
of last
resort
is not BCRAN
set
Prepare
for the
CCNP 642-821
exam concepts
10.0.0.0/8
is variably
subnetted, 2 subnets, 2 masks
you
through their
implementation
C
Review
set-up guides
show you
how to prepare
a lab for study
10.0.3.0/24
is that
directly
connected,
Loopback0
Ready
yourself for is
the directly
10.0.3.2/32
connected,questions
Dialer0 on the CCNP exams
CCNP
Accessconnected,
(CCNP Self-Study)
prepares readers for the CCNP 642C
192.168.1.0/24
is directly
FastEthernet0/0
applications.
Designed as
a topic-by-topic
guide of how
to apply remote
O
192.168.2.0/24
[110/1795]
via 10.0.3.2,
00:01:08,
Dialer0
questions
R1#ping 192.168.2.1
!!!!!
preparation.
R1#
The output of show ip route reveals that the remote Ethernet segment 192.168.2.0 /24 can now be
reached via the dialer interface. Pinging R2's Ethernet interface 192.168.2.1 via the backup link shows
that the link is up, as shown in Example 10-20.
The complete configuration of R1 for dialer profiles is shown in Example 10-21.
Example
10-21.
R1's Configuration for Dialer Profiles
Table of Contents
Index

Publisher:configuration...
Cisco Press
Building
ISBN: 1-58720-073-2
Pages: 528
version 12.1
!
hostname R1
BCRAN exam.
!
username
R2 for
password
0 642-821
cisco BCRAN exam and gain a better, practical understanding of
Prepare
the CCNP
exam concepts
!
isdn you
switch-type
basic-net3
through their
implementation
!
Ready Loopback0
interface
CCNP
Practical10.0.3.1
Studies: Remote
Access (CCNP Self-Study) prepares readers for the CCNP 642ip address
255.255.255.0
!
questions byFastEthernet0/0
interface
certification
Finally, it255.255.255.0
ip addressexams.
192.168.1.1
no ip redirects
implementation
speed 100
even
full-duplex
!
preparation.
interface Serial0/0
backup delay 5 10
backup interface Dialer0
ip address 10.0.1.1 255.255.255.0

no ip redirects
clockrate 512000
!
Table of Contents
Index
interface BRI0/0
ip Shuo
address
Byno
Wesley
encapsulation
ppp
ISBN: 1-58720-073-2
528
isdnPages:
switch-type
basic-net3

!
interface
Dialer0
BCRAN exam.
exam concepts
encapsulation
ppp
Experience
dialer
pool 1how remote access concepts work in a real network with practice labs that walk
dialer-group
1
CCNP
Practical Studies:
!
router
ospf
111
questions
by providing
certification
network 10.0.1.0 0.0.0.255 area 0
network 10.0.2.0
0
implementation
of the0.0.0.255
technology.area
This step-by-step
network
10.0.3.1 0.0.0.0
even
as a stand-alone
guide. area 0
network
192.168.1.0
0.0.0.255
area 0exam are covered, providing comprehensive exam
All
of the topics
on the new
642-821 BCRAN
preparation.
!
ip classless
!

!
end
Table of Contents
Index
The
complete configuration of R2 for dialer profiles is shown in Example 10-22.
Example 10-22. R2's Configuration for Dialer Profiles

ISBN: 1-58720-073-2
Pages:
528
R2#show
running-config
version 12.1
!
hostname
R2
BCRAN exam.
!
username
password 0 cisco
exam R1
concepts
!
!
interface Loopback0
ip address 10.0.3.2 255.255.255.0
!
ip address 192.168.2.1 255.255.255.0
no ip redirects
!
interface
Serial0/0
All of the topics
preparation.
backup delay 5 10
ip address 10.0.1.2 255.255.255.0
no ip redirects
no fair-queue
!
interface BRI1/0
Table of Contents
no ip address
Index
encapsulation ppp
isdn
switch-type
Pub Date:
December 22,basic-net3
2003
ISBN: 1-58720-073-2

Pages: 528
!
interface Dialer0
Gain
hands-on experience
ip unnumbered
Loopback0
BCRAN exam.
encapsulation ppp
dialer pool 1
exam concepts
dialer-group 1
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642router
ospf
111 and for workplace challenges in implementing remote access network
821 BCRAN
exam
network
networkin10.0.1.0
area
essential
preparing 0.0.0.255
candidates for
the0new simulation-based questions that are on the Cisco
network regardless
10.0.2.0 of
0.0.0.255
area
0
concepts,
certification
interest.
Each
chapter
includes0.0.0.0
a review area
of the 0applicable technology, and guides the reader through
network
10.0.3.2
office-based
lab, some
network 192.168.2.0
0.0.0.255 area
0
!
preparation.
ip classless
!
!
end
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise: Enabling Backup for a Primary Link

A corporation has a branch office connected via a serial link of 512 kbps to the central office. The
network administrator at the remote site wants to back up the primary serial link with an ISDN
BRI link. Configure the backup link at the remote site such that the BRI link can be used for both
Table ofand
Contents
backup operations
connections to other remote sites. OSPF should be configured on all
Index
interfaces. Verify connectivity by pinging the central Ethernet and loopback interfaces from the
CCNP
Practical
branch
router.
Figure 10-9 illustrates this topology.

ISBN: 1-58720-073-2
Figure 10-9. Practical Exercise Topology
Pages: 528
BCRAN exam.
exam concepts
preparation.

The solution for the practical exercise is shown in Example 10-23.
Table of Contents
Example 10-23.
Solution to the Practical Exercise
Index

Branch#config terminal
Enter
configuration
commands, one per line.
Pub Date:
December 22, 2003
End with CNTL/Z.
ISBN: 1-58720-073-2
Branch(config)#interface dialer 0
Pages: 528
Branch(config-if)#ip unnumbered loopback0

Branch(config-if)#encapsulation ppp
Gain
Remote Access
Branch(config-if)#dialer
remote-name
Central
BCRAN exam.
Branch(config-if)#dialer pool 1
exam concepts
Branch(config-if)#dialer-group 1
Branch(config-if)#exit
Branch(config)#dialer-list 1 protocol ip permit
Branch(config)#int bri1/0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Branch(config-if)#encapsulation
ppp
821 BCRAN exam and for workplace challenges
Branch(config-if)#ppp
chapa CCNP candidate for the general exam
network setting, this book authentication
is useful in preparing
Branch(config-if)#dialer
pool-member
for the new1simulation-based questions that are on the Cisco
Branch(config-if)#exit
Each
chapter includes as0/0
Branch(config)#int
office-based
lab, dialer0
Branch(config-if)#backup
interface
Branch(config-if)#backup delay 5 5
preparation.
Branch(config-if)#^Z
If the primary link is disabled, the backup link should come up, as shown in Example 10-24.
Example 10-24. Verifying Dial Backup Operation
Branch#
Table of Contents
00:14:15: %LINEPROTO-5-UPDOWN:
Line protocol on Interface Serial0/0, changed
Index
CCNP
Practical
state
to Studies:
down Remote Access
00:14:16: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down

00:14:16:
%OSPF-5-ADJCHG: Process 111, Nbr 10.60.1.1 on Serial0/0 from FULL to
ISBN: 1-58720-073-2
DOWN, Neighbor Down: Interface down or detached

Pages: 528
00:14:94489280576: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to up

00:14:98784247807: %DIALER-6-BIND: Interface BR1/0:1 bound to profile Di0
00:14:23:
Gain
hands-on
%LINK-3-UPDOWN:
experience of CCNP
Interface
Remote Dialer0,
Access topics
changed
with lab
state
scenarios
to upfor the new 642-821
BCRAN exam.
to Prepare
up
exam concepts
00:14:28: %ISDN-6-CONNECT: Interface BRI1/0:1 is now connected to 4081111111
Central
00:14:34: %OSPF-5-ADJCHG: Process 111, Nbr 10.60.1.1 on Dialer0 from LOADING to
FULL, Loading Done
The
outputby
ofproviding
show ip route
should
show thatof
OSPF
now running
backup
questions
a better
understanding
howisremote
access over
reallythe
works.
It isdialer
also
interface,
as
shown
in
Example
10-25.
Example 10-25. Routing Over the Backup Link

even
as a stand-alone
guide.
Branch#show
ip route
All
of theCtopics
on the newS 642-821
BCRAN
areR covered,
providing
comprehensive
exam
Codes:
- connected,
- static,
I - exam
IGRP,
- RIP, M
- mobile,
B - BGP
preparation.
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

Table of Contents
Gateway
of Index
last resort is not set
172.16.0.0/24 is subnetted, 1 subnets
172.16.42.0 is directly connected, Ethernet0/0
ISBN: 1-58720-073-2
Pages:
528
192.168.215.0/24
[110/1786] via 10.60.1.1, 00:00:28, Dialer0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C
10.60.1.1/32 is directly connected, Dialer0
C
10.60.1.0/24 is directly connected, Loopback0
BCRAN exam.
exam concepts
You should be able to ping the remote Ethernet and loopback interfaces, as shown in Example
10-26.
Example 10-26. Verifying Connectivity to the Central Network

CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Branch#ping
192.168.215.1
821 BCRAN exam
Type
escape
sequence
to abort.
essential
in preparing
candidates
Sending
100-byte
ICMP Echosinterest.
to 192.168.215.1, timeout is 2 seconds:
concepts, 5,
regardless
of certification
Each
!!!!!chapter includes a review of the applicable technology, and guides the reader through
office-based
lab,isa remote-accessible
lab, round-trip
some networking
simulation=software
programs,
or
Success rate
100 percent (5/5),
min/avg/max
32/33/36
ms
Branch#ping 10.60.1.2
preparation.
!!!!!
The
completeTable
configuration
of the branch router is shown in Example 10-27.
of Contents
Index
Example 10-27. Branch Router Configuration


Pub Date: December
22, 2003
Branch#show
running-config
ISBN: 1-58720-073-2
version
12.1
Pages:
528
!
hostname Branch
!
BCRAN exam.
username Central password 0 cisco
!
exam concepts
ip subnet-zero
!
interface Loopback0
exam
and for workplace
ip BCRAN
address
10.60.1.2
255.255.255.0
network
!
essential
in preparing
interface
Ethernet0/0
concepts,
regardless
of certification
interest.
ip address
172.16.42.1
255.255.255.0
!
interface Serial0/0
backup delay 5 5
preparation.
ip address 10.50.1.2 255.255.255.0
no ip redirects
no fair-queue
!
interface BRI1/0
no ip address
Table of Contents
encapsulation ppp
Index

ppp
chap
Pubauthentication
ISBN: 1-58720-073-2
Pages: 528
interface Dialer0
Gain
hands-on experience
encapsulation
ppp
BCRAN exam.
dialer pool 1
dialer remote-name Central
exam concepts
dialer-group 1
!
router ospf 111
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642log-adjacency-changes
821
networksetting,
10.50.1.0
0.0.0.255
0
network
this book
is usefularea
in preparing
networkin10.60.1.2
0.0.0.0 area
0 new simulation-based questions that are on the Cisco
essential
for the
network regardless
172.16.42.0
0.0.0.255interest.
area 0
concepts,
of certification
Each
!
office-based
ip classless
!
preparation.
!
end
The complete configuration of the central router is shown in Example 10-28.
Example 10-28. Central Router Configuration
Table of Contents
Index
CCNP
Practical Studies:
Remote Access
Central#show
running-config
version 12.1

ISBN: 1-58720-073-2
hostname Central
Pages: 528
!
username Branch password 0 cisco
!
Gain
BCRAN exam.
ip subnet-zero
!
exam concepts

!
interface Loopback0
ip address 10.60.1.1 255.255.255.0
interface
FastEthernet0/0
network setting,
ip address
192.168.215.1
255.255.255.0
essential
in preparing
candidates
no ip redirects
concepts,
speed
100 includes a review of the applicable technology, and guides the reader through
Each
chapter
full-duplex
office-based
!
preparation.Serial0/0
interface
backup delay 5 5
ip address 10.50.1.1 255.255.255.0

no ip redirects
clockrate 512000
!
Table of Contents
Index
interface BRI0/0
no ip address
encapsulation ppp
dialer
pool-member
1
Pub Date:
December 22, 2003
ISBN: 1-58720-073-2

Pages: 528

!
Gain
hands-on
interface
Dialer0
BCRAN exam.
encapsulation ppp
exam concepts
dialer pool 1
dialer remote-name Branch
dialer-group 1
router
111
network ospf
setting,
essential
network regardless
10.50.1.0of0.0.0.255
0
concepts,
certificationarea
interest.
Each
chapter
includes a0.0.0.0
review ofarea
the applicable
network
10.60.1.1
0
office-based
some
network 192.168.215.0
0.0.0.255lab,
area
0 networking simulation software programs, or
!
preparation.
ip classless
!
!
end
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
With redundancy being a crucial component of today's networks, backup links are proving more
and more valuable. This chapter covered their use to support permanent primary links. There
are a number of ways to accomplish the goal of backup. Configuration examples were provided
Table
of Contents
to show these
different
approaches. Specifically, primary link failures and primary link load
Index
support issues were addressed. Figures and verification steps for these scenarios were also
CCNP
Practical
Studies:
Remoteexercise
Access
shown.
Finally,
a practical
was provided to help your understanding of the concepts
presented.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
Is it possible to specify the backup load command on subinterfaces? Why or why

Table of Contents
not?
Index
CCNP Practical
Studies:
Access
2: What
twoRemote
circumstances
can trigger dial backup?
3:
What is a drawback of using physical interfaces for backup?
4:
Which interfaces can be used as backup interfaces?

ISBN:
1-58720-073-2
5: What
is one
Pages: instead
528
6:
reason that ISDN interfaces are used mostly for backup interfaces
of primary interfaces?
Which command specifies interesting traffic to bring up an ISDN interface?
7:
Which command specifies the amount of time before a backup interface is activated
in case
of a primary
link Remote
failure? Access topics with lab scenarios for the new 642-821
Gain hands-on
experience
of CCNP
BCRAN exam.
8: Which command specifies the load threshold at which a backup interface is brought
up in case of load sharing?
exam
9: What
concepts
is a possible alternative to dial backup?
Experience
remote associate
access concepts
work
in ainterface
real network
with
practice
labs that
walk
10:
Whichhow
commands
a virtual
dialer
with a
physical
interface
when
you through
you configure
dialer profiles?
preparation.
Chapter 11. Managing Network

Performance with Queuing and
Compression
Table of Contents
Index

Queuing Operations
ISBN: 1-58720-073-2
Configuring
Pages: 528
and Verifying Queuing
Compression
Many networks today need to support a diverse mixture of applications and protocols. These
applications can range from delay-sensitive traffic such as desktop videoconferencing to file
Gain
hands-on
experience
of CCNP
Remote
Access
topics
with share
lab scenarios
fornetwork
the new 642-821
transfers
that use
FTP. Because
these
different
types
of traffic
the same
BCRAN
exam.
infrastructure, they can negatively affect each other.
Depending on the applications and the overall available bandwidth, congestion can occur. Often
this congestion occurs at routers where there is a disparity in speed between two interfaces. For
exam concepts
instance, packets might arrive on a Fast Ethernet interface that need to go out on a low-speed
WAN Experience
link. These how
packets
might
arrive
faster than
can sendwith
them.
At thislabs
point,
the
remote
access
concepts
workthe
in router
a real network
practice
that
walk
need you
for congestion
management
arises.
Congestion
consists
of the
Reviewmanagement
set-up guides
that show
youfollowing:
how to prepare a lab for study
Prioritizing traffic so that applications such as videoconferencing are assigned a higher
than
FTP traffic
CCNPpriority
Practical
Studies:
Creating different queues for different priorities of traffic
network
setting,traffic
this book
useful in preparing
Assigning
to itsisappropriate
queues a CCNP candidate for the general exam
essential
preparing
candidates
for the
simulation-based
thatisare
on the Cisco
The in
order
in which
these queues
arenew
serviced
(the order inquestions
which traffic
sent)
of certification
Congestion
management
can ensureinterest.
that even if congestion occurs, traffic can be sent in a
prioritized manner so that network performance is not affected and the impact on users is
Each
chapter
includes
a review of on
therouters
applicable
technology,
guides
the reader
through
minimized.
Queuing
mechanisms
are an
importantand
way
of reducing
congestion.
All ofNOTE
preparation.
Queuing is done only on output interfaces.

The following are the main considerations for prioritizing traffic:
Is thereTable
congestion
of Contents
in the network? If not, there is no need to prioritize traffic.
Index
Delay-sensitive
traffic Access
such as
CCNP Practical
Studies: Remote
voice over IP (VoIP) and videoconferencing are more

sensitive to delay and hence need a higher priority than FTP traffic.
WAN links with speeds of T1/E1 or lower can benefit from prioritization.
IfDate:
a WAN
is constantly
Pub
December
22, 2003
congested, prioritization might not solve the problem. Additional

bandwidth
needs to be added.
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Queuing Operations
If the network is congested, the need for queuing arises. There are four main types of queuing:
First-in,
Table
first-out
of Contents
(FIFO) queuing Traffic is not prioritized or classified. Packets are
transmitted
Index in the order in which they were received.
Weighted Fair Queuing (WFQ) An automated method that divides bandwidth fairly
among the different types of traffic based on weight.
Publisher:
Cisco
Press
Priority
queuing
(PQ) A strict method in which high-priority packets always get priority
Pub
over
Date:lower-priority
December 22, 2003
traffic.
ISBN: 1-58720-073-2
Custom
queuing (CQ) With CQ, bandwidth can be proportionally assigned to the
Pages: 528
different types of traffic.
The last three methods are covered in this chapter.
Weighted
Fair Queuing
BCRAN exam.
WFQ is an automated mechanism that provides an equitable distribution of bandwidth to all
Prepare
for the
BCRAN
exambandwidth
and gain aisbetter,
understanding
network
protocols.
It CCNP
helps 642-821
ensure that
available
sharedpractical
by all the
protocols andof
exam concepts
that low-volume
traffic is not detrimentally affected by higher-volume traffic consuming a large
portion of the bandwidth.
you through
Flow-based
WFQ classifies
traffic into flows based on certain characteristics in the packet header.
These characteristics can include source and destination IP or MAC addresses, protocol, source
Review set-up
thatand
show
youofhow
to prepare
a lab for study
and destination
portguides
numbers,
type
service
(ToS) values.
the new
questions
on the CCNP
exams the WFQ
TheseReady
flows yourself
are then for
classified
assimulation-based
either low-volume
or high-volume.
By definition,
algorithm gives low-volume flows preferential treatment over high-volume flows. After the lowCCNP
Practical
Studies:
Access (CCNP
Self-Study)
readers
for the
CCNP
642volume
flows have
beenRemote
sent, high-volume
flows
share the prepares
remaining
bandwidth.
This
method
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
ensures that low-bandwidth conversations, which make up the majority of traffic, are serviced in
applications.
a timely manner.
concepts,
NOTE
Each WFQ
chapter
includes
review ofmechanism
the applicable
technology,
and guides
the reader
through
is the
defaulta queuing
for all
physical interfaces
whose
bandwidth
is
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeE1 and lower. T1 links (1.544 Mbps) are popular in the United States, and E1 links or
office-based
lab, a are
remote-accessible
lab, some
simulation
(2.048 Mbps)
widely used in other
partsnetworking
of the world,
includingsoftware
Europe.programs, or
preparation.
The WFQ process is illustrated in Figure 11-1.
Figure 11-1. Weighted Fair Queuing
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
Each packet's virtual time of delivery determines the order in which it is transmitted. This
exam concepts
ensures that smaller packets are given preference, as demonstrated by Packet 3's being the first
packet sent in Figure 11-1.
High-volume applications often generate series of packets of associated data. These are called
packet trains. Packet trains can consume large amounts of bandwidth and starve lower-volume
traffic in a FIFO queuing environment. WFQ provides an automatic, elegant solution to this
problem.
Although
WFQ might
work
well in
a lot of
environments,
there
are some
caveats.
For
instance,
CCNP Practical
Studies:
Remote
Access
(CCNP
Self-Study)
prepares
readers
for the
CCNP
642- it
is
not
supported
on
interfaces
that
do
tunneling
or
encryption.
Also,
certain
interfaces
such
as
ATM
do
not
support
WFQ.
essential inQueuing
Priority
concepts,
regardless
of certification
Priority queuing
is a mechanism
thatinterest.
strictly enforces priority as the criterion for selecting which
packets to send first on an interface. This method ensures that high-priority traffic is not delayed
by less-important traffic.
office-based
lab,four
some
networking
When using priority
queuing, you create
traffic
queues:simulation software programs, or
All of High
preparation.
Medium
Normal
Low
Then you configure a set of filters to allow the router to place traffic in these four queues. These
filters can be based on traffic characteristics such as protocol or TCP port number.
After the traffic is placed in the queues, the high-priority queue is always emptied before the
medium-priority queue, and so on. This process is repeated every time a packet needs to be
sent. This ensures that time-sensitive or mission-critical traffic is always given precedence over
other traffic. However, note that medium-priority or low-priority packets are not serviced while
packets are in the high-priority queue.
Table of Contents
This process Index

is illustrated in Figure 11-2.
Figure 11-2. Priority Queuing

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Priority
queuingStudies:
gives the
network
administrator
the most control
over
whichfor
traffic
gets 642CCNP Practical
Remote
Access
(CCNP Self-Study)
prepares
readers
the CCNP
forwarded.
This
is
because
the
administrator
defines
the
traffic
filters.
These
filters,
also
821 BCRAN exam and for workplace challenges in implementing remote access network called
priority
lists, assign
traffic
the four queues.
applications.
Designed
as atotopic-by-topic
Although priority queuing offers the most control over what traffic is transmitted first, it also
requires some degree of manual configuration. Traffic prioritization and queue size are two
things that the administrator needs to configure. This kind of static configuration cannot respond
to a dynamic environment.
It should also be noted that although priority queuing is a good method of ensuring absolute
priority for mission-critical traffic, there is a danger that lower-priority traffic could be drowned
out. In a worst-case scenario, high-priority traffic could consume 100 percent of the bandwidth,
and lower-priority traffic might not even be sent. Care should be taken that this does not
happen.
preparation.
Custom Queuing
Custom queuing is a method that lets the network administrator guarantee bandwidth by giving
queue space to each protocol. This overcomes a potential priority queuing problem in which
lower-priority traffic languishes if higher-priority traffic needs to be sent.
Custom queuing has 16 queues to which you can assign traffic. You can define a set of traffic
filters called custom queue lists to determine which protocol you want to place in a particular
queue. You can also define how many bytes to transmit from each queue.
The queues are then serviced in round-robin fashion, with the specified number of bytes sent
each time. As noted, you can set this byte count value. However, custom queuing does not
fragment a packet to fit a queue's byte count. When the byte count has been reached, or when
no
needs
to be sent, the next queue is serviced.
more traffic
Table
of Contents
Index
This
process is described in Figure 11-3.
Figure 11-3. Custom Queuing

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
questions
Custom
queuing
by providing
can ensure
a better
thatunderstanding
no one protocol
of starves
how remote
others
access
out ofreally
bandwidth.
works. Also,
It is also
if a
essential inprotocol
particular
preparing
doesn't
candidates
use thefor
bandwidth
allocated to it, thequestions
bandwidth
that
can
are
beon
dynamically
the Cisco
certification
used
by other
exams.
protocols.
However, like priority queuing, custom queuing requires some manual configuration. The byte
Each chapter
count
value for
includes
each queue
a review
has of
to the
be carefully
applicable
selected
technology,
so that
and
the
guides
desired
theresults
readerare
through
achieved.
implementation
Also,
because custom
of thequeuing
technology.
configuration
This step-by-step
is static,process
it cannot
can
adapt
be executed
to a changing
on a homeenvironment.
or
preparation.
Configuring and Verifying Queuing

This section covers the configuration and verification of the three types of queuing just discussed.
The various commands are covered. Examples are also provided to help you understand the
concepts.
Table of Contents
Index
Weighted Fair Queuing
The following interface configuration mode command enables flow-based WFQ on an interface:
ISBN: 1-58720-073-2
Pages: 528
fair-queue [congestive-discard-threshold [dynamic-queues [reservable-queues]]]
BCRAN exam.
exam concepts
Thecongestive-discard-threshold number is the threshold beyond which messages for high-volume
trafficExperience
are not queued.
Example 11-1 configures WFQ with a congestive discard threshold of 64 on R1's serial 0/2
interface.
Example 11-1. Configuring Weighted Fair Queuing
R1#config terminal
R1#(config)#interface serial0/2
R1#(config)# (config-if)#fair-queue ?
<1-4096> Congestive
Discard
Threshold
implementation
of the technology.
This
<cr>
even
R1(config-if)#fair-queue
64
preparation.
NOTE
WFQ is the default queuing mechanism for interfaces with speeds of E1 and less.
Example 11-2 shows the different flows going through the serial 0/2 interface. Specifically, two
flows are shown. The first is for Telnet traffic, and the second shows an FTP flow. Also, you can see
Table of Contents
that WFQ is the queuing strategy and that the congestive discard threshold is set to 64, as
Index
configured.
Example 11-2. Weighted Fair Queuing on an Interface

ISBN: 1-58720-073-2
R1#show
queue
serial0/2
Pages:
528
BCRAN exam.
Conversations
Reserved
exam
concepts
Availablehow
Bandwidth
42 kilobits/sec
Experience
remote access
(depth/weight/total drops/no-buffer drops/interleaves) 1/32384/0/0/0
Conversation 31, linktype: ip, length: 44
BCRAN 172.16.100.20,
challenges
in implementingid:
remote
accessttl:
network
source:
destination:
172.16.101.20,
0x6FA9,
127,
network
is useful
preparing
a CCNP candidate
TOS: 0setting,
prot:this
6, book
source
port in
3723,
destination
port 23 for the general exam
concepts,
interest. drops/interleaves) 5/32384/0/0/0
(depth/weight/total
drops/no-buffer
Each
chapter includes
review of the
applicable
Conversation
147,a linktype:
ip,
length:technology,
1376
office-based
lab, some
networking simulation
software
programs,
source: 172.16.100.20,
destination:
172.16.101.20,
id: 0x6FA2,
ttl:
127, or
TOS: 0 prot: 6, source port 20, destination port 1036
preparation.
Figure 11-4 shows the topology relating to this configuration.
Figure 11-4. Weighted Fair Queuing Topology

Table of Contents
Index

Example 11-3 shows R1's full configuration.


Example
11-3. R1's Full Configuration
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
!
Experience
version
12.1 how remote access concepts work in a real network with practice labs that walk
!
enable password cisco

!
hostname
R1Designed as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
!
!
ip subnet-zero
!
interface
Ethernet0/0
guide.
ipofaddress
172.16.100.1
255.255.255.0
All
the topics
on the new 642-821
preparation.
half-duplex
!
interface Serial0/2
ip address 10.1.2.1 255.255.255.252

!
router ospf 1
Table of Contents
Index
network 10.1.2.0 0.0.0.3 area 0
network 172.16.100.0 0.0.0.255 area 0


ISBN: 1-58720-073-2
ip classless
Pages: 528
!
line con 0
Gain
line hands-on
aux 0
BCRAN exam.
line vty 0 4
!
exam concepts
end Experience how remote access concepts work in a real network with practice labs that walk
Example
Ready
11-4
yourself
showsfor
R2's
the
full
new
configuration.
BCRAN exam
and
for workplace
Example
11-4.
R2's
Full Configuration
version 12.1
!
hostname R2
!
ip
subnet-zero
All of
preparation.
!
ip address 172.16.101.1 255.255.255.0
half-duplex
!
interface Serial0/0
Table of Contents
ip address 10.1.2.2 255.255.255.252

Index
router ospf 1
ISBN: 1-58720-073-2
network 10.1.2.0 0.0.0.3 area 0

Pages: 528
network 172.16.101.0 0.0.0.255 area 0

!
Gain
ip classless
BCRAN exam.
!
line con 0
exam concepts
line aux 0
line vty 0 4
!
end
Priority
essential inQueuing
This
section
covers the
and verification of priority queuing. The commands related to
concepts,
regardless
of configuration
priority queuing are shown and discussed. Examples are also provided to clarify the concepts
Each
beingchapter
discussed.
even
as aQueuing
stand-alone
guide.
Priority
Commands
The
commands used to configure priority queuing are
preparation.
priority-list protocol
priority-list interface
priority-list default
priority-list queue-limit
priority-group
Priority
Queuing
Configuration
Table of Contents
Index
Two
steps
are required
to configure priority queuing:
CCNP main
Practical
Studies:
Remote Access
Step 1. Define a priority list.
Publisher:
Press
Step Cisco
2. Assign
the priority list to an interface.

ISBN: 1-58720-073-2
Pages:a528
Defining
Priority List
Apriority list is a list of filters that determine which queue a packet is to be placed in. These
queuing priorities can be based on the following:
Protocol
BCRAN
exam. type
TCP/UDP port numbers
Interface
that the packet came in on
exam concepts
IP
precedence
Experience
Source IP address
Packet size in bytes
NOTE Designed as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
Packets
do nota match
priority list of
rules
must
be explicitly
placed
in the
questions
by that
providing
better the
understanding
how
remote
access really
works.
Itdefault
is also
queue.
The
global configuration
mode
command
defines a priority
list based
on protocol
Eachfollowing
chapter includes
a review of the
applicable
technology,
and guides
the reader
throughtype:
preparation.
Router(config)#priority-listlist-number protocolprotocol-name {high |medium |
normal |low}queue-keyword keyword-value
The following global configuration mode command defines a priority list based on the interface the
packet came in on:
Table of Contents
Index


ISBN: 1-58720-073-2
Router(config)#priority-list
list-number interfaceinterface-type interface-number
Pages: 528
{high | medium | normal | low}
BCRAN
exam.examples demonstrate the creation of priority lists.
The following
The command shown in Example 11-5 places IP packets in the high-priority queue.
exam concepts
Example
11-5.
Lists
Usingwork
Protocol
Experience
howPriority
remote access
concepts
in a realType
R1(config)#priority-list 10 protocol ip high
applications.
a topic-by-topic
guide
of how
to apply
remote
access
concepts in
real
The commandDesigned
shown inas
Example
11-6 places
packets
coming
in on
interface
Ethernet0/0
in athe
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
medium-priority queue.
Example
11-6. Priority Lists Based on Interface
R1(config)#priority-list
10 interface
ethernet
0/0simulation
medium software programs, or
lab, some
networking
preparation.
The commands shown in Example 11-7 place IP traffic from a source network of 66.218.71.0 in the
high-priority queue. This is a two-step process. First you create an access list that differentiates
the traffic you want. Then you tell the router to place the specific traffic in the high-priority queue.
Example 11-7. Priority Lists Based on Source IP Address
R1(config)#access-list 1 permit 66.218.71.0 0.0.0.255

R1(config)#priority-list 10 protocol ip high list 1
Table of Contents
Index

The commands shown in Example 11-8 place Telnet traffic in the high-priority queue and place
TFTP traffic in the low-priority queue, respectively.
ISBN: 1-58720-073-2
Example
11-8. Priority Lists Based on TCP/UDP Port Numbers
Pages: 528
R1(config)#priority-list 10 protocol ip high tcp 23

10 protocol
ip lowtopics
udp with
69 lab scenarios for the new 642-821
Gain hands-on experience of CCNP
Remote Access
BCRAN exam.
exam
concepts
You can
create
priority lists using multiple rules. The rules are searched in order for a match. If a
match is not found, the packet is placed in the default queue.
Assigning
Priority
List
an Interface
Review the
set-up
guides
thatto
show
yourself
for can
the assign
on the
CCNP
exams list can be
After Ready
you create
it, you
a priority list to questions
an interface.
Only
one priority
applied to an interface at a time. The priority list is then applied to all traffic going through that
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642interface.
applications.
a topic-by-topic
guide
of how
The
followingDesigned
commandas
assigns
a priority list
to an
interface:
even
Router(config-if)#priority-group
list-number
preparation.
InExample 11-9, the first command enters interface configuration mode on Serial 0/2, and the
second command applies priority list 10 to that interface.
Example 11-9. Applying a Priority List to an Interface

R1(config-if)#priority-group 10
Table of Contents
Index

Custom Queuing
Date: December
22, 2003
ThisPub
section
covers the
configuration and verification of custom queuing. The commands needed to
configure
ISBN:
custom
1-58720-073-2
queuing are shown and discussed. Examples are also provided to help you
understand
the concepts.
Pages: 528
Custom Queuing Commands

The commands
Gain
hands-on experience
used to configure
of CCNP
custom
Remote
queuing
Accessare
BCRAN exam.
queue-list protocol
queue-list
interface
exam concepts
queue-list
default
Experience how
queue-list queue limit
queue-list queue byte-count
custom-queue-list
applications.
Designed
Custom
Queuing
Configuration
questions
providing
a better
of how
Two main by
steps
are required
to understanding
configure custom
queuing:
certification
exams.
it serves
Step 1.
DefineFinally,
a custom
queueanyone
list.
Step 2. Assign the custom queue list to an interface.
NOTE
preparation.
Packets that do not match the custom queue list rules must be explicitly placed in the
default queue.
Defining a Custom Queue List
Acustom queue list is a list of filters that determine which queue a packet is to be placed in. These
queuing priorities can be based on the following:
Protocol type

Table of Contents
Index
Input interface
Source
address
ByWesley
Shuo,IP
Dmitry
The following global configuration mode command defines a custom queue list based on protocol
type:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
Router(config)#queue-listlist-number protocolprotocol-name queue-number
queue-keyword
Prepare for the
keyword-value
exam concepts
The following global configuration mode command defines a custom queue list based on interface
type:Review set-up guides that show you how to prepare a lab for study
Router(config)#queue-listlist-number interfaceinterface-type interface-number
queue-number
Each
preparation.
NOTE
You can use custom queuing to place traffic in one of 16 possible queues. Queue 0 is
reserved for time-sensitive system traffic such as keepalives and routing protocol
messages.
The following examples demonstrate the creation of custom queue lists.

The command shown in Example 11-10 places IP packets in Queue 2.
Example
11-10.
Custom Queue Lists Using the Protocol Type
Table of Contents
Index

R1(config)#queue-list 1 protocol ip 2
ISBN: 1-58720-073-2
The command
Pages: 528 shown in Example 11-11 places packets coming in on Ethernet 0/0 in Queue 3.
Example 11-11. Custom Queue Lists Using the Input Interface

BCRAN exam.
R1(config)#queue-list 1 interface ethernet 0/0 3
exam concepts
Experience
howshown
remote
concepts
work traffic
in a real
network
with
practice
labs that /24
walk
The two
commands
in access
Example
11-12 place
coming
from
network
10.15.20.0
in
you
through
their
implementation
Queue 4. This is a two-step process. The first command defines a simple access list that
differentiates traffic from the target network. The second command places that traffic coming from
Review
set-upin
guides
that show
the target
network
the desired
queue.
Example
11-12.
Custom
Queue
Lists
Using the
Source
IPfor
Address
CCNP Practical
Studies:
Remote Access
(CCNP
Self-Study)
prepares
readers
the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
1 permit
10.15.20.0
0.0.0.255
questions by providing a better
understanding
of how
R1(config)#queue-list
ip 4 wanting
list 1 a guide to real-world application of these
certification exams. Finally,1 itprotocol
serves anyone
office-based
lab, a the
remote-accessible
lab, some
simulation
programs,
or
InExample 11-13,
first command puts
HTTP networking
traffic in Queue
5, and software
the second
command
even
as
a
stand-alone
guide.
places DNS traffic in Queue 6.
preparation.
Example 11-13. Custom Queue Lists Based on TCP and UDP Port
Numbers
R1(config)#queue-list 1 protocol ip 5 tcp 80
R1(config)#queue-list 1 protocol ip 6 udp 53
The command shown in Example 11-14 places default traffic in Queue 10.
Table of Contents
Index
Example
11-14. Custom Queue Lists for Default Traffic

1 default 10
ISBN: 1-58720-073-2
Pages: 528
You can create a custom queue list using multiple rules. The list is searched in order for a match.
When traffic matches a rule, it is placed in the appropriate queue. If no match occurs, the traffic is
placed in the queue configured for default traffic.
BCRAN exam.
Assigning the Custom Queue List to an Interface
for it,
theyou
CCNP
better, practical
understanding
of list
After Prepare
you create
can642-821
assign a BCRAN
customexam
queueand
list gain
to ana interface.
Only one
custom queue
exam
concepts
can be applied to an interface at a time. The custom queue list is then applied to all traffic going
through that interface.
you through
The following
command
assigns a custom queue list to an interface:
Router(config-if)#custom-queue-list
list
essential in preparing candidates for the new
In
Example 11-15,
command
enters
interfaceprocess
configuration
on serial
The
implementation
of the
the first
technology.
This
step-by-step
can bemode
executed
on a 0/2.
homeor
second
command
custom queue
list
1 to networking
that interface.
office-based
lab, aapplies
remote-accessible
lab,
some
All
of the topics
on theAssigning
new 642-821aBCRAN
examQueue
are covered,
comprehensive exam
Example
11-15.
Custom
Listproviding
to an Interface
preparation.

R1(config-if)#custom-queue-list 1
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Compression
In addition to queuing, data compression is a useful way to increase network performance over a
WAN link. By reducing the size of the frame to be transmitted, throughput can be increased. This
section discusses the various kinds of compression. The commands needed to configure
Contents
compression Table
also of
are
shown.
Index
CCNPkinds
Practical
Studies: Remote
Access
The
of compression
supported
by Cisco routers are as follows:
Link compression
Pub
Payload
Date: December
compression
22, 2003
ISBN: 1-58720-073-2
TCP
header compression
Pages: 528
Microsoft Point-to-Point Compression (MPPC)
These methods are discussed briefly in the following sections.
BCRAN exam.
NOTE
By
exam
default,
concepts
frames are transmitted across a link uncompressed.
LinkReview
Compression
Ready as
yourself
for the new
simulation-based
questions
on the
CCNP exams
Also known
per-interface
compression,
this technique
involves
compressing
both the header
and a data frame's payload.
exam andare
for used
workplace
challenges
Two
main algorithms
to compress
the traffic:
Predictor
This algorithm
is based on predicting
the next
sequence
characters
in the
questions
by providing
of how remote
access
reallyof
works.
It is also
datainstream.
Thiscandidates
method is for
memory-intensive.
essential
preparing
STAC
This algorithm
searches
for redundant strings and replaces them with tokens,
concepts,
regardless
of certification
interest.
which are shorter than the original strings. This method is CPU-intensive.
office-based
Payload Compression
This
compressing
the dataexam
portion
a data frame.
Thiscomprehensive
is especially useful
All oftechnique
the topicsinvolves
on the new
642-821 BCRAN
areof
covered,
providing
examin
an
internetwork
made
up
of
different
WAN
networks,
such
as
X.25,
Frame
Relay,
and
ATM.
preparation.
It is also called per-virtual circuit compression. Payload compression uses the STAC compression
algorithm.
TCP Header Compression

This technique is based on the Van Jacobson algorithm detailed in RFC 1144. This method is
protocol-specific. Because only the TCP/IP header is compressed, the Layer 2 header is left
unchanged.
This method is CPU-intensive and is good for protocols that have a small payload size, such as
Table of Contents
Telnet.
Index
Microsoft Point-to-Point Compression
Cisco based
Press
ThisPublisher:
technique,
on RFC 2118, uses an LZ compression mechanism. It can be used when
Pub Date: December
communicating
with22,
a 2003
host using MPPC across a WAN link.
ISBN: 1-58720-073-2
Pages: 528
Configuring Compression
The following interface mode commands enable compression.
This command
Gain
hands-on configures
experiencecompression
of CCNP Remote
for an
Access
LAPB,topics
PPP, or
with
HDLC
lab scenarios
link:
for the new 642-821
BCRAN exam.
exam concepts
Router(config-if)#compress [predictor |stac |mppc]
This
command
enables as
STAC
compression guide
on a Frame
point-to-point
interface
or in a real
applications.
Designed
a topic-by-topic
of howRelay
to apply
remote access
concepts
subinterface:
Router(config-if)#frame-relay payload-compress
preparation.
The following command enables TCP header compression. The passive option compresses
outgoing TCP packets only if incoming TCP packets are compressed. If the passive option is not
specified, all packets are compressed.
Table of Contents
Router(config-if)#ip
tcp header-compression [passive]
Index

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Scenarios
This section provides two scenarios of how queuing can be configured to manage network
performance. Each scenario outlines the steps involved. The results are shown and verified. The
complete configuration of the routers is also provided.
Table of Contents
Index
Scenario 11-1: Configuring Priority Queuing

A network administrator wants to give priority to VoIP traffic. He also wants to give FTP traffic
Publisher:
Cisco Press
medium
priority.
All other traffic should be placed in the normal queue. He wants to use priority
Pub
Date:
December
22, 2003
queuing to accomplish
this task.
ISBN: 1-58720-073-2
Because
VoIP
Pages:
528packets generally are 64 bytes in size, the administrator wants to ensure that
packets less than 100 bytes are placed in the high queue. This will ensure that VoIP packets are
given priority so that jitter can be avoided.
BCRAN
exam.
NOTE
Priority queuing is used to give VoIP traffic precedence in this example for purposes of
illustration. In most situations, low-latency queuing or class-based WFQ would be used
exam concepts
to give VoIP traffic precedence.
The topology for this scenario is shown in Figure 11-5.
FigureRemote
11-5.Access
Priority
Queuing
Scenario
Topology
(CCNP
Self-Study)
prepares readers
preparation.
The following commands create and apply the priority list.

The first command shown next gives priority to packets that are less than 100 bytes. This puts
VoIP traffic in the high-priority queue. The second command places FTP traffic in the medium
queue. The third command places all other traffic in the normal queue.
Table of Contents
Index

1 protocol ip high lt 100
ISBN: 1-58720-073-2
R1(config)#priority-list 1 protocol ip medium tcp 20

Pages: 528
R1(config)#priority-list 1 default normal
BCRAN
exam.two commands take the newly created priority list and apply it to interface serial
The
following
0/0:
exam concepts
R1(config)#interface serial0/0
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-if)#priority-group
1 challenges in implementing remote access network
Example
11-16
shows
the full
configuration
R1.
certification
exams.
Finally,
it serves
anyoneofwanting
Each
chapter11-16.
includes R1's
a review
of the
Example
Full
Configuration
preparation.
version 12.1
!
hostname R1
!
ip subnet-zero
!
Table of Contents
ip address 172.16.100.1 255.255.255.0

Index
half-duplex
!
interface
Serial0/2
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
ip address 10.1.2.1 255.255.255.252

Pages: 528
priority-group 1
!
Gain
hands-on
router
ospf 1experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
network 10.1.2.0 0.0.0.3 area 0
exam concepts
network 172.16.100.0 0.0.0.255 area 0

ip classless
!
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642priority-list
protocol
ip high
lt 100 in implementing remote access network
821 BCRAN exam1 and
for workplace
challenges
priority-list
1 protocol
ip medium
tcp ftp-data
book is useful
in preparing
!
end
even
as a queueing
stand-alonepriority
guide. and debug priority commands can be used to verify priority
Theshow
queuing operations, as shown in Example 11-17 and Example 11-18, respectively.
preparation.
Example 11-17. Output of show queueing priority
R1#show queueing priority
Current DLCI priority queue configuration:

Current priority queue configuration:
List
Queue
highIndexprotocol ip
Args
Table of Contents
lt 100

ByWesley Shuo
1
medium
, Dmitry
protocol
Bokotey, Raymond
ip
Morrow, Deviprasad
tcp portKonda
ftp-data

ISBN: 1-58720-073-2
Example
11-18. Output of debug priority
Pages: 528
R1#debug priority
4d01h:
PQ: Serial0/2: ip (70 bytes) -> high
BCRAN exam.
4d01h: PQ: Serial0/2: ip (tcp 20) -> medium
4d01h:
PQ:concepts
Serial0/2: ip (70 bytes) -> high
exam
4d01h:
Experience
PQ: Serial0/2:
how remote
ip access
(tcp 20)
concepts
-> medium
4d01h: PQ: Serial0/2: ip (70 bytes) -> high
BCRAN
and for workplace
challenges
4d01h:
PQ:exam
Serial0/2:
ip (tcp 20)
-> medium
network
setting,
this book ip
is useful
in preparing
4d01h: PQ:
Serial0/2:
(70 bytes)
-> high
essential
in preparing
candidates
for20)
the new
4d01h: PQ:
Serial0/2:
ip (tcp
-> medium
concepts,
regardless
of certification
interest.-> high
4d01h: PQ:
Serial0/2:
ip (70 bytes)
preparation.
Example 11-18 shows that the smaller VoIP packets are placed in the high-priority queue. Also,
the FTP data packets are placed in the medium-priority queue.
Theping and extended ping commands can also be used to verify the scenario, as shown in
Example 11-19 and Example 11-20, respectively. By varying the size of the ping packet, you can
verify the queuing operation.
Example 11-19. Using Pings to Verify Queuing Operations
R1#ping
10.1.2.2
Table of Contents
Index

Publisher:
Press
Sending
5,Cisco
100-byte
ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!! ISBN: 1-58720-073-2

Pages: 528

R1#
4d01h: PQ: Serial0/2 output (Pk size/Q 24/0)
BCRAN exam.
4d01h:
PQ: Serial0/2:
(defaulting)
-> normal
Prepare
for the CCNP ip
642-821
BCRAN exam
exam concepts
4d01h:
Serial0/2:
ip (defaulting) -> normal
youPQ:
through
Review
guides
that show
how to
4d01h:
PQ: set-up
Serial0/2
output
(Pk you
size/Q
104/2)
Ready
for theipnew
simulation-based
4d01h:
PQ:yourself
Serial0/2:
(defaulting)
-> normal
CCNP
Practical
Studies: Remote
(CCNP Self-Study)
prepares readers for the CCNP 6424d01h:
PQ: Serial0/2
outputAccess
(Pk size/Q
104/2)
applications.
as aiptopic-by-topic
guide
4d01h: PQ: Designed
Serial0/2:
(defaulting)
-> of
normal
questions
by Serial0/2
providing a better
how remote access really works. It is also
4d01h: PQ:
outputunderstanding
(Pk size/Q of
104/2)
certification
Finally,ipit serves
anyone wanting
4d01h: PQ: exams.
Serial0/2:
(defaulting)
-> normal
The
output
that
because
the ping
packets
are 104 providing
bytes each,
they are placed
in
All ofdebug
the topics
onshows
the new
642-821
BCRAN
exam
are covered,
comprehensive
exam
the
default
queue
of
normal
priority.
preparation.
Example 11-20. Using Extended Pings to Verify Queuing Operations
R1#ping
Protocol [ip]:
Target IP address: 10.1.2.2
Repeat count [5]:
Table of Contents
Datagram
size
Index[100]: 64
Timeout in seconds [2]:
Extended commands [n]:

Sweep
Pub Date:
range
December
of sizes
22, 2003
[n]:
ISBN: 1-58720-073-2
Type Pages:
escape
528 sequence to abort.
!!!!!
Gain
hands-on
of CCNP
Remoteround-trip
Access topics
with lab scenarios
for the ms
new 642-821
Success
rate experience
is 100 percent
(5/5),
min/avg/max
= 24/24/25
BCRAN exam.
R1#
4d02h:
PQ:concepts
Serial0/2 output (Pk size/Q 24/0)
exam
4d02h:
PQ: Serial0/2
output
(Pkconcepts
size/Qwork
72/0)
Experience
how remote
access
and foroutput
workplace
4d02h:
PQ:exam
Serial0/2
(Pkchallenges
size/Q 68/0)
network PQ:
setting,
this book ip
is useful
in preparing
4d02h:
Serial0/2:
(68 bytes)
-> high
essentialPQ:
in preparing
candidates
4d02h:
Serial0/2
output for
(Pkthe
size/Q
68/0)
concepts,
regardless
of certification
interest.-> high
4d02h:
PQ:
Serial0/2:
ip (68 bytes)
Each
chapter
includes a review
of (Pk
the applicable
4d02h:
PQ: Serial0/2
output
size/Q 68/0)
office-based
a remote-accessible
lab, some
4d02h: PQ: lab,
Serial0/2:
ip (68 bytes)
-> high
preparation.
InExample 11-20, the extended ping command is used to set the size of the ping packet to 64
bytes. Because the packet is less than 100 bytes long, the router places it in the high-priority
queue.
Scenario 11-2: Configuring Custom Queuing

A corporation has a branch office connected via a T1 to its central site. The network
administrator at the branch site wants to divide bandwidth between a database application and
other traffic. He wants the database application to receive a greater share of traffic. He also
wants TelnetTable
traffic
to be placed in its own queue.
of Contents
Index
Figure
11-6 shows
topology
CCNP Practical
Studies:the
Remote
Accessfor this scenario.
Figure 11-6. Custom Queuing Scenario Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
questions
The
configuration
by providing
stepsaare
better
described
understanding
next.
All
of the topics on the new1 642-821
BCRAN
protocol
ip 1exam
tcp 1521
preparation.
R1(config)#queue-list 1 protocol ip 2 tcp 23
R1(config)#queue-list 1 default 3
R1(config)#queue-list 1 queue 1 byte-count 3000
The first of the preceding commands places the database application traffic, which uses TCP
1521, in Queue 1. The second command places all Telnet traffic in Queue 2. The third command
places all other traffic in Queue 3. The last command allocates 3000 bytes to Queue 1. This is the
queue that services the database application. Because the default byte count for the other
Tablethe
of Contents
queues is 1500,
database application is allocated more bandwidth than any other type of
traffic.
Index
These commands assign the custom queue list to interface serial0/0:


ISBN: 1-58720-073-2
Pages: 528
R1(config)#interface serial0/0
R1(config-if)#custom-queue-list 1
BCRAN exam.
exam concepts
NOTE
Reviewsizes
set-up
that show
you how
toprotocols
prepare aplay
lab a
forcrucial
study part in bandwidth
Packet
of guides
the various
applications
and
allocation when the queue-list queue byte-count command is used. For a complete
Ready yourselfof
for
thetopic,
CCNPOfexams
understanding
this
refer to the Cisco questions
Press bookon
IPthe
Quality
Service by
Srinivas Vegesna.
network setting,
this book
useful
Example
11-21 shows
R1'sisfull
configuration.
certification
serves
Example exams.
11-21.Finally,
R1's itFull
Configuration
R1#show
running-config
office-based
version 12.1
!
preparation.
hostname R1
!
ip subnet-zero
!
ip address 172.16.100.1 255.255.255.0
half-duplex
Table of Contents
Index

By
Wesley ShuoSerial0/0
interface
ip Publisher:
addressCisco
10.1.2.1
255.255.255.252
Press
custom-queue-list
ISBN: 1-58720-073-21
!
Pages: 528
router ospf 1
BCRAN
exam.
network
10.1.2.0 0.0.0.3 area 0
network 172.16.100.0 0.0.0.255 area 0

exam concepts
queue-list 1 protocol ip 1 tcp 1521
queue-list
1 protocol
2 show
tcp telnet
Review set-up
guidesip
that
queue-list
1 default
3 new simulation-based questions on the CCNP exams
Ready yourself
for the
queue-list
1 Studies:
queue 1Remote
byte-count
CCNP Practical
Access3000
!
end
Each
chapter
includes
a review
of the
applicable
technology,
and guides
the reader
through
Example
11-22
and Example
11-23
show
how the
show queueing
custom
and debug
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homecustom-queue commands, respectively, can be used to verify custom queuing operation.or
Example 11-22. Output of show queueing custom
preparation.
R1#show queueing custom
Current custom queue configuration:
List
Queue
Args
default
protocol ip
tcp port 1521
protocol ip
tcp port telnet
Table of Contents
byte-count 3000
Index


Example
11-23. Output of debug custom-queue
ISBN: 1-58720-073-2
Pages: 528
4d02h: CQ: Serial0/2 output (Pk size/Q: 786/3) Q # was 3 now 3

4d02h:
CQ: Serial0/2
(Pk
size/Q:
1486/1)
Q # lab
wasscenarios
4 now 1 for the new 642-821
Gain hands-on
experienceoutput
of CCNP
Remote
Access
topics with
BCRAN exam.
Prepare
for the CCNP
642-821
BCRAN
exam
and gainQ a#better,
4d02h:
CQ: Serial0/2
output
(Pk
size/Q:
1486/1)
was 1practical
now 2 understanding of
exam concepts
youCQ:
through
4d02h:
Serial0/2
output (Pk size/Q: 114/2) Q # was 2 now 2
Review
guides
that show
how to114/2)
prepareQ a#lab
for2study
4d02h:
CQ: set-up
Serial0/2
output
(Pk you
size/Q:
was
now 2
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 6424d02h: CQ: Serial0/2 output (Pk size/Q: 114/2) Q # was 2 now 2
preparation.
Practical Exercise: Configuring Priority Queuing

A corporation is using a T1 to connect its central office to a remote branch office. The network
administrator at the branch office wants to give priority to traffic from a mission-critical server
network at the branch office. This network has an IP address of 64.236.24.0 /24. The network
Contents
administratorTable
alsoofwants
to give lower priority to FTP traffic. All other traffic should have normal
Index
priority.
Figure
topology
relating
this Practical
ByWesley11-7
Shuoshows
, Dmitry the
Bokotey
, Raymond
Morrowto
, Deviprasad
KondaExercise.
Figure 11-7. Practical Exercise Topology
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Example 11-24 shows the solution to the Practical Exercise, and Example 11-25 shows the
output of show queueing priority.
Table of Contents
Index
Example 11-24.
Solution to Practical Exercise
R1#show
running-config
Publisher:
Cisco Press
version
12.1
ISBN:
1-58720-073-2
!
Pages: 528
hostname R1
ip subnet-zero
BCRAN
exam.
!
!
exam concepts
ip address 172.16.100.1 255.255.255.0
half-duplex
!
interface
Ethernet0/1
CCNP Practical
ip addressDesigned
64.236.24.1
255.255.255.0
applications.
as a topic-by-topic
half-duplex
questions
!
interface Serial0/2
implementation
of the technology.
ip address 10.1.2.1
255.255.255.252
even
as a stand-alone
priority-group
1 guide.
All
! of the topics on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
router ospf 1
network 10.1.2.0 0.0.0.3 area 0
network 172.16.100.0 0.0.0.255 area 0

network 64.236.24.0 0.0.0.255 area 0
!
ip classless
Table of Contents
Index
access-list
1 permit 64.236.24.0 0.0.0.255
priority-list 1 protocol ip high list 1
Pub Date: December
22, 2003
priority-list
1 protocol
ip low tcp ftp-data
ISBN: 1-58720-073-2
Pages: 528
end
BCRAN exam.
Example 11-25. Output of show queueing priority

exam concepts
R1#show
queueing
Experience
howpriority
Current DLCI priority queue configuration:
Current priority queue configuration:
List
Queue
examArgs
network high
1
setting, this
protocol
book isip
useful in preparing
list 1a CCNP candidate for the general exam
essentiallow
1
in preparing
protocol
candidates
ip
for the new
tcpsimulation-based
port ftp-data questions that are on the Cisco
implementation
of the the
technology.
process
can beNote
executed
on a homeExample 11-26 shows
output ofThis
the step-by-step
debug priority
command.
that packets
fromor
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or is
network 64.236.24.0/24 are placed in the high-priority queue. You can also see that FTP traffic
even
as
a
stand-alone
guide.
being placed in the low-priority queue.
preparation.
Example 11-26. Output of debug priority
R1#
4d02h: PQ: Serial0/2: ip (s=64.236.24.25, d=172.16.101.26) -> high

Table of Contents
Index



4d02h:
PQ:December
Serial0/2:
Pub Date:
22, 2003 ip (s=64.236.24.25, d=172.16.101.26) -> high
ISBN: 1-58720-073-2

Pages: 528

Gain
hands-on
experience ip
of CCNP
Remote Access
4d02h:
PQ: Serial0/2:
(defaulting)
-> normal
BCRAN exam.
4d02h: PQ: Serial0/2: ip (tcp 20) -> low
4d02h: PQ: Serial0/2: ip (defaulting) -> normal
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 6424d02h:
PQ:exam
Serial0/2:
ip (tcp 20)
-> lowin implementing remote access network
821 BCRAN
and for workplace
challenges
4d02h:
Serial0/2:
(defaulting)
-> anormal
network PQ:
setting,
this book ip
is useful
in preparing
CCNP candidate for the general exam
4d02h:
Serial0/2:
ip (tcp
essentialPQ:
in preparing
candidates
for20)
the ->
newlow
4d02h:
PQ:
Serial0/2:
ip (defaulting)
concepts,
regardless
of certification
interest. -> normal
Each
chapter
includes a review
of the
applicable
4d02h:
PQ: Serial0/2:
ip (tcp
20)
-> low technology, and guides the reader through
All
of the 11-27
topics uses
on the
new 642-821
BCRAN
are operation.
Example
extended
pings to
verifyexam
queuing
preparation.
Example 11-27. Using Extended Pings to Verify Queuing Operation
R1#ping
Protocol [ip]:
Repeat count [5]:
Table of Contents
Index
Datagram size [100]:
Extended commands [n]: y

Source
address
or
Pub Date:
December
22,interface:
2003
ISBN: 1-58720-073-2
Type of service [0]:

Pages: 528
Set DF bit in IP header? [no]:

Validate reply data? [no]:
Gain
Data hands-on
pattern experience
[0xABCD]: of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
exam concepts
!!!!!
R1#
4d02h:
Serial0/2:
ip (s=64.236.24.1,
d=172.16.101.1)
-> high
essentialPQ:
in preparing
candidates
questions
4d02h:
PQ:
Serial0/2
output (Pk
size/Q 104/0)
concepts,
regardless
of certification
interest.
Each
chapter
includes a review
of the applicable technology,
and guides
the reader through
4d02h:
PQ: Serial0/2:
ip (s=64.236.24.1,
d=172.16.101.1)
-> high
office-based
a remote-accessible
some104/0)
4d02h: PQ: lab,
Serial0/2
output (Pk lab,
size/Q
preparation.

R1#ping
Table of Contents
Index
Protocol [ip]:

Repeat count [5]:

Datagram
[100]:
Pub Date:size
December
22, 2003
ISBN: 1-58720-073-2

Pages: 528
Extended commands [n]: y

Source address or interface: 172.16.100.1
Gain
experience
Type hands-on
of service
[0]: of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
Set DF bit in IP header? [no]:
Validate reply data? [no]:
exam concepts
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Sending
5,exam
100-byte
ICMP
Echos challenges
to 172.16.101.1,
timeout
is 2 access
seconds:
821 BCRAN
and for
workplace
in implementing
remote
network
!!!!!
Success
rate
is 100candidates
percent for
(5/5),
round-trip
min/avg/max
= 32/34/36
msthe Cisco
essential in
preparing
the new
simulation-based
questions
that are on
R1#
Each
chapter
includes a review
of the applicable
4d02h:
PQ: Serial0/2:
ip (defaulting)
-> technology,
normal
office-based
a remote-accessible
some104/2)
4d02h: PQ: lab,
Serial0/2
output (Pk lab,
size/Q
preparation.

Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Summary
Queuing and compression can provide ways to help you manage your bandwidth and network
performance. A number of queuing techniques are available. This chapter discussed the three
main methods of queuing. Configuration examples were provided to show these methods.
of Contents
Scenarios forTable
priority
and custom queuing were also shown. A Practical Exercise was also
Index
provided to help your understanding of the concepts presented.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
What is the default queuing mechanism for interfaces with speeds of E1 and less?
Table of Contents
Index queuing mechanism should you use to give absolute priority to critical
Which
CCNP Practicaltraffic?
2:
3:
Which queuing mechanism ensures that packet trains do not adversely affect
critical traffic?
4:
What is the default congestive discard threshold for Weighted Fair Queuing?
ISBN: 1-58720-073-2
Pages:
5: 528
How
6:
many configurable queues are available for custom queuing?
What is the default byte count for queues in custom queuing?
Gain hands-on
A.experience
1024
BCRAN exam.
B. 1500
Prepare C.
for 512
exam concepts
D. 256
you
7: through
Which their
of theimplementation
following cannot be used to classify packets for priority queuing?
Ready yourself
for the
A. Protocol
type
CCNP Practical
Access (CCNP Self-Study) prepares readers for the CCNP 642B.Studies:
IngressRemote
interface
a topic-by-topic
C. Packetas
size
in bytes
questions by D.
providing
Egressainterface
better understanding of how remote access really works. It is also
certification
8: Queuing
exams. Finally,
is done itonserves
whichanyone
interface?
A. of
Ingress
interface This step-by-step process can be executed on a home- or
implementation
the technology.
B. Egress
interface
guide.
C. on
Example
All of the topics
the newinterface
642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
D. Weighted interface
Chapter 12. Scaling IP Addressing with

Network Address Translation
of Contents
This
chapter Table
covers
Index
NAT Operation
Configuring NAT
NAT
Order
of Operation
Pub
Date:
December
22, 2003
ISBN: 1-58720-073-2
When to Use NAT

Pages: 528

One of the problems facing anyone connecting to the Internet today is the depletion of IP
addresses. The IP version 4 address space was originally designed so that 4,294,967,296 (232 )
hosts
could be assigned
a unique
address.
addresses
reserved for
Gain hands-on
experience
of CCNP
RemoteBecause
Access topics
with are
lab scenarios
for multicasting,
the new 642-821
testing,
and other purposes, and because the nonreserved address space is divided into classes,
BCRAN exam.
this range is actually somewhere between 3,200,000,000 and 3,300,000,000 addresses. With
the exponential growth of companies doing business over the Internet, IP address assignments
Prepare
for concern
the CCNP
642-821
exam
became
a major
across
the BCRAN
networking
world.
exam concepts
For your computer to effectively communicate on the Internet, it must have a unique 32-bit IP
Experience
how remote
access
concepts
in acomputer
real network
practice
labslike
that
walk
address.
This IP address
identifies
the
locationwork
of your
on awith
network,
much
your
through
phoneyou
number
distinguishes
your phone from the millions of other phones out there.
Review
set-up guides
that show
how to
prepare
a lab for increase
study
With the
unpredicted
popularity
of theyou
Internet
and
the continuing
in the number of
home and business networks, the number of available IP addresses is simply not enough. IP
Ready
for the new
simulation-based
questions
CCNP
exams
version
6 is yourself
being developed
to eliminate
these issues,
but it on
willthe
take
several
years to
implement, because it will require modifying the Internet's infrastructure. Because of this lag in
CCNP
Practical
Studies:
RemoteTranslation
Access (CCNP
Self-Study)
prepares
for IP
theNetwork
CCNP 642deployment,
Network
Address
(NAT)
was defined
in RFC readers
1631, The
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
Translator. In the simplest of terms, NAT allows a single device to act as an agent between the
applications.
Designed
as a topic-by-topic
guide
of how to
apply remote
access
concepts
a real
Internet (or "public
network")
and a local (or
"private")
network.
This allows
you
to use ainsingle
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
unique IP address to represent your entire internal network to anything or anyone outside your
questions
by providing
of comes
how remote
access really
works. It
network. Besides
NAT'saobvious
benefits when it
to addressing
the shortage
ofisIPalso
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
the Cisco
addresses, you also gain security and administrative benefits from it.
preparation.
NAT Operation
NAT can be confused with a proxy server, but there are definite differences between the two.
NAT is transparent to the source and destination computers, but a proxy server is not. The
source computer has to be specifically configured to communicate with a proxy server, whereas
Table
of Contents
the destination
computer
thinks that the proxy server is the source computer. Proxy servers
Index
usually operate at Layer 4 (the transport layer of the OSI Reference Model) or higher, and NAT
CCNP
Practical
Studies:
Remote
Access layer). Because proxy servers are usually an add-on
operates
at Layer
3 (the
network
application,
might
be,Raymond
slower than
NAT,
because
NAT is accomplished in hardware.
By
Wesley Shuothey
, Dmitry
Bokotey
Morrow
, Deviprasad
Konda
NAT is configured on the device you use to connect to an external network, whether it is a
firewall, router, or computer. Before you get too far into the operation of NAT, you need to have
a basic
understanding of its many forms and the several ways in which it can be used:
ISBN: 1-58720-073-2
Pages: 528
Static NAT Used to map an unregistered IP address, such as a private address, to a

registered IP address, usually provided by your Internet service provider (ISP), on a oneto-one basis. Also used to map one external public address to one internal private address.
Dynamic NAT Used to map an unregistered IP address to a registered IP address from a
Gain hands-on
experienceIPofaddresses.
CCNP Remote
Access
topics
with lab
scenarios for
thethe
new
642-821
group of registered
Dynamic
NAT
is usually
accomplished
with
assistance
BCRAN
exam.
of a pool or a range of addresses that you configure on your NAT device.
Overloading A form of dynamic NAT used to map multiple unregistered IP addresses to
a single registered IP address by using different ports. More commonly known as Port
exam concepts
Address Translation (PAT) or port-level multiplexed NAT.
Overlapping Used when the IP address of your internal network is registered for use on
another network. Your NAT device must maintain some type of lookup table of these
addresses
so that
it can
intercept
them
and
registered unique IP
Review set-up
guides
that
show you
how
to replace
preparethem
a lab with
for study
addresses. This means that your NAT device must be able to translate the "internal"
addresses
to registered
unique
addresses. It also
must on
be able
to translate
Ready yourself
for the new
simulation-based
questions
the CCNP
exams the "external"
registered addresses to addresses that are unique to the private network. You can
this NATRemote
methodAccess
through
the use
of static prepares
NAT or through
a DNS
CCNPimplement
Practical Studies:
(CCNP
Self-Study)
readersthe
foruse
theof
CCNP
642entry
and
dynamic
NAT.
One
fact setting,
that might
mentioned
at thisapoint
that your for
internal
network,
or LAN, can
network
thisneed
booktoisbe
useful
in preparing
CCNPiscandidate
the general
exam
often
be
referred
to
as
a
stub
domain.
When
used
in
this
manner,
a
stub
domain
is
a
LAN
that
questions by providing a better understanding of how remote access really works. It is
also
uses
IP
addresses
internally,
with
most
of
the
network
traffic
having
a
local
destination.
Although
you
are allowed
to have
bothit registered
and unregistered
IP addresses
in your
stub domain,
any
certification
exams.
Finally,
serves anyone
wanting a guide
to real-world
application
of these
network
device
that
uses
an
unregistered
IP
addresses
must
use
NAT
to
communicate
with
the
outside world. Figure 12-1 illustrates a NAT operation in which a host on a private network
communicates
with a host
on a of
public
network and
a host on and
the guides
public network
communicates
a review
the applicable
technology,
the reader
through
with
a host on the
network.This step-by-step process can be executed on a home- or
implementation
of private
the technology.
BCRAN
exam
areOperation
Figure
12-1.
NAT
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
One other benefit of implementing dynamic NAT on your device is that it can automatically
Pages: 528
create a simple firewall between your internal network and outside networks or the Internet.
NAT does this by allowing only connections that originate inside your stub domain. This lets you
limit a computer on an external network from reaching your computer unless your computer
initiated the contact. Using static NAT allows you to define where a connection initiated by an
external device can connect on your computers. For instance, you might want to connect an
Gain hands-on
experience
of CCNPinside
Remote
Access
topics
lab scenarios
forweb
the server.
new 642-821
inside
global address
to a specific
local
address
thatwith
is assigned
to your
Keep
BCRAN
in
mind exam.
that this simple firewall should not be considered a replacement for items such as the
Cisco Secure PIX Firewall or the Cisco IOS Firewall Feature Set, because TCP packets may be
forged by an unauthorized user to gain access to your "protected" devices.
exam concepts
preparation.
Configuring NAT
When you configure a router to use NAT, you configure one interface to the inside of your
network and another to the outside of your network. Any packets that have a source address
belonging to the "inside" portion of your network have an inside local address as the source
of Contents
address and Table
an outside
local address as the destination address. The packet resides on the
Index
"inside" portion of your network. When that same packet gets switched to the "outside" network,
CCNP
Practical source
Studies: is
Remote
Access
the packet's
known
as the inside global address, and the packet's destination is known
asWesley
the outside
global
address.
By
Shuo, Dmitry
Bokotey
For any packet that has a source address belonging to the "outside" portion of your network,
while it is on the "outside" network, its source address is known as the outside global address.
ThePub
packet's
destination is known as the inside global address. When the same packet gets
ISBN:
switched to 1-58720-073-2
the "inside" of your network, the source address is known as the outside local
Pages:
528
address,
and
the packet's destination is known as the inside local address. Figure 12-2 illustrates
this.
Figure
12-2.
"Inside"
and
"Outside"
Topology
Gain hands-on
experience
of CCNP
Remote
Access
topics with Sample
lab scenarios
for the new 642-821
BCRAN exam.
exam concepts
certification
it serves
anyone
wanting
a guide
to real-world
of these
The followingexams.
are theFinally,
different
types of
addressing
that
are associated
with application
NAT:
Each Inside
chapter local
includes
a reviewAn
ofIP
the
applicable
reader
through
address
address
that technology,
is assigned and
to a guides
host onthe
your
inside
network.
office-based
a remote-accessible
lab, some
networking
programs,
Inside lab,
global
address A legitimate
IP address
that simulation
represents software
one or more
of youror
even inside
as a stand-alone
guide.
local IP addresses to the outside world.
All of Outside
the topics
on the
new 642-821
covered,
comprehensive
exam
local
address
An IPBCRAN
addressexam
of anare
outside
hostproviding
as it appears
to your inside
preparation.
network.
Outside global address An IP address assigned to a host on the outside network by the
owner of the host that is allocated from the globally routable address or network space.
A typical NAT implementation has NAT configured on the exit router between a stub domain and
backbone, such as the Internet. When a packet leaves your domain, NAT translates the locally
significant source address into a globally unique address and records it to memory. If the return
packet matches what NAT has recorded, the packet is allowed back into the network. Otherwise,
when a packet enters your domain, NAT translates the globally unique destination address into a
local address if it's configured. Remember, if your domain has more than one exit point, each
NAT process must have the same translation table to ensure proper translation. If NAT runs out
of available addresses, the packet is dropped, and an ICMP host unreachable message is
returned to the packet's originator.
Table of Contents
When using PAT, in which several internal addresses are translated to only one or a few external
Index
addresses, additional translations of the packet are performed. Because each internal address
may be translated to a single external address, PAT translates each packet's source port to a
By
Wesleysource
Shuo, Dmitry
, Raymond
Morrow
, Deviprasad
Kondaports per IP address, on the inside global
unique
port Bokotey
number,
a 16-bit
number
or 65,536
IP address. This distinguishes them from other packets that are being translated. PAT tries to
preserve
the
original
Publisher:
Cisco
Press source port. However, if the source port is already used in a translation,
PATPub
attempts
to
find22,the
first available port number, starting from the beginning of the
Date: December
2003
appropriate
port
group0
to 511, 512 to 1023, or 1024 to 65535. If PAT cannot allocate another
ISBN: 1-58720-073-2
port number from the appropriate group, and you configured more than one IP address, PAT
Pages: 528
moves to the next IP address and tries to allocate the original source port again. This process
continues until PAT runs out of available IP addresses and ports.
When your router is configured to use NAT, it must not advertise local networks to the outside.
However, routing information that NAT receives from the outside may still be advertised in the
Gain domain
stub
hands-on
asexperience
usual.
BCRAN exam.
exam concepts
preparation.
NAT Order of Operation

As noted, NAT is based on whether a packet goes from your inside network to your outside
network or from your outside network to your inside network. Table 12-1 illustrates the
processing order in relation to where the packet originates. Note that when NAT performs the
Table
Contents
global-to-local
or of
local-to-global
translation, it is different in each flow.
Index

Table 12-1. NAT Order of Operation
Inside-to-Outside
ISBN: 1-58720-073-2
Outside-to-Inside
Pages: 528
1. If IPSec,
check the input access list
1. If IPSec, check the input access list
2. Decryptionfor CET (Cisco Encryption

Technology) or IPSec
2. Decryptionfor CET or IPSec
3. Check the input access list

3.
Check
the
input
access
list
4. Check the input rate limits
BCRAN exam.
4. Check the input rate limits
5. Input accounting
5. Input
accounting
6. Inspect
exam concepts
6. Inspect
(global-to-local
Experience how remote access concepts work in7.a NAT
real outside-to-inside
network with practice
labs that walk
7. Policy
routing
translation)
8. Routing
8. Policy
routing
Review set-up guides that show you how to prepare
a lab
for study
9. Redirect
to the web
9. Routing
Ready yourself
for cache
the new simulation-based questions
on the CCNP exams
10. NAT
inside-to-outside
(local-to-global
10. Redirect
to the
web for
cache
CCNP
Practical
Studies: Remote
prepares
readers
the CCNP 642translation)
11. Crypto (check the map and mark it for
11. Crypto (check the map and mark it for
encryption)
encryption)
questions by providing a better understanding of how
remote
reallyaccess
works.list
It is also
12.
Checkaccess
the output
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
the Cisco
12. Check the output access list
certification exams. Finally, it serves anyone wanting13.
a guide
Inspect
concepts,
13. Inspect
14. TCP intercept
Each
chapter
14. TCP
intercept
implementation of the technology. This step-by-step 15.
process
Encryption
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
15. Encryption
As
you can see from Table 12-1, NAT occurs after the router processes several items. NAT insidepreparation.
to-outside also occurs in a different place than NAT outside-to-inside.
When to Use NAT

NAT is a very versatile feature that can be used for the following purposes:
You useTable
private
of Contents
or unregistered IP addresses on your internal network, but you want to
connectIndex
to the Internet. NAT provides the necessary translations of your internal local
addresses
to globally
CCNP Practical
Studies:
Remote unique
Access IP addresses before sending packets to the outside network.
You must change your internal addresses, but you don't want to. NAT can be used in this
case to translate these addresses.

Pub
You
Date:
want
December
to do22,
basic
2003 load
sharing of TCP traffic. With NAT, you can map a single global IP
address
to many local IP addresses by using the TCP load distribution feature.
ISBN: 1-58720-073-2
Pages: 528
NAT can be used as a practical solution to a connectivity problem only when relatively few
hosts in a stub domain communicate outside the domain at the same time. When this is the
case, only a small subset of the IP addresses in the domain must be translated into globally
unique IP addresses when outside communication is necessary. These addresses can be
reused when they are no longer in use.
BCRAN exam.
exam concepts
preparation.

To configure NAT, you must know the inside local address and inside global address you will
translate. As soon as your NAT translation is configured, you may optionally do the following:
Table of Contents
Translate
inside source addresses
Index
Overload an inside global address
Translate overlapping addresses

Provide
TCP load
distribution
Pub
Date: December
22, 2003
ISBN: 1-58720-073-2
Change translation timeouts

Pages: 528
Deploy NAT between an IP phone and the Cisco CallManager
Translating
Inside Source Addresses
BCRAN exam.
You can translate your unregistered IP addresses into globally unique IP addresses to
communicate outside your network using one of the following methods:
exam concepts
Static translation Establishes a one-to-one mapping between your inside local address
and
an inside
global
address.
Experience
how
remote
Dynamic translation Establishes a mapping between an inside local address and a pool of
global
Reviewaddresses.
Configuring Static Translation
You can use the following commands to configure static NAT translation.
Use this command to establish static translation between an inside local address and an inside
global address:
R2(config)#ip
nat inside source {list {access-list number | name}poolname
preparation.
[overload] | staticlocal-ip global-ip}
This command establishes static translation of an outside source address:
Table of Contents
Index
R2(config)#ip nat outside source {list {access-list number | name}poolname |

staticglobal-ip local-ip}
ISBN: 1-58720-073-2
Pages: 528
Use this command to enter interface configuration mode and specify the inside interface:
BCRAN exam.
exam concepts
R2(config)#interfacetype number
This command marks the interface as connected to the inside:
concepts, regardlessnat
of certification
interest.
R2(config-if)#ip
inside
even
as ainterface
stand-alone
guide.
To enter
configuration
mode and specify the outside, use this command:
preparation.
This command marks the interface as connected to the outside:
Table of Contents
Index


ISBN: 1-58720-073-2
R2(config-if)#ip
nat outside
Pages: 528
These steps are the minimum you must configure to implement NAT. You can use multiple inside
and
interfaces
if you
required
to.Access topics with lab scenarios for the new 642-821
Gainoutside
hands-on
experience
of are
CCNP
Remote
BCRAN exam.
Configuring Dynamic Translation
exam concepts
You can use the following commands to configure dynamic inside source address translation.
This command
defines
pool of global addresses to be allocated as needed:
you through
their aimplementation
a better
of how
remote netmask
access really
works. It is also
R2(config)#ip
nat pool
name understanding
start-ip end-ip
{netmask
| prefix-length
certification
prefix-length}
office-based
lab, some
networking
simulation
softwareuse
programs,
or
To define a standard
access list permitting
addresses
that requires
translation,
this command:
preparation.
R2(config)#access-listaccess-list-number permitsource [source-wildcard]
Use this command to establish dynamic source translation, specifying the access list defined in the
prior step:
Table of Contents
Index


ISBN: 1-58720-073-2
R2(config)#ip
nat inside source listaccess-list-number poolname
Pages: 528
Use this command to enter interface configuration mode and specify the inside interface:
BCRAN exam.
exam concepts
type
number
that
exam
and the
for interface
workplaceaschallenges
This
command
marks
connectedintoimplementing
the inside: remote access network
office-based
R2(config-if)#ip
nat inside
preparation.
To enter interface configuration mode and specify the outside interface, use this command:
Table of Contents
Index
CCNP
Practical Studies:
Remote
Access
This command
marks
the interface
as connected to the outside:

ISBN: 1-58720-073-2
Pages: 528
R2(config-if)#ip nat outside

BCRAN exam.
Overloading
an CCNP
Inside
Global
Address
Prepare for the
642-821
BCRAN
exam concepts
You can overload a single global address to translate many local addresses to conserve addresses
how
remotepool.
access
concepts
work forces
in a real
with
practice
labs that walk
in theExperience
inside global
address
This
overloading
thenetwork
router to
maintain
enough
you
through
their
implementation
information from higher-level protocols, such as TCP or UDP port numbers, to allow it to translate
the global address back to the correct local address.
You can use the following commands to configure overloading of inside global addresses.
To define a pool of global addresses to be allocated as needed, use this command:
R2(config)#ip nat poolname start-ip end-ip {netmasknetmask | prefix-length
prefix-length}
preparation.
To define a standard access list, use this command:
Table of Contents
Index
This command establishes dynamic source translation, specifying the access list defined in the
By
Wesley
prior
step:
ISBN: 1-58720-073-2
Pages: 528
R2(config)#ip nat inside source listaccess-list-number poolname overload

BCRAN exam.
This command specifies the inside interface:
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for
workplace
type
numberchallenges in implementing remote access network
certification
exams.
Finally,
it serves
wanting
a inside:
This
command
marks
the interface
asanyone
connected
to the
preparation.
R2(config-if)#ip nat inside
This command specifies the outside interface:
Table of Contents
Index

This command
marks the interface as connected to the outside:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Translating
Overlapping Addresses
In most
cases,
NAT isfor
used
translate
private IP addresses
intothe
legal
addresses
Ready
yourself
the to
new
simulation-based
questions on
CCNP
exams that can be
routed on the Internet. It can also be used to connect two networks that are using the same IP
CCNP Practical
addressing
on their
Studies:
internal
Remote
networks.
AccessThis
(CCNP
scenario
Self-Study)
is called
prepares
overlapping
readers
addresses.
You
can use the
following
commands
to configure
SAapply
address
translation.
applications.
Designed
as a
topic-by-topic
guide ofstatic
how to
remote
To
establish
translation
between
an outside
localremote
address
and an
outside
global
use
questions
bystatic
providing
a better
understanding
of how
access
really
works.
It isaddress,
also
this
command:
preparation.
R2(config)#ip
nat outside source staticglobal-ip local-ip
Table of Contents
type number
Index
Ciscomarks
Press the interface as connected to the inside:
ThisPublisher:
command
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
This command
the outside
Experiencespecifies
how remote
access interface:
network
setting, this book
is useful
type
number
preparation.
You can use the following commands to configure dynamic outside source address translation.
To define a pool of local addresses to be allocated as needed, use this command:
Table of Contents
Index

R2(config)#ip
nat
Pub Date: December
22,pool
2003 name start-ip end-ip {netmasknetmask | prefix-length
ISBN: 1-58720-073-2
prefix-length}
Pages: 528
This command defines a standard access list:

BCRAN exam.
exam concepts
source
[source-wildcard]
Review set-up guidesaccess-list-number
that show you how topermit
prepare
a lab for
study
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821establish
BCRAN exam
andoutside
for workplace
challenges inspecifying
implementing
remote
network
To
dynamic
source translation,
the access
listaccess
defined
in the prior step,
applications.
use
this command:
even
as a stand-alone
guide. source listaccess-list-number poolname
R2(config)#ip
nat outside
preparation.
Table of Contents
Index
This
command
marks
the ,interface
as connected
to Konda
the inside:
ByWesley
Shuo, Dmitry
Bokotey
Raymond Morrow
, Deviprasad
ISBN: 1-58720-073-2
Pages: 528

BCRAN exam.
Prepare for
the CCNP
This command
specifies
the642-821
outside interface:
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R2(config)#interface
type
numberchallenges in implementing remote access network
821 BCRAN exam and for
workplace
This
command
marks
the interface
asanyone
connected
to the
certification
exams.
Finally,
it serves
wanting
a outside:
preparation.
Providing TCP Load Distribution

When NAT comes up in everyday conversation, you probably think of it as a translation mechanism
that allows your company to access the Internet. NAT has another function that is unrelated to this
feature. If your company has multiple hosts that communicate with a heavily used host or server,
you can use NAT to establish a virtual host on the inside network that coordinates load sharing
among multiple real hosts. Allocation is done on a round-robin basis from a rotary pool of real
Tableaofnew
Contents
addresses when
connection is opened from the outside to the inside. Any non-TCP traffic is
Index
still passed without translation, unless other translations are in effect.
Use
the following
commands
to configure
destination
address rotary translation to allow you to
ByWesley
Shuo, Dmitry
Bokotey, Raymond
Morrow, Deviprasad
Konda
map one virtual host to many real hosts.
To define
a pool of addresses containing the addresses of the real hosts, use this command:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R2(config)#ip nat poolname start-ip end-ip {netmasknetmask | prefix-length
prefix-length}
type
rotary
Prepare for the
CCNP
exam concepts
To define an access list permitting the address of the virtual host, use this command:
Use
this command
establish dynamic
inside
the accessor
list
office-based
lab, a to
remote-accessible
lab,
somedestination
networkingtranslation,
simulation specifying
software programs,
defined
in
the
prior
step:
preparation.
R2(config)#ip nat inside destination listaccess-list-number poolname
Table of Contents
Index


ISBN: 1-58720-073-2 type number
Pages: 528
This command marks the interface as connected to the inside:

BCRAN exam.
exam concepts
CCNPcommand
Practical Studies:
Access
(CCNP Self-Study) prepares readers for the CCNP 642This
specifies Remote
the outside
interface:
implementation
of the technology.
type number
preparation.
Table of Contents
Index
Changing
Translation
Timeouts
Remote Access
If left to the default value, a dynamic address translation times out after some period of nonuse.
When overloading is not in use, simple translation entries time out after 24 hours. You can use the
following command to change this value:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R2(config)#ip nat translation timeoutseconds
exam concepts
Experience
how
access over
concepts
work inentry
a realtimeout,
networkbecause
with practice
labs that
walk
Overloading
gives
youremote
more control
translation
each entry
contains
you
through
their
implementation
more context about the traffic using it. You can use the following commands to change timeouts on
extended entries.
This command changes the UDP timeout value from 5 minutes:
R2(config)#ip nat translation udp-timeoutseconds
This command changes the DNS timeout value from 1 minute:
preparation.
R2(config)#ip nat translation dns-timeoutseconds
This command changes the TCP timeout value from 24 hours:
Table of Contents
Index


ISBN: 1-58720-073-2
R2(config)#ip
nat translation tcp-timeoutseconds
Pages: 528
This command changes the finish and reset timeout value from 1 minute:
BCRAN exam.
exam concepts
R2(config)#ip
natguides
translation
seconds
Review set-up
that showfinrst-timeout
you how to prepare
a lab for study
exam
and for
workplace
challenges
implementing
This
command
changes
the
ICMP timeout
value in
from
1 minute: remote access network
office-based
lab, nat
a remote-accessible
R2(config)#ip
translation icmp-timeout
seconds simulation software programs, or
preparation.
This command changes the synchronous (SYN) timeout value from 1 minute:
R2(config)#ip nat translation syn-timeoutseconds
Table of Contents
Index
Deploying
NATBokotey
Between
an
IP Phone
, Raymond
Morrow
, Deviprasadand
KondaCisco CallManager
Communication
and registration between a Cisco IP phone and the Cisco CallManager (CCM) use
the Selsius Skinny Station protocol. The Skinny protocol allows messages to flow back and forth
between the devices that include IP address and port information used to identify other IP phone
ISBN: 1-58720-073-2
users with which a call can be placed.
Pages: 528
When you use NAT with CCM and IP phones, NAT needs to be able to identify and understand the
information passed within the Skinny protocol. When an IP phone attempts to make a connection
with CCM and its IP address matches your NAT translation rules, NAT translates the original source
IP address and replaces it with one from the configured pool. This new address is used to
represent
the IPexperience
phone to CCM
as well
as other
IP phone
Gain hands-on
of CCNP
Remote
Access
topics users.
BCRAN exam.
To specify the port number on which the CCM is listening for skinny messages, use this command:
exam concepts
Ready yourself
the newskinny
simulation-based
R2(config)#ip
nat for
service
tcp portnumber
Monitoring
and Maintaining
NAT of how remote access really works. It is also
By default, dynamic address translations time out from the NAT translation table after a set
amount of time. You can use the following commands to clear the entries before the configured
timeout.
To clear all dynamic address translation entries from the NAT translation table, use this command:
preparation.
R2#clear ip nat translation *
To clear a simple dynamic translation entry containing an inside translation, or both inside and
outside translation, use this command:
Table of Contents
Index


R2#clear ip nat translation insideglobal-ip local-ip [outsidelocal-ip global-ip]

ISBN: 1-58720-073-2
Pages: 528
This command clears a simple dynamic translation entry containing an outside translation:
BCRAN exam.
exam concepts
R2#clear ip nat translation outsidelocal-ip global-ip
This
clears anRemote
extended
dynamic
translation
entry:
CCNPcommand
Practical Studies:
Access
(CCNP
Self-Study)
implementation
R2#clear
ip nat
of the
translation
technology.
protocol
This step-by-step
insideglobal-ip
process can
global-port
be executed
local-ip
on a home- or
even
as a stand-alone
guide.
local-port
[outside
local-ip local-port global-ip global-port]
preparation.
You can use one of the following commands to display translation information:
This command displays active translations:
R2#show
ip Table
nat of
translations
[verbose]
Contents
Index

This command displays translation statistics:

ISBN: 1-58720-073-2
Pages: 528
R2#show ip nat statistics
BCRAN exam.
exam concepts
preparation.
Scenarios
The scenarios presented in this chapter help you gain a more complete understanding of NAT operation
and configuration through practical application. You will go through the necessary configuration tasks in
their logical progression. The scenarios cover the following topics:
Table of Contents
Index
Simple NAT
topology
CCNP Practical
Studies:
Remote Access
Simple static NAT inside-to-outside translation
Publisher:
Press
SimpleCisco
static
NAT
outside-to-inside translation
Combining
static NAT translation
ISBN: 1-58720-073-2
Pages: 528
Overloading an IP address with NAT

Using NAT with overlapping addresses
Configuring TCP load distribution
BCRAN exam.
Scenario 12-1: Simple NAT Topology

To further
examexamine
conceptsNAT, you will configure a simple network topology to examine the results of several
different scenarios involving NAT. Figure 12-3 shows the topology used in this exercise.
Review set-up guides that show
you 12-3.
how to prepare
a labTopology
for study
Figure
NAT Test
In
scenario,
you
will
configure
R1BCRAN
to translate
local
addresscomprehensive
of 10.10.1.100 exam
to 10.10.15.100.
All this
of the
topics on
the
new
642-821
exam the
are inside
covered,
providing
preparation.
Step 1: Initial Configuration

Before configuring any of the NAT configurations, you need to perform an initial configuration of all the
routers you will use throughout the scenarios. Although you need to apply these configurations, you will
concentrate on R1 for now. You can do this from a terminal attached to R1's console port (line 0). You
begin by entering global configuration mode. You can then configure the router name using the hostname
command. It is also useful to disable the IP domain name system with the no ip domain-lookup
command. This keeps the system from trying to translate domain names that have typographical errors.
You can use the enable secret command to enable a password for entering privileged EXEC mode. Here
the password is cisco. This secret password provides an additional layer of security on the router.
Passwords are case-sensitive strings that can be up to 80 characters long. They cannot begin with a
Table of Contents
number.
Index
CCNP
Practical
Access
Because
yourStudies:
router Remote
has a connection
to its local network through the Ethernet 0 port, You enter interface
e Wesley
By
0 to configure
Shuo, Dmitry
thisBokotey
interface.
, Raymond
But Morrow
you can
, Deviprasad
also useKonda
interface ethernet 0 and int eth 0. You set the IP
address for the Ethernet interface using the ip address command. You also have to include a subnet
mask.
You then
activate the interface using the no shutdown command.
Publisher:
Cisco Press
Your next configuration is to bring up the Serial 0 interface and configure its IP address. You enter
ISBN: 1-58720-073-2
interface
s 0 to configure this interface. But you can also use interface serial 0 and int ser 0. You then
Pages:
activate
the528
interface using the no shutdown command. You can now create two subinterfaces, Serial 0.1
and Serial 0.2, and set the appropriate IP addresses for the Serial subinterfaces using the ip address
command. You also have to include a subnet mask.
You can optionally configure your console line to prevent it from automatically disconnecting you after the
default
10-minute
idle time.
begin
configuring
console
enter linefor
console
You are now in
Gain hands-on
experience
of To
CCNP
Remote
Accessthe
topics
with line,
lab scenarios
the new0.642-821
line
configuration
mode.
You
use
the
no
exec-timeout
command
to
prevent
the
automatic
disconnect
BCRAN exam.
after a period of inactivity. The initial configuration of the R1 router is now complete. It is shown in
Example 12-1.
exam concepts
NOTE
Don't
Review
forget
set-up
to guides
reset the
that
exec-timeout
show you how
after
to prepare
the configuration
a lab for study
is complete. Leaving it open is a
potential security risk.
Example
12-1. Initial Configuration of R1
Router#configure
terminal
R1(config)#no
ipthe
domain-lookup
implementation of
technology. This step-by-step process can be executed on a home- or
R1(config)#enable
even as a stand-alonesecret
guide. cisco
ethernet
All of the topics on the new
642-8210BCRAN exam are covered, providing comprehensive exam
preparation.
R1(config)#interface serial 0.1
R1(config)#interface serial 0.2
Table of Contents
R1(config-if)#ip
address 10.10.14.1 255.255.255.0
Index
R1(config-line)#no exec-timeout
ISBN: 1-58720-073-2
Pages: 528
You can refer back to this section, substituting the information for the particular router you are
configuring, whenever you encounter an unconfigured router.
Step
2: NAT Translation
Gain hands-on
experience ofConfiguration
BCRAN exam.
In this step, you configure R1 with the required NAT configuration, as shown in Example 12-2.
exam concepts
Example
12-2. R1 Configuration for NAT Operation Test
! Configuration
Review set-upitems
guidesfor
that R1:
R1(config)#ip
CCNP
Practical Studies:
nat inside
Remote
source
Accessstatic
(CCNP Self-Study)
10.10.1.100
prepares
10.10.15.100
applications. Designed asserial
a topic-by-topic
0.1 point-to-point
R1(config-if)#ip
nata better
insideunderstanding of how remote access really works. It is also
R1(config-if)#exit
R1(config)#interface serial0.2 point-to-point
implementation
of the
technology.
R1(config-if)#ip
nat
outside This step-by-step process can be executed on a home- or
even
R1(config-if)#exit
preparation.
Step 3: Static Routing Configuration
The last step is to configure static routing. You could use dynamic routing to ensure connectivity for all the
networks, but that is outside the scope of this chapter. See Example 12-3.
Example 12-3. R1 Configuration for Static Routing
!
Configuration
Table ofitems
Contentsfor R1:
Index

R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.14.2

R1(config)#ip
route 10.10.15.1 255.255.255.0 10.10.13.2
ISBN: 1-58720-073-2
Pages: 528
You can now view the translation table on R1 to verify that the intended translation exists by using the
following command:
BCRAN exam.
exam concepts
R1#show
ip nat translation
you through
Example 12-4 shows the results of issuing this command on your NAT router.
Example
12-4. show ip nat translation Command Output from R1
R1#show
nat translation
concepts, ip
regardless
Pro
Inside
local
Outside local
Outside
Each Inside
chapter global
includes a review
of the
and guides the
reader global
through
--10.10.1.100
10.10.15.100
office-based
lab, some--networking simulation--software programs, or
preparation.
By examining Example 12-4, you can tell that 10.10.1.100 is indeed translated to 10.10.15.100 as you
intended. You begin your examination of NAT operation by issuing a ping from 10.10.1.100 to the outside
interface of R7 at 192.168.47.7. To see the packets crossing the network, you need to issue the following
commands on R1:
R1#debug
ipTable
packet
detail
of Contents
Index
R1#debug
ip nat

Pub Date:
December
22,the
2003
Example
12-5
shows
output generated on R1.
ISBN: 1-58720-073-2
Pages: 528
Example 12-5. Debug of IP Packets and NAT on R1
R1#debug
ip packet
detail
Gain hands-on
experience
BCRAN exam.
R1#debug ip nat
NAT: Prepare
s=10.10.1.100->10.10.15.100,
for the CCNP 642-821 BCRAN
d=192.168.47.7
exam and gain [481]
exam concepts
IP: s=10.10.15.100 (Serial0), d=192.168.47.7 (Serial1), g=172.16.47.145,
through
their ICMP
implementation
lenyou
100,
forward
type=8, code=0
Review set-up
R1#undebug
all
Ready yourself
for the has
new been
simulation-based
All possible
debugging
turned offquestions on the CCNP exams
ExaminingExample 12-5 shows that your packets are being translated by NAT as expected. Your router
must have valid routes for both the outside device and the inside device, or NAT will not be able to deliver
the packets correctly. One other thing to remember is that return packets must be translated before they
can be routed.
implementation
of the
technology.
ThisNAT
step-by-step
process can be executed
on a home- or
Scenario 12-2:
Simple
Static
Inside-to-Outside
Translation
even
asscenario,
a stand-alone
guide. your NAT router, R1, so that when it receives a packet with a source
In this
you configure
address of 10.10.1.100 on its inside interface, it translates it to 10.10.14.100. Example 12-6 shows the
required configuration of R1 to complete this scenario.
preparation.
Example 12-6. Inside-to-Outside Static Translation
! Configuration items for R1:
R1(config)#ip nat inside source static 10.10.1.100 10.10.14.100

R1(config)#interface ethernet 0
Table of Contents
Index

R1(config-if)#exit
R1(config-if)#ip
nat
outside
2003
ISBN: 1-58720-073-2
Pages: 528
Scenario 12-3: Simple Static NAT Outside-to-Inside Translation

Gain
hands-on
of CCNP
Remote
Access
topics with
lab scenarios
for theaddress
new 642-821
In this
scenario,experience
you configure
R1 so
that when
it receives
a packet
with a source
of 10.10.14.200
BCRAN
exam.
on its outside interface, the source address is translated to 10.10.1.200. Example 12-7 shows R1's
configuration required to complete this scenario.
exam concepts
Example 12-7. Outside-to-Inside Static NAT Translation
Review set-upitems
guidesfor
that R1:
! Configuration
CCNP
Practical Studies:
Remotesource
Access (CCNP
prepares
readers for the CCNP 642R1(config)#ip
nat outside
staticSelf-Study)
10.10.14.200
10.10.1.200
applications.
Designed asethernet
a topic-by-topic
0
questions
by providing
R1(config-if)#ip
nata better
insideunderstanding of how remote access really works. It is also
certification
R1(config-if)#exit
preparation.
Scenario 12-4: Combining Static NAT Translation
In this scenario, you combine the functionality of the previous three scenarios. In other words, you
configure R1 so that when it receives a packet with a source address of 10.10.1.100 on its inside interface,
it translates it to 10.10.14.100. You also configure R1 so that when it receives a packet on its outside
interface with a source address of 10.10.14.200, the source address is translated to 10.10.1.200. Example
12-8 outlines a possible configuration for R1 that completes this scenario.
Example 12-8. Combining Static NAT Translations
Table of Contents
!
Configuration
Index items for R1:
R1(config)#ip nat inside source static 10.10.1.100 10.10.14.100

Pub Date: December
2003
R1(config)#ip
nat22,outside
source static 10.10.14.200 10.10.1.200
ISBN: 1-58720-073-2
ethernet 0
Pages: 528
R1(config-if)#exit
BCRAN exam.
exam concepts
Scenario 12-5: Overloading an IP Address with NAT
To complete this scenario, you configure R7 so that it uses Serial 0's IP address for overload. You also
Ready
yourself
for the
new to
simulation-based
CCNP
exams0 address. Example 12-9
enable
an outside
e-mail
server
originate traffic questions
on port 25on
tothe
your
Loopback
illustrates the overload keyword in a configuration.
Example
12-9. overload Keyword
!
Configuration
items
for R7: interest.
concepts,
regardless
of certification
R7(config)#ip
inside source lab,
list
7 interface
0 overload
office-based lab, nat
a remote-accessible
some
networkingserial
simulation
R7(config)#ip nat inside source static tcp 10.10.7.7 25 10.10.14.7 25
preparation.
By using the overload keyword and associating it with an interface, you allow more than one inside local
address to be dynamically translated to the same global address. You also add a second entry to statically
configure NAT so that packets sourced from local address 100.133.7.7 with TCP port 25 (SMTP) are
translated to Serial 0's IP address with TCP port 25. This static NAT entry gives e-mail servers on the
outside the ability to originate SMTP (TCP port 25) packets to the global address of 10.10.14.7.
Scenario 12-6: Using NAT with Overlapping Addresses

In this scenario, you use the topology illustrated in Figure 12-4.
Table of Contents
Index
Figure 12-4. Scenario 12-4 Topology

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
You first need to configure R7 in a manner that will allow it to translate the inside device located at
10.10.1.200
to an
address
from
a NAT
pool you
willinconfigure.
You also
need
to configure
second pool to
Experience
how
remote
access
concepts
work
a real network
with
practice
labs thata walk
translate
the
outside
device
located
at
10.10.1.100
to
a
second
NAT
pool.
Example
12-10
illustrates
the
configuration required on R7.
Ready yourself
the new
simulation-based
questions
on the CCNP exams
Example
12-10.for
NAT
Pools
for Overlapping
Networks
R7(config)#ip nat pool inside 192.168.48.200 192.168.48.205 prefix-length 24
R7(config)#ip nat pool outside 192.168.48.210 192.168.48.215 prefix-length 24
R7(config)#ip nat inside source list 7 pool inside
R7(config)#ip nat outside source list 7 pool outside
loopback 0
preparation.
R7(config-if)#exit
R7(config-if)#exit
Table of Contents
Index
R7(config)#ip route 0.0.0.0 0.0.0.0 192.168.47.1


Morrow
, Deviprasad0.0.0.255
Konda
7 permit
10.10.1.0
ISBN: 1-58720-073-2
When your inside device sends a DNS query to the DNS server residing outside the NAT domain, the DNS
Pages: 528
query source address (the address of the inside device) is translated because of the ip nat inside
commands. When the DNS server sends a DNS reply, the DNS reply payload gets translated because of the
ip nat outside commands. If you didn't have this static entry, NAT would not look at the DNS reply
payload.
Gain hands-on
experience
of CCNP
Remote Access
topics
with
lab scenarios
for the
642-821
When
you are trying
to establish
connectivity
between
two
overlapping
networks
bynew
running
dynamic NAT
BCRAN
exam.
on
a single
Cisco router, you must use DNS to create an outside-local-to-outside-global translation. If you
choose not to use DNS, you can still gain connectivity with static NAT, but it will be more difficult for you to
manage.
exam concepts
Scenario
12-7:
TCP Load
Experience
howConfiguring
remote access concepts
work Distribution

In this scenario, your goal is to define a virtual address to distribute connections among a set of real hosts
Review
set-up
guides that
you how
to prepare
a lab
for
studyan access control list (ACL) that
You define
a pool
containing
theshow
addresses
of the
real hosts.
You
define
specifies the virtual address. If a translation does not already exist, TCP packets from the outside network
Ready
yourself
for the new
questions
the CCNPtoexams
on serial
0 with
destinations
thatsimulation-based
match your defined
ACL areon
translated
an address from the pool.
Example 12-11 shows a configuration to complete this example.
Example
12-11.
Load-Balancing
Example
network setting,
this book
!
Configuration
items
for R4: interest.
concepts,
regardless
of certification
R4(config)#ip
pool real-hosts
192.168.50.15
prefix-length
office-based lab, nat
a remote-accessible
lab,192.168.50.3
some networking
simulation software
programs,28
or type rotary
R4(config)#ip nat inside destination list 2 pool real-hosts
preparation.
serial 0
R4(config-if)#exit
Table of Contents
Index
R4(config-if)#exit
R4(config)#access-list 2 permit 192.168.50.2


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 12-1: Dynamic NAT Using an Outside

Source List
In some situations you might need to use dynamic NAT instead of static NAT. One such situation
when you receive
Table of Contents
is
only a single routable IP address from your ISP. In this case, you need to
configure an Index
access list and associate it with an ip nat command to translate the IP addresses.
CCNP
Practical
Studies:
Remote
Access
In this
Practical
Exercise,
you
will configure the topology shown in Figure 12-5 using the ip nat
outside
source
list
command.
This
allows
traffic from
the host at 10.10.1.100 to reach the
Morrow
, Deviprasad
Konda
address of R7's Loopback 0 interface.
ISBN: 1-58720-073-2
Figure 12-5. Outside Source List Topology
Pages: 528
BCRAN exam.
exam concepts
You will
assign
an access
listnew
on R4
so that any packet
sourced
10.10.1.100
Ready
yourself
for the
simulation-based
questions
on from
the CCNP
exams to 10.10.7.7
will be translated from a NAT pool to 172.16.48.250. You need to set your routing up so that
none
the packets
will Remote
be dropped,
regardless
of the address
in use.
CCNP of
Practical
Studies:
Access
(CCNP Self-Study)
prepares
preparation.

1. Configure your network interfaces:
Table of Contents
Index


1-58720-073-2 items for R1:
!ISBN:
Configuration
Pages: 528
R1(config-if)#ip
255.255.255.0
Gain hands-on
experienceaddress
of CCNP 10.10.1.1
Remote Access
BCRAN exam.
R1(config-if)#exit
Serial0
exam concepts
R1(config-if)#exit
Ready
yourself for the
newfor
simulation-based
! Configuration
items
R4:
R4(config-if)#exit
preparation.
R4(config-if)#exit
R7(config)#interface Loopback0
R7(config-if)#exit
Table of Contents
Index
ByWesley
Shuo, Dmitry Bokoteyaddress
, Raymond Morrow
, Deviprasad
Konda
R7(config-if)#ip
172.16.47.7
255.255.255.0
R7(config-if)#exit
Publisher:
Cisco Press
ISBN: 1-58720-073-2
Pages: 528
2. Configure your static routing to ensure network connectivity. Remember that you can also
use a routing protocol to accomplish this task.
BCRAN exam.
exam concepts
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.14.2
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642! Configuration
for R4:
821 BCRAN
exam and foritems
workplace
R4(config)#ip
10.10.1.0
255.255.255.0
192.168.14.1
essential
in preparing route
candidates
for the new
simulation-based
R4(config)#ip
10.10.7.7
255.255.255.255 172.16.47.7
concepts,
regardless ofroute
certification
interest.
Each R4(config)#ip
chapter includes route
a review
172.16.48.254
of the applicable
255.255.255.0
technology, and
Serial1
preparation.
R7(config)#ip route 0.0.0.0 0.0.0.0 172.16.47.1
3. Define an access list on R4 so that any traffic that originates from R7's loopback interface,
10.7.7.7/32, is dynamically translated:
3.
Table of Contents
Index
4.Publisher:
DefineCisco
yourPress
dynamic NAT pool on R4. You will name the pool ccna_lab and give it an
address
range 22,
of 2003
172.16.48.250 to 172.16.48.254. You will also associate this pool with an
Pub
Date: December
outside
translation:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R4(config)#ip nat pool ccna_lab 172.16.48.250 172.16.48.254 netmask
exam concepts
255.255.255.0
R4(config)#ip nat outside source list 1 pool ccna_lab
5. Assign
the appropriate
interfaces
into NAT: questions on the CCNP exams
Ready yourself
for the new
simulation-based
implementation
of the technology.
R4(config-if)#ip
nat outside
even R4(config)#interface
as a stand-alone guide. ethernet 0
All of R4(config-if)#ip
the topics on the new
642-821
nat
insideBCRAN exam are covered, providing comprehensive exam
preparation.
Practical Exercise 12-2: Combining Dynamic and Static

NAT
In some situations, you might be required to combine dynamic NAT with static NAT. Before
Table of Contents
starting this Practical
Exercise, you need to remember a few things. When you work with
Index
dynamic NAT,
a translation does not exist in the NAT table until your router receives traffic that
CCNP
Practical
Studies: Remote
Access
requires
translation.
A dynamic
translation has a timeout period after which it is purged from
your
router's
translation
table.
A
static
NAT
translation
exists in your router's NAT translation
Morrow
, Deviprasad
Konda
table as soon as you configure the static NAT command. It remains in the translation table until
you delete the entry.
December
2003
YouPub
willDate:
continue
to22,
use
the topology outlined in Figure 12-5 for this Practical Exercise. The first
ISBN:
1-58720-073-2
task in merging dynamic and static NAT is to configure R4 so that outside devices address the
Loopback
Pages:
0 528
interface, 10.10.7.7, as 192.168.48.250. You will also configure a dynamic address
pool of ten addresses starting at 192.168.48.200 for use in dynamic translation of R4's Ethernet
segment.
BCRAN exam.
exam concepts
preparation.

These are the steps necessary to configure this Practical Exercise:
1. Configure
Table
your
of Contents
network interfaces:
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R1(config-if)#exit
exam concepts
R1(config-if)#ip
address 10.10.14.1 255.255.255.252
Review
R1(config-if)#exit
CCNP!Practical
Studies: Remote
Access
Configuration
items for
R4:(CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
questions
by providing a betterserial
understanding
0
certification
exams. Finally,
it serves
anyone wanting
R4(config-if)#ip
address
10.10.14.2
255.255.255.252
R4(config-if)#exit
preparation.
R4(config-if)#exit

R7(config)#interface Loopback0
R7(config-if)#exit
Table of Contents
Index
ethernet 0

ByWesley
R7(config-if)#ip
Shuo, Dmitry Bokoteyaddress
, Raymond Morrow
172.16.47.7
, Deviprasad
255.255.255.0
Konda
R7(config-if)#exit
Publisher:
Cisco Press
ISBN: 1-58720-073-2
Pages: 528
2. Configure your static routing to ensure network connectivity. Remember that you can also
use a routing protocol to accomplish this task.
BCRAN exam.
exam concepts
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.14.2
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642! Configuration
for R4:
821 BCRAN
exam and foritems
workplace
R4(config)#ip
10.10.1.0
255.255.255.0
192.168.14.1
essential
in preparing route
candidates
for the new
simulation-based
R4(config)#ip
10.10.7.7
255.255.255.255 172.16.47.7
concepts,
regardless ofroute
certification
interest.
172.16.48.254
255.255.255.0
Serial1
Each R4(config)#ip
chapter includes route
a review
of the applicable
technology, and
preparation.
R7(config)#ip route 0.0.0.0 0.0.0.0 172.16.47.1
3.
3. Define an access list on R4 so that any traffic that originates from R4's Ethernet 0 network,
10.10.17.0/24, is dynamically translated:
Table of Contents
Index

ByWesley
Shuo, Dmitry Bokotey, Raymond
, Deviprasad
Konda 0.0.0.255
1 Morrow
permit
10.10.17.0
4. Define
your dynamic NAT pool on R4. You will name the pool ccna_lab and give it an
ISBN: 1-58720-073-2
address
range of 172.16.48.200 to 172.16.48.209. You will also associate this pool with an
Pages: 528
outside translation.
BCRAN exam.
exam concepts
R4(config)#ip nat pool ccna_lab 172.16.48.200 172.16.48.209 netmask
255.255.255.0
R4(config)#ip
nat outside
list
1 poola ccna_lab
that showsource
you how
to prepare
lab for study
CCNP
5. Assign
Practical
theStudies:
appropriate
Remote
interfaces
Accessinto
(CCNP
NAT:
implementation
of the technology.
This0step-by-step process can be executed on a home- or
serial
even R4(config-if)#ip
nat outside
All of R4(config)#interface
the topics on the new 642-821
BCRAN
ethernet
0 exam are covered, providing comprehensive exam
preparation.
You can view the contents of your translation table by issuing the show ip nat translations
command.Example 12-12 shows the output of this command when it is issued on R4.
Example 12-12. show ip nat translations Command Output on R4
Table of Contents
R4#show
ip Index
nat translations
Pro Inside global
Inside local
--- 192.168.48.200
10.10.17.107
Outside local
---
Outside global
---

ISBN: 1-58720-073-2
Pages: 528
Notice that you see only the static translation you created in this output. This entry translates
the inside global address back into the inside local address, giving devices on the outside of your
network access to the Loopback 0 interface on your network.
Dynamic entries do not appear in the translation table until it receives a packet on its inside
interface with a source address permitted by the ACL you createdin this case, ACL 7.
BCRAN exam.
One point to note when working with dynamic NAT is that a device on the outside can't access a
device
governed
NAT if the
translation
does
notaexist.
When
your understanding
router receives of
a
Prepare
for by
thedynamic
CCNP 642-821
BCRAN
exam and
gain
better,
practical
packet
destined
for
one
of
the
dynamic
NAT
global
addresses,
it
checks
its
translation
table
for
exam concepts
an existing translation. Because no match is found, it tries to route the packet, which in this case
means
back out the
interface.
Experience
howserial
remote
The dynamic NAT configuration you have done in this scenario works well when communication
between
inside
and outside
network
is to
originated
inside devices. It does not
Review
set-up
guides that
showdevices
you how
prepare only
a labby
forthe
study
work well if you decide to add an e-mail server on your network that needs to receive packets
originated
the outside.
The
second
part of this scenario
is on
to configure
static NAT entry so
Readyby
yourself
for the
new
simulation-based
questions
the CCNP a
exams
that an e-mail server on the outside can originate communication with the e-mail server on your
CCNP Practical
inside
network.Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
preparation.
Summary
In this chapter, you learned about the operation of NAT, how NAT translates addresses, and
when to use NAT. You learned to configure NAT to translate private addresses in many different
scenarios, such as configuring static NAT and dynamic NAT. You looked at some show command
Table
of Contents
output as well
as debug
commands that relate to NAT to verify connectivity.
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
Network Address Translation is used to connect private IP internetworks that use

Table of Contents
__________
IP addresses to connect to the Internet.
Index

A. routable
Publisher: B.
Ciscostandard
Press
C. nonroutable
ISBN: 1-58720-073-2
Pages: 528
D. nonstandard
2:
When does the NAT operation take place on a router for inside-to-outside
translation?
BCRAN exam.
A. Before the IPSec operation
B. for
Before
the routing
decision
Prepare
the CCNP
642-821
exam concepts
C. After the IPSec operation
D. After
theimplementation
routing decision
you through
their
3:
Trueset-up
or false:
Cisco
IOS
NATyou
cannot
Review
guides
that
show
howbe
to applied
prepareto
a subinterfaces.
lab for study
4:
What
allows
a single
NAT-enabled
router questions
to allow some
users
to exams
use NAT and other
Ready
yourself
for
the new
simulation-based
on the
CCNP
users on the same Ethernet interface to continue with their own IP addresses?
A. Access
list is useful in preparing a CCNP candidate for the general exam
network setting,
this book
B. Route map
certificationC.
exams.
PolicyFinally,
map it serves anyone wanting a guide to real-world application of these
D. Priority map
implementation
the technology.
step-by-step
process
can addresses
be executed
on aor
home5: What isofused
to translate This
internal
(inside local)
private
to one
moreor
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
outside (inside globalusually registered) IP addresses?
preparation.
A. Overboard
B. Network Address Translation
C. Interface Address Translation
D. Port Address Translation
6:
When using PAT, also known as NAT overloading, how many theoretical translations
can be made for each inside global IP address?
A. 30,000
of Contents
B.Table
25,655
Index
C.Studies:
65,535
CCNP Practical
Remote Access
D. 100,000
Publisher:
Cisco
Press
7: PAT
additionally
translates which port to keep track of individual conversations?

ISBN: 1-58720-073-2
Pages: 528
A. Inside source
B. Outside source
C. Inside destination
D. Outside destination
BCRAN exam.
8: IP address __________ refers to a situation in which two locations use the same IP
address
range
but642-821
still want
to communicate.
Prepare
for the
CCNP
BCRAN
exam concepts
A. overloading
you through
B.set-up
underloading
Review
overlapping
ReadyC.
yourself
D. underlapping
CCNP Practical
9: TrueDesigned
or false: as
Static
and dynamicguide
NAT may
be to
used
on the
same
router.
applications.
a topic-by-topic
of how
apply
remote
access
concepts in a real
preparation.
Chapter 13. Using AAA to Scale Access

Control in an Expanding Network
of Contents
This
chapter Table
covers
Index
AAA Overview
Authentication
Authorization
Pub
ISBN: 1-58720-073-2
Accounting
Pages: 528
AAA Protocols
AAA Method List
Configuring
AAA
Gain hands-on
experience
BCRAN exam.
Access control in an expanding environment can be a daunting task. Authentication,
authorization, and accounting (AAA) provides you with a mechanism you can use to track a
user'sPrepare
access and
usage.
AAA
also allows
you
to set
thegain
user's
level of
access, understanding
as well as whatofhe
for the
CCNP
642-821
BCRAN
exam
and
a better,
practical
may connect
to and when he is allowed to connect.
exam concepts
preparation.
AAA Overview
AAA combines three independent security functions in a modular fashion that allows you to
configure access control to your network devices, such as routers and switches. The three
modules you will be concerned with in this chapter are as follows:
Table of Contents
Index
Authentication
Provides
CCNP Practical
Studies: Remote
Access
the methods you will use to identify your users before allowing
them
access
to
your
network
services. These methods include challenge and response, login
and password dialog, encryption, and messaging support.
Publisher:
Cisco Press
Authorization
Provides the methods you will use for remote access control, such as persupport of IP and Telnet, one-time authorization or
authorization
ISBN: 1-58720-073-2
for each service, and user group support.
Pub
Date:account
Decemberlist
22, and
2003 profile,
user
Pages: 528
Accounting Provides the method you will use to collect and send security server
information. You may use this information for auditing, billing, or reporting.
These modules are discussed further in the following sections.
BCRAN exam.
Authentication
Prepare for
642-821
exam
a better,
practical
understanding
Authentication
is the
the CCNP
method
used toBCRAN
identify
your and
usergain
before
he or she
is allowed
access to of
exam
concepts
your network and its services. A simple way of looking at configuring AAA authentication is
defining a named list consisting of the authentication methods you want and then applying your
Experience
how
remote interface(s).
access concepts
in amethod
real network
practice
labsofthat walk
defined
list to your
identified
Youwork
use the
list to with
define
the types
you
through
their
implementation
authentication you want to be performed and the sequence in which you want them to be
performed. With one exception, the method list named "default," you must apply the method list
to a specific interface before any of your defined authentication methods are used. The default
method list is automatically applied to any interface you have not applied a method list to. You
must define all authentication methods, with the exception of local, line password, and enable
authentication,
through Remote
AAA. When
you(CCNP
chooseSelf-Study)
to implement
authorization,
users
must
be
Access
prepares
readers your
for the
CCNP
642authenticated
before
any
authorization
can
take
place.
Authorization
certification
Finally,
serves
anyone wanting
to real-world
application
of these
Authorizationexams.
is designed
to itwork
by assembling
a setaofguide
attributes
you define
to determine
if a
concepts,
regardless
of
certification
interest.
user is authorized to perform a certain task. Your defined attributes are compared to the
information stored in the database for a given user. The result (the user's capabilities and
restrictions) is returned to AAA. You can define the database locally on the network device or
host it remotely on a RADIUS or TACACS+ security server, such as Cisco Secure Access Control
Server (ACS). TACACS+ and RADIUS security servers authorize your users for their specific
rights by using attribute-value (AV) pairs, which associate their rights with the appropriate user.
All
methods
be defined
AAA.
Just like
authentication,
you configure
All authorization
of the topics on
the newmust
642-821
BCRANthrough
exam are
covered,
providing
comprehensive
exam
AAA
authorization
through
the
use
of
a
named
list
of
authorization
methods
and
then
apply your
preparation.
defined list to your specific interface(s).
Accounting
Accounting lets you track the services your users are accessing, as well as the amount of
network resources they are consuming. AAA accounting accomplishes this by reporting your
user's activity to the RADIUS or TACACS+ security server in the form of accounting records.
These accounting records are comprised of accounting AV pairs. They are stored on the ACS for
future analysis of network management, client billing, and/or auditing. You must define all the
accounting methods through AAA. Much like the previous AAA modules, you configure AAA
accounting through the use of named lists defining your accounting methods and then apply that
list
to your specified
interface(s).
Table of Contents
Index
AAA
Protocols
ByWesley
AAAPublisher:
uses two
major security server protocolsTACACS+ and RADIUS. You can use either of
Cisco Press
these protocols to authenticate a large number of your users, because each creates a database
of usernames and passwords. Both protocols share many features, because Cisco Systems
ISBN: 1-58720-073-2
modeled the TACACS+ architecture after the existing RADIUS standard. You can implement a
Pages: 528
TACACS+
or RADIUS server on a UNIX platform or Windows platform.
RADIUS is covered in the following RFCs:
RFC 2138, Remote Authentication Dial In User Service (RADIUS)
BCRAN exam.
RFC 2139, RADIUS Accounting
RFC 2865, Remote Authentication Dial In User Service (RADIUS)
exam concepts
RFC 2866, RADIUS Accounting
RFC 2867, RADIUS Accounting M odifications for Tunnel Protocol Support
RFC 2868, RADIUS Attributes for Tunnel Protocol Support
RFC 2869, RADIUS Extensions
TACACS+ is covered by the following Internet Draft and RFC:
applications.
Designed
as a topic-by-topic
The TACACS+
Protocol
Version 1.78 (draft-grant-tacacs-02.txt)
questions
by providing
a better
understanding
of how remote
RFC 1492,
An Access
Control
Protocol, Sometimes
Called access
TACACS
concepts,
regardless
AAA Transport
Protocols
Just
like any packet
that
travels across
IP network,
bothcan
TACACS+
and RADIUS
use the
implementation
of the
technology.
This your
step-by-step
process
be executed
on a homeor
TCP/IP
stack.
This
is
also
one
area
in
which
they
differ:
RADIUS
uses
the
UDP
protocol
for or
office-based lab, a remote-accessible lab, some networking simulation software programs,
communications
between
the client and the security server, whereas TACACS+ uses the TCP
guide.
protocol. TACACS+ operates over TCP port 49, and RADIUS operates over UDP port 1812 for
authentication
port642-821
1813 forBCRAN
accounting.
RADIUS
implementations,
you exam
might
All of the topicsand
on UDP
the new
exam In
aresome
covered,
providing
comprehensive
see
RADIUS
operate
over
port
1645
for
authentication
and
port
1646
for
accounting.
preparation.
Packet Encryption
One other area in which RADIUS and TACACS+ differ is their use of encryption. RADIUS encrypts
only the user password in a client-to-server access request packet. Other items in the packet,
such as username, authorized services, and accounting, are sent across the network in clear
text.
TACACS+ encrypts the entire packet to the server with the exception of the unencrypted
TACACS+ header. This unencrypted header contains a field specifying whether that packet's
payload is encrypted.
Table of Contents
Index
AAA
Method
Lists
CCNP Practical
Studies:
Remote Access
You create a method list by defining a sequential list of authentication methods that you want to
use to authenticate a user. Method lists let you define a backup authentication system for
authentication in case of a failure by configuring one or more security protocols to be used for
authentication. Your network devices will use the first method you list to authenticate users; in
ISBN: 1-58720-073-2
the case
of a failure, your network devices will use the next authentication method defined in the
Pages:
method
list.528
This process continues until either your user is authenticated through the successful
communication with a listed authentication method or the authentication method list is
exhausted, in which case authentication fails. Authentication with the next defined authentication
method is tried only if there is no response from the previous authentication method.
BCRAN exam.
NOTE
Aexam
FAIL concepts
response differs from an ERROR response. A FAIL signals that the user does not
meet the defined criteria required to be authenticated. The authentication process
stops
when a
FAIL
response
is returned.
indicates
that the
security
Experience
how
remote
access
concepts However,
work in a an
realERROR
network
with practice
labs
that walk
server
has not
responded
to an authentication query. Because authentication has not
you through
their
implementation
been attempted, AAA selects the next authentication method you defined in the
Review set-up method
guides that
show
you how to
authentication
list and
reattempts
authentication.
preparation.
Configuring AAA
After you decide which AAA service you want to use, you can use the following steps to configure
AAA on your network device:
Table
of Contents
Step 1.
Enable
AAA.
Index
CCNP Practical
Studies:
Remote
Access
Step 2.
Configure
security
protocol parameters.
Step 3. Define the method lists for authentication.
Step 4. Apply the method lists to a particular interface or line.
ISBN: 1-58720-073-2
Step
5. Optionally configure authorization.
Pages: 528
Step 6. Optionally configure accounting.
Step 1: Enabling AAA
BCRAN exam.
Before you can use the AAA network security services available to you, you must enable AAA. To
accomplish this, use the following command:
exam concepts
R8(config)#aaa new-model
NOTE
Upon enabling AAA, IOS no longer lets you use the older TACACS or extended TACACS
protocols.
If desired, you can disable AAA functionality using the following command:
preparation.
R8(config)#no aaa new-model
Step
2: Configuring
Table of ContentsSecurity Protocol Parameters
Index
CCNP
Practical
Studies:
Remote Access
Deciding
which
parameters
you want to configure for your selected security protocol depends on
the
protocol
you
want
to
use.
Because
the,Deviprasad
parameters
are protocol-specific, they are explained in
Morrow
Konda
the following sections.
Step ISBN:
3: Defining
1-58720-073-2the Method Lists for Authentication
Pages: 528
AAA security services offer many varied authentication methods:

Login authentication
Gain hands-on
PPP authentication
BCRAN exam.
ARAP authentication
Prepare
NASI authentication
exam concepts
You also have the option of defining the following parameters:
Specifying the amount of time for login input
Enabling password protection at the privileged level
Changing the text displayed at the password prompt
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Configuring
banners for
AAA authentication
821 BCRAN
exammessage
and for workplace
challenges
Configuring
AAAbook
packet
of disconnect
network
setting, this
is useful
Enabling
double authentication
essential
in preparing
Enabling automated double authentication
Some of these items are discussed further in the following sections.
Configuring
Login Authentication
Using AAA
guide.
All of the
topics on the
BCRAN
exam are covered,
providing
comprehensive
exam
Login
authentication
is new
used642-821
to enable
AAA authentication
regardless
of the
supported login
preparation. method you decide to use. You create one or more lists of authentication methods
authentication
that will be tried at login and apply them to the login authentication command. To configure a
login authentication list using AAA, use this command:
R8(config)#aaa authentication login {default | list-name}method1 [method2...]
Table of Contents
Index
list-name
is a character string you use to name the list you are creating. The method arguments
refer to the actual method the authentication algorithm tries. If you specify more than one
method of authentication, they are used only if the previous method returns an error, not if it
fails.
You can use the none keyword as the final method in the command line to specify that
Pub Date: December
22, succeed
2003
authentication
should
even if all other defined methods return an error. By using the
ISBN:
1-58720-073-2
default keyword, you can specify a default list that is applied to all interfaces automatically.
Table Pages:
13-1 lists
528 the wide variety of supported login authentication methods.
Table 13-1. AAA Login Authentication Methods
BCRAN exam.
Keyword
Description
enable
Prepare forThe
theenable
CCNP 642-821
passwordBCRAN
is usedexam
for authentication.
exam concepts
line
The line password is used for authentication.
howlocal
remote
access database
concepts work
in for
a real
localExperienceThe
username
is used
authentication.
local-case
Makes the local username case-sensitive.
none
No authentication is used.
group
The list of all defined RADIUS servers is used for authentication.
radius
BCRAN exam
and
implementing
remote
access network
group
The
listfor
of workplace
all definedchallenges
TACACS+ in
servers
is used for
authentication.
applications.
tacacs+
groupgroupA subset
of RADIUS
or TACACS+
servers,
defined
by really
the aaa
group
server
questions
by providing
a better
understanding
of how
remote
access
works.
It is
also
name
radius
or
aaa
group
server
tacacs+
command,
is
used
for
authentication.
krb5
Kerberos 5 is used for authentication.
krb5-telnet When using Telnet to connect to the device, the Kerberos 5 Telnet authentication
a review
the
and guides
the
reader
throughin the
protocol
is usedoffor
authentication.
This keyword
must be
the
first method
implementation method
of the technology.
This
step-by-step
process
can
be
executed
on
a
homeor
list.
All
of the topics
on the
new 642-821 BCRAN
Configuring
PPP
Authentication
Using exam
AAA are covered, providing comprehensive exam
preparation.
Your network might require giving your users remote access through some type of dialup
connection, such as async or ISDN through an access server. Both of these dialup services
present a unique problem when you are trying to control access through AAA. Neither uses the
command-line interface of the network device. Instead, they start a network protocol, such as
PPP or ARA, as soon as the connection is established. Fortunately, the AAA security service
provides a solution to this problem by offering a variety of authentication methods for use on
serial interfaces using PPP.
You can use the following command to configure AAA authentication methods for serial lines
using PPP. It creates a local authentication list:
Table of Contents
Index

R8(config)#aaa
authentication
ppp {default | list-name}method1 [method2...]
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
Table 13-2 lists the authentication methods available with PPP authentication.
BCRAN exam.
Table 13-2. AAA Authentication Methods for PPP

Keyword
Description
exam concepts
if-needed
required work
if theinuser
hasnetwork
already with
beenpractice
authenticated
on walk
a
Experience No
howauthentication
remote accessisconcepts
a real
labs that
TTY
line.
local
The local username database is used for authentication.
local-case
A case-sensitive local username is used for authentication.
none
No authentication is attempted.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642group radius A defined list of all RADIUS servers is used for authentication.
applications.
Designed
as alist
topic-by-topic
guide
of how
apply
group
A defined
of all TACACS+
servers
is to
used
for remote
authentication.
network
tacacs+setting, this book is useful in preparing a CCNP candidate for the general exam
groupgroupA subset
of RADIUS
or TACACS+
servers, defined
by the that
aaa are
group
server
essential
in preparing
candidates
for the
questions
on the
Cisco
name
radius
or
aaa
group
server
tacacs+
command,
is
used
for
authentication.
krb5
When used with PAP authentication, Kerberos 5 is used for authentication.
Configuring ARAP Authentication Using AAA
You
the on
following
command
configure
with the
AppleTalk Remote
All ofcan
theuse
topics
the new
642-821 to
BCRAN
examAAA
areauthentication
covered, providing
comprehensive
exam
Access
Protocol
(ARAP).
It
enables
authentication
for
ARAP
users:
preparation.
R8(config)#aaa authentication arap {default | list-name}method1 [method2...]
Table of Contents
Table
13-3 lists
ARAP's supported login authentication methods.
Index
Table 13-3. AAA Authentication Methods for ARAP

ISBN: 1-58720-073-2
Keyword
Description
Pages: 528
auth-guest
Guest logins are allowed if the user has already logged into EXEC.
guest
Guest logins are allowed.
line
local
BCRAN exam.
local-case
A case-sensitive local username is used for authentication.
group
radius
defined
list of all
RADIUS
servers
is used
for authentication.
Prepare
for theACCNP
642-821
BCRAN
exam
and gain
a better,
exam concepts
group tacacs+
A defined list of all TACACS+ servers is used for authentication.
Configuring
NASI guides
Authentication
Using
Review set-up
that show you
howAAA
fortothe
on Asynchronous
the CCNP exams
WhenReady
a useryourself
attempts
lognew
intosimulation-based
the device using questions
the NetWare
Services Interface
(NASI), you can use the following commands. It enables authentication for NASI users:
Each
chapter includes
a review of the
applicable
technology,
and guides
the reader
through
R8(config)#aaa
authentication
nasi
{default
| list-name}
method1
[method2...]
Table 13-4 lists the NASI authentication methods you may choose from.
preparation.
Table 13-4. AAA Authentication Methods for NASI
Keyword
Description
enable
The enable password is used for authentication.
line
local
local-case
Makes the local username case-sensitive.
Table of Contents
none
IndexNo authentication is used.
group radius The list of all defined RADIUS servers is used for authentication.
group
The list of all defined TACACS+ servers is used for authentication.
tacacs+
Pub Date:
December
22, 2003of RADIUS or TACACS+ servers, defined by the aaa group server
group
groupA subset
ISBN:
1-58720-073-2
name
radius or aaa group server tacacs+ command, is used for authentication.
Pages: 528
Specifying the Amount of Time for Login Input

By
default,
the experience
system waits
seconds
for Access
login input
before
timing
out. You
Gain
hands-on
of 30
CCNP
Remote
topics
with lab
scenarios
forcan
theuse
newthe
642-821
following
command
to
change
this
amount
of
time:
BCRAN exam.
exam concepts
R8(config-line)#timeout login responseseconds
network setting,
this book
is useful in
a CCNP
Enabling
Password
Protection
at preparing
the Privileged
Level
essential
in preparing
for the new
questions
that arethe
on privileged
the Cisco
You can require
a usercandidates
to be authenticated
bysimulation-based
the AAA subsystem
when entering
certification
exams.
Finally,
it
serves
anyone
wanting
a
guide
to
real-world
application
of these
EXEC command level (the "enable" level) using the following command:
preparation.
R8(config)#aaa authentication enable defaultmethod1 [method2...]
Requests for authentication sent to a RADIUS server include a username of $enab15$. Requests
sent to a TACACS+ server include the username that is entered for login authentication.
Table 13-5 lists the supported enable authentication methods.
Table of Contents
Index
Table 13-5. AAA Authentication Methods for Enable
Keyword
Description
enable
The enable password is used for authentication.
line
none ISBN: 1-58720-073-2

No authentication is used.
Pages: 528
group radius The list of all defined RADIUS servers is used for authentication.
group
tacacs+
The list of all defined TACACS+ servers is used for authentication.
groupgroup- A subset of RADIUS or TACACS+ servers, defined by the aaa group server
Gain
hands-on experience
CCNP
Remote
Access
topicscommand,
with lab scenarios
forauthentication.
the new 642-821
name
radius or of
aaa
group
server
tacacs+
is used for
BCRAN exam.
Stepexam
4: Applying
concepts the Method Lists to a Particular Interface or Line
how remote
access concepts
workstep
in aisreal
network
practice
that walk
After Experience
you have defined
your method
list, the next
to apply
it towith
either
a linelabs
or an
you through
implementation
interface.
You can their
use one
of the following commands to enter line or interface configuration
mode.
Use this command to enter line configuration mode if you want to apply your method list to a
line: Ready yourself for the new simulation-based questions on the CCNP exams
R8(config)#line [aux | console | tty | vty]line-number [ending-line-number]
Use this command to enter interface configuration mode if you want to apply your method list to
an interface:
preparation.
R8(config)#interfaceinterface-type interface-number
Table of Contents
You
can use Index
the following command to apply your login method list to a line or set of lines:


ISBN: 1-58720-073-2
Pages: 528
R8(config-line)#login authentication {default | list-name}
BCRAN exam.
You can use the following command to apply the PPP authentication list to a line or set of lines.
protocol1 and protocol2 represent the CHAP, MS-CHAP, and PAP protocols.
exam concepts
R8(config-if)#ppp authentication {protocol1 [protocol2...]} [if-needed]
BCRAN exam
and for workplace
challenges
{default
| list-name}
[callin]
[one-time]
certification
Finally,
it servesto
anyone
wanting
a guide
to real-world
application
these
You can use exams.
the following
command
optionally
enable
autoselection
of ARAP
under aof
line:
preparation.
R8(config-line)#autoselect arap
You can use the following command to optionally start the ARAP session automatically during
user login:
Table of Contents
Index

By
during-login
ISBN: 1-58720-073-2
You can
use the following command to optionally enable TACACS+ authentication on a line:
Pages: 528
BCRAN exam.
R8(config-line)#arap authenticationlist-name
exam concepts
You can
use the
following
optionally
enable NASI
on a line:
Review
set-up
guidescommand
that showtoyou
how to prepare
a labauthentication
for study
it serves anyone
R8(config-line)#nasi
authentication
list-name
Step
Configuring Authorization
even as5:
a Optionally
stand-alone guide.
All
the topics on builds
the new
BCRAN exam
covered,
comprehensive
exama
AAAofauthorization
on 642-821
AAA authentication
by are
allowing
you providing
to limit which
of your services
preparation.
user can access. With AAA authorization, a user's profile is used to retrieve information from the
local user database or the security server to configure the user's session to grant access to a
requested service. Access is allowed only if you granted the access in the user's profile.
Much like method lists you configure for authentication, a method list for authorization defines
the manner in which authorization will be performed, as well as the sequence in which these
methods will be executed. Several different authorization types are available for you to define in
your method lists:
Commands Used to apply authorization to the EXEC mode commands a user may use.
Command authorization is attempted for all EXEC mode commands associated with a
specific privilege level.
of Contents
EXECTable
Applies
to the user's attributes during an EXEC terminal session.
Index
CCNP Practical
Studies:
Remote
Network
Used
with Access
network
connections.
Auth-proxy Used to apply security policies on a per-user basis.
Publisher:
Cisco Press
Reverse-access
Used with reverse-Telnet sessions.
AAA gives
five different methods you can use with authorization:
ISBN:you
1-58720-073-2
Pages: 528
None Authorization information is not requested or required.

Local A local database, defined by the username command, is consulted for
authorization.
If-Authenticated
If the user was previously authenticated, he or she is allowed access to
BCRAN
exam.
the function without further authorization.
TACACS+
Prepare
for the
A TACACS+
CCNP 642-821
security
BCRAN
daemon
exam
is and
usedgain
for authorization
a better, practical
defined
understanding
by associating
of
exam concepts pairs with a user's assigned rights.
attribute-value
RADIUS A
Experience
how
RADIUS
remote
security
accessserver
concepts
is used
workfor
in a
authorization
real networkdefined
with practice
by associating
labs that walk
you through their
attribute-value
pairs
implementation
with a user's assigned rights.
Before
Review
you can
set-up
configure
guides
AAA
that
authorization,
show you how
you
to must
prepare
perform
a lab the
for study
following tasks:
Enable AAA on your network device.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Configure
AAA
authentication,
authorization
requires
authentication
to work
821 BCRAN
exam
and
for workplacebecause
challenges
in implementing
remote
access network
properly.
Define
characteristics
your security of
server
if you are
defining
RADIUS
questions
bythe
providing
a better of
understanding
how remote
access
really
works.or
It TACACS+
is also
authorization.
Define
a local database.
Use the
username command if you are using local authorization.
concepts,
regardless
of certification
interest.
Both
and TACACS+
authorization
use attributes
to define
the specific
rightsthrough
you want to
Each RADIUS
chapter includes
a review
of the applicable
technology,
and guides
the reader
grant
your
users.
The
attributes
for
both
RADIUS
and
TACACS+
are
defined
on
the
security
server,
associated
your user, andlab,
sentsome
to your
network simulation
device, when
requested.
There or
the
office-based
lab, a with
remote-accessible
networking
software
programs,
attributes
are
applied
to
your
user's
connection.
Because
both
TACACS+
and
RADIUS
support
many different attributes, you should consult your server's documentation to determine which
attributes
you can
All of the topics
on use.
preparation.
Configuring AAA Authorization

Three steps are required to configure AAA authorization:
Step 1. Configure AAA authorization with named method lists.

Step 2. Disable AAA authorization for global configuration commands.
Step 3. Configure AAA authorization for reverse Telnet.
Each of these steps is looked at in further detail in the following sections.
Table of Contents
Index
Step 1: Configuring AAA Authorization with Named Method Lists

You can use the following command to configure AAA authorization for a particular authorization
type
and enable authorization using named method lists:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R8(config)#aaa authorization {auth-proxy | network | exec | commandslevel |
reverse-access
configuration
| ipmobile}
| list-name}
[method1 of
Prepare for the |CCNP
642-821 BCRAN
exam and {default
gain a better,
exam concepts
[method2...]]
You can use one of the following commands to alternatively apply your authorization list to an
interface or set of interfaces:
R8(config-line)#authorization
{arap
| commands
leveland
| exec
reverse-access}
Each chapter includes a review of the
applicable
technology,
guides| the
reader through
{default lab,
| list-name}
office-based
preparation.
or
R8(config-line)#ppp authorization {default | list-name}
Table of Contents
Index
Step 2: Disabling AAA Authorization for Global Configuration Commands

If you decide to implement AAA authorization for all EXEC mode commands, you might encounter
a problem
which
Publisher:in
Cisco
PressAAA authorization becomes confused by the fact that some configuration
commands
are identical
to some EXEC-level commands. You can prevent this behavior by
Pub Date: December
22, 2003
stopping
your
network device from attempting configuration command authorization using the
ISBN:
1-58720-073-2
following command:
Pages: 528
BCRAN exam.
Prepare for aaa
the CCNP
642-821 BCRAN
R8(config)#no
authorization
config-commands
exam concepts
set-up guides
show you how
toReverse
prepare aTelnet
lab for study
StepReview
3: Configuring
AAAthat
Authorization
for
In most circumstances, you will use Telnet to gain remote access to your network devices. Other
times,
you might
be required
to Access
establish
a reverse-Telnet
session toreaders
a device.
reverse-Telnet
CCNP Practical
Studies:
Remote
(CCNP
forAthe
CCNP 642session
is
simply
a
Telnet
connection
that
you
establish
in
the
opposite
direction
you
normally
would,
such
as
from
inside
your
network
to
an
access
server
on
your
network
edge,
to
gain
in a real
access
to
a
modem.
You
would
also
use
reverse
Telnet
to
provide
your
users
with
dial-out
capability
Telnet to
accessunderstanding
modem ports attached
to your
access
server.
questions using
by providing
a better
of how remote
access
really
works. It is also
Authentication during reverse Telnet is accomplished using the standard AAA login procedure
specified for Telnet. In other words, the user provides a username and password to establish
either a Telnet or reverse-Telnet session. Reverse Telnet builds on AAA authentication by
providing
a second
level
of security
byapplicable
requiring the
additional
step
of authorization
before
Each chapter
includes
a review
of the
technology,
and
guides
the reader through
authentication
is
completed.
Reverse-Telnet
authorization
also
provides
the
following
benefits:
implementation of the technology. This step-by-step process can be executed on a homeor
It ensures that users attempting to gain access to reverse-Telnet activities are authorized to
access a specific asynchronous port using reverse Telnet.
preparation.
It provides a second method of managing reverse-Telnet authorization.
You can configure your network device to request authorization information from a TACACS+ or
RADIUS server before allowing a user to establish a reverse-Telnet session by using the following
command:

Table of
Contents
R8(config)#aaa
authorization
reverse-accessmethod1 [method2...]
Index

Although enabling this feature lets your network device request reverse-Telnet authorization
information from the security server, you still have to configure the specific privileges for your
user regarding reverse Telnet.
ISBN: 1-58720-073-2
Pages: 528
Step 6: Optionally Configuring Accounting

AAA accounting lets you track the services your users are accessing and the amount of network
resources they are consuming. Your network device reports your users' activities to your
TACACS+ or RADIUS security server in the form of accounting records. Each accounting record is
BCRAN exam.
composed of accounting AV pairs and is stored on the security server.
Much Prepare
like authentication
and
authorization,
AAA accounting
method
lists understanding
to define the of
for the CCNP
642-821
BCRAN exam
and gain auses
better,
practical
manner
and
order
in
which
accounting
will
be
performed.
Named
accounting
method
lists let you
exam concepts
designate specific security protocols for specific lines or interfaces, with the default method list,
the only
exception,
automatically
applied
to allwork
interfaces
that
you have
defined
a named
Experience
how
remote access
concepts
in a real
network
withnot
practice
labs
that walk
method
list
explicitly
for.
You
can
define
a
method
list
for
each
specific
type
of
accounting
you are
interested in. Six different types of AAA accounting are supported:
Network
Supplies
on all PPP, SLIP,
or ARAP
sessions.
Ready yourself
for theinformation
questions
on the
CCNP exams
on user
EXEC
sessions on
your network
devices.
CCNPEXEC
PracticalSupplies
Studies:information
Remote Access
(CCNP
Self-Study)
prepares
readers
Commands
Supplies
information about
a userremote
issues access
while inconcepts
EXEC mode
for
applications.
Designed
as a topic-by-topic
guidecommands
of how to apply
in a real
a
specific
privilege
level.
Connection Supplies information about outbound connections, such as Telnet, made from
your network device.
concepts,
regardless
of certification
System
Supplies
informationinterest.
about system-level events. System accounting can be
defined only with the default list for AAA accounting.
implementation
of Supplies
the technology.
This"stop"
step-by-step
executed
onuser
a home- or
Resource
"start" and
recordsprocess
for callscan
thatbe
have
passed
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
authentication. Also provides "stop" records for calls that fail to authenticate.
After they are defined, you must apply your AAA accounting method lists to specific lines or
All
of the topics
theofnew
exam
are covered,If providing
comprehensive
exam
interfaces
beforeon
any
your642-821
defined BCRAN
methods
are performed.
you use the
aaa accounting
preparation.
command for a particular accounting type without specifying a named method list, the default
method list is automatically applied. If you do not define a default method list, you cannot use
accounting.
Currently, only two accounting methods are supported:
TACACS+ User activity is reported to the TACACS+ security server in the form of
accounting records. Each accounting record is composed of accounting AV pairs and is
stored on the security server.
RADIUS User activity is reported to the RADIUS security server in the form of accounting
records. Each accounting record is composed of accounting AV pairs and is stored on the
security server.
Table of Contents
"Start" and "stop" records are provided by AAA accounting for calls that have passed user
Index
authentication so that you may manage and maintain your network. These "start" and "stop"
records, called start-stop records, send a "start" record at every call setup and a corresponding
By
Wesley
Shuo, Dmitry
Raymond Morrow
, Deviprasad
Konda record lets you track a user's
"stop"
record
at theBokotey
call's ,completion.
A second
start-stop
management progress. Both of these start-stop accounting records can be associated with each
other
through
the
use of a unique session ID for the call. Additionally, "stop" records are
Publisher:
Cisco
Press
provided
forDecember
calls that
fail to reach the user authentication stage of a call setup sequence. If you
Pub Date:
22, 2003
chooseISBN:
to do
so, you can disable the sending of a "start" record, because most of the information
1-58720-073-2
in the typical "start" record is also included in the "stop" record.
Pages: 528
AAA Broadcast Accounting

If
your
networking
environment
hasRemote
several Access
AAA servers,
you can
take advantage
the642-821
AAA
Gain
hands-on
experience
of CCNP
topics with
lab scenarios
for theofnew
broadcast
feature.
The
AAA
broadcast
feature
for
accounting
allows
accounting
information
to be
BCRAN exam.
broadcast to several AAA servers at the same time.
Broadcasting
be used
a group
of RADIUS
TACACS+
servers.
Each server
group canof
Prepare can
for the
CCNPfor
642-821
BCRAN
examor
and
gain a better,
practical
understanding
defineexam
backup
servers for failover independently of other groups.
concepts
Before
you can successfully
AAA accounting
namedwith
method
lists,labs
youthat
complete
Experience
how remoteconfigure
access concepts
work in athrough
real network
practice
walk
the following
tasks:
Configure and enable AAA on your network devices.
If you are using RADIUS or TACACS+ authorization, you must define the characteristics of
RADIUS
or TACACS+
server.
CCNPyour
Practical
Studies:
Remote security
Access (CCNP
network setting,
thisAccounting
Configuring
AAA
essential
preparing
forAAA
theaccounting:
You followinthese
steps candidates
to configure
concepts,
of certification
interest.
Stepregardless
1. Configure
AAA accounting
named method lists.
Each chapter
a review
of the
the sessions.
reader through
Step 2.includes
Suppress
generation
of applicable
accountingtechnology,
records for and
null guides
username
office-based
lab,
a remote-accessible
lab, some
Step 3.
Generate
interim accounting
records.
Step 4. Generate accounting records for the failed login or session.
preparation.
Step 5. Specify accounting NETWORK-Stop records before EXEC-Stop records.
Step 6. Configure AAA resource failure stop accounting.
Step 7. Configure AAA resource accounting for start-stop records.
Step 8. Configure AAA broadcast accounting.
Each of these configuration tasks is discussed in further detail in the following sections.
Step 1: Configuring AAA Accounting Named Method Lists
Table of Contents
AAA
accounting
named method lists are specific to the indicated type of accounting:
Index
network Used to create a method list to enable authorization for all network-related
service requests.
exec
Used to
Pub
Date: December
22,create
2003
a method list to provide accounting records detailing user EXEC

terminal
sessions on the network devices.
ISBN: 1-58720-073-2
Pages: 528
commands Used to create a method list for accounting information about specific,
individual EXEC commands associated with a specific privilege level.
connection Used to create a method list for accounting information about all outbound
connections made from the network device.
resource
Used to create a method list that provides accounting records for calls that have
BCRAN
exam.
passed user authentication or calls that failed to be authenticated.
If youPrepare
want tofor
receive
the CCNP
only 642-821
a minimal
BCRAN
amount
exam
of accounting
and gain ainformation,
better, practical
you can
understanding
use the stopof
only exam
keyword.
concepts
This keyword instructs the specified method, whether RADIUS or TACACS+, to
send a stop record accounting notice only at the end of the requested user process. If you want
Experience
how remote
access concepts
work
in the
a real
network keyword
with practice
labsathat
to receive
more accounting
information,
you can
use
start-stop
to send
startwalk
you through
their
accounting
notice at
theimplementation
beginning of the requested event and a stop accounting notice at the
completion of the event. If you do not want to receive any accounting information from a line or
Review
guides
that show
interface,
youset-up
can use
the none
keyword.
Ready
the newto
simulation-based
questions
the
CCNP
exams
You use
the yourself
methodfor
argument
refer to the actual
method on
that
AAA
uses
to determine whether
to report accounting information. AAA accounting supports the following methods:
applications.
DesignedSpecifies
as a topic-by-topic
of servers
how to apply
group radius
a list of all guide
RADIUS
for accounting.
questions
group
bytacacs+
providing aSpecifies
a list of all TACACS+
of how remote
serversaccess
for accounting.
groupgroup-name
subset wanting
of RADIUS
or TACACS+
servers
for accounting
that
certification
exams. Finally,Specifies
it servesaanyone
a guide
to real-world
application
of these
you
define
using
the
server
group
group-name.
AAA
supports
the following
methods to
determineand
where
to send
accounting
records:
Eachaccounting
chapter includes
a review
of the applicable
technology,
guides
the reader
through
tacacs Tells
the network device to send accounting information to a TACACS+
even group
as a stand-alone
guide.
security server.
group radius Tells the network device to send accounting information to a RADIUS
preparation.
security server.
groupgroup-name Specifies a subset of RADIUS or TACACS+ servers to use as the
accounting method.
You can use the following commands to create an accounting method list and enable accounting:
Table of Contents
Index accounting {system | network | exec | connection | commandslevel}

R8(config)#aaa
{default
| list-name}
{start-stop
| stop-only
ByWesley
Shuo, Dmitry
Bokotey, Raymond
Morrow, Deviprasad
Konda
| none} [method1 [method2...]]

ISBN: 1-58720-073-2
After you create your accounting method list, you can use one of the following commands to
528
apply Pages:
the method
list to a line or interface:
BCRAN exam.
exam concepts
R8(config-line)#accounting
{arap | commandslevel | connection | exec} {default |
list-name}
or
R8(config-if)#ppp
{default
| list-name}
Each chapter includesaccounting
a review of the
applicable
Step
2: Suppressing Generation of Accounting Records for Null Username Sessions
preparation.
AAA accounting generates accounting records for all users on the system, including users whose
username string is NULL, because of protocol translation. You can use the following command to
prevent the generation of accounting records for NULL username sessions:
R8(config)#aaa
accounting suppress null-username
Table of Contents
Index

Step
3: Generating Interim Accounting Records
When you use the aaa accounting update command, your network device sends interim
ISBN: 1-58720-073-2
accounting records for all users currently using the device. You can use the newinfo keyword to
Pages: 528
send interim accounting records to your accounting server whenever new accounting information
is generated.
When you use the periodic keyword, interim accounting records are generated periodically as
often as defined by the number argument. The interim accounting record is composed of all the
accounting
information
recorded
forRemote
that user
up totopics
the time
accounting
record
is
Gain hands-on
experience
of CCNP
Access
withthe
labinterim
scenarios
for the new
642-821
sent.
You
can use the following command to enable generation of periodic interim accounting
BCRAN
exam.
records:
exam concepts
R8(config)#aaa accounting update {[newinfo] [periodic]number}
questions
by providingAccounting
of how
works. It is also
Step
4: Generating
Records for
the remote
Failed access
Login really
or Session
AAA accounting does not, by default, generate accounting records for users who fail login
authentication or who succeed in login authentication but fail PPP negotiation for some reason.
You
use the
following
command
generate technology,
accounting stop
for reader
users who
fail to
Eachcan
chapter
includes
a review
of thetoapplicable
and records
guides the
through
authenticate
at
login
or
during
session
negotiation:
preparation.
R8(config)#aaa accounting send stop-record authentication failure
Step 5: Specifying Accounting NETWORK-Stop Records Before EXEC-Stop Records

If you are required by your company policies to keep your network start-stop records together,
such as for billing purposes, you can specify that NETWORK records be generated before EXEC
Contents
stop records.Table
You of
can
use the following command to nest accounting records for user sessions:
Index


ISBN: 1-58720-073-2
Pages: 528
R8(config)#aaa accounting nested
BCRAN exam.
Step 6: Configuring AAA Resource Failure Stop Accounting
You can
use the
to enable
resource
failure
stop accounting
to generate a of
Prepare
for following
the CCNPcommand
642-821 BCRAN
exam
and gain
a better,
"stop"exam
record
for any call that does not reach user authentication:
concepts
R8(config)#aaa accounting resourcemethod-list stop-failure groupserver-group
concepts,
Step
7: Configuring
regardless of AAA
certification
Resource
interest.
Accounting for Start-Stop Records
Each
chapter
includes
a review
of thetoapplicable
and guidesfor
the
reader through
You can
use the
following
command
enable fulltechnology,
resource accounting
start-stop
records:
preparation.
R8(config)#aaa accounting resourcemethod-list start-stop groupserver-group
Step 8: Configuring AAA Broadcast Accounting

You can use the following command to configure AAA broadcast accounting by modifying the aaa
accounting command with the broadcast keyword:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
R8(config)#aaa
accounting {system | network | exec | connection | commandslevel}
{default | list-name} {start-stop | stop-only | none} [broadcast]method1

[method2...]
BCRAN exam.
Prepare
for the CCNP
BCRAN
exam for
anddialed
gain anumber
better, identification
of
You also
can configure
AAA642-821
broadcast
accounting
service (DNIS)
exam
concepts
on a per-call basis by modifying the aaa dnis map accounting network command with the
broadcast keyword:
R8(config)#aaa
dnis
map
accounting
network
[start-stop
| stop-only
|
book
isdnis-number
useful in preparing
a CCNP
candidate
for the general
exam
none] in
[broadcast]
method1 [method2...]
essential
preparation.
Scenarios
This section offers some examples of configuring authentication, authorization, and accounting.
Cisco Secure ACS server is used as the TACACS+ and RADIUS server. Figure 13-1 illustrates the
lab topology that is used throughout various scenarios.
Table of Contents
Index
Figure 13-1. Lab Topology for AAA Configuration

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Scenario
13-1: Finally,
Configuring
Using
TACACS+
it serves Authentication
anyone wanting a guide
to real-world
In this scenario, you configure authentication using TACACS+. The default login is the TACACS+
Each
chapter
includes
a reviewfrom
of the
applicable
technology,
and guides the reader
throughor
server.
If there
is no response
the
server, use
the local username/password
database
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
enable secret. Authentication is applied to the Telnet session but not to the console port. The
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or 13TACACS+ server is configured with R1's Ethernet IP address and uses the key cisco. Example
even
as
a
stand-alone
guide.
1 shows you the commands to configure this scenario.
preparation.
Example 13-1. Authentication Commands with TACACS+

!
hostname R1
Table of Contents
Index
aaa new-model
aaa authentication login default group tacacs+ local enable

aaaPub
authentication
login no_login none
ISBN: 1-58720-073-2
enable secret 5 $1$mKTM$dS1tLOKpFMXI1gbcmdoMe0

Pages: 528
!
username raymond password 0 raymond
Gain
hands-on
experience
of CCNP
username
wesley
password
0 wesley
BCRAN exam.
memory-size iomem 15
ip subnet-zero
exam concepts
!
!
!
address
150.50.111.1
255.255.255.0
821
exam
and for workplace
half-duplex
network
!
interface
Ethernet0/1
Each
chapter
no ip
address
office-based
shutdown lab, a remote-accessible lab, some networking simulation software programs, or
half-duplex
preparation.
!
ip classless
ip tacacs source-interface Ethernet0/0
ip http server
!
!
!
Table of Contents
Index
tacacs-server host 150.50.111.100 single-connection

tacacs-server key cisco
!
line
Pubcon
Date:0December 22, 2003
ISBN: 1-58720-073-2
login authentication no_login

Pages: 528
line aux 0
line vty 0 4
Gain
!
BCRAN exam.
!
end
exam concepts
Scenario
13-2: Configuring Authentication Using RADIUS
In this scenario, you configure authentication using RADIUS. The default login is the RADIUS
server
using theStudies:
older RADIUS
If (CCNP
there isSelf-Study)
no response
from the
server,for
use
the
local642CCNP Practical
Remoteports.
Access
prepares
readers
the
CCNP
username/password
or enable
secret. in
Authentication
appliedaccess
to the network
Telnet session
821 BCRAN exam anddatabase
for workplace
challenges
implementingisremote
but
not to theDesigned
console port.
The RADIUS server
withremote
R1's Ethernet
IP address
applications.
as a topic-by-topic
guideisofconfigured
how to apply
access concepts
in and
a real
uses
the setting,
key cisco.
Example
shows
the commands
configure
network
this
book is 13-2
useful
in preparing
a CCNPto
candidate
forthis
thescenario.
general exam
it serves anyone
wanting a guide
real-world application of these
Example
13-2. Finally,
Authentication
Commands
withtoRADIUS
implementation
no service single-slot-reload-enable
even
as a timestamps
stand-alone guide.
service
debug datetime msec
preparation.
!
hostname R2
!
logging rate-limit console 10 except errors
aaa new-model
aaa authentication login default group radius local enable
Table of Contents
Index
aaa authentication
login no_login none
enable
secret
5 $1$mKTM$dS1tLOKpFMXI1gbcmdoMe0
ByWesley Shuo
, Dmitry
!

username raymond password 0 raymond

ISBN: 1-58720-073-2
Pages: 528
username
wesley password 0 wesley
ip subnet-zero
!
BCRAN exam.
!
concepts
no ipexam
finger
!
!
!
interface
Ethernet0/0
CCNP Practical
ip addressDesigned
10.1.1.42
applications.
as a255.255.255.0
topic-by-topic guide of how to apply remote access concepts in a real
half-duplex
questions
!
no ip addressof the technology. This step-by-step process can be executed on a home- or
implementation
shutdown
even
half-duplex
All
preparation.
!
ip classless
ip http server
!
ip radius source-interface Ethernet0/0
radius-server host 10.1.1.111.100 auth-port 1645 acct-port 1646 key cisco
radius-server retransmit 1
Table of Contents
radius-server
Indexauthorization permit missing Service-Type

!

ISBN: 1-58720-073-2
Pages: 528
line con 0
Gain
hands-on
experience
transport
input
none of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
line aux 0
line exam
vty 0concepts
4
!
no scheduler allocate
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Scenario
13-3:and
Configuring
Authorization
Using remote
TACACS+
821 BCRAN exam
in implementing
access network
network
setting, you
this configure
book is useful
in preparing
a CCNP
candidate
for TACACS+.
the generalThe
exam
In
this scenario,
authentication
and
authorization
using
default
questions
providingserver.
a better
of howfrom
remote
access really
works.
login
is theby
TACACS+
If understanding
there is no response
the server,
use the
local It is also
essential in preparingdatabase
candidates
for the secret.
questions
that areare
on applied
the Cisco
username/password
or enable
Authentication and
authorization
to
certification
exams.
Finally,
serves
anyone
a guideserver
to real-world
application
of these
the
Telnet session
but
not toitthe
console
port.wanting
The TACACS+
is configured
with R1's
concepts,IP
regardless
of certification
interest.
Ethernet
address and
uses the key
cisco. The aaa authorization exec command is used to
determine if the user is allowed to access an EXEC shell and what shell attributes are permitted
Each
chapter
includes
a review
the applicable
technology,
and guides
reader
or denied.
Also,
you change
theof
privilege
level for
certain commands
thatthe
users
are through
authorized to
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a home- or
use.Example 13-3 demonstrates the commands to configure this scenario.
Example
13-3. Authentication and Authorization Commands with
TACACS+
preparation.
version 12.1
no service single-slot-reload-enable
Table of Contents
Index
hostname R1
!
logging
rate-limit
console 10 except errors
Pub Date:
December 22, 2003
ISBN: 1-58720-073-2
aaa new-model
Pages: 528

aaa authentication login no_login none
Gain
hands-on experience
CCNP Remote
topics
aaa authorization
exec ofdefault
group Access
tacacs+
local
BCRAN exam.
aaa authorization exec no_login none
exam concepts
!
username raymond privilege 7 password 0 raymond
username wesley privilege 7 password 0 wesley
821subnet-zero
!
interface
Ethernet0/0
ip address
150.50.111.1
255.255.255.0
concepts,
regardless
of certification
interest.
Each
half-duplex
office-based
!
preparation.
no ip address
shutdown
half-duplex
!
ip classless
ip tacacs source-interface Ethernet0/0
ip http server
Table of Contents
Index
tacacs-server host 150.50.111.100 single-connection key cisco

!
privilege
configure
level 7 ntp
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
privilege configure level 7 ntp server

Pages: 528
privilege exec level 7 ping

privilege exec level 7 configure terminal
Gain
!
BCRAN exam.
line con 0
authorization exec no_login
exam concepts
transport input none
line aux 0
line vty 0 4
questions
Figure
13-2
byshows
providing
the configuration
of Cisco Secure
of how
ACS
remote
server
access
to assign
reallyprivilege
works. It
levels
is also
to
essential
users.
In in
Group
preparing
Settings,
candidates
make sure
for that
the new
Shell(exec)
simulation-based
is checkedquestions
and that 7
that
is entered
are on the
in the
Cisco
certification
Privilege
level
exams.
box. Finally, it serves anyone wanting a guide to real-world application of these
implementation of Figure
the technology.
step-by-step
13-2.This
Cisco
Secureprocess
ACS Configuration
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
As
shown
in Example 13-4, after the user accesses the router and is authenticated, the show
BCRAN
exam.
privilege command shows what the privilege is, and ? displays what commands are available
with this privilege.
exam concepts
Example 13-4. Using the show privilege Command and Verifying

Available
Commands
R1#150.50.111.1
CCNP Practical
Studies: Remote
Access (CCNP Self-Study) prepares readers for the CCNP 642Trying
150.50.111.1
... Open
certification
User
Accessexams.
Verification
implementation
Username:wesley
even
Password:
preparation.
R1#show privilege
Current privilege level is 7
R1#config t
Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)#?
Configure commands:
default
Set a command to its defaults
Table of Contents
end
Index
Exit from configure mode
exit Shuo,Dmitry
Exit from
mode
ByWesley
Bokoteyconfigure
, Raymond Morrow
, Deviprasad Konda
help
Description of the interactive help system

no
Negate a command or set its defaults
ISBN: 1-58720-073-2
ntpPages: 528
Configure NTP
R1(config)#
BCRAN exam.
Scenario
13-4: Configuring Accounting Using TACACS+
exam concepts
Experience
how configure
remote access
concepts
in a real
network
withthe
practice
thatstartwalk
In this
scenario, you
accounting
withwork
TACACS+.
You
configure
routerlabs
to run
you throughfor
their
implementation
stop accounting
all character
mode service requests, all commands at privilege level 15, and
all system-level events not associated with users, such as configuration changes and reloads.
Review
that show
you how of
to accounting.
Example
13-5set-up
showsguides
the sample
configuration
Example
13-5.
Some
Accounting
Commands
with TACACS+
CCNP Practical
Studies:
Remote
Access (CCNP
version
questions 12.2
service
timestamps
debugit datetime
msecwanting a guide to real-world application of these
certification
exams. Finally,
serves anyone
no
service password-encryption
implementation
!
All of the topics
hostname
R1 on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
!
logging queue-limit 100
!
username wesley privilege 7 password 0 wesley
clock timezone PST -8
aaa new-model
Table of Contents
Index

aaaPub
authentication
login no_login none
ISBN: 1-58720-073-2
aaa authorization
exec default group tacacs+ local
Pages: 528
aaa authorization exec no_login none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
BCRAN exam.
aaa accounting system default start-stop group tacacs+
aaa session-id
common
exam concepts
ip subnet-zero
!
!
exam
and for workplace
ip BCRAN
address
150.50.111.1
255.255.255.0
!
essential
ip
classless
concepts,
of certification
interest.
ip
tacacsregardless
source-interface
Ethernet0/0
Each
chapter
ip http
server
office-based
no ip http lab,
secure-server
!
preparation.
!
!
!
tacacs-server host 150.50.111.100 single-connection key cisco

tacacs-server directed-request
!
line con 0
Table of Contents
authorization exec no_login

Index
line aux 0
line
4
Pubvty
Date:0December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
end
BCRAN exam.
exam concepts
preparation.
Practical Exercise: ISDN Callback Using TACACS+

In this Practical Exercise, you have a chance to work on the packet mode of AAA configuration.
Two routers with ISDN BRI interface and Cisco Secure ACS server are used in this lab. R1 calls
R2, and R2 points to the Cisco Secure ACS server running TACACS+ for user information. The
Table is
of configured
Contents
TACACS+ server
to call back R1 when username R1 is sent by router R1. Figure
Index
13-3 shows the lab topology for this Practical Exercise.
Figure
13-3. Cisco Secure ACS Configuration for ISDN Using TACACS+
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Example 13-6 shows the configuration of R1, which is the callback client.
Table of Contents
Example 13-6.
R1 Configuration from the show running-config
Index
Command
Publisher:
Cisco Press
service
timestamps
debug datetime msec
service
timestamps
ISBN:
1-58720-073-2log datetime msec
Pages: 528
!
hostname R1
BCRAN
exam.
!
!
exam concepts
username R2 password 0 cisco
ip subnet-zero
!
CCNP
no
ip Practical
domain Studies:
lookup Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
!
questions
by providing
isdn
switch-type
basic-ni
!
implementation
of the technology.
ip address 192.168.1.1
255.255.255.0
even
!
All
of the topics
interface
BRI0/0
preparation.
no ip address
encapsulation ppp

isdn tei-negotiation first-call
isdn spid1 6661 5555
Table of Contents
no cdp enable
Index
authentication
chap
Byppp
Wesley
!

interface
Dialer1
ISBN: 1-58720-073-2
Pages: 528 172.16.35.1 255.255.255.0
ip address
encapsulation ppp
dialer pool 1
dialerexam.
idle-timeout 60
BCRAN
dialer string 6666
dialer
exam
hold-queue
concepts 20
Experience how
dialer-group
1
no peer default ip address
no fair-queue
no cdp enable
ppp callback request
ppp chap hostname R1
ppp chap password 0 cisco
!
ip
classless
even
ip
route
0.0.0.0
0.0.0.0
BRI0/0BCRAN exam are covered, providing comprehensive exam
All of
the topics
on the
new 642-821
preparation.
no ip http server
!
line con 0
line aux 0
line vty 0 4
Table of Contents
Index

By
Wesley 13-4
Shuo, Dmitry
Bokotey
, Raymond
Morrow
, DeviprasadofKonda
Figures
and 13-5
illustrate
the
configuration
Cisco
Secure ACS required to complete this
Practical Exercise.
ISBN: 1-58720-073-2
Figure
Pages:
528 13-4. Cisco Secure ACS Configuration for ISDN Callback
BCRAN exam.
exam concepts
implementation
of the technology.
This step-by-step
process can befor
executed
a home- or
Figure 13-5.
Cisco Secure
ACS Configuration
ISDNonCallback
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
Prepare
the CCNP
642-821 BCRAN
exam
and
gaincallback
a better,
practical
understanding
of
Example
13-7for
shows
the configuration
of R2,
which
is the
server.
Notice
that with the
exam conceptsnetwork default group tacacs+ command, callback information is
aaa authorization
obtained from the TACACS+ server.
Example
13-7. R2 Configuration from the show running Command
service
timestamps
datetime
msec Self-Study) prepares readers for the CCNP 642CCNP Practical
Studies:debug
Remote
Access (CCNP
service
timestamps
msecguide of how to apply remote access concepts in a real
applications.
Designed log
as a datetime
topic-by-topic
no
service
questions
by password-encryption
!
hostname R2
!
even as a
enable
password
stand-alone
7 05080F1C2243
guide.
!
preparation.
aaa new-model
aaa authentication ppp default group tacacs+
aaa authorization network default group tacacs+
!
!
!
Table of Contents
Index
interface BRI0/0
no ip address
Pub Date: December
22, 2003
encapsulation
ppp
ISBN: 1-58720-073-2
dialer
rotary-group
5
Pages:
528
dialer-group 1
BCRAN exam.
no cdp
enable
exam
concepts
ppp Experience
authentication
chap access concepts work in a real network with practice labs that walk
how remote
!
ip address 192.168.2.1 255.255.255.0
BCRAN
duplex
auto
network
speed auto
essential
no cdp in
enable
concepts,
!
interface Dialer5
ip address 172.16.35.2 255.255.255.0
encapsulation ppp
preparation.
dialer in-band
dialer enable-timeout 5
dialer aaa
dialer-group 1
no peer default ip address
Table of Contents
ppp callback accept

Index
ppp authentication chap callin
!
ip Pub
tacacs
source-interface
FastEthernet0/1
Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528

!
Gain
hands-on experience
of CCNP Remote
Access topics with
labcisco
tacacs-server
host 192.168.2.10
single-connection
key
BCRAN exam.
tacacs-server directed-request
no ip http server
exam concepts
!
line con 0
line aux 0
line vty 0 4
preparation.
Summary
This chapter looked at the many ways you can configure AAA. You looked at the requirements for
configuring authentication, authorization, and accounting for your network devices. You
completed the chapter by configuring different AAA scenarios in the Practical Exercise. Table 13
Table
Contents
6 summarizes
theofcommands
you used in this chapter.
Index

Table 13-6. Summary of Commands Used in This Chapter
Command
ISBN: 1-58720-073-2
Description
Pages: 528
aaa new-model
Enables AAA on the router.
tacacs-server hostipaddress singleconnection
Indicates the address of the Cisco Secure ACS server and specifies
the use of the TCP single-connection feature of the Cisco Secure
ACS server. This feature improves performance by maintaining a
connection
thewith
life of
session for
between
the642-821
Gain hands-on experience of single
CCNP TCP
Remote
Access for
topics
labthe
scenarios
the new
network
access
server
and
the
Cisco
Secure
ACS
server
rather
than
BCRAN exam.
opening and closing TCP connections for each session, which is the
default behavior.
tacacs-server key key
Establishes the shared secret encryption key between the network
exam concepts
access server and the Cisco Secure ACS server.
Experience host
how ipremoteSpecifies
access concepts
work
in server.
radius-server
a RADIUS
AAA
you
through
their
implementation
address
radius-server
Review set-up
keyguides
key
that
Specifies
show you
an encryption
how to prepare
key toa be
labused
for study
with the RADIUS AAA
server.
ip tacacs sourceTo use the IP address of a specified interface for all outgoing
interface
interface-name
TACACS+
use the ip tacacs
source-interface
command
Access packets,
(CCNP Self-Study)
prepares
readers for the CCNP
642in
global
configuration
mode.
ip radius sourceTo force RADIUS to use the IP address of a specified interface for
interfaceinterface-name
all outgoing RADIUS packets, use the ip radius source-interface
global configuration command.
certification
exams. Finally, itSets
serves
wanting at
a guide
to global
real-world
application
of these
aaa authentication
AAAanyone
authentication
login in
configuration
mode.
If
concepts,
regardless
of certification
login {default
| listdefaultinterest.
is configured, when a user logs in, the listed authentication
name}method1
methods that follow this argument as the default list of methods
Each
chapter
includes a review
the applicable
technology,
and the
guides
reader through
[method2
[method3
areofused.
list-name is
used to name
list the
of authentication
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on aare
homeor
[method4]]]
methods activated when a user logs in. The methods
enable,
lab,
some
networking
simulation
software
programs,
line, local, group tacacs+, group radius, none, local-case,or
even as a stand-alone guide.and groupgroup-name.
preparation.
aaa authentication ppp

{default | list-name}
method1 [method2
[method3 [method4]]]
Specifies one or more AAA authentication methods for use on serial

interfaces that are running PPP in global configuration mode. If
default is configured, when a user logs in, the listed authentication
methods that follow this argument as the default list of methods
are used. list-name is used to name the list of authentication
methods activated when a user logs in. The methods are ifneeded, local, local-case, none, group radius, group tacacs+,
Table of Contents and groupgroup-name.
Index
login authentication
Enables AAA authentication for logins in line configuration mode.
aaa authorization exec

method1 [method2
[method3 [method4]]]
Used in global configuration mode for the EXEC process and the
method of authorization.
ISBN: 1-58720-073-2
aaa authorization
Pages: 528
network {default | listname}method1
[method2 [method3
[method4]]]
Used in global configuration mode for all network services,

including SLIP, PPP, and ARAP, and the method of authorization.
Gain
hands-on experience
of Enables
CCNP Remote
Access topics
with
lab scenarios
for theof
new
642-821
authorization
exec
AAA authorization
for
a specific
line or group
lines
in line
BCRAN
exam.
[default
| list-name]
configuration mode.
aaa accounting exec
Audits the EXEC process. start-stop sends a start accounting
{default
| list-name}
notice at
the beginning
of gain
a process
andpractical
a stop accounting
noticeofat
Prepare
for the CCNP 642-821
BCRAN
exam and
a better,
understanding
{start-stop
| stop-only the end of a process. The start accounting record is sent in the
exam concepts
|wait-start | none}
background. The requested user process begins regardless of
Experience
how remotewhether
access concepts
in a real
network
practice
labs
that walk
[broadcast]
group
the startwork
accounting
notice
was with
received
by the
accounting
group-name
server.stop-only sends a stop accounting notice at the end of the
requested user process. wait-start sends both a start and stop
Review set-up guides that
show you
how to
to the
prepare
a lab for
studyWith the wait-start
accounting
notice
accounting
server.
keyword, the requested user service does not begin until the start
Ready yourself for the new
simulation-based
questions on the
CCNP
exams notice is also
accounting
notice is acknowledged.
A stop
accounting
sent.
challenges
in at
implementing
access
aaaBCRAN
accounting
Audits all
commands
the specifiedremote
privilege
levelnetwork
(0 to 15).
applications.
commandslevel
network
setting,
{default
| list-name}
questions
by providing
{start-stop
| stop-only
essential
in preparing
|wait-start
| none} candidates for the new simulation-based questions that are on the Cisco
certification
exams.
[broadcast]
groupFinally, it serves anyone wanting a guide to real-world application of these
concepts,
group-name
aaa chapter
accounting
system
Audits
all applicable
system-level
events such
reload.
Each
includes
a review
of the
technology,
andas
guides
the reader through
implementation
{start-stoplab,
| stop-only
office-based
|wait-start
| none} guide.
even
as a stand-alone
[broadcast]group
group-name
All
preparation.
Review Questions
1:
What does AAA stand for?

Table of Contents
Index
What
are the two modes supported by AAA commands except for the aaa
CCNP Practical
Studies: Remote
Access
accounting
system
command?
2:
3:
Which protocol encrypts the entire body of the packetRADIUS or TACACS+?
4:
Which protocol encrypts only the password in the access request packet from the
client to the serverRADIUS or TACACS+?

ISBN: 1-58720-073-2
Pages:True
528 or false: RADIUS uses UDP, and TACACS+ uses TCP.
5:
6:
Which of the following commands are used for packet mode operation?
Gain hands-on
of CCNP Remote
Access topics
A. experience
aaa authentication
login default
groupwith
tacacs+
BCRAN exam.
Prepare
theauthentication
CCNP 642-821 BCRAN
exam and
gain tacacs+
B.foraaa
login default
group
exam concepts
aaa authorization exec default group tacacs+
you through
their
implementation
C. aaa
authentication
ppp default group tacacs+
Review set-up
that show
youdefault
how to prepare
a lab for study
aaa guides
authorization
exec
group tacacs+
Ready D.
yourself
questions
on the CCNP exams
aaa authentication
ppp default group
tacacs+
Remote Access
(CCNPdefault
Self-Study)
prepares
readers for the CCNP 642aaa authorization
network
group
tacacs+
preparation.
Chapter 14. Securing Remote-Access

Networks
of Contents
This
chapter Table
covers
Index
Cisco VPN Products

Virtual
Private22,
Networks
Pub
Date: December
2003
ISBN: 1-58720-073-2
Memory and CPU Considerations

Pages: 528
Monitoring and Maintaining IPSec

Troubleshooting
IKE of CCNP Remote Access topics with lab scenarios for the new 642-821
Gain hands-on
experience
BCRAN exam.
Quality of Service for Virtual Private Networks
Configuring
QoSCCNP
for VPN
Support
Prepare for the
642-821
exam concepts
Monitoring and Maintaining QoS for VPNs
Allowing
to access
your resources can open your network to a new set of security issues.
you users
through
You should consider allowing access to your network only when you have a valid and working
security
policy.
This guides
chapterthat
aims
to give
information
Review
set-up
show
you you
howthe
to prepare
a labnecessary
for studyto implement your
remote access as securely as required.
preparation.

Cisco implements the Internet Protocol Security (IPSec) protocol suite, as detailed in the open
standards developed by the Internet Engineering Task Force (IETF), to provide you with security
for the transmission of sensitive information over an unprotected network in both Cisco IOS and
Table software.
of Contents
the PIX's Finesse
Index
CCNP
Practical
Remote Access
Cisco's
IPSecStudies:
implementation
is based on RFC 2401, Security Architecture for the Internet
Protocol,
Internet
Draft,
with
Cisco
IOS IPSec
using Konda
RFC 1828, IP Authentication Using Keyed
, Deviprasad
MD5, and RFC 1829, The ESP DES-CBC Transform, for backward compatibility.
IPSec
operates at the network layer to provide protection and authentication of IP packets
Pub Date:
December
22, IPSec
2003 provides you with the following optional network security services.
between
IPSec
peers.
ISBN:
1-58720-073-2
They should be used in accordance with your local security policy:
Pages: 528
Data confidentiality Lets the IPSec sender encrypt packets before transmitting them
across a network.
Data integrity Lets the IPSec receiver authenticate packets sent by an IPSec sender to
Gain hands-on
experience
of CCNP
Remote
Access
topics
ensure that
the data has
not been
altered
during
transmission.
BCRAN exam.
Data origin authentication Lets the IPSec receiver authenticate the source of the IPSec
packets. This service is dependent on the data integrity service.
exam
concepts Lets the IPSec receiver detect and reject replayed packets.
Anti-replay
IPSec Architecture
IPSec provides you with the framework used to protect one or more data flows between IPSec
simulation-based
peers.Ready
IPSecyourself
consistsfor
of the
the new
following
two main protocols:
exam and header
for workplace
challenges
in implementing
remote
access network
Authentication
(AH)
Provides data
authentication
and optional
anti-replay
applications.
a topic-by-topic
guide
of how
to apply
remote
access concepts
servicesDesigned
by being as
embedded
in the data
to be
protected,
a full
IP datagram.
The AH in a real
network
setting,
this book
a CCNP
candidate
for Authentication
the general exam
security
protocol
is implemented
per the latest
version
of the IP
Header
questions
by providing
a better
understanding
how remotewith
access
Internet
Draft. It also
provides
backward of
compatibility
RFCreally
1828.works. It is also
certification
exams. Finally,
it serves
anyone
wanting
a guide
to privacy
real-world
application
of these
Encapsulating
Security
Payload
(ESP)
Provides
data
services,
optional
data
concepts,
regardless and
of certification
authentication,
anti-replayinterest.
services by encapsulating the data to be protected. The ESP
security protocol is implemented per the latest version of the IP Encapsulating Security
Each Payload
chapter includes
review
of the
applicable
technology,
and guides
reader
Internet aDraft.
It also
provides
backward
compatibility
withthe
RFC
1829.through
office-based
lab, a several
remote-accessible
lab,are
some
networking
simulation
software
programs,
or
IPSec implements
standards that
supported
by both
Cisco IOS
and the
PIX Firewall:
Provides
the framework
of open
standards
to provide
data confidentiality,
All of IPSec
the topics
on the new
642-821 BCRAN
exam
are covered,
providing
comprehensivedata
exam
integrity, and data authentication between participating peers. IPSec provides these
preparation.
security services at the IP layer. IPSec also uses the Internet Key Exchange (IKE) protocol
to handle negotiation of protocols and algorithms based on local policy and to generate the
encryption and authentication keys to be used by IPSec.
IKE A hybrid protocol that implements Oakley and SKEME key exchanges inside an
Internet Security Association and Key Management Protocol (ISAKMP) framework. IKE
provides the mechanism to authenticate the IPSec peers, negotiate IPSec security
associations (SAs), and establish the IPSec keys.
Message Digest 5 (MD5) A one-way hashing algorithm that produces a 128-bit hash
that, along with the Secure Hash Algorithm, is a variation of MD4, which is designed to
strengthen the security of this hashing algorithm.
Secure Hash Algorithm (SHA) A one-way hash published by the National Institute of
Table of Contents
Standards
and Technology (NIST). SHA is closely modeled after MD4 and produces a 160
Index
bit digest.
Because SHA produces a 160-bit digest, it is more resistant to brute-force
CCNP Practical
Remotehashes,
Access such as MD5, but it can be slower to compute.
attacks Studies:
than 128-bit
Data Encryption Standard (DES) An algorithm used to encrypt packet data. IKE
implements the 56-bit DES-CBC with Explicit IV standard. Cipher block chaining (CBC)
requires an initialization vector (IV) to start encryption. The IV is explicitly given in the
IPSec packet. Depending on which software version you are using, you also might be able
toISBN:
use1-58720-073-2
Triple DES (168-bit) encryption.
Pages: 528
Diffie-Hellman (D-H) A public-key cryptography protocol designed to allow two parties

to establish a shared secret over an unsecured communications channel. IKE uses D-H to
establish session keys.
RSA signatures
RSA
is a public-key
cryptographic
system
developedfor
bythe
Ron
Rivest,
Adi
Gain hands-on
experience
of CCNP
Remote Access
topics with
lab scenarios
new
642-821
Shamir,
and
Leonard
Adleman.
RSA
signatures
provide
nonrepudiation.
BCRAN exam.
Certification authority (CA) A third-party entity that has the responsibility of issuing
and
revoking
certificates.
Each BCRAN
device that
has
itsgain
ownacertificate
and theunderstanding
CA's public key
Prepare
for the
CCNP 642-821
exam
and
better, practical
of
can
authenticate
every
other
device
within
a
given
CA's
domain.
exam concepts
The following
sections
look ataccess
IPSec in
more detail.
Experience
how remote
concepts
Authentication
Header
The AH, shown in Figure 14-1, provides you with a mechanism to authenticate and verify the
integrity
of IP datagrams
passing
between
twoSelf-Study)
systems by prepares
applying readers
a keyed for
one-way
hash642CCNP Practical
Studies: Remote
Access
(CCNP
the CCNP
function
to
the
datagram
to
create
a
message
digest.
If
the
datagram
is
changed
in
any
821 BCRAN exam and for workplace challenges in implementing remote access network way
while
transiting
the network,
the receiver detects
when
it compares
message
digest
applications.
Designed
as a topic-by-topic
guide ofthis
how
to apply
remote the
access
concepts
in a real
value
it
comes
up
with
by
performing
the
same
one-way
hash
function
on
the
datagram
network setting, this book is useful in preparing a CCNP candidate for the general exam sent by
the
sender.
datagram's
authenticity
can beofguaranteed
because
one-way
questions
byThe
providing
a better
understanding
how remote
access the
really
works.hash
It is also
mechanism
requires
the
use
of
a
secret
shared
between
the
two
peers.
Figure
of the14-1.
applicable
AH technology,
Protocol and
Packet
preparation.
Table of Contents
Index

AH can require the receiver to set a bit in the header indicating that a packet has been sent to
facilitate anti-replay protection. If the replay bit is not used, an unauthorized user might be able
ISBN: 1-58720-073-2
to resend
the same packet many times.
Pages: 528
AH is applied to the entire datagram, with the exception of any IP header fields that might be
changed in normal operation while the datagram is in transition from one peer to the other.
ESP
BCRAN exam.
ESP provides confidentiality (encryption), data origin authentication, integrity, optional antireplay
service,for
and
flow
confidentiality.
shows
an ESP
packet.
Prepare
thelimited
CCNP traffic
642-821
BCRAN
exam and Figure
gain a 14-2
better,
practical
understanding
of
exam concepts
Figure 14-2. ESP Protocol Packet
ESP provides confidentiality by performing encryption at the IP packet layer through the use of
symmetric encryption algorithms. The default algorithm is 56-bit DES, but support for 168-bit
preparation.
3DES is also allowed. You may select to use confidentiality independent of any other services.
DES Algorithm
DES is used to encrypt and decrypt select packet data. DES does this by using an encryption
algorithm, based on a 56-bit key, to turn clear text into cipher text at the sending peer. DES also
turns the cipher-text back into clear text by using a decryption algorithm on the remote peer.
Both peers need shared secret keys to enable the encryption and decryption of the packets.
Triple DES Algorithm
Table of Contents
Index
3DES is an encryption
protocol based on 56-bit DES. 3DES is similar to DES in operation, except
CCNP
Practical
Studies:
Remote
Access
that each
64-bit
block
of data
is processed
three times, with an independent 56-bit key each

time.
3DES
doubles
the Morrow
encryption
strength
offered by 56-bit DES.
ByWesley
Shuoessentially
, Dmitry Bokotey
, Raymond
, Deviprasad
Konda
Advanced
Pub Date: December
Encryption
22, 2003
Standard
ISBN: 1-58720-073-2
The Advanced
Pages: 528 Encryption Standard (AES) feature, developed by NIST, lets you support the new
encryption standard, AES, with CBC mode. AES, developed to replace DES, is a privacy
transform for IPSec and IKE that provides a larger key size than DES. AES uses a 128-bit default
key, a 192-bit key, or a 256-bit key.
BCRAN exam.
IKE
IKE, often called ISAKMP, is a hybrid protocol designed to provide utility services to IPSec. These
services include authentication of the IPSec peers, negotiation of IKE and IPSec security
exam concepts
associations, and establishment of keys for encryption algorithms used by IPSec.
IKE key negotiation is done in two phases. Phase 1 is used to negotiate the IKE SA, or key,
between two IKE peers. This key lets IKE peers communicate securely during Phase 2. Phase 2 is
used Review
to negotiate
SAs,
or keys,
other
such
set-up
guides
that for
show
youapplications,
how to prepare
a as
labIPSec.
for study
PhaseReady
1 negotiation
one of two modes:
main mode
or aggressive
mode. Main mode
yourself occurs
for theusing
questions
on the
CCNP exams
protects all information during the negotiation. During main-mode negotiation, the identities of
the
two
peers are
hidden.
Main mode
one drawback:
requires readers
time to for
complete
its 642CCNP
Practical
Studies:
Remote
Accesshas
(CCNP
Self-Study)Itprepares
the CCNP
negotiations.
Aggressive
mode,
on
the
other
hand,
requires
less
time
to
negotiate
keys
821 BCRAN exam and for workplace challenges in implementing remote access networkbetween
peers.
Although
aggressive
accomplishes
same
result
as main
mode,
it gives
applications.
Designed
as a mode
topic-by-topic
guidethe
of how
toend
apply
remote
access
concepts
in aupreal
some
of
the
security
provided
by
main-mode
negotiation.
IKE
Phasein1preparing
can use three
methods
authenticate
its IPSec peer:
essential
candidates
fortothe
Preshared keys A key value entered into each peer manually (out of band) is used to
authenticate the peer.
RSA signatures Uses a digital certificate authenticated by an RSA signature.
even RSA
as a stand-alone
guide.
encrypted nonces
Uses RSA encryption to encrypt a nonce value (a random
number generated by the peer) and other values.
preparation.
IKE also uses a common value used by all authentication methodsthe peer identity (ID). Some
examples of the ID are
The peer's IP address
The peer's fully qualified domain name (FQDN)

You can create multiple, prioritized policies on each peer to ensure that at least one policy
matches the policy of a remote peer.
During the IKE negotiation process, IKE peers agree on the following parameters:
Table of algorithm
Contents
An encryption
Index
A hashing
algorithm
CCNP Practical
Studies:
Remote Access
An authentication method
Publisher:
Cisco Press
The lifetime
of the
SA
Table 14-1
each of the five security parameters used to define the IKE policy.
ISBN: defines
1-58720-073-2
Pages: 528
Table 14-1. IKE Security Parameters

Parameter
Accepted Values
Keyword Default Value
BCRAN
exam.
Encryption algorithm
56-bit DES-CBC
des
56-bit DES-CBC
168-bit DES
3des
168-bit DES
exam concepts
Hash algorithm
SHA-1 (HMAC variant) sha
SHA-1
MD5 (HMAC variant)
md5
Authentication
method
RSA
Review set-up
guides that show
yousignatures
how to prepare a rsa-sig
lab for studyRSA signatures
RSA encrypted questions
nonces rsa-encr
on the CCNP exams
Preshared
pre-share
(CCNP keys
D-H group identifier
768-bit D-H
1
768-bit DH
network setting, this book is useful 1024-bit
in preparing
D-Ha CCNP candidate
2
essential in preparing candidates for1536-bit
the newD-H
simulation-based
5 questions that are on the Cisco
Lifetime of
the security
number of
86400 seconds (one

concepts,
regardless
of certification Any
interest.
association
seconds
day)
even
as a and
stand-alone
guide. Modes
Tunnel
Transport
AH and ESP can be run in one of two modes: transport or tunnel. Figure 14-3 shows the packet
preparation.
layout of ESP in the two modes as compared to the packet's original format.
Figure 14-3. ESP Encryption and Authentication
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN
Each of exam.
these modes is discussed in the following sections.
Transport
Mode
exam concepts
Experience
how remote
access concepts
work in
a real
network
with practice
labs
that walk
Transport
mode protects
the upper-layer
protocols.
When
used
with IPv4,
as shown
in Figure
implementation
14-3 you
partthrough
(a), the their
ESP header
is inserted into the IP packet before the transport layer header. If
authentication is used, an ESP Authentication Data field is added immediately following the ESP
Review
set-upoccurs
guidesacross
that show
you how
to prepare
lab for study
trailer.
Encryption
the entire
transport
level asegment
plus the ESP trailer.
Authentication is used to authenticate all cipher text plus the ESP header. This format is shown
Ready
yourself
forWhen
the new
simulation-based
questions
on the
CCNP
inFigure
14-3
part (b).
used
with IPv6, the payload
is the
data
that exams
normally follows both
the IP header and any IPv6 extension headers that are present, with the possible exception of
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642the destination options header, which may be included in the protection.
applications.
as amode
topic-by-topic
guide of
how to apply between
remote access
concepts
You typically Designed
use transport
for end-to-end
communication
two hosts.
ESP in
in a real
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
exam
transport mode encrypts and optionally authenticates the IP payload but does not touch the IP
questions
by providing
a better
understanding
how remotethe
access
really works.
is also
header. When
AH is used
in transport
mode, it of
authenticates
IP payload
along It
with
select
essential
in
preparing
candidates
for
the
new
simulation-based
questions
that
are
on
portions of the IP header. All IPv4 packets contain a Next Header field used to identifythe
theCisco
certification
exams.
Finally,
it set
serves
anyone 50
wanting
a guide
to real-world
application
these
payload protocol.
This
field is
to decimal
for ESP
and decimal
51 for AH.
AH and of
ESP
concepts,
regardless
of
certification
interest.
headers also contain a Next Header field.
Each
chapter includes
a review
of the the
applicable
technology,
and guides
the reader
through in
Transport-mode
operation
eliminates
requirement
to implement
individual
mechanisms
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
each application to provide confidentiality if the application can take advantage of transport
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
mode. It can also be considered efficient, because it adds very little to the IP packet's total or
even
asBe
a stand-alone
guide.analysis is still possible with transport mode.
length.
aware that traffic
preparation.
Tunnel Mode
Tunnel mode encapsulates the entire IP packet within a second IP packet, ensuring that the
original packet cannot be changed during transport through the network. This essentially
"tunnels" the entire original, or inner, packet from one peer to the other without any device in
between having the need or capability to view the original packet. For ESP, this concept is
illustrated in Figure 14-3 part (c). A new IP header with the necessary routing information is
appended to the encapsulated block, containing the ESP header plus cipher text and
authentication data if present.
Because the new header does not generally contain the original IP source or destination address,
tunnel mode is used when one or both ends of an SA are a security gateway, such as a firewall
or router that implements IPSec, making traffic analysis impossible. One added benefit of tunnel
Table of Contents
mode is that any number of hosts behind the IPSec peer may participate in secure
Index
communications without having to be modified to implement IPSec. Their unprotected packets
are tunneled through external networks by tunnel-mode SAs set up by the IPSec process on the
By
Wesley
peers
transparently
to them.
Pub Date:
December 22, 2003
IPSec
Transform
Sets
ISBN: 1-58720-073-2
Pages: 528
A transform
set, a combination of individual IPSec transforms, is used to define a specific
security policy for your traffic. It is within this transform set that you establish which security
protocols and algorithms you will use for your secure communications. You have the option of
defining multiple transform sets. However, during the ISAKMP IPSec security association
negotiation that occurs in IKE phase 2 quick mode, the peers must agree on a matching
transform
set toexperience
protect a particular
data flow.
Gain hands-on
of CCNP Remote
BCRAN exam.
Transform sets combine the following IPSec factors:
Mechanism
for payload authentication AH transform
exam concepts
Mechanism
for remote
payload
encryption
ESP transform
Experience how
access
concepts work
IPSec mode Transport versus tunnel
Transform sets equal a combination of an AH transform plus an ESP transform plus the IPSec
modeReady
(eitheryourself
tunnel or
mode). Table 14-2
lists the on
acceptable
transform
fortransport
questions
the CCNP
exams sets you may
select from.
Tableunderstanding
14-2. IPSec
Transform
Sets
of how
remote access
preparation.
ESP Authentication
Transform
AHTransform
ESP Encryption Transform
(Pick up to one)
(Pick up to one)
Table of Contents
Index
Transform Description
(Pick up to one only if you

also selected the esp-des
transform [not esprfc1829])
CCNP
Practical Studies:
Remote
ah-md5AH with
the Accessesp-des
ESP with the 56-bit esp-md5hmac

MD5
(HMAC
DES encryption
hmac
Konda
variant)
algorithm
authentication
algorithm
ah-shaAH with the SHA esp-3des

ISBN: 1-58720-073-2
hmacPages: 528(HMAC variant)
authentication
algorithm
ESP with the 168bit DES encryption

algorithm
esp-shahmac
ESP with the

MD5 (HMAC
variant)
authentication
algorithm
ESP with the
SHA (HMAC
variant)
authentication
algorithm
ah-rfc1828 Older version of esp-null

Null encryption
Gain hands-onthe
experience
AH protocol
of CCNP Remote Access
algorithm
BCRAN exam. (per RFC 1828)
espOlder version of
rfc1829
the ESP
BCRAN exam
andprotocol
(per RFC 1829).
exam concepts
Does not allow an
Experience how remote access conceptsaccompanying
work in a real ESP
authentication
transform.
preparation.
Cisco VPN Products

Cisco offers many products that can give you the building blocks you need for your virtual
private network (VPN) solutions:
Table of Contents
Cisco PIX
500 series firewall
Index
Cisco security routers and switches
Cisco VPN 3000 series concentrators

Cisco
3000
Pub
Date: VPN
December
22,client
2003
ISBN: 1-58720-073-2
Each of these products is discussed further in the following sections.

Pages: 528
Cisco PIX 500 Series Firewall

The
PIX 500
series firewall
is a
reliable,
scalable,
functional
provides
the
GainCisco
hands-on
experience
of CCNP
Remote
Access
topics
with lab appliance
scenarios that
for the
new 642-821
following
benefits:
BCRAN exam.
Stateful
firewall
with per-application
filtering,
Java
blocking,
denial-of-service
Prepare for
the CCNP
642-821 BCRANcontent
exam and
gain a
better,
practical
understanding of
(DoS)
protection, intrusion detection, and time-based ACLs
exam concepts
Support
for how
L2TP/PPTP-based
services
suitable
for network
site-to-site
and remote-access
Experience
remote accessVPN
concepts
work
in a real
withVPNs
practice
labs that walk
VPNs
Triple
VPNguides
throughput
scalable
toto
100
Mbps a lab for study
ReviewDES
set-up
that show
you up
how
prepare
DoS
protection
against
mostsimulation-based
major types of attacks
Ready
yourself for
the new
BCRAN
exam and
for workplace
Cisco
Security
Routers
andchallenges
Switches
Cisco
has directly
integrated
security
functionality
intoremote
your network
through
questions
by providing
a better
understanding
of how
access infrastructure
really works. It
is also
enhanced
security
features
and
functionality
in
Cisco
routers
and
switches,
enabling
sophisticated
security
policy itenforcement
throughout
network.
Cisco IOS
software'sof these
Finally,
serves anyone
wanting the
a guide
to real-world
application
enhanced
VPN
software
features
include
the
following:
Quality of service (QoS) in the form of application-aware packet classification, congestion
management, packet queuing, and traffic shaping and policing
even Stateful
as a stand-alone
guide.
IOS firewall
with per-application content filtering and Java blocking, DoS
protection, intrusion detection, and time-based ACLs
preparation.
VPN resiliency through the use of dynamic route recovery using routing protocols through
IPSec secured generic routing encapsulation (GRE) tunnel, and dynamic tunnel recovery
using IPSec keepalives
Automated tunnel provisioning using IPSec tunnel endpoint discovery for large mesh
network deployments
Full Layer 3 routing and broad interface support
Cisco VPN 3000 Series Concentrators

The Cisco VPN 3000 series concentrators are remote-access VPN platforms that combine high
availability,
high
performance, and scalability with the most advanced encryption and
Table of Contents
authentication techniques available. Cisco VPN 3000 series concentrator features include the
Index
following:
High-performance, distributed-processing architecture using Cisco SEP modules to provide

hardware-based
Publisher:
Cisco Press encryption and large-scale tunneling support for IPSec, PPTP, and
L2TP/IPSec
connections.
ISBN: 1-58720-073-2
Scalability
with modular design, up to four expansion slots, with redundancy and system
Pages: 528
architecture
designed to provide consistent, high-availability performance. An all-digital
design offers high reliability and continuous 24-hour operation with runtime monitoring and
alerts.
Microsoft compatibility offers large-scale client deployment and seamless integration with
related systems.
Gain hands-on
BCRAN exam.
Security through support of current and emerging security standards allows for integration
of external authentication systems and interoperability with third-party products. Firewall
capabilities
through
filtering
and gain
address
translation
ensure
the required
Prepare for the
CCNPstateless
642-821packet
BCRAN
exam and
a better,
practical
understanding
of
security
for a corporate LAN.
exam concepts
High
availability
throughaccess
redundant
subsystems
multichassis
failover
capabilities
Experience
how remote
concepts
work in and
a real
network with
practice
labs that walk
ensure
maximum
system
uptime.
Robust
any standard
browser
HTTPS), as well as Telnet,
Review management
set-up guidesusing
that show
you how web
to prepare
a (HTTP
lab for or
study
Secure Telnet, SSH, or a console port.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Cisco
VPN 3000 Client
The
Ciscosetting,
VPN 3000
is useful
a software
package ayou
usecandidate
to providefor
secure
connectivity
network
thisclient
book is
in preparing
CCNP
the general
exam for
remote-access
VPNs,
including
support
for
e-commerce,
mobile
user,
and
telecommuting
applications.
Some of its
features for
include
the simulation-based
following:
candidates
the new
Compatibility with most of the major operating systems, including Windows, Linux, Solaris,
Macintosh
Each and
chapter
Complete implementation of IPSec standards, including DES and Triple DES encryption
Authentication through digital certificates, one-time password tokens, and preshared keys
preparation.
Virtual Private Networks

A VPN can be thought of as a private network you deploy on top of a shared infrastructure that
employs the same security, management, and throughput policies you apply to your private
network. You currently have three main VPN solutions to choose from:
Table of Contents
Index
AccessStudies:
VPN Remote
Used to
provide
CCNP Practical
Access
remote access to an enterprise customer's intranet or

extranet
over
a
shared
infrastructure.
Access VPNs use analog, dial, ISDN, digital
subscriber line (DSL), mobile IP, and cable technologies to securely connect mobile users,
telecommuters, and branch offices.
Pub
Date: DecemberVPN
22, 2003Used
Site-to-site
to link enterprise customer headquarters, remote offices, and

branch
ISBN: 1-58720-073-2
offices to an internal network over a shared infrastructure using dedicated
connections.
Intranet VPNs differ from extranet VPNs in that they are designed to allow
Pages: 528
access only to the enterprise customer's employees instead of access to everyone.
Extranet VPN Used to link outside customers, suppliers, partners, or communities of

interest to an enterprise customer's network over a shared infrastructure using dedicated
connections. Extranet VPNs differ from intranet VPNs in that they allow access to users
Gain hands-on
experience
outside the
enterprise.
BCRAN exam.
exam concepts
preparation.
Memory and CPU Considerations

Running IPSec can affect your device's memory usage and CPU utilization. There are several
reasons that IPSec packets might be processed slower than packets that are processed through
classic crypto:
Table of Contents
Index
IPSec introduces
packet
expansion,
CCNP Practical
Studies: Remote
Access
which is more likely to require fragmentation and the

corresponding
reassembly
of
IPSec
datagrams.
Encrypted packets probably will be authenticated, which means that two cryptographic
for every packet.
Publisher:
Cisco Press
operations
are performed
The
authentication
ISBN:
1-58720-073-2 algorithms can be slow.
Pages: 528
In addition, the D-H key exchange used in IKE is an exponentiation of very large numbers
(between 768 and 1024 bytes) and can take several seconds to compute on some platforms.
RSA performance is dependent on the size of the prime number chosen for the RSA key pair.
For each router, the SA database takes approximately 300 bytes of memory, plus an additional
Gainbytes
hands-on
experience
of CCNP
Remote
Access
topics
labconnection
scenarios requires
for the new
120
of memory
for each
SA stored
in it.
Because
anwith
IPSec
two642-821
SAs,
BCRAN
exam.and one outbound, 540 bytes of memory are required. Each IKE SA entry requires
one
inbound
approximately 64 bytes of memory for storage.
for the
BCRAN
exam andfor
gain
a better, practical
TherePrepare
might also
be aCCNP
small642-821
decrease
in performance
unencrypted
packetsunderstanding
going through of
an
exam
concepts
interface that is doing crypto, because all packets are checked against the crypto map. There
should be no performance impact on packets traversing the router that avoid an interface doing
crypto.
preparation.
Monitoring and Maintaining IPSec

Certain configuration changes you make take effect only when you negotiate subsequent SAs. If
you want your new settings to take effect immediately, you must clear the existing SAs so that
they will be renegotiated with the new configuration. When using manually established SAs, you
Table
of Contentsthem, or your changes will never be picked up. If the peer is actively
must clear and
reinitialize
Index
processing IPSec traffic, you can selectively clear only the portion of the SA database that is
CCNP
Practical
Studies:
Remote Access
affected
by your
configuration
changes.
You can use one of the following commands to clear and reinitialize IPSec SAs:
ISBN: 1-58720-073-2
Pages: 528
R1(config)#clear
crypto
of sa
BCRAN exam.
R1(config)#clear crypto sa peer {ip-address | peer-name}
Prepare for the crypto
CCNP 642-821
R1(config)#clear
sa mapmap-name
exam concepts
R1(config)#clear crypto sa entrydestination-address protocol spi
You can use one or more of the following commands to view information about your IPSec
configuration.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642This command displays your transform set configuration:
R1#show
crypto
transform-set
office-based
lab, aipsec
remote-accessible
preparation.
This command displays your crypto map configuration:
R1#show crypto map [interfaceinterface | tagmap-name]
Table of Contents
Index
This
command displays information about IPSec SAs:

ISBN: 1-58720-073-2
Pages: 528
R1#show crypto ipsec sa [mapmap-name | address | identity] [detail]

BCRAN exam.
This command displays information about dynamic crypto maps:
exam concepts
R1#show crypto dynamic-map [tagmap-name]
questions
by providing
betterSA
understanding
This
command
displaysaglobal
lifetime values:
All
of the topics
the new
642-821 BCRAN exam lifetime
R1#show
cryptoonipsec
security-association
preparation.

You can use the following commands to clear IKE connections.
To display existing IKE connections, taking note of the connection identifiers for connections you
Table
Contents
want to clear,
useofthis
command:
Index


ISBN: 1-58720-073-2
Pages: 528
R1#show crypto isakmp sa
Use
thisexam.
command to clear an IKE connection:
BCRAN
exam concepts
R1#clear crypto isakmp [connection-id]
preparation.
Troubleshooting IKE
You can use the following commands to troubleshoot IKE.
This command displays the parameters for each configured IKE policy:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages:
528
R1#show
crypto
isakmp policy
This
all of
current
SAs: Access topics with lab scenarios for the new 642-821
Gain command
hands-on displays
experience
CCNPIKE
Remote
BCRAN exam.
exam concepts
Review
set-up
guidessa
R1#show
crypto
isakmp
This command displays the crypto map configuration:
R1#show crypto map
preparation.
This command verifies an IKE configuration:
Table of Contents
Index
This command displays debug messages about IKE events:


ISBN: 1-58720-073-2
Pages: 528
R1#debug crypto isakmp

BCRAN exam.
exam concepts
preparation.
QoS for Virtual Private Networks

By implementing QoS, you can grant the appropriate service levels to your mission-critical
applications. Because remote-access users do not usually care about the network topology or the
high level of security/encryption or firewalls that handle their traffic, your solution must be able
Contents
to give themTable
whatofthey
do care about: an acceptable response time for their applications.
Index
CCNP
Studies: Remote
Access
Your Practical
users' acceptance
levels
for delays will vary, depending on the application they are using at
the
time.
What
is
an
acceptable
level
of delay
for FTP
might not meet with the same acceptance
Morrow
, Deviprasad
Konda
when accessing a database or running voice over IP.
Cisco Press
QoSPublisher:
gives you
the mechanisms necessary to give your users this level of performance. QoS is a
Pub
Date:
December
22,ensure
2003
vital tool designed to
that all applications coexist and function at acceptable levels of
ISBN:
1-58720-073-2
performance. The primary QoS features you will be concerned with, especially when dealing with
VPNs,Pages:
are as
528
follows:
Packet classification using committed access rate (CAR)

Bandwidth management by policing with CAR, shaping with Generic Traffic Shaping/Frame
Gain hands-on
experience
CCNP Remote
topicsallocation
with lab scenarios
Relay Traffic
Shaping of
(GTS/FRTS),
andAccess
bandwidth
with WFQ for the new 642-821
BCRAN exam.
Congestion avoidance using WRED
Prepare
forof
the
CCNPpriority
642-821
BCRAN
gain3 a
better,
understanding of
Continuity
packet
over
Layerexam
2 andand
Layer
VPNs
withpractical
tag
exam
concepts
switching/Multiprotocol Label Switching (MPLS)
how remote
accessinconcepts
work sections.
Each Experience
of these features
is discussed
the following
Packet Classification
The end result of packet classification efforts is to group packets based on your predefined
CCNP
Remote
Access
(CCNP Self-Study)
for the
CCNP 642criteriaPractical
so that Studies:
the resulting
groups
of packets
can then be prepares
subjectedreaders
to specific
packet
821
BCRAN
exam
and
for
workplace
challenges
in
implementing
remote
access
network
treatments. This can include faster forwarding by intermediate devices or reducing the
applications.
a topic-by-topic
guide of
of lack
how of
to buffering
apply remote
accessItconcepts
probability ofDesigned
a packet'sasbeing
dropped because
resources.
is often in a real
network
setting,
this
book
is
useful
in
preparing
a
CCNP
candidate
for
the
general
necessary that your traffic be classified before tunneling and encryption, because aexam
tunnel
questions
by providing
understanding
of how
access
really
works.invisible
It is alsoto
header appended
to an aIPbetter
packet
might make the
QoSremote
markings
in the
IP header
essential
in preparing
intermediate
routers/switches.
concepts,
regardless
of can
certification
interest.
With
classification,
you
base decisions
on a number of match criteria before your traffic
leaves:
office-based
IP addresses
IP precedencethe 3 bits in the type of service (ToS) field of the IP packet header
preparation.
URL and sub-URL
MAC addresses
Time of day
As soon as your packets are classified based on your match criteria, the next step is to mark, or
color, the packets with a unique ID to ensure that your classification is honored from end to end.
The easiest way to do this is to set the IP ToS field in the header of an IP datagram. This
marking of packets is the means you use to ensure that downstream QoS features, such as
scheduling and queuing, are used for the proper treatment of the packets you have marked.
Differentiated services let network traffic receive premium treatment at the expense of other
Table of
Contents
less-critical traffic
on
the same WAN link.
Index
Bandwidth Management
Publisher:
Cisco Presstraffic has been classified, the next step is to ensure that it receives the
After
your selected
Pub Date:
December
2003
special
treatment
it22,
requires
from the devices. You do this through the use of queuing and
scheduling.
ISBN: 1-58720-073-2
Pages: 528
You have the choice of two different implementations of Weighted Fair Queuing (WFQ):
Flow-based WFQ Packet classification is based on a flow. Each flow is placed in a
separate output queue. When your packet is identified as belonging to a particular flow, it
Gain hands-on
experience
of CCNP
Remote
Access
topics
with lab scenarios
for theanew
642-821
is placed in
the associated
queue.
During
times
of congestion,
WFQ allocates
portion
of
BCRAN
theexam.
available bandwidth for use by each active queue.
Class-based WFQ Packets receive the functionality of WFQ with user-defined traffic
Prepare
CCNP
642-821
andsuch
gain mechanisms
a better, practical
understanding
of
classes. for
Youthe
create
these
trafficBCRAN
classesexam
through
such as
access control
exam
concepts
lists. After the traffic is classified, you can assign it a fraction of the output interface
bandwidth.
Traffic
Shaping
Review
Ready
yourself
for shape
the new
simulation-based
onof
the
CCNP
exams to enforce a
Traffic
shaping
lets you
Layer
3 traffic into aquestions
desired set
rate
parameters
maximum traffic rate. Its end result is a smooth traffic stream at the IP layer through the use of
CCNP
Practical Studies:
Remote
(CCNP
Self-Study)
prepares
traffic-shaping
queues based
on Access
the Service
Level
Agreement
(SLA).readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
applications.
Designed
topic-by-topic
guide
of how
tocan
apply
concepts
a real
Traffic
shaping
is basedas
onathe
concept that
bursty
traffic
be remote
queued,access
causing
the TCPinsender
network
setting,
this
is useful
in preparing
a CCNP
candidate
for the general
exam
to
back off
its rate
of book
sending,
ultimately
ensuring
that future
transmissions
conform
to your
questions
desired
rate.
Selecting a Traffic Policer Versus a Traffic Shaper
implementation
of drop
the technology.
Thisand
step-by-step
beexcess
executed
on to
a homeor
Policing is used to
excess traffic,
shaping is process
used to can
allow
traffic
be queued.
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
Shaping can be a better choice where applications are concerned, because shaped traffic does
even
as
a
stand-alone
guide.
not require a retransmission (dropped traffic does). In this case, Generic Traffic Shaping (GTS)
might be the better tool.
preparation.
Be
aware that excessive shaping can result in very deep queues on the shaping device. This
might cause the sender to retransmit because of a perceived delay. Policing/dropping of excess
traffic is the better choice for IP multicasts or TCP-based traffic related to non-mission-critical
applications.
Congestion Avoidance
Congestion avoidance is the ability to recognize and act on congestion in the output direction of
an interface in an attempt to reduce or minimize the effects of that congestion.
Congestion produces unwanted effects on a VPN and should be avoided if possible. Tools such as
Weighted Random Early Detection (WRED), an implementation of the Random Early Detection
Table of
(RED) algorithm,
letContents
you differentiate between treatment of traffic by adding per-class queue
Index
thresholds that
determine when packet drops will occur. These thresholds can be configured by
CCNP
the user.
Packet dropping is based on the ideal that adaptive flows such as TCP will back off and
retransmit when they detect congestion. By monitoring the average output queue depth and by
dropping
packets from selected flows, WRED tries to prevent the ramp-up of too many TCP
Pub Date:
December
22, 2003
sources
at once.
Without
WRED, TCP synchronization might result.
ISBN: 1-58720-073-2
WREDPages:
works
by dropping packets from low-priority traffic before it drops packets from high528
priority traffic. WRED allows you to select up to six such traffic classes.
QoS for VPN Tunnels

BCRAN
exam.
One issue
you might face when implementing QoS in a VPN tunnel is the requirement that the
QoS parameter you normally find in the header of the IP packet needs to be reflected in the
tunnel packet header regardless of the type of tunnel you choose to use. The four primary
tunneling protocols used with VPNs are
exam concepts
Experience
how remote
access
Layer 2 Tunneling
Protocol
(L2TP)
IPSec
Layer 2 Forwarding (L2F)
GRE
exam and
challenges
in implementing
remote
access network
L2TP
is commonly
usedfor
forworkplace
node-to-node
applications,
with the tunnel
terminating
at the edge of
applications.
Designed
asisa based
topic-by-topic
guide of how
to apply
remote
access
concepts
in a real
the
user's network.
L2TP
on an IETF-based
standard
that
merges
Cisco's
L2F tunnel
network with
setting,
this book
CCNP candidate
for the
general
exam security
protocol
Microsoft's
Point-to-Point
Tunnelinga Protocol
(PPTP). L2TP
uses
third-party
questionssuch
by providing
understanding
of how remote
access really
Itprimarily
is also
schemes
as IPSec a
tobetter
provide
security to packet-level
information.
L2TPworks.
is used
essential
with
PPP traffic.
concepts,
regardless
of on
certification
GRE
tunnels
are based
RFC 1702,interest.
which allows any protocol to be tunneled inside an IP
packet. You can encapsulate data using either IPSec or GRE, both of which can copy the IP ToS
Each
chapter
includes
review into
of the
values
from the
packetaheader
theapplicable
tunnel header.
office-based
lab,
someendpoints
networking
software
programs,
or
This allows devices
between GRE-based
tunnel
to simulation
adhere to the
precedence
bits you
even
as
a
stand-alone
guide.
set, improving the routing of premium-service packets. This also gives you the means to use
QoS technologies such as policy routing, WFQ, and WRED on intermediate devices between GRE
All
of the
tunnel
endpoints.
preparation.
IETF Differentiated Services

Differentiated Services, or DiffServ (DS), can redefine the IP ToS byte into a DiffServ byte (the
DS byte). The DS byte relays a packet's required QoS level. It is also used to classify packets.
DS uses per-hop behaviors (PHBs) to enable common QoS behaviors in the network. The aim is
to provide the basis for standards-based QoS in a VPN from end to end.
Committed Access Rate
Table both
of Contents
CAR implements
classification services and policing through rate limiting. You can use
Index
CAR's classification services to set the IP precedence for packets entering your network. This
CCNP
Practical
Remote
allows
you toStudies:
partition
yourAccess
network
into multiple priority levels or classes of service. Networking

devices
your Bokotey
network
can then
use,Deviprasad
the assigned
IP precedence values to determine how to
By
Wesley within
Shuo, Dmitry
, Raymond
Morrow
Konda
treat the traffic. You can use the 3 precedence bits in the ToS field of the IP header to define up
to six
classes of service.
Your policies can be based on physical port, source or destination IP or MAC address, application
ISBN: 1-58720-073-2
port, IP
protocol type, or other criteria that can be specified by access lists or extended access
Pages:
528have the option of classifying packets by categories that are external to the
lists. You
also
networkfor example, by customer. After a packet has been classified, a network can either
accept or override and reclassify the packet according to a specified policy. CAR includes
commands you can use to classify and reclassify packets.
BCRAN
exam.
Custom
Queuing
Custom
queuing
is designed
toBCRAN
handle exam
trafficand
by specifying
the number
packets or bytes
Prepare
for (CQ)
the CCNP
642-821
gain a better,
practicalofunderstanding
of
to be exam
serviced
for
each
class
of
traffic.
It
services
the
queues
in
a
round-robin
fashion,
sending
concepts
only the allocated portion of bandwidth for each queue before moving to the next queue. If a
queueExperience
is empty, the
moves
toconcepts
the next work
queueinand
sends
packets
from
it, assuming
it
howdevice
remote
access
a real
network
with
practice
labs thatthat
walk
has packets
ready
to
send.
WhenReview
you enable
CQguides
on an that
interface,
the system
creates and
maintains
set-up
show you
how to prepare
a lab
for study17 output queues for
that interface. You have the option of configuring queues 1 through 16 by associating a
configurable
Ready yourself
byte count,
for the
specifying
how many bytes
questions
of data to
onsend
the CCNP
beforeexams
moving to the next
queue.
Queue
0 is aexam
reserved
and system
for workplace
queue challenges
and is emptied
in implementing
before any ofremote
the other
access
queues
network
are
applications.
processed.
The
Designed
system as
queue
a topic-by-topic
is used for high-priority
guide of howpackets,
to applysuch
remote
as keepalive
access concepts
packetsin
and
a real
network setting,
signaling
packets.
this
Other
book
traffic
is useful
cannot
in preparing
use this queue.
For
queues
through 16,
the system
cycles
the queuesquestions
sequentially,
theCisco
essential
in 1preparing
candidates
for the
newthrough
simulation-based
that sending
are on the
configured
byte
count
from
each
queue
in
each
cycle,
delivering
packets
in
the
current
queue
certification exams. Finally, it serves anyone wanting a guide to real-world application of
these
before
moving
on
to
the
next
one.
When
a
particular
queue
is
being
processed,
packets
are sent
until the number of bytes sent exceeds the queue byte count or the queue is empty. You can
Each chapter
specify
the bandwidth
includes a review
particular
of the
queue
applicable
can usetechnology,
indirectly by
and
specifying
guides the
a byte
reader
count
through
and queue
implementation
length.
CQ is statically
of the technology.
configured and
Thisdoes
step-by-step
not automatically
process can
adapt
be to
executed
changing
on network
a home- or
conditions.
The bandwidth that a custom queue is allocated is determined by the following formula:
(queue byte count / total byte count of all queues) * the interface's bandwidth capacity
preparation.
where bandwidth capacity equals the interface bandwidth minus the bandwidth for priority
queues.
Priority Queuing
Priority queuing (PQ) is used to define how traffic is prioritized in your network. You can
configure up to four traffic priorities with a series of filters based on packet characteristics to
place traffic in these four queues. The queue with the highest priority is serviced first until it is
empty, and then the lower queues are serviced in sequence.
TablePQ
of Contents
This means that
gives priority queues absolute preferential treatment over low-priority
Indexare classified based on criteria you specify and are placed in one of the four
queues. Packets
CCNP
Practical
Studies: Remote
Access
output
queueshigh,
medium,
normal, or lowbased on your assigned priority. Packets that
you
do
not
classify
by
priority
are
the normal
queue.
ByWesley Shuo, Dmitry Bokotey, Raymondplaced
Morrow,in
Deviprasad
Konda
You can set a queue's maximum length by defining the length limit. When a queue is longer than
Cisco Press
the Publisher:
queue limit,
all additional packets are dropped.
A priority
ISBN:
list
1-58720-073-2
defines a set of rules on how packets are assigned to priority queues. A priority list
can also
define
Pages: 528 a default priority or the queue size limits of the various priority queues.
You can classify packets by the following criteria:
Protocol or subprotocol type
BCRAN
Incoming
exam. interface
Packet size
exam concepts
Fragments
Access list how remote access concepts work in a real network with practice labs that walk
Experience
Keepalive packets sourced by the device are always assigned to the high-priority queue. You
must Review
specifically
set-up
configure
guides all
that
other
show
management
you how to prepare
traffic into
a lab
queues.
for study
Packets that are not
classified by the priority list mechanism are assigned to the normal queue.
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Frame
Relay
Shaping
821 BCRAN
examTraffic
and for workplace
Frame
Relay
Traffic
on existing
support
of congestion
control
by adding
network
setting,
thisShaping
book is (FRTS)
useful inbuilds
preparing
a CCNP
candidate
for the general
exam
capabilities
improve
a Frame
Relay network's
scalability
performance,
increasing
questions bythat
providing
a better
understanding
of how
remoteand
access
really works.
It is alsothe
density
and improving
response
essentialofinVCs
preparing
candidates
for thetime.
FRTS
can be
used to of
eliminate
bottlenecks
in Frame Relay networks that have high-speed
concepts,
regardless
certification
interest.
connections at your central site and low-speed connections at your branch sites. You can
configure
rateincludes
enforcement,
a peak
rate
configured
to limit outbound
traffic,
to set athrough
limit on the
Each chapter
a review
of the
applicable
technology,
and guides
the reader
rate
at which data
is sent
down a VC
at step-by-step
your central site.
implementation
of the
technology.
This
By
using
you canguide.
configure rate enforcement to either the committed information rate
even
as aFRTS,
stand-alone
(CIR) or some other defined value, such as the excess information rate on a per-VC basis. This
ability
allows
you
share
medium
with multiple
Bandwidth
can be
allocated to each
All of the
topics
ontothe
newthe
642-821
BCRAN
exam areVCs.
covered,
providing
comprehensive
exam
VC,
essentially creating a virtual time-division multiplexing (TDM) network.
preparation.
You also can define PQ, CQ, and WFQ at the VC or subinterface level to achieve finer granularity
in the prioritization and queuing of traffic, giving you more control over the traffic flow on an
individual VC. If you combine per-VC queuing and rate enforcement with CQ, your VCs can carry
multiple traffic types, such as IP, SNA, and Internetwork Packet Exchange (IPX), with a
bandwidth guaranteed for each traffic type.
By using backward explicit congestion notification (BECN)-tagged packets, FRTS can dynamically
throttle traffic by holding packets in the router's buffers to reduce the data flow from the router
into the Frame Relay network. The throttling is done on a per-VC basis. The transmission rate is
adjusted based on the number of BECN-tagged packets received.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Configuring QoS for VPN Support

You can configure the QoS for VPNs feature only on tunnel and virtual template interfaces and in
crypto map configuration submodes.
TableGRE
of Contents
When used with
and IP-in-IP (IPIP) tunnel protocols, you configure QoS on the tunnel
Index QoS for VPNs a configuration option on a per-tunnel basis.

interface, making
When
used with the L2F and L2TP protocols, you apply the configuration to the virtual template
interface. L2TP clients belonging to identical virtual private dialup network (VPDN) groups inherit
the preclassification setting. This feature can be configured on a per-VPDN tunnel basis.
Date:tunnels,
DecemberQoS
22, 2003
For Pub
IPSec
is applied in the crypto map, allowing configuration on a per-tunnel
basis. QoS
ISBN: features
1-58720-073-2
on the physical interface on which the crypto map is configured apply
classification
to the packets before encryption is applied.
Pages: 528
You can use the following commands to configure the QoS for VPNs feature on a tunnel or virtual
interface basis.
To enter interface configuration mode and specify the tunnel or virtual interface to configure, use
Gain
this command:
BCRAN exam.
exam concepts
R1(config)#interface [tunnel-name | virtual-template-name]
applications.
Designed
as a topic-by-topic
guide
Use
this command
to enable
the QoS for VPNs
feature:
even
as a stand-alonepre-classify
guide.
R1(config-if)#qos
preparation.
You can use the following commands to configure the QoS for VPNs feature on a crypto map
configuration basis.
To enter crypto map configuration mode and specify a previously defined crypto map to
configure, use this command:
Table of Contents
Index
R1(config)#crypto map [map-name]


This command
enables the QoS for VPNs feature:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R1(config-if)#qos pre-classify
exam concepts
preparation.
Monitoring and Maintaining QoS for VPNs

You can use the following commands to monitor and maintain the QoS for VPNs feature.
To display information on the tunnel or the virtual template, including the queuing strategy, use
Table of Contents
this command:
Index


ISBN: 1-58720-073-2
Pages: 528
R1#show interfaces [tunnel-name | virtual-template-name]
This
command
BCRAN
exam. displays information on the crypto map:
exam concepts
R1#show crypto map [map-name]
preparation.
Scenarios
The scenarios presented in this chapter help you gain a more complete understanding of
configuring IPSec through practical application. You will go through the necessary configuration
tasks in their logical progression. The scenarios cover the following topics:
Table of Contents
Index
DefiningStudies:
IKE parameters
CCNP Practical
Remote Access
Defining IPSec transform sets

Scenario
14-1: Defining IKE Parameters
ISBN: 1-58720-073-2
Pages: 528
In this scenario, you define two IKE proposals. The first uses DES, MD5, preshared keys, D-H
group 1, and a lifetime of 600 seconds. The second proposal uses 3DES, SHA, RSA signatures,
D-H group 2, and a lifetime of 1 day.
Step 1. Identify the policy to create:
BCRAN exam.
exam concepts
R1(config)#crypto isakmp policypriority
2. Specify
encryption
algorithm
to use:
CCNP Step
Practical
Studies:the
Remote
Access
(CCNP Self-Study)
R1(config-isakmp)#encryption
implementation of the technology. 3des
All of the
topics
on thethe
newhash
642-821
BCRAN
Step
3. Specify
algorithm
to use:
preparation.
R1(config-isakmp)#hash {sha | md5}
Step 4.
Specify the authentication method:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
R1(config-isakmp)#authentication {rsa-sig | rsa-encr | pre-share}
Step 5. Specify the D-H group to use:

BCRAN exam.
exam concepts
R1(config-isakmp)#group
{1 show
| 2} you how to prepare a lab for study
CCNP Step
Practical
6. Specify
Studies:the
Remote
lifetime,
Access
in seconds,
(CCNP Self-Study)
for the security
prepares
association:
implementation
of the technology.
R1(config-isakmp)#lifetime
seconds
preparation.
Example 14-1 shows the commands you can use to complete this scenario.
Example 14-1. Defining IKE Proposals
R1(config)#crypto isakmp policy 10

R1(config-isakmp)#hash md5
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 1
Table of Contents
Index
600
R1(config-isakmp)#exit
R1(config)#crypto
isakmp policy 20
R1(config-isakmp)#encryption 3des
ISBN: 1-58720-073-2
Pages: 528
R1(config-isakmp)#hash
sha
R1(config-isakmp)#authentication rsa-sig
86400
BCRAN exam.
exam concepts
Experience
howDefining
remote access
concepts
work in a Sets
real network with practice labs that walk
Scenario
14-2:
IPSec
Transform
In this scenario, you define two transform sets. The first, named set1, uses the authentication
SHA HMAC variant using transport mode. The second, named set2, uses the 3DES encryption
algorithm with the SHA authentication algorithm using tunnel mode.
Follow these steps to define your transform set:
Step 1. Define your transform set:
R1(config)#crypto ipsec transform-set transform-set-name transform1
[transform3]]
All[transform2
of the topics on
preparation.
Step 2. Optionally define the mode to use with the transform set:
R1(cfg-crypto-tran)#mode [tunnel | transport]
Table of Contents
Index

ByWesley Shuo
, Dmitry
Bokotey
, Raymond Morrow
, Deviprasad
Konda
Example
14-2
shows
the commands
necessary
on R1
to complete this scenario.
Example
14-2.22,
Defining
IPSec Transform Sets
Pub Date: December
2003
ISBN: 1-58720-073-2
Pages: 528
R1(config)#crypto ipsec transform-set set1 ah-sha-hmac

R1(cfg-crypto-tran)#mode transport
Gain
R1(cfg-crypto-tran)#exit
BCRAN exam.
R1(config)#crypto ipsec transform-set set2 esp-3des esp-sha-hmac
R1(cfg-crypto-tran)#mode
tunnel
exam concepts
preparation.
Practical Exercise 14-1: IPSec Router-to-Router

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution
to see how you did and to see what concepts you might need to review.
TableExercise,
of Contents
In this Practical
you will configure your R1 router to initiate an IPSec router-to-router
connection toIndex
R2. IKE will use an MD5 hash along with preshared keys. R1 will always initiate
CCNP
Practical
Studies: the
Remote
the tunnel
between
twoAccess
routers and will be configured to initiate in aggressive mode. R2 will
use
a
dynamic
crypto
map
to
accept
the tunnel
parameters
from R1, although it could also have
Morrow
, Deviprasad
Konda
a standard LAN-to-LAN tunnel configuration applied.
Background
Information
ISBN: 1-58720-073-2
Pages: 528
You are the administrator of R1. You need to configure a LAN-to-LAN connection to R2, as shown
inFigure 14-4.
Figure 14-4. IPSec Router-to-Router Topology
BCRAN exam.
exam concepts
Task 1: Verify Compatibility with Existing Access Lists

To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass
through them.
Task
2:inDefine
IKE
Parameters
essential
preparing
candidates
concepts,
interest.
Stepregardless
1. At the of
R1certification
console, provide
all the configuration required to set the following IKE
settings:
office-based-lab,
a remote-accessible
Define
an ISAKMP policy.
- Set the ISAKMP keepalive interval.
preparation.- Define the ISAKMP peer and aggressive mode.
Step 2. At the R2 console, provide all the configuration required to set the following IKE
settings:
- Define an ISAKMP policy.
- Set the ISAKMP keepalive interval.

- Define the ISAKMP peer and key.
Task 3: Define IPSec Parameters
Table
of Contents
Step 1.
At the
R1 console, provide all the configuration required to set the following IPSec
Index
settings:

- Define a route to the peer network.
Publisher: Cisco
Press
- Define
a crypto access list.
- Define an
ISBN: 1-58720-073-2
IPSec transform set.
Pages: 528
- Define the IPSec crypto map.
- Associate the crypto map to the Ethernet 0 interface.

Step 2. At the R2 console, provide all the configuration required to set the following IPSec
settings:
BCRAN exam.
Prepare
for the an
CCNP
642-821
BCRAN
- Define
IPSec
transform
set.exam and gain a better, practical understanding of
exam concepts
- Define a dynamic IPSec crypto map.
you through
their
- Define
theimplementation
IPSec crypto map.
Review- set-up
guides
show
you
to prepare
a lab for study
Associate
the that
crypto
map
to how
the Ethernet
0 interface.
preparation.

The following is a step-by-step discussion of the Practical Exercise solution.
Table of Contents
Task
1 Solution
Index
IKE uses UDP port 500. The IPSec ESP and AH protocols use protocol numbers 50 and 51. You
must ensure that any existing access lists you might already have configured do not block
protocol 50, 51, and UDP port 500 traffic at any interface used by IPSec. In some cases you
Publisher:
Press
might
need Cisco
to reconfigure
an existing access list to explicitly permit this traffic.
ISBN: 1-58720-073-2
528
TaskPages:
2 Solution
settings:
Gain hands-on
Define anexperience
ISAKMP policy:
BCRAN exam.
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-isakmp)#authentication
pre-share
821 BCRAN exam and for workplace challenges
essential
Set
the ISAKMP
in preparing
keepalive
candidates
interval:
preparation.
R1(config)#crypto isakmp keepalive 30 5
Define the ISAKMP peer and aggressive mode:

R1(config)#crypto
Table of Contents
isakmp peer address 100.133.12.2
Index
R1(config-isakmp)#set
password cisco123
CCNP Practical Studies: Remoteaggressive-mode
Access
R1(config-isakmp)#set aggressive-mode client-endpoint ipv4-address

100.133.12.1
ISBN: 1-58720-073-2
Pages: 528
settings:
Define an ISAKMP policy:
BCRAN exam.
exam concepts
Set the ISAKMP keepalive interval:
R2(config)#crypto
keepalive
30exam
5
All of the topics on theisakmp
new 642-821
BCRAN
preparation.
Define the ISAKMP peer and key:
R2(config)#crypto isakmp key cisco123 address 100.133.12.1
Table of Contents
Index

Task 3 Solution
settings:

ISBN: 1-58720-073-2
Pages: 528
Define a route to the peer network:
BCRAN exam.
exam concepts
R1(config)#ip
route 0.0.0.0 0.0.0.0 100.133.12.2
Define a crypto access list:
permit
ip 1.1.1.0
2.2.2.0 application
0.0.0.255 of these
certification exams. Finally, 100
it serves
anyone
wanting a0.0.0.255
guide to real-world
Define
an IPSec of
transform
set:
implementation
the technology.
preparation.
R1(config)#crypto ipsec transform-set myset esp-3des esp-md5-hmac
Define the IPSec crypto map:
Table of Contents
Index

R1(config)#crypto map mymap 1 ipsec-isakmp

R1(config-crypto-m)#set
peer 100.133.12.2
ISBN: 1-58720-073-2
transform-set myset
Pages: 528
R1(config-crypto-m)#match address 100
Gain
hands-on
experience
ofthe
CCNP
Remote
Associate
the crypto
map to
Ethernet
0 interface:
BCRAN exam.
exam concepts
R1(config-if)#crypto map mymap
network
setting,
book
is useful
in preparing
a CCNP candidate
for the
general
exam
Step
2. At this
the R2
console,
provide
all the configuration
required
to set
the following
IPSec
questions
settings:
certification
it serves
Defineexams.
a routeFinally,
to the peer
network:
preparation.
R1(config)#ip route 0.0.0.0 0.0.0.0 100.133.12.1
Define an IPSec transform set:
Table of Contents
Index
R2(config)#crypto ipsec transform-set myset esp-3des esp-md5-hmac

Define
Publisher:
a dynamic
Cisco Press
IPSec crypto map:
ISBN: 1-58720-073-2
Pages: 528
BCRAN
exam.
R2(config)#crypto
dynamic-map mymap 10
R2(config-crypto-m)#set transform-set myset
exam concepts
Define
thethrough
IPSec crypto
map:
you
R2(config)#crypto
mainmap
1 ipsec-isakmp
dynamicaccess
mymapreally works. It is also
questions by providingmap
a better
understanding
of how remote
Associate the crypto map to the Ethernet 0 interface:
preparation.
R2(config-if)#crypto map mainmap
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 14-2: Three Full-Mesh IPSec Routers

TableExercise,
of Contents
In this Practical
you are the administrator of a set of routersR1, R2, and R3and you
are required Index

to configure an IPSec VPN between them. The VPNs are required to provide
CCNP
Practical between
Studies: Remote
Access
redundancy
the sites
in case of a line failure. You are required to have connectivity
between
the
networks
behind
each
of a router's
twoKonda
peers. Encryption is to be done as follows:
, Deviprasad
Publisher:
Cisco Press160.160.160.x
From network
to network 170.170.170.x
From
160.160.160.x to network 180.180.180.x
ISBN: network
1-58720-073-2
Pages: 528
From network 170.170.170.x to network 180.180.180.x
Background Information
You
will exam.
configure a VPN between three routers, as illustrated in Figure 14-5.
BCRAN
exam concepts
Figure 14-5. Three Full-Mesh IPSec Routers Topology
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
To
run IKE and
IPSec, you
to ensure guide
that any
existing
access
lists are
compatible
with
applications.
Designed
as aneed
topic-by-topic
of how
to apply
remote
access
concepts
in aboth
real
protocols.
Any
existing
access
lists
must
allow
the
ports
required
by
IKE
and
IPSec
to
pass
through
questionsthem.
concepts,
of certification
interest.
Task
2: regardless
Define IKE
Parameters
settings:
preparation.- Define the ISAKMP peer and key.
settings:

settings:
-Table
Define
the ISAKMP peer and key.
of Contents
Index
Task
Define
IPSec
Parameters
ByWesley3:
Shuo
, Dmitry Bokotey
, Raymond
settings:

ISBN: 1-58720-073-2
Pages: 528
- Define
a route to the peer network.
- Define a crypto access list.

- Define an IPSec transform set.
BCRAN exam.
settings:
exam concepts
settings:
certification -exams.
anyone
Define Finally,
a route ittoserves
the peer
network.
implementation
of the
This step-by-step
- Define
antechnology.
IPSec transform
set.
guide.
- Define the
IPSec crypto map.
All of the topics
on the new
642-821
BCRAN
are covered,
- Associate
the crypto
map
to theexam
Ethernet
0 interface.
preparation.

Table of Contents
Task
1 Solution
Index
Publisher:
Press
might
need Cisco
to reconfigure
ISBN: 1-58720-073-2
528
TaskPages:
2 Solution
settings:
Gain hands-on
Define anexperience
ISAKMP policy:
BCRAN exam.
exam concepts
network
Define
the
setting,
ISAKMP
this
peer
book
and
is useful
key: in preparing a CCNP candidate for the general exam
preparation.
settings:
Table of Contents
Index

By
, Raymond
Morrow
R2(config)#crypto
isakmp
policy
1 ,Deviprasad Konda
R2(config-isakmp)#authentication
pre-share
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Step 3.
At the for
R3 the
console,
provide all the configuration
required
to set
the following IKE
Ready
yourself
questions on
the CCNP
exams
settings:
Defineexam
an ISAKMP
and forpolicy:
office-based
R3(config)#crypto
isakmp policy lab,
1 some networking simulation software programs, or
preparation.
R3(config)#crypto
Table of Contents
isakmp key cisco123 address 100.133.123.2
Index

Task
Publisher:
3 Solution
Cisco Press
Step
ISBN: 1-58720-073-2
1. At the R1 console, provide all the configuration required to set the following IPSec
settings:
Pages: 528
BCRAN exam.
exam concepts
R1(config)#ip
route
170.170.170.0
255.255.255.0
100.133.123.2
Experience how
remote
access concepts
work in a real
R1(config)#ip route 180.180.180.0 255.255.255.0 100.133.123.3
Each
the applicable
technology, and
guides the
reader through
170 ofpermit
ip 160.160.160.0
0.0.0.255
170.170.170.0
office-based
0.0.0.255lab, a remote-accessible lab, some networking simulation software programs, or
R1(config)#access-list 180 permit ip 160.160.160.0 0.0.0.255 180.180.180.0
preparation.
0.0.0.255

Table of Contents
R1(config)#crypto
ipsec transform-set 170cisco esp-des esp-md5-hmac
Index
CCNP
R1(cfg-crypto-trans)#exit
R1(config)#crypto ipsec transform-set 180cisco esp-des esp-md5-hmac

ISBN: 1-58720-073-2

Pages: 528
BCRAN exam.
642-821
R1(config)#crypto
map mymap
17BCRAN
ipsec-isakmp
exam concepts
R1(config-crypto-m)#set peer 100.133.123.2
transform-set 170cisco
Review set-up guides that address
show you170
how to prepare a lab for study
R1(config-crypto-m)#match
R1(config-crypto-m)#exit
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config)#crypto
mymap 18 challenges
ipsec-isakmp
821 BCRAN exam andmap
for workplace
network setting, this book is peer
useful 100.133.123.3
transform-set
180cisco
address
180
interest.
Associate
thelab,
crypto
map to the Ethernet
interface:
office-based
a remote-accessible
lab,0some
preparation.
settings:
Table of Contents
Index

ISBN: 1-58720-073-2
Pages: 528
R2(config)#ip route 160.160.160.0 255.255.255.0 100.133.123.1

R2(config)#ip route 180.180.180.0 255.255.255.0 100.133.123.3
BCRAN exam.
exam concepts
160 Access
permit(CCNP
ip 170.170.170.0
0.0.0.255
160.160.160.0
readers
0.0.0.255Designed as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
180 understanding
permit ip 170.170.170.0
180.180.180.0
of how remote 0.0.0.255
access really
works. It is also
0.0.0.255exams. Finally, it serves anyone wanting a guide to real-world application of these
certification
implementation
the technology.
Define an IPSec of
transform
set:
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
R2(config)#crypto
Pages: 528
map mymap 16 ipsec-isakmp
R2(config-crypto-m)#set transform-set 160cisco
address 160
BCRAN exam.
R2(config)#crypto
exam concepts map mymap 18 ipsec-isakmp
Experience how remote peer
access100.133.123.3
R2(config-if)#crypto
map
mymap BCRAN exam are covered, providing comprehensive exam
642-821
preparation.
settings:
Table of Contents
Index
R3(config)#ip route 160.160.160.0 255.255.255.0 100.133.123.1

By
Wesley Shuo, Dmitry
Bokotey
, Raymond Morrow255.255.255.0
, Deviprasad Konda
R3(config)#ip
route
170.170.170.0
100.133.123.2

DefineISBN:
a crypto
access list:
1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
0.0.0.255
0.0.0.255
DefinePractical
CCNP
an IPSecStudies:
transform
Remote
set: Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
implementation
of theipsec
technology.
This step-by-step
process
can be
R3(config)#crypto
transform-set
160cisco
esp-des
esp-md5-hmac
even
All
of the topics on theipsec
new 642-821
BCRAN exam
are covered,
providing
comprehensive exam
R3(config)#crypto
transform-set
170cisco
esp-des
esp-md5-hmac
preparation.
Table of Contents
peer 100.133.123.1
Index
ISBN: 1-58720-073-2
R3(config)#crypto
Pages: 528
address 170
BCRAN exam.
Associate
crypto map to the Ethernet 0 interface:
examthe
concepts
BCRAN exam and forethernet
workplace0challenges in implementing remote access network
network
setting, this bookmap
is useful
mymapin preparing a CCNP candidate for the general exam
preparation.
Practical Exercise 14-3: IPSec Router-to-Router Hub and

Spoke
Table
of and
Contents
to see how you
did
to see what concepts you might need to review.
Index
In this
Practical
Exercise,
you
are the administrator of a set of routersR1, R2, R3, and R4. You
CCNP
Practical
Studies:
Remote
Access
are
required
to
configure
an
IPSec
VPN between them. R1 is your hub router, and the remaining
routers form spokes around it. You will define a single crypto map on the hub router, specifying
the networks behind each of its three peers. The crypto maps on each of the spoke routers
specify
the network behind the hub router. Encryption will be done between the following
networks:
ISBN: 1-58720-073-2
Pages: 528

BCRAN exam.
exam
concepts
You will
configure
a VPN between a hub-and-spoke router configuration, as illustrated in Figure
14-6.
Review
set-up
guides
that show
you how to prepareHub-and-Spoke
a lab for study
Figure
14-6.
IPSec
Router-to-Router
Topology
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
To
run IKE and
IPSec, you
to ensure guide
that any
existing
access
lists are
compatible
with
applications.
Designed
as aneed
topic-by-topic
of how
to apply
remote
access
concepts
in aboth
real
protocols.
Any
existing
access
lists
must
allow
the
ports
required
by
IKE
and
IPSec
to
pass
through
questionsthem.
concepts,
of certification
interest.
Task
2: regardless
Define IKE
Parameters
settings:
settings:

settings:
-Table
Define
the ISAKMP peer and key.
of Contents
Index
settings:


ISBN: 1-58720-073-2
Pages: 528

settings:
BCRAN exam.
- Define
crypto
access BCRAN
list.
Prepare
for the aCCNP
642-821
exam concepts
settings:
Ready
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Define
a route
to the peer
network.
821 BCRAN -exam
and
for workplace
challenges
it serves
Define Finally,
the IPSec
crypto anyone
map. wanting a guide to real-world application of these
Each chapter
a review
ofprovide
the applicable
technology, and
guidestothe
throughIPSec
Step 3.includes
At the R3
console,
required
setreader
the following
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
settings:
preparation.- Define a crypto access list.
settings:

of Contents
-Table
Define
an IPSec transform set.
Index
CCNP Practical-Studies:
Access
Define Remote
the IPSec
crypto
map.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Table of Contents
Task
1 Solution
Index
Publisher:
Press
might
need Cisco
to reconfigure
ISBN: 1-58720-073-2
528
TaskPages:
2 Solution
settings:
Gain hands-on
Define anexperience
ISAKMP policy:
BCRAN exam.
exam concepts
network
Define
the
setting,
ISAKMP
this
peer
book
and
is useful
key: in preparing a CCNP candidate for the general exam
preparation.
settings:
Table of Contents
Index

R2(config)#crypto
Publisher: Cisco Press isakmp policy 1
pre-share
ISBN: 1-58720-073-2
Pages: 528

BCRAN exam.
exam concepts
Step 3.
At the for
R3 the
console,
required
to set
the following IKE
Ready
yourself
questions on
the CCNP
exams
settings:
Defineexam
an ISAKMP
and forpolicy:
office-based
R3(config)#crypto
isakmp policy lab,
1 some networking simulation software programs, or
preparation.
Table of Contents
Index
CCNP Practical
Step 4.
Studies:
At theRemote
R4 console,
Access
provide all the configuration required to set the following IKE

settings:

ISBN: 1-58720-073-2
Pages: 528
R4(config)#crypto
isakmp policy 1
BCRAN exam.
exam concepts
Experience
how
remote
Define
the ISAKMP
peer
and key:
network
setting, this book
is useful
in preparing
a CCNP100.133.123.1
R4(config)#crypto
isakmp
key cisco190
address
Each
Taskchapter
3 Solution
office-based
lab,
remote-accessible
lab,all
some
simulation
or
Step 1.
At a
the
R1 console, provide
the networking
configuration
required software
to set theprograms,
following IPSec
even as
a
stand-alone
guide.
settings:
preparation.
R1(config)#ip route 170.170.170.0 255.255.255.0 100.133.123.2

R1(config)#ip route 180.180.180.0 255.255.255.0 100.133.123.3
R1(config)#ip route 190.190.190.0 255.255.255.0 100.133.123.4
Table of Contents
Index

By
WesleyaShuo
, Dmitry
Bokotey
Define
crypto
access
list:,Raymond Morrow,Deviprasad Konda
ISBN: 1-58720-073-2
Pages: 528

BCRAN
exam.
0.0.0.255
exam concepts
0.0.0.255
0.0.0.255
DefinePractical
CCNP
an IPSecStudies:
transform
Remote
set: Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
implementation
of theipsec
technology.
This step-by-step
process
can be
R1(config)#crypto
transform-set
170cisco
esp-des
esp-md5-hmac
even
All
of the topics on theipsec
new 642-821
BCRAN exam
are covered,
providing
comprehensive exam
R1(config)#crypto
transform-set
180cisco
esp-des
esp-md5-hmac
preparation.
Table of Contents
Index

By
Raymond17
Morrow
, Deviprasad Konda
R1(config)#crypto
map ,mymap
ipsec-isakmp
peer 100.133.123.2
ISBN: 1-58720-073-2
Pages: 528

BCRAN
exam.
peer 100.133.123.3
exam concepts
peer
100.133.123.4
show
transform-set
190cisco
simulation-based
190 Self-Study) prepares readers for the CCNP 642CCNP Practical Studies: Remoteaddress
Access (CCNP
questions the
Associate
by providing
crypto map
a better
to the understanding
Ethernet 0 interface:
All
of the topics on the new
ethernet
preparation.
settings:
Table of Contents
Index

R2(config)#ip route 160.160.160.0 255.255.255.0 100.133.123.1

ISBN: 1-58720-073-2
DefinePages:
a crypto
access list:
528
BCRAN exam.
exam concepts
0.0.0.255
R2(config)#crypto
ipsec
transform-set
concepts, regardless of
certification
interest. 170cisco esp-des esp-md5-hmac
office-based
lab, a
remote-accessible
Define the IPSec
crypto
map:
preparation.

Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on experiencemap
of CCNP
mymapRemote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
settings:
Define
a route
to implementation
the peer network:
you
through
their
R3(config)#ip
route a160.160.160.0
255.255.255.0
100.133.123.1
of how remote
preparation.

0.0.0.255
Table of Contents
Index


ISBN: 1-58720-073-2
528
DefinePages:
the IPSec
crypto map:
BCRAN exam.
R3(config)#crypto
exam concepts map mymap 18 ipsec-isakmp
access100.133.123.1
map
mymap BCRAN exam are covered, providing comprehensive exam
642-821
preparation.
settings:
Table of Contents
Index
R3(config)#ip route 160.160.160.0 255.255.255.0 100.133.123.1

Define
Publisher:
a crypto
Cisco access
Press
list:
ISBN: 1-58720-073-2
Pages: 528
BCRAN
exam.
190 permit ip 190.190.190.0 0.0.0.255 160.160.160.0
0.0.0.255
exam concepts
Define
anthrough
IPSec transform
set:
you
R3(config)#crypto
transform-set
esp-des
esp-md5-hmac
questions by providingipsec
a better
understanding190cisco
of how remote
access
preparation.


Associate the crypto map to the Ethernet 0 interface.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
ethernet 0
BCRAN exam.
exam concepts
preparation.
Practical Exercise 14-4: IPSec Between Three Routers

Using Private Addresses
Table
of and
Contents
to see how you
did
Index
In this
Practical
Exercise,
you
are the administrator of a set of routersR1, R2, and R3and you
CCNP
Practical
Studies:
Remote
Access
are
required
to
configure
an
IPSec
VPN between them. You will configure your routers so that
they form a full mesh with connectivity to the private networks behind each peer router.
Background
Information
ISBN: 1-58720-073-2
Pages: 528
You will configure a VPN between three routers with private networks, as illustrated in Figure 147.
Gain
hands-on
experience
of Between
CCNP Remote
AccessRouters
topics withUsing
lab scenarios
for the
new 642-821
Figure
14-7.
IPSec
Three
Private
Addresses
BCRAN exam.
exam concepts
preparation.
protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass
through them.
Task 2: Create Network Address Translation
Table of Contents
Index
settings:
- Define traffic to undergo NAT.

- Define an access list for NAT.

ISBN: 1-58720-073-2
- Define the
NAT route map.
Pages: 528
- Define the NAT interfaces.

settings:
BCRAN exam.
- Define the NAT route map.
exam concepts
settings:
network setting,
thisthe
book
is useful
- Define
NAT
interfaces.
Task
3: regardless
Define IKE
Parameters
concepts,
of certification
interest.
Each chapter
a review
ofprovide
the applicable
technology, and
guidestothe
throughIKE
Step 1.includes
At the R1
console,
required
setreader
the following
implementation
of
the
technology.
This
step-by-step
process
can
be
executed
on
a
homeor
settings:
settings:

settings:

Table of Contents
Index
Task
4: Define IPSec Parameters
settings:

ISBN: 1-58720-073-2
- Define
Pages: 528
a crypto access list.

Gain hands-on
experience
CCNPmap
Remote
Access
topics
- Associate
theof
crypto
to the
Ethernet
0 interface.
BCRANStep
exam.
settings:
exam concepts
Experience
howan
remote
concepts
- Define
IPSecaccess
transform
set. work in a real network with practice labs that walk
Ready
yourself
questions on
the CCNP
exams
Step 3.
At the for
R3 the
console,
required
to set
the following IPSec
settings:
applications.- Designed
as a topic-by-topic
Define a crypto
access list. guide of how to apply remote access concepts in a real
questions by- providing
better
understanding
Define an aIPSec
transform
set. of how remote access really works. It is also
it serves
Define Finally,
the IPSec
crypto anyone
map. wanting a guide to real-world application of these
preparation.

Table of Contents
Task
1 Solution
Index
Publisher:
Press
might
need Cisco
to reconfigure
ISBN: 1-58720-073-2
528
TaskPages:
2 Solution
settings:
Gain hands-on
experience
of CCNP
Define traffic
to undergo
NAT:Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
R1(config)#ip nat inside source route-map nonat interface Serial0 overload
Define
an access
examlist
andfor
for
NAT:
office-based
some networking
simulation
150 deny lab,
ip 192.168.1.0
0.0.0.255
192.168.2.0
0.0.0.255
preparation.
R1(config)#access-list 150 deny ip 192.168.1.0 0.0.0.255 192.168.3.0
0.0.0.255
R1(config)#access-list 150 permit ip 192.168.1.0 0.0.0.255 any
Define the NAT route map:
Table of Contents
Index

R1(config)#route-map nonat permit 10

R1(config-route-map)#match
ip address 150
ISBN: 1-58720-073-2
Pages: 528
Define the NAT interfaces:
BCRAN exam.
exam concepts
R1(config)#interface serial0
R1(config-if)#ip
you through their
natimplementation
outside
R1(config-if)#exit
Ready yourself for the
ethernet0
CCNP
Practical Studies:
R1(config-if)#ip
natRemote
insideAccess (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
settings:
Define traffic to undergo NAT:
preparation.
Define an access list for NAT:
Table of Contents
Index
R2(config)#access-list 150 deny ip 192.168.2.0 0.0.0.255 192.168.1.0

0.0.0.255
Pub Date: December 22, 2003 150 deny ip 192.168.2.0 0.0.0.255 192.168.3.0
ISBN: 1-58720-073-2
0.0.0.255
Pages: 528
Gain
hands-on
Define
the NAT experience
route map:of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
R2(config-route-map)#match ip address 150
network
Define
the
setting,
NAT interfaces:
preparation.
R2(config-if)#exit
R2(config)#interface ethernet0
settings:
Define Table
traffic
to undergo NAT:
of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Define an access list for NAT:

BCRAN exam.
exam concepts
150 show
deny you
ip how
192.168.3.0
192.168.1.0
to prepare0.0.0.255
a lab for study
0.0.0.255
150 Access
deny ip
192.168.3.0
0.0.0.255
192.168.2.0
(CCNP
Self-Study)
prepares readers
0.0.0.255Designed as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
150 understanding
permit ip 192.168.3.0
0.0.0.255
any works. It is also
of how remote
access really
preparation.

R3(config-route-map)#match ip address 150
Table of Contents
Index

2003
R3(config-if)#ip
nat
outside
ISBN: 1-58720-073-2
R3(config-if)#exit
Pages: 528
BCRAN exam.
TaskPrepare
3 Solution
exam concepts
Step 1. At how
the R1
console,
provide
all the
configuration
required
to set
the following
Experience
remote
access
concepts
work
in a real network
with
practice
labs thatIKE
walk
settings:
Review
Define set-up
an ISAKMP
guides
policy:
serves anyone
R1(config)#crypto
isakmpit policy
4
even
asthe
a stand-alone
guide.
Define
ISAKMP peer
and key:
preparation.

Table of Contents
settings:
Index
CCNP Practical
Remote
Access
Define Studies:
an ISAKMP
policy:

ISBN: 1-58720-073-2
Pages: 528

pre-share
Gain hands-on experience of CCNP Remote
BCRAN exam.
Prepare
for thepeer
CCNP
642-821
Define
the ISAKMP
and
key: BCRAN exam and gain a better, practical understanding of
exam concepts
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R2(config)#crypto
key cisco1234
100.228.202.154
821 BCRAN exam andisakmp
for workplace
challengesaddress
in implementing
R2(config)#crypto
isakmp
key cisco1234
100.232.202.210
is useful
in preparingaddress
a CCNP candidate
Stepregardless
3. At the of
R3certification
console, provide
concepts,
interest.
settings:
Define an of
ISAKMP
policy:
implementation
the technology.
preparation.
Table of Contents
Index

R3(config)#crypto
key cisco1234 address 100.232.202.210
Pub Date: December 22,isakmp
2003
ISBN: 1-58720-073-2
R3(config)#crypto
isakmp key cisco1234 address 200.154.17.130
Pages: 528
Task
4 Solution
Gain hands-on
BCRAN exam.
settings:
exam concepts
permit ipguide
192.168.1.0
0.0.0.255
applications. Designed as a 105
topic-by-topic
of how to apply
remote192.168.2.0
0.0.0.255
questions
permit
ip 192.168.1.0
0.0.0.255
192.168.3.0
certification exams. Finally, 106
it serves
anyone
wanting a guide
to real-world
0.0.0.255
even
asan
a IPSec
stand-alone
guide.
Define
transform
set:
preparation.
R1(config)#crypto ipsec transform-set encrypt-des esp-des
Table of Contents
Index


Pub Date: December 22,map
2003 combined local-address serial0
R1(config)#crypto
ISBN: 1-58720-073-2
R1(config)#crypto
map combined 20 ipsec-isakmp
Pages: 528
R1(config-crypto-m)#set transform-set encrypt-des
BCRAN exam.
R1(config)#crypto
exam concepts map combined 30 ipsec-isakmp
access200.154.17.130
BCRAN
exam
and
for to
workplace
challenges
Associate
the
crypto
map
the Ethernet
0 interface:
R1(config-if)#crypto map combined
preparation.
settings:
Table of Contents
Index

ByWesley
0.0.0.255
106 permit ip 192.168.2.0 0.0.0.255 192.168.3.0
0.0.0.255
ISBN: 1-58720-073-2
Pages: 528

BCRAN exam.
exam concepts
R2(config)#crypto
ipsecthat
transform-set
show you how1600_box
to prepareesp-des
a lab for study
DefinePractical
CCNP
the IPSec
Studies:
crypto Remote
map: Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
implementation
of themap
technology.
This
step-by-step process
R2(config)#crypto
combined
local-address
serial0
even
as a stand-alonemap
guide.
R2(config)#crypto
combined 7 ipsec-isakmp
All
of the topics on the new 642-821
peer 100.232.202.210
preparation.
R2(config-crypto-m)#set transform-set 1600_box
R2(config)#crypto map combined 8 ipsec-isakmp

R2(config-crypto-m)#set transform-set 1600_box
Table of Contents
Index
Associate
the,Dmitry
cryptoBokotey
map ,to
the Ethernet
interface:
ByWesley Shuo
Raymond
Morrow,0
Deviprasad
Konda
ISBN: 1-58720-073-2
Pages: 528
map combined
BCRAN exam.
Step concepts
exam
settings:
you
through
theiraccess
implementation
Define
a crypto
list:
questions
of how remote
access really
works. It is also
105 understanding
permit ip 192.168.3.0
0.0.0.255
192.168.1.0
certification
0.0.0.255exams. Finally, it serves anyone wanting a guide to real-world application of these
0.0.0.255
Define
an IPSec transform set:
preparation.

R3(config)#crypto ipsec transform-set 1600_box esp-des
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
R3(config)#crypto map combined local-address serial0

BCRAN
exam.
peer 100.232.202.210
exam concepts
peer
200.154.17.130
show
transform-set
1600_box
simulation-based
105 Self-Study) prepares readers for the CCNP 642CCNP Practical Studies: Remoteaddress
Access (CCNP
questions the
Associate
by providing
crypto map
a better
to the understanding
Ethernet 0 interface:
All
of the topics on the new
ethernet
preparation.
R3(config-if)#crypto map combined
Practical Exercise 14-5: IPSec/GRE with NAT

TableExercise,
of Contents
In this Practical
you are the administrator of a set of routers, R1 and R2, along with a
Index
Cisco PIX. You
are required to configure a GRE tunnel with encryption between the routers so
CCNP
Practical
Remote
that you
can Studies:
pass IPX
trafficAccess
across the firewall, which is also running NAT.
Background
Information
You will
configure
a GRE tunnel with encryption between two routers with a firewall in the
ISBN:
1-58720-073-2
middle,
as
illustrated
in Figure 14-8.
Pages: 528
Figure 14-8. IPSec/GRE with NAT

BCRAN exam.
exam concepts
preparation.
Task 1: Configure PIX

Step 1. At the PIX console, provide all the configuration required to enable traffic flow to
and from the PIX firewall:
Table of Contents
Index
- Assign addresses to the interfaces.
ByWesley Shuo-, Dmitry

DefineBokotey
NAT. ,Raymond Morrow,Deviprasad Konda
- Associate
Publisher: Cisco
Press
a global statement to NAT.
- Define the static services allowed from the external network.
ISBN: 1-58720-073-2
Pages: 528
- Define
the traffic allowed into the network.
- Define routing for the PIX traffic.
Gain
experience
Taskhands-on
2: Configure
IPX
BCRAN exam.
Step 1. At the R3 console, provide all the configuration required to configure an IPX
network:
Prepare
exam concepts
- Enable
routing.
Experience
how IPX
remote
Step 2.set-up
At theguides
R8 console,
provide
thetoconfiguration
to configure an IPX
Review
that show
you all
how
prepare a labrequired
for study
network:
- Enable
IPXRemote
routing.Access (CCNP Self-Study) prepares readers for the CCNP 642CCNP Practical
Studies:
Assign addresses
to the interfaces.
as a topic-by-topic
essential
Task
3:inConfigure
IP
concepts,
interest.
Stepregardless
1. At the of
R3certification
console, provide
all the configuration required to configure an IP
network:
office-based-lab,
a remote-accessible
Assign
addresses to the lab,
interfaces.
even as
a
stand-alone
guide.
Step 2. At the R8 console, provide all the configuration required to configure an IP
network:
preparation.
Task 4: Configure the Tunnel
Step 1. At the R3 console, provide all the configuration required to configure the tunnel
interface:
- Assign the tunnel source.

- Assign the tunnel destination.
Table of Contents
- Define static routing for the tunnel.

Index
interface:
- Assign
Publisher: Cisco
Press
the tunnel source.
- Assign the tunnel destination.
ISBN: 1-58720-073-2
Pages: 528
- Define
static routing for the tunnel.
Task 5: Configure NAT on R8

BCRAN exam.
interface:
- Identify traffic for NAT to apply to.
exam concepts
- Define the type of NAT to use.
- Apply NAT to the appropriate interfaces.
yourselfIKE
for the
TaskReady
6: Define
Parameters
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Step 1. At the R3 console, provide all the configuration required to set the following IKE
settings:
Define an aISAKMP
policy.
it serves
Define Finally,
the ISAKMP
peeranyone
and key.
concepts,
interest.
Stepregardless
2. At the of
R8certification
console, provide
settings:
office-based-lab,
a remote-accessible
Define
an ISAKMP policy.
preparation.

settings:

of Contents
-Table
Associate
the crypto map to the Ethernet 0 interface.
Index
Step 2.
At the R8 console, provide all the configuration required to set the following IPSec
CCNP Practical
settings:
Pub Date: December

- Define22,
an2003
IPSec
transform set.
ISBN: 1-58720-073-2
- Define
Pages: 528
the IPSec crypto map.
BCRAN exam.
exam concepts
preparation.

Table of Contents
Task
1 Solution
Index
Step 1. At the PIX console, provide all the configuration required to enable traffic flow to
and from the PIX firewall:
Publisher:
Cisco
Press
Assign
addresses
to the interfaces:

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
PIX(config)#ip address outside 99.99.99.1 255.255.255.0
PIX(config)#ip
address
inside 10.1.1.1
255.255.255.0
Prepare for the
CCNP 642-821
BCRAN exam
exam concepts
Define
NAT:
you
a better
of how
PIX(config)#nat
(inside)
1 understanding
0.0.0.0 0.0.0.0
0 remote
0
Associate a global statement to NAT:
preparation.
PIX(config)#global (outside) 1 99.99.99.50-99.99.99.60
Define the static for the services allowed from the external network:
Table of Contents
Index

By
, Raymond Morrow, Deviprasad
Konda
PIX(config)#static
(inside,outside)
99.99.99.12
10.1.1.2 netmask
255.255.255.255
Publisher: Cisco Press 0 0
ISBN: 1-58720-073-2
Pages: 528
Define the traffic allowed into the network:
BCRAN exam.
exam concepts
PIX(config)#conduit permit esp host 99.99.99.12 host 99.99.99.2
PIX(config)#conduit permit udp host 99.99.99.12 eq isakmp host 99.99.99.2
Define
routing
for thefor
PIX
traffic:
Ready
yourself
the
PIX(config)#route outside 0.0.0.0 0.0.0.0 99.99.99.2 1
implementation
of theinside
technology.
This step-by-step
process
can be executed
on a home- or
PIX(config)#route
10.2.2.0
255.255.255.0
10.1.1.2
1
preparation.
Task 2 Solution
network:
Enable IPX routing:
Table of Contents
Index
R3(config)#ipx routing 0030.1977.8f80

Assign
addresses
to22,
the
interfaces:
Pub Date:
December
2003
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R3(config)#interface Tunnel0
R3(config-if)#ipx network BB
exam concepts
R3(config-if)#ipx network AA
CCNP network:
applications.
Enable Designed
IPX routing:
even
as a stand-alone
guide.
R8(config)#ipx
routing
0030.80f2.2950
preparation.
Assign addresses to the interfaces:
R8(config-if)#ipx network BB
Table of Contents
ethernet1
Index
R8(config-if)#ipx
network CC
ISBN: 1-58720-073-2
TaskPages:
3 Solution
528
Step 1. At the R3 console, provide all the configuration required to configure an IP

network:
BCRAN exam.
exam concepts
Tunnel0
Ready yourself address
for the new
simulation-based
R3(config-if)#ip
192.168.100.1
255.255.255.0
Access (CCNP Self-Study) prepares readers for the CCNP 642R3(config)#interface
ethernet0
as a topic-by-topic
R3(config-if)#ip
address
10.2.2.1 255.255.255.0
ethernet1
anyone
R3(config-if)#ip
addressit serves
10.1.1.2
255.255.255.0
implementation
the
This step-by-step
process can
be executed
on a homeStep 2. Atofthe
R8technology.
console, provide
required
to configure
an IP or
office-based
lab,
a
remote-accessible
lab,
some
networking
simulation
software
programs,
or
network:
preparation.
Table of Contents
R8(config-if)#ip
address 99.99.99.2 255.255.255.0
Index
CCNP
Access
ethernet1

ISBN: 1-58720-073-2
Pages: 528
Task 4 Solution
interface:
BCRANAssign
exam.the tunnel source:
exam concepts
R3(config-if)#tunnel source ethernet0
Assign the tunnel destination:
R3(config-if)#tunnel
destination
10.3.3.1
642-821 BCRAN
preparation.
Define static routing for the tunnel:
R3(config)#ip route 10.3.3.0 255.255.255.0 Tunnel0
Table of Contents
Index
R3(config)#ip route 10.3.3.1 255.255.255.255 10.1.1.1

interface:
Publisher:
Cisco Press
Assign
the tunnel source:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
source ethernet1
Assign
the tunnel
destination:
Review
set-up
destination
10.2.2.1
it serves anyone
implementation
of the
Define static routing
fortechnology.
the tunnel:This step-by-step process can be executed on a home- or
preparation.
R8(config)#ip route 0.0.0.0 0.0.0.0 Tunnel0
R8(config)#ip route 10.2.2.1 255.255.255.255 99.99.99.1
Task 5 Solution
Table of Contents
Step 1.
At the R8 console, provide all the configuration required to configure the tunnel
Index
interface:
Identify traffic for NAT to apply to:

ISBN: 1-58720-073-2
Pages: 528

BCRAN
exam.
R8(config)#ip
nat inside source list 1 pool mynat
R8(config)#ip
pool 642-821
mynat 99.99.99.70
netmask
255.255.255.0
Prepare for nat
the CCNP
BCRAN exam99.99.99.80
and gain a better,
practical
understanding of
exam concepts
Applyyou
NATthrough
to the appropriate
interfaces:
ethernet0
R8(config-if)#ip
nat outside
implementation
of the
technology.
R8(config-if)#ip
nat
inside This step-by-step process can be executed on a home- or
preparation.
Task 6 Solution
settings:
Table of Contents
Index

pre-share
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
settings:
Ready
CCNP Define
Practical
anStudies:
ISAKMP Remote
policy: Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
implementation
of theisakmp
technology.
This10
R8(config)#crypto
policy
even
R8(config-isakmp)#hash
md5
All
of the topics on the new 642-821 BCRAN
pre-share
preparation.
Table of Contents
Index

Task 7 Solution
PubStep
Date: December
2003
1. At the22,R3
console,
provide all the configuration required to set the following IPSec
settings:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
R3(config)#access-list 101 permit gre host 10.2.2.1 host 10.3.3.1
Define
Review
an interface
set-up for
guides
use as
that
anshow
identifier:
it serves
anyone wanting
R3(config)#crypto
map mymap
local-address
ethernet1
implementation
the technology.
Define an IPSec of
transform
set:
preparation.
R3(config)#crypto ipsec transform-set myset esp-des esp-md5-hmac
Table of Contents
Index

R3(config)#crypto

ISBN: 1-58720-073-2
Pages: 528
transform-set myset
Associate
the crypto map to the Ethernet 0 interface:
BCRAN exam.
exam concepts
map mymap
applications. Designed asethernet1
map mymap
Configure routing to the peer:
preparation.
R3(config)#ip route 99.99.99.0 255.255.255.0 10.1.1.1
settings:
Table of Contents
Index

Pub Date: December 22, 2003 101 permit gre host 10.3.3.1 host 10.2.2.1
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
R8(config)#crypto ipsec transform-set myset esp-des esp-md5-hmac
Define an interface for use as an identifier:
R8(config)#crypto
map
mymap local-address
FastEthernet0/0
concepts, regardless of
certification
interest.
office-based
lab, a
remote-accessible
Define the IPSec
crypto
map:
preparation.

R8(config-crypto-m)#set transform-set myset
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on experiencemap
of CCNP
mymapRemote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
Configure routing to the peer:
R8(config)#ip
routecandidates
99.99.99.12
255.255.255.255
99.99.99.1
for the
preparation.
Practical Exercise 14-6: Router to VPN Client with a

Preshared Key and NAT
Table
of and
Contents
to see how you
did
Index
In this
Practical
Exercise,
you
are the administrator of a router that will be the terminating
CCNP
Practical
Studies:
Remote
Access
endpoint
for
VPNs
from
a
VPN
client.
Background
Information
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
You will
configure
your router with the following options. Your router will issue the user an IP
Pages:
528
address from a pool of addresses, wildcard preshared keys, and NAT. This will allow an off-site
user to gain access to your network and have an internal IP address, making it appear to the
user that he or she is inside your network. Because you are using private addressing, NAT is
involved, and your router must be told what to translate and what not to translate. You will use
the topology shown in Figure 14-9.
BCRAN exam.
Figure
14-9.
Router
to VPN
with
Key
and NAT of
Prepare for
the CCNP
642-821
BCRANClient
exam and
gainaaPreshared
better, practical
understanding
exam concepts
preparation.
protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass
through them.
Task 2: Create Network Address Translation
Table of Contents
Step 1.
At the R3 console, provide all the configuration required to set the following NAT
Index
settings:
- Define a NAT pool.

- Define22,
an2003
access
Pub Date: December
list for NAT.
ISBN: 1-58720-073-2
Pages: 528
Task
3: Define IKE Parameters
BCRAN exam.
settings:
exam concepts
- Define
theimplementation
ISAKMP peer and key.
you through
their
Defineguides
the address
assignment
for
client.a lab for study
Review- set-up
that show
you how
tothe
prepare
Task
4: Define IPSec Parameters
CCNP Practical Studies: Remote Access (CCNP Self-Study)
Step 1.Designed
At the R3as
console,
provide all
the configuration
required
set theconcepts
following
applications.
a topic-by-topic
guide
of how to apply
remotetoaccess
in IPSec
a real
settings:
Define Finally,
an IPSec
transform
set. wanting a guide to real-world application of these
it serves
anyone
- Define the IPSec dynamic crypto map.
office-based-lab,
a remote-accessible
Define
the IPSec crypto lab,
map.some networking simulation software programs, or
preparation.
Task 5: Define the Client Parameters

Step 1. On the client PC, provide all the configuration required to create the connection
IPSec settings:
- Create the connection.

- Identify the remote peer.
- Identify the Phase 1 information.
of Contents
-Table
Identify
the Phase 2 information.
Index
Identify
the other
connection
Remote
Access
information.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.

Table of Contents
Task
1 Solution
Index
Publisher:
Press
might
need Cisco
to reconfigure
ISBN: 1-58720-073-2
528
TaskPages:
2 Solution
Step 1. At the R3 console, provide all the configuration required to set the following NAT
settings:
Gain hands-on
experience
Define a NAT
pool: of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
exam concepts
R3(config)#ip local pool ourpool 10.2.1.1 10.2.1.254
R3(config)#ip nat pool outsidepool 201.70.32.150 201.70.32.160 netmask
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642255.255.255.0
821
R3(config)#ip
inside
source
route-mapa CCNP
nonatcandidate
pool outsidepool
network setting, nat
this book
is useful
in preparing
concepts,
Define
an regardless
access list for
of certification
NAT:
interest.
preparation.
R3(config)#access-list 101 deny ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255
Table of Contents
Index


R3(config-route-map)#match
ip address 101
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
R3(config)#interface Ethernet0
R3(config-if)#ip
you through their
natimplementation
outside
R3(config-if)#exit
Serial1
CCNP
Practical Studies:
R3(config-if)#ip
natRemote
insideAccess (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN exam and for workplace challenges in implementing remote access network
certification
Task
3 Solution
Each chapter
settings:
office-based
a remote-accessible
Define lab,
an ISAKMP
policy:
preparation.

Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
Gain
hands-on
experience
of CCNP
Remote
Define
the address
assignment
for the
client:
BCRAN exam.
exam concepts
R3(config)#crypto isakmp client configuration address-pool local ourpool
Task
4 Solution
Step
At the R3
console, provide
all the
configuration required
to that
set the
IPSec
essential
in 1.
preparing
candidates
for the new
simulation-based
questions
arefollowing
on the Cisco
settings:
preparation.
R3(config)#crypto ipsec transform-set trans1 esp-des esp-md5-hmac
Define the IPSec dynamic crypto map:
Table of Contents
Index

By
, Raymond Morrow
, Deviprasad
Konda
R3(config)#crypto
dynamic-map
dynmap
10
transform-set trans1
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
R3(config)#crypto map intmap 10 ipsec-isakmp dynamic dynmap
Define
the IPSec
parameters:
Review
set-up
R3(config)#crypto
map intmap
client
configuration
initiate
it serves
anyone
wanting a guideaddress
to real-world
R3(config)#crypto map intmap client configuration address respond
even
as a the
stand-alone
guide.
Associate
crypto map
to the Ethernet 0 interface:
preparation.
R3(config)#interface Ethernet0
R3(config-if)#crypto map intmap
Table of Contents
Task
5 Solution
Index
IPSec settings:
Publisher:
Cisco
Create
thePress
connection:
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
1- Myconn
My Identity
= ip
Prepare for
the address
exam concepts
Connection security: Secure
Remote
Identity
and addressing
youParty
through
ID Type:
IPset-up
subnet
Review
10.2.2.0
CCNP all
Practical
Studies:
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Port
Protocol
all
questions
byremote
providing
Identify
the
peer:
Connect using secure tunnel
preparation.
ID Type: IP address
201.70.32.101
Identify the Phase 1 information:
Table of Contents
Index

By
Wesley Shuo, Dmitry(Phase
Bokotey,1)
Raymond Morrow, Deviprasad Konda
Authentication
Proposal
Publisher:1Cisco Press
Authentication
method: pre-shared key
ISBN: 1-58720-073-2
Pages: 528
Encryp Alg: DES

Hash Alg: MD5
SA life: Unspecified
BCRAN
exam.DH 1
Key Group:
exam concepts
Key
exchange
(Phase as
2)a topic-by-topic guide of how to apply remote access concepts in a real
applications.
Designed
Proposal
1 providing a better understanding of how remote access really works. It is also
questions by
Encapsulation
ESPFinally, it serves anyone wanting a guide to real-world application of these
Encrypt Alg: DES
implementation
Hash Alg: MD5 of the technology. This step-by-step process can be executed on a home- or
even
as a
stand-alone guide.
Encap:
tunnel
All
the topics
SA of
life:
Unspecified
preparation.
no AH
Identify any other connection information:
Table of Contents
Index
2- Other Connections

By
Wesley Shuo, Dmitry
BokoteyNon-secure
Connection
security:
Local
Network
Interface
Publisher:
Cisco Press
Name: ISBN:
Any 1-58720-073-2
Pages: 528
IP Addr: Any
Port: All
BCRAN exam.
exam concepts
preparation.
Practical Exercise 14-7: PIX to Cisco Secure VPN Client

with a Preshared Key
Table
of and
Contents
to see how you
did
Index
In this
Practical
Exercise,
you
are the administrator of a PIX firewall that will be the terminating
CCNP
Practical
Studies:
Remote
Access
endpoint
for
VPNs
from
a
VPN
client.
Background
Information
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
You will
configure
a VPN client to connect to a PIX firewall using wildcards, mode-config, and the
Pages:
528
sysopt connection permit-ipsec command. This is used to implicitly permit any packet that
came from an IPSec tunnel. It bypasses the checking of an associated access list, conduit, or
access group command statement for IPSec connections. The user will have access to everything
on your network. You will use the topology illustrated in Figure 14-10.
BCRAN exam.
Figure 14-10. PIX to Cisco Secure VPN Client with a Preshared Key
exam concepts
preparation.
Step 1. At the PIX console, provide all the configuration required to configure the PIX
firewall:
- Define traffic for the mode pool.

- Define the mode pool.
of Contents
-Table
Prevent
NAT for the pool.
Index
EnableRemote
IPSec Access
sysopt.
- Enable ISAKMP.
Publisher: Cisco
Press
- Define
IKE parameters.
- Define IPSec
ISBN: 1-58720-073-2
parameters.
Pages: 528

Gain hands-on
IPSec settings:
BCRAN exam.
- Create the connection.
exam concepts
- Identify the remote peer.
Experience
how remote
access
- Identify
the Phase
1 information.
- Identify the Phase 2 information.
- Identify the other connection information.
preparation.

Table of Contents
Task
1 Solution
Index
firewall:
Publisher:
Cisco
Pressfor
Define
traffic
the mode pool:

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
PIX(config)#access-list 108 permit ip 10.31.1.0 255.255.255.0 172.16.1.0
255.255.255.0
exam concepts
Define
thethrough
mode pool:
you
understanding
PIX(config)#ip
locala better
pool test
172.16.1.1-172.16.1.255
Prevent NAT for the pool:
preparation.
PIX(config)#nat (inside) 0 access-list 108
Enable IPSec sysopt:
Table of Contents
Index

By
, Raymond Morrow
, Deviprasad Konda
PIX(config)#sysopt
connection
permit-ipsec
EnableISBN:
ISAKMP:
1-58720-073-2
Pages: 528
BCRAN exam.
PIX(config)#isakmp enable outside
exam concepts
Define
IKEthrough
parameters:
you
PIX(config)#isakmp
cisco1234
address
netmask
questions by providing key
a better
understanding
of 0.0.0.0
how remote
access 0.0.0.0
PIX(config)#isakmp
identity
address
it serves
PIX(config)#isakmp client configuration address-pool local test outside
implementation
of the technology.
step-by-step process
PIX(config)#isakmp
policy 10 This
authentication
pre-share
even
PIX(config)#isakmp
policy 10 encryption des
All
of the topics on the policy
new 642-821
BCRAN
PIX(config)#isakmp
10 hash
md5exam are covered, providing comprehensive exam
preparation.
PIX(config)#isakmp policy 10 group 1
PIX(config)#isakmp policy 10 lifetime 86400
Define IPSec parameters:
Table of Contents
Index

By
, Raymond
Morrow, Deviprasad
Konda
PIX(config)#crypto
ipsec
transform-set
myset
esp-des
esp-md5-hmac
PIX(config)#crypto
dynamic-map dynmap 10 set transform-set myset
PIX(config)#crypto
ISBN: 1-58720-073-2map mymap 10 ipsec-isakmp dynamic dynmap
Pages: 528
PIX(config)#crypto map mymap client configuration address initiate

PIX(config)#crypto map mymap client configuration address respond
PIX(config)#crypto map mymap interface outside
BCRAN exam.
concepts
Taskexam
2 Solution
IPSec settings:
Create the connection:
1TACconn
concepts,
My
Identity
Each
Connection
security:
Secure
office-based lab,
a remote-accessible
Remote Party Identity and addressing
preparation.
ID
Type: IP subnet
10.31.1.0
255.255.255.0
Port all Protocol all
Identify the remote peer:
Table of Contents
Index

Connect
using
secure
tunnel
Pub Date:
December
22, 2003
ISBN: 1-58720-073-2
ID Type: IP address
Pages: 528
99.99.99.1
Pre-shared Key=cisco1234
BCRAN exam.
exam concepts
Authentication (Phase 1)
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Proposal
821 BCRAN1exam and for workplace challenges in implementing remote access network
Authentication
method:
key
book ispre-shared
useful in preparing
Encryp
DES
essentialAlg:
in preparing
Hash
Alg:regardless
MD5
concepts,
Each
chapter
SA life:
Unspecified
office-based
Key Group: lab,
DH 1a remote-accessible lab, some networking simulation software programs, or
preparation.
Key exchange (Phase 2)

Proposal 1
Encapsulation
TableESP
of Contents
Index
Encrypt
Alg:
DES Remote Access
CCNP Practical
Studies:
Hash Alg: MD5

Encap:
tunnel
ISBN:Unspecified
1-58720-073-2
SA life:
Pages: 528
no AH
Identify
an other
connection
Gain hands-on
experience
of information:
BCRAN exam.
exam concepts
Review
2- Other
Connections
Ready yourself
for the
Connection
security:
Non-secure
CCNP
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Local Practical
NetworkStudies:
Interface
applications.
Name: Any Designed as a topic-by-topic guide of how to apply remote access concepts in a real
questions
IP Addr: by
Any
certification
Port: All exams. Finally, it serves anyone wanting a guide to real-world application of these
preparation.
Practical Exercise 14-8: PIX to Cisco VPN 3000 Client

TableExercise,
of Contents
In this Practical
you are the administrator of a PIX firewall that will be the terminating
endpoint for Index

VPNs from a VPN 3000 client.
Decemberyour
22, 2003
YouPub
willDate:
configure
firewall to accept connections from both the Cisco VPN Client 2.5.X and
the Cisco
VPN
Client 3.x. The 2.5.X client will use D-H group 1, the PIX default, and the 3.x
ISBN:
1-58720-073-2
client Pages:
will use
528D-H group 2. The isakmp policy # group 2 command lets the 3.x clients make a
connection. You will define multiple ISAKMP policies to allow the different versions of the VPN
3000 clients to use your firewall as its tunnel endpoint. You will assign IP addresses to the clients
as they connect. You will use the topology illustrated in Figure 14-11.
BCRAN exam.
Figure 14-11. PIX to Cisco VPN 3000 Client
exam concepts
preparation.

firewall:
- Define traffic for the mode pool.

- Define the mode pool.
- Prevent NAT for the pool.
of Contents
-Table
Enable
IPSec sysopt.
Index
EnableRemote
ISAKMP.
Access
- Define IKE parameters for VPN 3000 3.x.
Publisher: Cisco
Press
- Define
IKE parameters for VPN 3000 2.x.
- Define IKE
ISBN: 1-58720-073-2
parameters for all clients.
Pages: 528
- Define IPSec parameters.

1. On the client PC, provide all the configuration required to create the connection
BCRANStep
exam.
IPSec settings:
- Click New to create a new connection, and assign a name to your entry in the
exam concepts
Connection Entry box.
- Entertheir
the implementation
IP address of the destination's public interface.
you through
Under guides
Group Access
Information,
enter
the group
name
and group password.
Review- set-up
that show
you how to
prepare
a lab for
study
Click Finish
to new
savesimulation-based
the profile in the questions
Registry. on the CCNP exams
Ready -yourself
for the
- Click
Connect
to test
the connection.
CCNP Practical
Studies:
Remote
Access
preparation.

Table of Contents
Task
1 Solution
Index
firewall:
Publisher:
Cisco
Pressfor
Define
traffic
the mode pool:

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
PIX(config)#access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0
255.255.255.0
exam concepts
Define
thethrough
mode pool:
you
understanding
PIX(config)#ip
locala better
pool ippool
10.1.2.1-10.1.2.254
Prevent NAT for the pool:
preparation.
PIX(config)#nat (inside) 0 access-list 101
Enable IPSec sysopt:
Table of Contents
Index

By
, Raymond Morrow
, Deviprasad Konda
PIX(config)#sysopt
connection
permit-ipsec
EnableISBN:
ISAKMP:
1-58720-073-2
Pages: 528
BCRAN exam.
PIX(config)#isakmp enable outside
exam concepts
PIX(config)#isakmp identity address
Define
IKE parameters
for VPN
Review
set-up guides
that 3000
show 3.x:
PIX(config)#isakmp
policy
10 authentication
it serves
anyone wantingpre-share
PIX(config)#isakmp policy 10 encryption des
implementation
of the technology.
This step-by-step
PIX(config)#isakmp
policy 10 hash
md5
even
PIX(config)#isakmp
policy 10 group 2
All
of the topics on the policy
new 642-821
BCRAN exam
PIX(config)#isakmp
10 lifetime
86400
preparation.
Define IKE parameters for VPN 3000 2.x:
PIX(config)#isakmp policy 20 authentication pre-share
Table of Contents
PIX(config)#isakmp
policy 20 encryption des
Index
PIX(config)#isakmp
policy 20 hash md5
PIX(config)#isakmp policy 20 group 1
PIX(config)#isakmp
policy 20 lifetime 86400
ISBN: 1-58720-073-2
Pages: 528
Define IKE parameters for all clients:
BCRAN exam.
exam concepts
PIX(config)#vpngroup
vpn3000
accessaddress-pool
concepts workippool
PIX(config)#vpngroup vpn3000 dns-server 10.1.1.2
PIC(config)#vpngroup vpn3000 wins-server 10.1.1.2
PIX(config)#vpngroup vpn3000 default-domain cisco.com
BCRAN exam and forvpn3000
workplace
challenges1800
idle-time
network
setting, this bookvpn3000
is useful password
in preparing
cisco
essential
vpn3000for
split-tunnel
101
Define IPSec parameters:
preparation.
PIX(config)#crypto ipsec transform-set myset esp-des esp-md5-hmac
PIX(config)#crypto dynamic-map dynmap 10 set transform-set myset

PIX(config)#crypto map mymap 10 ipsec-isakmp dynamic dynmap
PIX(config)#crypto dynamic-map dynmap 10 set transform-set myset
Table of Contents
Index
PIX(config)#crypto map mymap 10 ipsec-isakmp dynamic dynmap



1-58720-073-2
Task ISBN:
2 Solution
Pages: 528
IPSec settings:
- Click
New to create
a Remote
new connection,
and assign
a name
to your
entry
in the
Gain hands-on
experience
of CCNP
Access topics
with lab
scenarios
for the
new
642-821
Connection Entry box, as shown in Figure 14-12.
BCRAN exam.
exam concepts
Figure 14-12. Naming the Entry
preparation.
- Enter the IP address of the destination's public interface, as shown in Figure 14-13.
Figure 14-13. Adding the Destination's IP Address
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
- Under Group Access Information, enter the group name and group password, as
exam concepts
shown in Figure 14-14.
Review set-up
guides
that show
you how
to Group
prepare aName
lab for and
study Group
Figure
14-14.
Adding
the
Password
preparation.
- Click Finish to save the profile in the Registry, as shown in Figure 14-15.
Figure 14-15. Saving the Entry
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
Click Connect
to test
theyou
connection,
as shown
in Figure
14-16.
Review- set-up
guides that
show
how to prepare
a lab
for study
FigureAccess
14-16.
Connecting
to the readers
Destination
(CCNP
preparation.
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Practical Exercise 14-9: Layer 2 Tunneling Protocol over

IPSec
Table
of and
Contents
to see how you
did
Index
In this
Practical
Exercise,
you
are the administrator of an L2TP Network Server (LNS), R1, and
CCNP
Practical
Studies:
Remote
Access
an
L2TP
Access
Concentrator
(LAC),
dR3, which will be the terminating endpoint for remote dialByWesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
in users.
Background
Information
ISBN: 1-58720-073-2
Pages: 528
You will configure your LAC and LNS to accept incoming L2TP encrypted IPSec connections from
remote users. You will use the topology illustrated in Figure 14-17.
Gain hands-on experience ofFigure

CCNP Remote
Access
topics
withIPSec
14-17.
L2TP
over
BCRAN exam.
exam concepts
preparation.
Task 1: Configure R3
Step 1. At the R3 console, provide all the configuration required to configure the router as
the LAC:
- Create a local account.

- Enable VPDN.
- Create a local IP pool.
Table of Contents
-Index
Define an access list that specifies L2TP traffic as interesting.
- Configure an async line.
- Create an IKE policy.

Pub Date: December
- Define22,
the
2003
IKE
peer and key.
ISBN: 1-58720-073-2
- Create an IPSec transform set.
Pages: 528
- Create a crypto map.

- Assign the crypto map to an interface.
BCRAN exam.
Task 2: Configure R1
Step 1.for
At the
the CCNP
R1 console,
provide
all exam
the configuration
required
to configure
the routerofas
Prepare
642-821
BCRAN
and gain a better,
practical
understanding
the LNS:
exam
concepts
- Create
a local
account.
you through
their
implementation
Enableguides
VPDN.that show you how to prepare a lab for study
Review- set-up
Create for
a local
pool.
Ready -yourself
the IP
new
- Define
an access
that specifies
L2TP trafficprepares
as interesting.
CCNP Practical
Studies:
Remotelist
Access
(CCNP Self-Study)
Create a VPDN
group to accept
tunnel
requests.
as a topic-by-topic
guide
of how
Configureathe
virtual
template forof
cloning.
better
understanding
how remote access really works. It is also
- Create an IKE policy.
- Define the IKE peer and key.
- Create an IPSec transform set.
office-based-lab,
a remote-accessible
Create
a crypto map.
- Assign the crypto map to an interface.
preparation.

Table of Contents
Task
1 Solution
Index
Step 1. At the R3 console, provide all the configuration required to configure the router as
the LAC:
Publisher:
Cisco
Press account:
Create
a local
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
R3(config)#username LAC password
exam concepts
Enable VPDN:
R3(config)#vpdn
enable
R3(config)#vpdn
search-order
domain
certification exams. Finally,1 it serves anyone wanting a guide to real-world application of these
R3(config)#vpdn-group
R3(config-vpdn)#request dialin l2tp ip 20.1.1.2 domain cisco.com
implementation
of the technology.
R3(config-vpdn)#local
name LAC
Create a local IP pool:
preparation.
R3(config)#ip local pool my_pool 10.31.1.100 10.31.1.110
Define
an access
list that specifies L2TP traffic as interesting:
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
R3(config)#access-list 101 permit udp host 20.1.1.1 eq 1701 host 20.1.1.2

eq 1701
BCRAN
exam.
Configure
an async line:
exam concepts
Async1
R3(config-if)#ip
unnumbered
Ethernet0
Remote Access
ppp
R3(config-if)#async
dedicated
questions by providing amode
better
R3(config-if)#peer
default
ip address
pool my_pool
it serves
anyone wanting
implementation
R3(config-if)#exit
even
as a stand-alone
R3(config)#line
1 guide.
All
of the topics on the new 642-821
during-login
preparation.
R3(config-line)#autoselect ppp
R3(config-line)#modem InOut
R3(config-line)#speed 38400
R3(config-line)#flowcontrol hardware
Create an IKE policy:
Table of Contents
Index


Pub Date: December 22,isakmp
2003
R3(config)#crypto
policy 1
ISBN: 1-58720-073-2
Pages: 528
pre-share
R3(config-isakmp)#lifetime 3600
BCRAN exam.
Define the IKE peer and key:
exam concepts
R3(config)#crypto isakmp key cisco address 20.1.1.2
Create an IPSec transform set:
R3(config)#crypto
transform-set
testtrans
esp-des
All of the topics on theipsec
new 642-821
BCRAN exam
are covered,
preparation.
Create a crypto map:
R3(config)#crypto map l2tpmap 10 ipsec-isakmp
Table of Contents
Index

R3(config-crypto-m)#set transform-set testtrans


ISBN: 1-58720-073-2
Assign the crypto map to an interface:

Pages: 528
BCRAN exam.
Serial0
exam concepts
R3(config-if)#crypto map l2tpmap
TaskReady
2 Solution
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Step 1.
At the
console,
provide
all the in
configuration
required
configure
the router as
821 BCRAN
exam
andR1
for
workplace
challenges
implementing
remotetoaccess
network
the
LNS:
Create
local account:
questions
by a
providing
R1(config)#username
LNS 642-821
password
cisco
BCRAN
preparation.
Enable VPDN:
R1(config)#vpdn enable
Table of Contents
Index
Create a local IP pool:

ISBN: 1-58720-073-2
Pages: 528
R1(config)#ip local pool mypool 200.1.1.1 200.1.1.10

BCRAN exam.
Define an access list that specifies L2TP traffic as interesting:
exam concepts
R1(config)#access-list 101 permit udp host 20.1.1.2 eq 1701 host 20.1.1.1
eqBCRAN
1701 exam and for workplace challenges in implementing remote access network
essential
in preparing
candidates
for the
Create
a VPDN
group to
accept tunnel
requests:
preparation.
R1(config)#vpdn-group 1
R1(config-vpdn)#accept dialin l2tp virtual-template 1 remote LAC
R1(config-vpdn)#local name LNS
Configure a virtual template for cloning:
Table of Contents
Index

R1(config)#interface Virtual-Template1
R1(config-if)#ip unnumbered Ethernet0

ISBN: 1-58720-073-2default ip address pool mypool
R1(config-if)#peer
Pages: 528
Create
an IKE policy:
Gain hands-on
BCRAN exam.
exam concepts
that
show you
R1(config)#crypto
isakmp
policy
1 how to prepare a lab for study
pre-sharequestions on the CCNP exams
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642R1(config-isakmp)#group 2
R1(config-isakmp)#lifetime 3600
Define the IKE peer and key:
preparation.
R1(config)#crypto isakmp key cisco address 20.1.1.1
Create an IPSec transform set:
Table of Contents
Index
R1(config)#crypto ipsec transform-set testtrans esp-des

Create
Publisher:
a crypto
Cisco Press
map:
ISBN: 1-58720-073-2
Pages: 528
BCRAN
exam.
R1(config)#crypto
map l2tpmap 10 ipsec-isakmp
exam concepts
R1(config-crypto-m)#set transform-set testtrans
Assign
the crypto
map
annew
interface:
Ready
yourself
fortothe
implementation
of the technology.
map l2tpmap
preparation.
Summary
In this chapter, you reviewed the many options available when you're considering the security of
your remote-access connection. You read about the Internet Key Exchange (IKE or ISAKMP)
protocol and the IP Security (IPSec) protocol, used to achieve a secure connection. You
of Contents
examined theTable
many
options available in their implementation. You looked at quality of service
Index
(QoS) issues when running on top of these security protocols. You also saw the available show
CCNP
commands.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Review Questions
1:
What optional network security services does IPSec offer?
2:
Index would you apply quality of service parameters to a tunnel interface?

When
Table of Contents
3:Shuo
Which
options
does
an IPSec
transform
ByWesley
, DmitryIPSec
Bokotey
, Raymond
Morrow
, Deviprasad
Konda
4:
set define?
What are the two main protocols used with IPSec as implemented by Cisco
Systems?
ISBN:
1-58720-073-2
5: IKE
is considered
what type of protocol and provides IPSec with which services?
Pages: 528
6:
What is one issue you might encounter when trying to implement QoS within a
VPN?
7:
What two modes can the authentication header or encapsulating security payload
protocols
be run
Gain hands-on
experience
ofin?
BCRAN exam.
8: What four items do IKE peers agree on during negotiations?
Prepare
9: What
for the
three
CCNP
types
642-821
of VPNsBCRAN
are available
exam and
to you?
exam concepts
10: What match criteria can you use when classifying packets for QoS?
preparation.
Appendix A. Answers to Review

Questions
ChapterTable
1 of Contents
Index
ChapterStudies:
3
CCNP Practical
Remote Access
Chapter 4
Publisher:
Cisco
Chapter
5 Press
Chapter
6
ISBN: 1-58720-073-2
Pages: 528
Chapter 7
Chapter 8
Chapter 9
Chapter
BCRAN
exam.10
Chapter 11
Chapter
12
exam concepts
Chapter
13 how remote access concepts work in a real network with practice labs that walk
Experience
Chapter 14
preparation.
Chapter 1
1:
What are the main kinds of remote-access users?

Table of Contents
A1:
Index
Answer:
Corporate users in a branch office
Telecommuters working from home

Pub Date: December
Traveling
22, 2003
users/road
warriors
ISBN: 1-58720-073-2
2: 528
At what
Pages:
A2:
3:
OSI layer does Frame Relay operate?
Answer: Layer 2
What addressing feature of Frame Relay allows for frame routing?
Gain hands-on
experience
of CCNP Remote
Access identifier)
A3: Answer:
DLCI(data-link
connection
BCRAN exam.
4:
What are some advantages of Frame Relay?
A4: concepts
Answer:
exam
It has
built-in
congestion
control.
Experience
how
remote
access concepts
The ability of traffic to burst.
In a partially meshed network, it can allow for the redirection of traffic
Ready around
yourself an
for outage.
5: What
are theRemote
two main
varieties
of Self-Study)
ISDN?
CCNP Practical
Studies:
Access
(CCNP
A5: Answer:
BRI
Rate Interface)
PRI
Rate
Interface)
applications.
Designed
as(Basic
a topic-by-topic
guide ofand
how
to (Primary
apply remote
access
concepts in a real
6: by
What
are two
advantages
of ISDN? of how remote access really works. It is also
questions
providing
a better
understanding
A6: Answer:
certification
Quick call setup
It supports
a variety This
of applications.
implementation
of the technology.
What are the
two main varieties of DSL?
even as7:a stand-alone
guide.
Answer:
Symmetric
and
asymmetric
All of A7:
the topics
on the
new 642-821
BCRAN
preparation.
8: What are two advantages of DSL?
A8:
Answer:
High bandwidth
It's always on.
9:
What are some drawbacks of DSL?

Table of Contents
A9:
Answer:
Index
Distance limitations
Availability
Speed limitations
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 3
1:
Which of following signals does a DTE use to indicate to a DCE that it is ready to
Table ofan
Contents
accept
incoming call?
Index

A. DSR
Publisher: Cisco
B. Press
DTR
C. RTS
ISBN: 1-58720-073-2
Pages: 528
D. CTS
A1:
Answer: B
2: The DTR, CD, and DSR signals belong to which group of signals?
BCRAN exam.
A. Hardware flow control
B. Modem control
exam concepts
C. Data
transferaccess concepts work in a real network with practice labs that walk
Experience
how remote
A2: Answer: B
3: For which type of connection is null modem cable required?
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642A. DTE-DCE
821 BCRAN exam
B. DCE-DCE
network setting,
C. DCE-DTE
D. DTE-DTE
A3: Answer: D
4: What command would you use to display status information for all line types?
All of the topics
therunning-config
A. on
show
preparation.
B. show line all
C. show line
D. show aux tty vty con
A4:
5:
Answer: C
Which line type would you associate with line number 0?
A. AUX
Table of Contents
Index
B. TTY
C. vty
D. CON
A5:
Answer: D

ISBN: 1-58720-073-2
6:
Which of the following AT commands are common to most modem types?
Pages: 528
A. AT&B1
B. AT&F
BCRAN exam.C. AT&K1
D. AT&D3
exam concepts
E. ATS2=255
Experience
F. AT&M4
A6: Answer: B, D, and E
7: Why
would
modem autoconfiguration
feature?
Ready
yourself
foryou
theuse
newthe
simulation-based
questions on
the CCNP exams
for workplace
challenges
A. Toand
configure
a modem
automatically
network setting,
thisautodiscover
book is useful
B. To
modems
candidates
for the new
C. To update
the modemcap
database
D. To configure
of certification
non-Cisco
interest.
modems
Each A7:
chapter
includesA,
a B,
review
Answer:
and of
D the applicable technology, and guides the reader through
preparation.
Chapter 4
1:
What are the downstream and upstream frequency allocations?

Table of Contents
Index
Answer:
TheDOCSISupstream frequency is from 5 to 42 MHz. TheDOCSIS
CCNP Practical
Studies: Remote
Access
downstream
frequency
is from 88 to 860 MHz.
A1:
2:
What type of modulation methods are used for the upstream and downstream?
A2:
Answer: For the upstream,QPSKor 16-QAM is used. For the downstream,

64-QAM or 256-QAM is used.

ISBN: 1-58720-073-2
Pages:
528
3: What
A3:
4:
servers are required for the cable access solution to work?
Answer: TheDHCP, ToD, and TFTP servers are required.

What are the minimum configuration requirements for the CMTS?
A4:
Answer:
BCRAN
exam.
Set the upstream frequency
exam Enable
conceptsthe upstream port
Configure
the IPaccess
address(es)
Experience
how remote
Configure the helper address
5: What MPEG framing format is used in North America?
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642A. Annex
A workplace challenges in implementing remote access network
821 BCRAN exam
and for
B. Annex B
questions by C.
providing
Annex a
C better understanding of how remote access really works. It is also
certification
exams. Finally,
A5: Answer:
B
6: What configuration is recommended to deal with upstream noise and interference?
A6: Answer: Spectrum management or advanced spectrum management if a
Cisco MC16S cable modem card is used.
preparation.
7:
What is the correct syntax to activate upstream port 2 of the cable modem card in
slot 4?
A. interface cable 4/2 upstream no shutdown

B. interface cable 4/0 no cable upstream 2 shutdown
Table of Contents
Index
C. interface cable 2/0 upstream no shutdown
ByWesley
, Dmitry Bokotey
A7:Shuo
Answer:
B
8: What
is the
Publisher:
Cisco Press
default operating mode of a Cisco cable access router?
A8:
Answer: Plug-and-play DOCSIS-compliant bridging mode.
ISBN: 1-58720-073-2
Pages: 528
9:
A9:
What are the required steps to configure the routing mode on the cable access
router?
Answer:
BCRAN exam.
1. Enable IP routing.
the no
cable-modem
compliant
bridge
interface
command
to
Prepare2.
for Use
the CCNP
642-821
BCRAN exam
and gain
a better,
practical
understanding
of
disableDOCSIS-compliant bridging on the cable interface.
exam concepts
3. Remove
theaccess
bridge
group on
the
Ethernet
interfaces
Experience
how remote
concepts
work
in cable
a real and
network
with practice
labswith
that walk
the
no
bridge-group
interface
command.
Configure
a routing
protocol,
as aRIP
Review 4.
set-up
guides that
show you
how to such
prepare
lab version
for study2.
ReadyWhat
10:
yourself
command
for the can
newbe
simulation-based
used at the CMTS
questions
to see the
on flapping
the CCNPcable
exams
modems?
CCNP
Practical
Studies:
Remote
Access
(CCNP Self-Study) prepares readers for the CCNP 642A10:
Answer:
show
cable
flap-list
applications.
Designed
as a can
topic-by-topic
of how
to apply
remote
accessand
concepts in a real
11: What
command
be used at guide
the CMTS
to find
out the
registered
network setting,
this book
is useful
unregistered
cable
modems?
essential
preparingshow
candidates
A11: in Answer:
cable for
modem
preparation.
Chapter 5
1:
Which of the following is/are valid PPP authentication methods?
Table of Contents
Index
A. PAP
B. CHAP
C. MS-CHAP
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. MS-PAP
Pages: 528
A1:
2:
Answer: A, B, C
True or false: The authentication process is part of LCP negotiation.
GainA2:
hands-on
Answer:
experience
False of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN exam.
3: List at least three possible methods for IP address assignment to the client.
Prepare
A3:
Answer:
exam concepts
ViaAAA
you through
Via the their
peerimplementation
default ip address command
Review
set-up guides
Statically
assigned
Ready
yourself
for the
the client
on the with
CCNP
exams
4: When
you let
choose his or herquestions
own IP address
the
async dynamic
address command, your router needs to be in __________.
network setting,
A. Dedicated
this bookmode
Interactive
mode for the new simulation-based questions that are on the Cisco
essential in B.
preparing
candidates
C. Either of certification interest.
D.includes
None ofathe
above
Each chapter
review
A4: Answer:
B
office-based
preparation.
5:
Which of the following are valid LCP packet types?
A. CONFNAK
B. CONFREJ
Table of Contents
C. CONFREQ
Index
CCNP Practical
Access
D.Studies:
All ofRemote
the above
E. A and C
F. None of the above

ISBN:
1-58720-073-2
A5:
Answer:
D
Pages: 528
6:
A6:
True or false: BAP's active mode can operate under dialer interfaces, but not under
virtual-template interfaces.
Answer: True
7: exam.
How can you hard-code the subnet mask during the IP PCP negotiation?
BCRAN
A7: Answer: With the ppp ipcp mask command:
exam concepts
ppp ipcp [accept-address | dns [reject | accept | primary-ip-address
[secondary-ip-address] [accept]] | ignore-map | username unique | wins
accept
| primary-ip-address
[accept]]]
applications.[reject
Designed|as
a topic-by-topic
guide of how to [secondary-ip-address]
apply remote access concepts
in a real
8: What
are the
types of
compression that PPP supports?
concepts,
regardless
of main
certification
interest.
A. Compressor
B. Stacker
C. Predictor
preparation.
D. LZ compression
E. TCP header
A8:
Answer: B, C, E
9:
What command allows the router to accept the peer's address?
A9:
Answer: dialer in-band
10:
Name an interface in control of a bundle in MPPP.
A10:
Answer: Bundle master
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 6
1:
Which of the following digital services does ISDN provide?
Table of Contents
Index
A. Voice
B. Data
C. Text
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. Graphics
Pages: 528
E. Music
F. Video
All of theof
above
Gain hands-onG.
experience
BCRAN exam.
A1: Answer: G
2: Which
ofCCNP
the following
NT2
device
perform?
Prepare
for the
642-821services
BCRAN does
examan
and
gain
a better,
exam concepts
A. Compression
you through
B. Switching
Review set-up
C. Concentrating
Ready yourself
Encryption
CCNP PracticalD.Studies:
A2: Answer:
applications.
DesignedB,
asCa topic-by-topic guide of how to apply remote access concepts in a real
3: byWhat
type of
interface
can make up
R remote
reference
point?
questions
providing
a better
understanding
ofthe
how
access
of certification
interest.
A. EIA/TIA
232-C
B. X.25 a review of the applicable technology, and guides the reader through
office-based lab,
remote-accessible lab, some networking simulation software programs, or
C. ac.V.24
D. V.35
preparation.
A3: Answer: A, C, D
4:
What type of standard cable does the BRI U interface use?
A. Two-wire
B. Four-wire
Table of Contents
Index
C. Six-wire

Remote Access
D. BRI-wire
A4:
Answer: A
5:
What happens when no more traffic is transmitted over the ISDN call?

ISBN: 1-58720-073-2
Pages: 528
A. An idle timer starts.

B. The call disconnects.
C. The bandwidth deteriorates.
BCRAN exam.D. Unidirectional flow changes directions.
A5: Answer: A
exam concepts
6: What happens if the isdn switch-type command is used in global mode?
A. Only one interface accepts that switch type.
B. All ISDN interfaces assume the same switch type.
C. A few ISDN interfaces assume the same switch type.
and for workplace
D. Integrated
serviceschallenges
are enhanced.
network
setting,
this book
A6:
Answer:
B, C is useful in preparing a CCNP candidate for the general exam
essential
candidates
for theare
new
simulation-based
questions
that are
on the Cisco
7:in preparing
True or false:
Static routes
used
in stub environments
to save
costs.
concepts,
A7: regardless
Answer:ofFalse
Each chapter
includes
of the
applicable
technology,
8: What
typeaofreview
framing
is used
for modern
T1 PRI and
configurations?
A. sf
preparation. B. esf
C. crc4
D. no-crc4
A8:
Answer: B
9:
Which linecode type is specified for T1 PRI configuration?
A. ami
B. b8zs
Table of Contents
C. hdb3
Index
D. None of the above
A9:
Answer: B

Pub 10:
Date: December
2003 Rate
True or22,
false:
adaptation can increase the ISDN channel speed.
ISBN: 1-58720-073-2
A10:
Answer: False
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 7
1:
What is another name for a dialer interface?
Table of Contents
Index
A. Backup dialer interface
B. Ancillary dialer interface

C. Surrogate
Pub Date: December
22, 2003
dialer interface
ISBN: 1-58720-073-2
D. Virtual dialer interface
Pages: 528
A1:
Answer: D
2:
True or false: When a call is triggered, the dialer interface selects a physical
interface from the pool.
BCRAN
A2:
exam.
Answer: True
3: Which of the following cannot be used in the logical configuration?
exam concepts
Experience
A. how
The network
remote access
layer address
B. Encapsulation
C. The interface media type
D. Dialer parameters
A3: Answer:
exam andCfor workplace challenges in implementing remote access network
network
4:setting,
True or
this
false:
bookWhen
is useful
dialer
in preparing
profiles are
a CCNP
used, an
candidate
active BRI
for the
interface
general
canexam
function as
questions by
a providing
dial backup.
certification
A4: Answer:
exams. Finally,
True it serves anyone wanting a guide to real-world application of these
5: Which of the following interfaces can be used with dialer pools? (Choose all that
Each chapter
apply.)
A. Frame Relay
preparation. B. Serial
C. BRI
D. PRI
A5:
Answer: B, C, D
6:
What is the correct syntax to prohibit routing updates from being sent on the
dialer 1 interface?
A. no routing update dialer 1
B. passive-interface
dialer 1
Table
of Contents
Index
C. dialer 1 no update
ByWesley Shuo,D.
Dmitry
, Deviprasad
Konda
interface-passive
dialer
1
A6: Cisco
Answer:
Publisher:
Press
7: 1-58720-073-2
What is the
ISBN:
main advantage of using dialer rotary groups?
Pages: 528
A. They simplify configuration for multiple callers and calling destinations.

B. They organize interface selection in a round-robin fashion.
C. They allow Multilink PPP to be implemented, but only on identical interfaces.
BCRAN exam.
D. They are required for ISDN PRI channel selection.
A7: concepts
Answer: A
exam
8: Whathow
is the
correct
syntax
for assigning
a physical
interface
topractice
a rotarylabs
group?
Experience
remote
access
concepts
work in
a real network
with
that walk
A. dialer rotary 1
B. rotary-group 1
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642C. dialer rotary-group 1
D. dialer-group 1
A8: Answer: C
preparation.
Chapter 8
1:
Which of the following modulation methods is not used for ADSL technology?
Table of Contents
Index
A. CAP
B. 2B1Q
C. DMT-2
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. G.lite
Pages: 528
A1:
2:
Answer: B
RFC 1483 when implemented is __________.
BCRAN exam.
A. Bridged
B. the
Routed
Prepare for
exam concepts
C. Decrypted
D. Encrypted
you through
A2: Answer:
A
Review
set-up guides
3: yourself
PPPoA when
implemented
is __________.
Ready
for the
A. Bridged
B. Routed
C. Decrypted
D. Encrypted
Each chapter
includes B
A3: Answer:
preparation.
4:
Which of the following interferences degrades DSL services?
A. Impedance changes
B. Bridged taps
Table of Contents
Index
C. Crosstalk

Remotehits
Access
D. Impulse
E. All of the above

A4:
Answer: E

ISBN: 1-58720-073-2
5:
What is the function of the POTS splitter?
Pages: 528
A. It separates low and high frequencies.

B. It manages ADSL signaling.
BCRAN exam.C. It generates ringing voltage.
D. It boosts the ADSL signal.
exam
A5: concepts
Answer: A
6: The DSL interface on a Cisco 827 is __________.
A. An FDDI interface
B. A Frame Relay interface
for interface
C. Aand
serial
network setting,
bookinterface
D. this
An ATM
essential
A6:in preparing
Answer: D
concepts,
certification
interest. (Choose all that apply.)
7: regardless
With PPPof
over
ATM, __________.
A. aMAC
frames are encapsulated
ATM cells
office-based lab,
remote-accessible
lab, some into
networking
B. UDP frames are encapsulated using RFC 1483
preparation. C. IP packets are encapsulated into PPP frames and then into ATM cells
D. IP packets are encrypted
A7:
Answer: C, D
8:
With RFC 1483 bridging, __________.
A. MAC frames are passed across the bridge after LLC/SNAP information is
appended
B. IP frames are passed across the bridge unchanged
Table of Contents
Index
C. MAC frames are passed across the bridge unchanged

D. IPBokotey
packets
, Raymond
are encrypted
A8: Cisco
Answer:
Publisher:
Press
9:
Which of the following cards in the Cisco 6400 can be used for Layer 3 packet
services?
ISBN: 1-58720-073-2
Pages: 528
A. NSP
B. NLC
BCRAN exam.C. NRP
D. NI-2
exam concepts
A9: Answer: C
10:through
Whichtheir
of the
following is part of PPPoA configuration?
you
implementation
A. encapsulation aal5mux ppp Virtual-Template 1
B. encapsulation aal5snap
and route-bridged
C. atm
ip
network setting,
book1isprotocol
useful inieee
D. this
bridge
essential
A10:in preparing
Answer: A
preparation.
Chapter 9
1:
Frame Relay is what kind of technology?
Table of Contents
Index
A. Packet-switched
B. Frame-switched
C. Time-switched
Pub Date: December
22, 2003
ISBN: 1-58720-073-2
D. DVC-switched
Pages: 528
A1:
Answer: A
2:
Name and briefly describe the two kinds of packet-switching techniques discussed in
this chapter.
BCRAN
A2:exam.
Answer: With variable-length switching, variable-length packets are
switched between network segments to best use network resources until
the final destination is reached. Statistical multiplexing techniques
Prepare
for the CCNP
examinand
gain aefficient
better, practical
understanding of
essentially
use 642-821
networkBCRAN
resources
a more
way.
exam concepts
3: Describe the difference between SVCs and PVCs.
you through
their
implementation
A3:
Answer:
A switched
virtual circuit (SVC) is created for each data transfer
and is terminated when the data transfer is complete. SVCs have a setup
and teardown time associated with them. A permanent virtual circuit (PVC)
isyourself
a permanent
connection that
does on
notthe
terminate
when the
Ready
for thenetwork
questions
CCNP exams
transfer of data is complete. Previously not widely supported by Frame
Relay
equipment,
SVCs
are(CCNP
gaining
popularity
in many
of today's
CCNP Practical
Studies:
Remote
Access
Self-Study)
prepares
readers
for thenetworks.
4: What
is a data-link
connection identifier
applications.
Designed
as a topic-by-topic
guide of (DLCI)?
A4: by
Answer:
ADLCI
is a value
assigned
each
virtual
circuit
and
DTEdevice
questions
providing
a better
understanding
ofto
how
remote
access
really
works.
It is also
connection
point
in
the
Frame
Relay
WAN.
Two
different
connections
can
be
essential in preparing candidates for the new simulation-based questions that are on the
Cisco
assigned
the
same
value
within
the
same
Frame
Relay
WANone
on
each
side of theofvirtual
connectionbut
two virtual circuits may not share the
certification
interest.
sameDLCIon a local host.
5: Describe
howtechnology.
LMI FrameThis
Relay
differs fromprocess
basic Frame
Relay.
implementation
of the
step-by-step
can be
LMIguide.
Frame Relay adds a set of enhancements, called extensions, to
evenA5:
as a Answer:
stand-alone
the features supported by basic Frame Relay. Key LMIextensions provide
All of the topics
globalonaddressing,
the new 642-821
virtual
BCRAN
circuit
exam
status
are messages,
covered, providing
and multicasting.
comprehensive exam
preparation.
6: True or false: IP unnumbered can be used with Frame Relay.
A6:
7:
Answer: True
Can Cisco routers connect to other vendor devices over Frame Relay?
A7:
8:
Answer: As long as you remember that Cisco routers use a proprietary

Frame Relay encapsulation, cisco, by default. To interoperate with other
vendors' devices, you should specify the Internet Engineering Task Force
(IETF) encapsulation format. You can specifyIETF encapsulation on an
interface or per-DLCIbasis.
Is Frame Relay inverse-arp on by default?
Table of Contents
Index
Answer:
inverse-arp is on by default, but the inverse-arp command does
CCNP Practical
Studies:
not
showRemote
up in Access
your configuration.
A8:
9:
Is special configuration required to run OSPF over Frame Relay?
A9:
Answer: Frame Relay is treated as a nonbroadcast medium by the Open

Shortest Path First (OSPF) routing protocol by default, requiring you to
ISBN:configure
1-58720-073-2
OSPF neighbors. There are other methods of handlingOSPF over
Pages:Frame
528
Relay, depending on whether your network is fully meshed.
10:
Is TCP header compression available for use with priority queuing?
A10:
Answer: You can use TCP header compression with priority queuing, but
this is
not recommended.
ThisAccess
is because
compression
uses
an
Gain hands-on
experience
of CCNP Remote
topicsTCP
withheader
lab scenarios
for the new
642-821
algorithm
that
requires
packets
to
arrive
in
order.
If
packets
arrive
out
of
BCRAN exam.
order, a regular TCP/IP packet is reconstructed, but it does not match the
original packet, because priority queuing changes the order in which
Prepare
packets
for theare
CCNP
transmitted.
exam concepts
preparation.
Chapter 10
1:
Is it possible to specify the backup load command on subinterfaces? Why or why

Table of Contents
not?
Index
CCNP A1:
Practical
Studies: Remote
Access
Answer:
No. Because
load is calculated on a per-interface basis, the backup

load
command
cannot
be configured
on subinterfaces.
, Deviprasad Konda
2:
What two circumstances can trigger dial backup?
A2:
Answer:
ISBN: 1-58720-073-2
Pages:Failure
528
of the primary link
Traffic on the primary link reaching or exceeding the set threshold

3:
What is a drawback of using physical interfaces for backup?
A3: Answer: Physical interfaces are placed in standby mode when they are idle
BCRAN exam.
and cannot be used to connect to other sites. Backup using dialer profiles
overcomes this shortcoming.
4: Which
interfaces can be used as backup interfaces?
exam
concepts
A4:
Answer:
Experience
Serial interfaces
ISDNinterfaces
Asynchronous interfaces
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRANDialer
exam pools
5: setting,
What is
one
reason
that ISDN
interfaces
are used
mostlyfor
forthe
backup
interfaces
network
this
book
is useful
in preparing
a CCNP
candidate
general
exam
instead
of
primary
interfaces?
A5: Answer:
Cost is itthe
main
reason
thatISDN
interfaces
are used
primarily
in
certification
exams. Finally,
serves
anyone
wanting
a guide
to real-world
application
of these
a
backup
role.
6: Which
command
specifies
to bring
upguides
an ISDN
Each chapter
includes
a review
of theinteresting
applicable traffic
technology,
and
the interface?
reader through
A6: Answer:
The dialer-list command
traffic that
brings or
up
office-based
lab, some specifies
networkinginteresting
simulation software
programs,
anISDNinterface.
guide.
All of the
7: topics
Whichoncommand
the new 642-821
specifies BCRAN
the amount
examofare
time
covered,
before providing
a backup interface
comprehensive
is activated
exam
preparation.
in case of a primary link failure?
A7:
Answer: The backup delay command allows you to specify the amount of
time before the backup interface is activated.
8:
A8:
9:
Which command specifies the load threshold at which a backup interface is brought
up in case of load sharing?
Answer: The backup load command allows you to specify the load
threshold at which the backup interface is brought up.
What is a possible alternative to dial backup?
Table of Contents
A9:
Index
Answer:
Floating static routes
10:Shuo
Which
commands
associate
a virtual
dialer
interface
ByWesley
, Dmitry
Bokotey, Raymond
Morrow
, Deviprasad
Konda
with a physical interface when
you configure dialer profiles?
A10:
Answer: The dialer pool command on the dialer interface and the dialer
pool-member command on the physical interface.

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 11
1:
What is the default queuing mechanism for interfaces with speeds of E1 and less?
Table of Contents
A1:
Index
Answer:
Weighted Fair Queuing
mechanism
should
you use
to
ByWesley2:
ShuoWhich
, Dmitryqueuing
Bokotey, Raymond
Morrow
, Deviprasad
Konda
give absolute priority to critical
traffic?
A2:
Answer: Priority queuing
ISBN:
3: 1-58720-073-2
Which queuing
Pages: 528
critical
A3:
4:
mechanism ensures that packet trains do not adversely affect
traffic?
Answer: Weighted Fair Queuing

What is the default congestive discard threshold for Weighted Fair Queuing?
A4:
Answer: 128
BCRAN
exam.
5: How many configurable queues are available for custom queuing?
exam
A5: concepts
Answer: 16
Experience
remote
access
in a
network
6: Whathow
is the
default
byte concepts
count for work
queues
in real
custom
queuing?
A. 1024
B. 1500
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642C. 512
821 BCRAN exam
D. this
256 book is useful in preparing a CCNP candidate for the general exam
network setting,
A6:in preparing
Answer: Bcandidates for the new simulation-based questions that are on the Cisco
essential
7: regardless
Which of of
thecertification
following cannot
be used to classify packets for priority queuing?
concepts,
interest.
A. Protocol type
guide.
B. Ingress
interface
All of the topics
the new
C. on
Packet
size642-821
in bytes BCRAN exam are covered, providing comprehensive exam
preparation.
D. Egress interface
A7:
Answer: D
8:
Queuing is done on which interface?
A. Ingress interface
B. Egress interface
Table of Contents
Index
C. Example interface

Remote Access
D. Weighted
interface
A8:
Answer: B

ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 12
1:
Network Address Translation is used to connect private IP internetworks that use

Table of Contents
__________
IP addresses to connect to the Internet.
Index

A. routable
Publisher: Cisco
B. standard
Press
C. nonroutable
ISBN: 1-58720-073-2
Pages: 528
D. nonstandard
A1:
Answer: C
2: When does the NAT operation take place on a router for inside-to-outside
Gain hands-on
translation?
BCRAN exam.
A.forBefore
the IPSec
operation
Prepare
the CCNP
642-821
exam concepts
B. Before the routing decision
C. After
the
IPSec operation
you through
their
implementation
Afterguides
the routing
decision
ReviewD.
set-up
that show
A2:
Answer:
Ready
yourself D
CCNP 3:
Practical
True Studies:
or false: Remote
Cisco IOS
Access
NAT (CCNP
cannot Self-Study)
be applied to
prepares
subinterfaces.
applications.
A3: Answer:
Designed
False
questions
4: by
What
providing
allows a single
better NAT-enabled
understanding
router
of how
to remote
allow some
access
users
really
to use
works.
NATItand
is also
other
essential inusers
preparing
on thecandidates
same Ethernet
for the
interface
to continue withquestions
their ownthat
IP addresses?
are on the Cisco
A.includes
Accessalist
Each chapter
map
office-basedB.
lab,Route
a remote-accessible
C. Policy map
D. Priority map
preparation.
A4:
Answer: A
5:
What is used to translate internal (inside local) private addresses to one or more
outside (inside globalusually registered) IP addresses?
A. Overboard
B.
Network Address Translation
Table of Contents
Index
C. Interface Address Translation
ByWesley ShuoD.
, Dmitry
PortBokotey
Address
, Raymond
Translation
A5: Answer:
Publisher:
Cisco Press D
6:
When using PAT, also known as NAT overloading, how many theoretical translations
can be made for each inside global IP address?
ISBN: 1-58720-073-2
Pages: 528
A. 30,000
B. 25,655
BCRAN exam.
C. 65,535
D. 100,000
exam concepts
A6: Answer: C
7: through
PAT additionally
translates which port to keep track of individual conversations?
you
A. Inside source
B. Outside source
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN C.
exam
and destination
Inside
network setting,
this book
D. Outside
destination
essential
preparing
A7: inAnswer:
A candidates for the new simulation-based questions that are on the Cisco
concepts,
certificationrefers
interest.
8: regardless
IP address of
__________
to a situation in which two locations use the same IP
address range but still want to communicate.
A. overloading
guide.
All of the topics
B. underloading
preparation.
C. overlapping
D. underlapping
A8:
Answer: C
9:
A9:
True or false: Static and dynamic NAT may be used on the same router.
Answer: True
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
Chapter 13
1:
What does AAA stand for?

Table of Contents
A1:
Index
Answer:
Authentication, authorization, and accounting
2:Shuo
What
areBokotey
the two
modesMorrow
supported
by AAA
commands
ByWesley
, Dmitry
, Raymond
, Deviprasad
Konda
except for the aaa
accounting system command?
A2:
Answer: Character and packet mode
ISBN:Which
1-58720-073-2
3:
protocol encrypts the entire body of the packetRADIUS or TACACS+?
Pages: 528
A3:
4:
Answer: TACACS+
Which protocol encrypts only the password in the access request packet from the
client to the serverRADIUS or TACACS+?
A4:exam.
Answer:RADIUS
BCRAN
5: True or false: RADIUS uses UDP, and TACACS+ uses TCP.
A5:
exam Answer:
concepts True
Experience
remote
access
conceptsare
work
in afor
real
network
with
practice labs that walk
6: Whichhow
of the
following
commands
used
packet
mode
operation?
A. aaa authentication login default group tacacs+
CCNP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642B. aaa
authentication
login default
group tacacs+
821 BCRAN exam
and
in implementing
exec
default
groupcandidate
tacacs+ for the general exam
network setting,aaa
thisauthorization
book is useful in
preparing
a CCNP
C. aaa authentication
pppnew
default
group tacacs+
candidates for the
simulation-based
aaa authorization exec default group tacacs+
D. aaa authentication ppp default group tacacs+
implementation aaa
of the
technology. This
step-by-step
be executed on a home- or
authorization
network
defaultprocess
group can
tacacs+
evenA6:
as a stand-alone
Answer: D guide.
preparation.
Chapter 14
1:
What optional network security services does IPSec offer?

Table of Contents
Index
Answer:
Data confidentiality, data integrity, data origin authentication,
CCNP Practical
anti-replay
A1:
2:
When would you apply quality of service parameters to a tunnel interface?
A2:
Answer: When you are usingGREand IP-in-IP (IPIP) tunnel protocols.
ISBN:Which
1-58720-073-2
3:
IPSec options does an IPSec transform set define?
Pages: 528
A3:
Answer:
Mechanism for payload authenticationAHtransform
Mechanism for payload encryptionESP transform

BCRAN exam.
IPSec modeTransport versus tunnel
ESP transform of the quality of service parameters
exam concepts
4: What are the two main protocols used with IPSec as implemented by Cisco
Systems?
Experience
A4: Answer: The authentication header and the encapsulation security payload
are
both guides
used with
IPSec.
Review
set-up
that show
5: IKE
is considered
whatsimulation-based
type of protocol and
provides
withexams
which services?
Ready
yourself
for the new
questions
on IPSec
the CCNP
CCNPA5:
Practical
Answer:
Studies:
IKEis
Remote
considered
Accessa(CCNP
hybrid
Self-Study)
protocol. prepares
It is used
readers
to provide
for theIPSec
CCNP 642821 BCRANwith
exam
utility
and for
services,
workplace
such
challenges
as the establishment
in implementingofremote
a shared
access
secret.
network
network
6: setting,
What is
this
one
book
issue
is you
useful
might
in preparing
encountera when
CCNP trying
candidate
to implement
for the general
QoS within
exam a
questions by
VPN?
certification
A6: Answer:
exams. Finally,
One issue
it serves
you might
anyoneface
wanting
when
a implementing
guide to real-world
QoSapplication
in a VPNtunnel
of these
is the requirement
of certification
thatinterest.
the QoS parameter you normally find in the header
of the IP packet needs to be reflected in the tunnel packet header,
Each chapter
includes aofreview
of the
technology,
regardless
the type
of applicable
tunnel you
choose toand
use.
office-based
lab,two
a remote-accessible
software
programs,
7: What
modes can the authentication
header orsimulation
encapsulating
security
payloador
guide.
protocols be run in?
All ofA7:
the topics
on the
newcan
642-821
BCRAN
exammode
are covered,
providing
comprehensive exam
Answer:
They
be run
in tunnel
or transport
mode.
preparation.
8:
A8:
What four items do IKE peers agree on during negotiations?

Answer: An encryption algorithm, a hashing algorithm, an authentication
method, the lifetime of the SA.
9:
A9:
Answer: Access, site-to-site, extranet
10:
What match criteria can you use when classifying packets for QoS?
A10:
What three types of VPNs are available to you?
Answer:
Table of Contents
IPIndex
addresses
IP precedencethe 3 bits in the ToS field of the IP packet header

and22,
sub-URL
Pub Date:URL
December
2003
ISBN: 1-58720-073-2
MACaddresses
Pages: 528
Time of day
BCRAN exam.
exam concepts
preparation.
[SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [L] [M] [N] [O ] [P ] [Q ] [R ] [S] [T] [U] [V] [W]
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
3DES (triple DES)
75-ohm coaxial cable [See also cable]
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
AAA 2nd
broadcast accounting
configuring 2nd
ISDNcallbackwithTACACS+ 2nd
access
AAA 2nd
Table of Contents
configuringIndex
2nd
Access
Control Server
(ACS)
CCNP Practical
Studies:
Remote Access
access servers
line types
configuring
Publisher:
access
VPNs Cisco Press
Pub Date: December
22, 2003
access-list-number
arguments
accounting
ISBN:
[See1-58720-073-2
also AAA]
broqadcast
Pages: 528
configuring
configuring
failed login
generating records for
full resource
enabling
BCRAN exam.
records
suppressing
resource
failurefor
sttop
Prepare
the
enabling
exam concepts
TACACS+
configuring
2nd how
Experience
ACLs
ISDN
configuring
Review set-up
DDR with
guides
2nd
ACS (Access Control Server)
Ready
addresses
helper
CCNPCisco
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CMTS configuration
821
IP BCRAN exam and for workplace challenges in implementing remote access network
applications.
Cisco CMTSDesigned
configurationas a topic-by-topic guide of how to apply remote access concepts in a real
network
NAT 2ndsetting, this book is useful in preparing a CCNP candidate for the general exam
questions
by2nd
applying
essential
in preparing
configuring
2nd 3rd 4thcandidates for the new simulation-based questions that are on the Cisco
certification
dynamic 2nd
concepts,
order ofregardless
operation 2ndof certification interest.
overlapping 2nd
Each overloading
implementation
static 2nd
office-based
lab,
TCP load distribution
even topologies
as a stand-alone
guide.
2nd
private
IPSec 2nd
preparation.
addressing
PPP
configuring
addresss
translating
overlapping 2nd
ADSL
interference 2nd
modulation
overview of 2nd
ADSL (asymmetric DSL)
ADSL (Asymmetric DSL)
Advanced Encryption Standard (AES)
AES (Advanced Encryption Standard)
Table of Contents
Index
AH (authentication header) 2nd
AHDLC (Asynchronous High-Level Data Link Control)

algorithms
ByWesley
DES
SHA
analog
connections
Publisher:
Cisco Press
anti-replay
AppleTalk
Remote
Access Protocol (ARAP) 2nd
ISBN:
1-58720-073-2
applying
Pages: 528
NAT 2nd
ARAP (AppleTalk Remote Access Protocol) 2nd
architecture
DSL 2nd
IPSec 2nd
Gain 3DES
BCRAN
AESexam.
AH
DES
exam concepts
ESP
IKE 2nd
transform sets 2nd
transport mode
tunnel mode 2nd

arguments
Review
methods
assignment
Ready
custom queues to interfaces

dialerPractical
lists
CCNP
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642priority
lists to
interfaces
821
BCRAN
exam
Asymmetric
DSL [See
ADSL] as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
Designed
asymmetric
DSL (ADSL)
network setting,
asynchronous
callback
questions by
configuring
essential
asynchronous
certificationcalls
PRI
concepts,
configuring 2nd
Each
chapter
includes a2nd
asynchronous
communication
implementation
of
the
technology.
asynchronous group interface, configuring
office-based
lab,
a
remote-accessible
Asynchronous High-Level Data Link Control (AHDLC)
even
as
a
stand-alone
guide.
asynchronous interfaces
configuring
All
of the topics
on the new
asynchronous
lines, configuring
2nd 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
asynchronous links
PPP 2nd
AT command
attribute-value (AV) pairs
authenitcation
ARAP
configuring
CHAP
authenitcation header (AH)
authentication 2nd [See also AAA]
CHAP
LCP
method lists
defining
Table of Contents
NASI
Index
configuring
PAP 2nd
ByWesley
PPP
configuring
ISDN
Publisher:
Cisco Press
unidirectional
Pub
RADIUS
ISBN: 1-58720-073-2
configuring 2nd
Pages: 528
TACACS+
configuring 2nd
authentication header (AH)
authorization
disabling
Gain
reverse-Telnet
BCRAN
exam.
configuring
TACACS+
configuring 2nd
exam concepts
types of
autoconfiguraiton
modems 2nd
autosensing
enabling
AUX (auxiliary
port)
Review
set-up
AV (attribute-value) pairs
avoidance
Ready
congestion
preparation.
backup
dial
configuring for primary line failures 2nd
configuring load sharing 2nd
dialer profiles
configuringTable
2nd of Contents
interfaces
Index
CCNP triggering
Practical 2nd
primary links
enabling 2nd
backup interfaces
Publisher:
Cisco
ISDN
2nd 3rd
4th Press
bandwidth
ISDNISBN:
2nd 1-58720-073-2
management
Pages: 528
WFQ 2nd
Bandwidth Allocation Protocol (BAP)
BAP (Bandwidth Allocation Protocol)
Basic Rate Interface (BRI)
binding
dialer profiles 2nd
BCRAN exam.
bit rates
Cisco 6160 DSLAM system

branch Prepare
offices
analog
connections
exam
concepts
cable modemscentral offices
cable
modems
Experience
DSLyou
2nd
Frame Relay 2nd

ISDN
Review
2nd
serial links
BRI
ISDN 2nd 3rd [See also ISDN]
CCNP
Practical
Studies:
BRI
(Basic
Rate Interface)
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642challenges in implementing remote access network
bridging
network
setting,
configuring
2nd
questions
by providing
better understanding of how remote access really works. It is also
broadcast
accounting
[See alsoaaccounting]
essential
configuring
certification
building
labs
concepts,
regardless
of certification
interest.
asynchronous
communication
2nd
821 BCRAN
exam
and for
workplace
Bridge
Group Virtual
Interface
(BVI)
LANs
Each creating
implementation
WANs
office-based
lab,
creating 2nd
even
as
a
stand-alone
guide.
bundling
MPPP
BVI (Bridge Group Virtual Interface)
preparation.
[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I ] [L] [M] [N] [O ] [P ] [Q ] [R ] [S] [T] [U] [V] [W]
CA (certification authority)
cable
modems 2nd
bridging/routing configuration 2nd
Cisco CMTS configuration 2nd
DOCSIS hardware
Table of2nd
Contents
downstream/upstream
Index
CCNP modulation
spectrums 2nd
troubleshooting 2nd
cable modems
cables
RJ-45
call setup
ISBN: 1-58720-073-2
ISDNPages:
2nd 528
callback
asynchronous
ISDN
TACACS+ 2nd
PPP
caller identification
BCRAN exam.
CAP (Carrier Amplitude and Phase)
CAR (Committed Access Rate)
Carrier Prepare
Detect (CD)
for
carrier-to-noise
ratio (CNR)
exam concepts
Carrierless Amplitude and Phase (CAP)
CCM (Cisco
CallManager)
Experience
how
NAT you
deploying 2nd
CCP (Compression
Review set-up
Controlguides
Protocol) that
CD (Carrier Detect)
Ready yourself
CDSL (Consumer
DSL)
central offices
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642analog
connections
821
BCRAN
DSL
2nd
applications.
Frame Relay 2nd
network
ISDN 2nd
questions
serial linksby providing a better understanding of how remote access really works. It is also
essential modems,
in preparing
candidates
central-site
configuring
2nd
certification
exams.
certification
authority
(CA) Finally, it serves anyone wanting a guide to real-world application of these
concepts,
regardless
of certification
interest.
Challenge
Handshake
Authentication
Protocol (CHAP)
channels
Each
bandwidth
implementation
upstream configuration
office-based
lab,
ISDN 2nd
even
as
a
stand-alone
guide.
CHAP
CHAP (Challenge Handshake Authentication Protocol)
chat scripts
preparation.
configuring
chat-script command
check bytes
Cisco 6160 DSLAM system 2nd
Cisco 6400 UAC 2nd
Cisco CallManager (CCM)

NAT
deploying 2nd
Cisco CMTS
configuring 2nd
Cisco VPN 3000 client
PIX firewalls
configuring 2nd
Table of Contents
class-based WFQ
Index
classification
packets 2nd
By
Wesley
Shuo
clearing
IKE
connections
clients
Cisco
VPN 3000
Publisher:
Cisco Press
configuring
PIX firewalls
2nd
Pub
Date: December
22, 2003
VPNs ISBN: 1-58720-073-2
with NAT/preshared keys:NAT:VPNs:clients with preshared keys 2nd
Pages: 528
clients (with NAT/preshared keys) 2nd
clientss
Cisco VPN 3000 client
clock rate command
CNR (carrier-to-noise ratio)
Gain
commands
BCRAN
exam.
AT
cable modems
troubleshooting 2nd
exam concepts
chat-script
clock rate
custom queuing
dialer
global configuration
disabling
Reviewauthorization
set-up guides
ISDN
configuring
2nd
Ready yourself
line
modem
autoconfigure
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642priority
queuing
821
BCRAN
show controller
applications.
show line
network
show modemcap
questions
telnet
essential
transport input
certification
variance regardless of certification interest.
concepts,
Committed Access Rate (CAR)
Each
chapter[See
includes
communication
also connections]
implementation
of
the
between DTE devices
office-based
lab,
a
remote-accessible
DCE-to-DCE 2nd
even
as
a
stand-alone
guide.
components
All Cisco
of the
topics
6400
UAC 2nd
preparation.
dialer profiles 2nd
ISDN 2nd
compression 2nd 3rd
link
PPP
ratios
Compression Control Protocol (CCP)

CON (console port)
confidentiality
configuraiton
Cisco CMTS 2nd
configuration
AAA 2nd 3rd 4th
ISDNcallbackwithTACACS+ 2nd
accounting
Table of Contents
Index
TACACS+ 2nd
asynchronous group interfaces
ByWesley
Shuo, Dmitry
asynchronous
interfaces
asynchronous lines 2nd
authentication
ARAP
Pub
RADIUS
ISBN: 2nd
1-58720-073-2
TACACS+ 2nd
Pages: 528
authorization
TACACS+ 2nd
types of
backup
dialer profiles 2nd
Gain
hands-on
bridging
2nd
BCRAN
exam.
broadcast accounting
central-site modems 2nd
channels
exam concepts
upstream bandwidth
chat scripts
Cisco 6400 UAC 2nd

clockrates
compression
Review
link
dialer
profiles
2nd 3rd 4th
Ready
yourself
for5th
the
dialer rotary groups 2nd 3rd

dynamic
translation
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642firewalls
2ndexam and for workplace challenges in implementing remote access network
821
BCRAN
frequencies
applications.
upstream
network
interfaces by providing a better understanding of how remote access really works. It is also
questions
downstream
essential
modems exams. Finally, it serves anyone wanting a guide to real-world application of these
certification
internal modem
lines
concepts,
regardless
IPSec router-to-router 2nd
Each
IRB chapter
over DSL 2nd
implementation
ISDN 2nd
office-based
lab,
a remote-accessible
call setup and teardown
2nd
even DDR
as a2nd
stand-alone guide.
identification 2nd
All ofinterfaces
the topics
2nd on the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
PRI 2nd
routing 2nd
LANs
lien types
local interface addressing
modemcap database
modems
autoconfiguration 2nd
DCE 2nd
NASI
NAT 2nd
applying 2nd
dynamic 2nd
order of operation 2nd
Table of Contents
overlapping 2nd
Index
overloading
routers 2nd 3rd 4th
ByWesley
staticShuo
2nd , Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
topologies
2nd Press
Publisher:
Cisco
PIX
firewalls
Pub
Cisco
VPN
3000 clients 2nd
ISBN:
1-58720-073-2
PPP 2nd
Pages: 528
asynchronous links 2nd
enabling DDR 2nd
initializing access servers 2nd
interfaces 2nd
PPPoA over DSL 2nd 3rd 4th
Gain
hands-on
PPPoE
over DSL 2nd
BCRAN
exam.
PRI
asynchronous calls/ISDN calls 2nd
priority queuing 2nd 3rd 4th
QoS
exam concepts
for VPN support

queuing
custom 2nd 3rd 4th

priority 2nd
WFQ
2nd
Review
RBE over DSL 2nd

reverse-Telnet
Ready yourself
reverse-Telnet sessions
RFC Practical
1483 bridging
over DSLRemote
2nd
CCNP
Studies:
Access (CCNP Self-Study) prepares readers for the CCNP 642routing
2nd exam and for workplace challenges in implementing remote access network
821
BCRAN
serial interfaces
2nd
applications.
Designed
spectrums
network
management
questions
SPIDs in preparing candidates for the new simulation-based questions that are on the Cisco
essential
static routes exams. Finally, it serves anyone wanting a guide to real-world application of these
certification
static translation
concepts,
upstream input power level
Each
chapter
WANs
2nd
implementation
configuring ISDN
office-based
lab,
a 2nd
remote-accessible lab, some networking simulation software programs, or
configuring PIX firewalls
even
as
a
stand-alone
guide.
congestion
avoidance
All queuing
preparation.
custom queuing 2nd
priority queuing 2nd 3rd 4th 5th 6th
WFQ 2nd
connections
ADSL
modulation
analog
cabel modems
cable
bridging/routing configuration 2nd
Cisco CMTS configuration 2nd
DOCSIS DOCSIS:hardware 2nd
downstream/upstream
modems 2nd
Table of Contents
modulation
Index
spectrums 2nd
troubleshooting 2nd
ByWesley
DCE
configuring modems 2nd
modem autoconfiguration
2nd
Publisher:
Cisco Press
DSL
Pub2nd
ADSL
overview
2nd
ISBN:
1-58720-073-2
interference 2nd
Pages: 528
IRB over 2nd
PPPoA over 2nd 3rd 4th
PPPoE over 2nd
RBE over 2nd
RFC 1483 bridging over 2nd
Gain
hands-on
experience
DTE-to-DCE
wiring
2nd
BCRAN
exam.
DTE-to-DTE wiring 2nd
forward/reverse
Frame Relay 2nd
exam concepts
creating WANs 2nd

IKE
troubleshooting
ISDN 2nd 3rd 4th
bandwidth/channels 2nd
BRI
2nd
Review
BRI functional groups 2nd

BRI
reference
groupsfor
2nd the
Ready
yourself
call setup and teardown 2nd
CCNPconfiguring
Practical2nd
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642DDR 2nd 3rd
4th and for workplace challenges in implementing remote access network
821 BCRAN
exam
dialing out with
2nd
applications.
Designed
identification
2nd
network
setting,
interfaces
questions
by2nd
Layer in
1 2nd
essential
Layer 2 exams. Finally, it serves anyone wanting a guide to real-world application of these
certification
Layer 3regardless of certification interest.
concepts,
layers
Each PRI
chapter
2nd
implementation
routing 2nd
office-based
lab,
modems 2nd
even
as
a
stand-alone
guide.
point-to-multipoint
PPP
All ofasynchronous
the topics links
on the
2nd new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
configuring 2nd
enabling DDR 2nd
frames 2nd
framing
interfaces 2nd
LCP 2nd
negotiation phases 2nd
reverse Telnets
serial links
Telnet [See also Telnet]
connectors
RJ-45
Consumer DSL (CDSL)
Table of Contents
Index
control
errors 2nd
modem functions
By
Wesleyusers
corporate
CPU utilization
IPSec
CQ (custom
queuing)
2nd22, 2003
Pub Date:
December
custom queuing
2nd
ISBN: 1-58720-073-2
configuring 2nd 3rd 4th
Pages: 528
custom queuing (CQ) 2nd
BCRAN exam.
exam concepts
preparation.
D-H (Diffie-Hellman)
data communications equipment (DCE) 2nd [See also connections]
data compression 2nd
Data Encryption Standard (DES) 2nd
Data Link Connection Identifier (DLCI)
Data
Over Cable Table
ServiceofInterface
Specifications (DOCSIS)
Contents
data
terminal
equipment
(DTE)
2nd
[See also connections]
Index
databases
modemcap
configuring
DC (Demand Circuit)
DCE Publisher: Cisco Press
Pub Date: December
DTE-to-DCE
wiring 2nd22, 2003
modems
ISBN: 1-58720-073-2
autoconfiguration
2nd
Pages: 528
configuring 2nd
DCE (data communicaitons equipment) [See also connections]
DCE (data communications equipment)
DDR
dialer profiles 2nd
binding 2nd
BCRAN exam.
components 2nd
configuring 2nd 3rd 4th 5th

limitations
Prepare 2nd
for
dialer
rotaryconcepts
groups
exam
configuring 2nd 3rd
ISDN
2nd
Experience
configuring
2nd
you through
PPP
enabling
Review2nd
set-up
triggering
Ready yourself
for the
new
preventing
routing updates
from
debugging
CCNP
PPP Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN
exam and
dedicated
PPP sessions,
configuring
defining
network
setting,
custom queue
lists this book is useful in preparing a CCNP candidate for the general exam
questions
by providing
IKE parameters
2nd
essential
intraffic
interesting
certification
exams.
interesting traffic
patterns
concepts,
IPSec
transform sets
Each
method lists for authentication
implementation
passive interfaces
office-based
lab,
priority lists
even
as
a
stand-alone
guide.
Demand Circuit (DC)
deployment
NAT
preparation.
CCM 2nd
DES (Data Encryption Standard) 2nd

devices
AAA
configuring 2nd
DCE
wiring 2nd
DTE
wiring 2nd
modem connections 2nd
dial in/dial out
dial-on-demand routing [See DDR]
dialed number identification service (DNIS)
dialer commands
Table of Contents
Index
dialer lists
assigning
dialer maps
ByWesley
IDSN Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
configuring
dialer
pool interfaces
Publisher:
Cisco Press
backup
triggering
2nd
ISBN: 1-58720-073-2
dialer profiles
Pages: 528
DDR 2nd
binding 2nd
components 2nd
configuring 2nd 3rd 4th 5th
limitations 2nd
Gain
hands-on
experience
dialer profiles,
configuring
backup 2nd
BCRAN
exam.
dialer rotary groups
configuring 2nd 3rd
dialer-group-numbers
exam concepts
dialing in, dialer profile sequences

dialing out with ISDN 2nd
dialing out, dialer profile binding sequences
differentiating forward/reverse connections

Diffie-Hellman (D-H)
DiffservReview
(DS)
digital modulation
Digital Ready
Subscriber
Line [Seefor
DSL]
yourself
the
disabling
AAA Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CCNP
authorization
821
Discreet
MultiToneDesigned
2 - Issue 2 as
(DMT2)
applications.
distribution
load
questions
TCP 2nd
essential
DLCI
(Data Link exams.
Connection
Identifier)
certification
Finally,
DMT2
(Discreet
MultiTone 2 of
- Issue
2)
concepts,
regardless
certification
interest.
DNA (DoNotAge) bit
Each
chapter
includes
a review
DNIS (dialed
number
identification
service)
implementation
of
the
technology.
DOCSIS (Data Over Cable Service Interface Specifications)
office-based
lab,
a
remote-accessible
DOCSIS-compliant two-way cable modem, configuring
even
as
a
stand-alone
guide.
DoNotAge (DNA) bit
downstream
All ADSL
preparation.
interfaces
configuring
DS (DiffServ)
DSL
ADSL
modulationf
overview of 2nd
architectures 2nd
interference 2nd
IRB
configuring over 2nd
PPPoA
configuring over 2nd 3rd 4th
PPPoE
Table of Contents
Index
profiles
protocols 2nd
ByWesley
RBE
RFC
1483 bridging
Publisher:
Cisco Press
configuring
over 2nd
Pub
Date: December
22, 2003
DSL (digital
subscriber
line) 2nd
ISBN:
1-58720-073-2
DSL (Digital Subscriber Line)
Pages: 528
DSL Access Multiplexer [See DSLAM]
DSLAM
DSLAM (DSL Access Multiplexer)
DTE
Gain
hands-on
experience
DTE-to-DCE
wiring
2nd
BCRAN
exam.
DTE-to-DTE wiring 2nd
DTE (data terminal equipment) 2nd [See also connections]
dynamic NAT 2nd 3rd
exam concepts
dynamic translation
configuring
preparation.
EIA/TIA-232 serial interface (COM port)
EIGRP
load backup feature
enabling
AAA
autosensing Table of Contents

backup for primary
Index links 2nd
DDRPractical Studies: Remote Access

CCNP
PPP 2nd
encapsulation
PPP
Publisher:
Press
full
resourceCisco
accounting
Pub Date:protection
December 22, 2003
password
ports ISBN: 1-58720-073-2
upstream
Pages: 528
resource failure stop accounting
Encapsulating Security Payload (ESP) 2nd
encapsulation
PPP
enabling
encryption
BCRAN exam.
AES
DES
IPSec/GRE
withfor
NAT
2ndCCNP
Prepare
the
packets
exam
concepts
errors
control
2nd
Experience
implementation
ESF (Extended
Super-Frame)
you through
their
ESP (Encapsulating Security Payload) 2nd

EXEC-stop
Review
records
set-up
Extended Super-Frame (ESF)
Ready
extranet
VPNs
preparation.
failed login, generating accounting records for
fields
PPP frames 2nd
firewalls
Cisco PIX 500 series 2nd
configuring 2nd
Table of Contents
flags
Index
PPPPractical Studies: Remote Access

CCNP
floating static routes
floating static routes, backup
flow-based WFQ
formatting
frames
PPP
ISBN:
2nd 1-58720-073-2
forward Pages:
connections
528
forward path
Frame Relay 2nd
WANs
creating 2nd
Frame Relay Traffic Shaping (FRTS) 2nd
frames
BCRAN exam.
ESF
PPP 2nd
SF
concepts
framingexam
PPP
frequencies
upstream
Experience
configuring
you through
FRTS (Frame Relay Traffic Shaping) 2nd

full resource
Review
accounting,
set-upenabling
guides
functional groups
Ready
ISDN
BRI 2nd
CCNPreference
Practical
Studies:
Remote Access (CCNP Self-Study) prepares readers for the CCNP 642points
2nd
functionality
applications.
AAA
network
disabling
functions
essential
modem control
preparation.
g
generation
of interim accounting records
Generic Traffic Shaping (GTS)
global configuration commands
authorization Table of Contents
disabling Index
GRE
IPSec with NAT 2nd
groups
BRI functional 2nd
Publisher:
dialer
rotaryCisco Press
Pub
Date: December
configuring
2nd 3rd22, 2003
GTS (Generic
ISBN:Traffic
1-58720-073-2
Shaping)
Pages: 528
BCRAN exam.
exam concepts
preparation.
hardware
DOCSIS 2nd
HDC (Hybird Fiber Coax)
HDSL (High Bit Rate DSL)
helper
addressesTable of Contents
Cisco
CMTS configuration
Index
High
rate DSLStudies:
(HDSL) Remote Access
CCNPBit
Practical
hosts
naming
configuring PPP authentication
hubsPublisher: Cisco Press
Pub Date:
December 22,
IPSec
router-to-router
hub2003
and spoke 2nd
Hybrid Fiber
ISBN:
Coax
1-58720-073-2
(HFC)
Pages: 528
BCRAN exam.
exam concepts
preparation.
[SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O ] [P ] [Q ] [R ] [S] [T] [U] [V] [W]
ICMP
testing
IDB (interface description block)
idele timers
ISDN
configuringTable of Contents
identification
Index
ISDN
CCNP
configuring 2nd
IDSL (Integrated Services Digital Network DSL)
IGRP
Publisher:
Press
load
backupCisco
feature
IKE Pub Date: December 22, 2003
troubleshooting
ISBN: 1-58720-073-2
IKE (Internet
Pages:Key
528Exchange) 2nd 3rd
parameters
defining 2nd
Inetgrated Services Digital Network DSL (IDSL)
initialization
cable modems
input
BCRAN exam.
login
specifying time for

input power
level configuration,
upstream
Prepare
for the CCNP
642-821
inside global
examaddresses
concepts
overloading
inside local
addresses how
Experience
implementation
inside source
addresses their
you through
translating 2nd
Integrated
Review
Routing
set-up
and Bridging
guides
[See
that
IRB]show
Integrated Services Digital Network 2nd [See ISDN]
Ready
integrity
interactive PPP sessions, configuring
CCNP Practical
interesting
traffic
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821
DDR
applications.
defining
network
ISDN setting, this book is useful in preparing a CCNP candidate for the general exam
questionstraffic
by providing
interesting
parameters, defining
essential
in preparing
interface
description
block (IDB)
interfaces
concepts,
asynchronous
configuring
Each
asynchronous groups
implementation
configuring
office-based
lab,
backup
even triggering
as a stand-alone
guide.
2nd
BVI
preparation.
clockrates
configuring
custom queues
assigning to
custom queuing 2nd
conifguring 2nd 3rd 4th
dialer
configuring
creating
creating for dialer rotary groups
downstream
configuring
ISDN

method lists
Table of Contents
Index
applying to
modems
ByWesley
configuring
NASI
passive
defining
Pub
PPP ISBN: 1-58720-073-2
PRI
configuring 2nd
Pages: 528
asynchronous calls/ISDN calls 2nd
configuring 2nd
priority lists
assigning to
Gain
hands-on
priority
queuing 2nd
BCRAN
exam.
conifguring 2nd
serial
configuring 2nd
exam concepts
WFQ
conifguring 2nd
interferenceADSL 2nd
interim accouting records, generating
interleaving delay parameter, Cisco 6160 DSLAM system

internalReview
modem lines,
configuring
set-up
guides
Internet Key Exchange (IKE) 2nd 3rd

parameters
Ready
defining 2nd
troubleshooting
CCNP
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642Internet
Protocolexam
Security
[Seefor
IPSec]
821 BCRAN
and
Internet
Security Designed
Association and
Management Protocol
(ISAKMP)
applications.
as Key
a topic-by-topic
guide
IP
addresses by providing a better understanding of how remote access really works. It is also
questions
Cisco CMTS
configuration
essential
in preparing
IP
PHONE
certification
CCM
concepts,
deploying NAT between 2nd
Each
IPSec chapter includes a review of the applicable technology, and guides the reader through
implementation
CPU utilization
office-based
lab,
GRE with NAT 2nd a remote-accessible lab, some networking simulation software programs, or
even
asover
a stand-alone
guide.
L2TP
2nd
maintenance 2nd
All memory
preparation.
monitoring 2nd
private addresses 2nd
router-to-router configuration 2nd
router-to-router hub and spoke 2nd
three full-mesh routers 2nd
transfrom sets
defining
VPNs [See also VPNs]
IPSec (Internet Protocol Security)
3DES
AES
AH
architecture 2nd
DES
ESP
Table of Contents
Index
IKE 2nd
transform sets 2nd
ByWesley
Shuo
transport
mode
tunnel mode 2nd
IRB Publisher: Cisco Press
DSL
configuring
over 2nd
ISBN: 1-58720-073-2
IRB (Integrated Routing and Bridging)
Pages: 528
ISAKMP (Internet Security Association and Key Management Protocol)
ISDN 2nd
bandwidth/channels 2nd
BRI 2nd
functional groups 2nd
Gain reference
hands-on
experience
points
2nd
BCRAN
exam.
call setup and teardown 2nd
callback
TACACS+ 2nd
exam concepts
configuring 2nd
DDR 2nd
configuring 2nd
dialing out with 2nd

identification
configuring
2nd
Review set-up
interfaces
configuring
2nd
Ready yourself
layers
1 2nd Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CCNPLayer
Practical
Layer 2 exam and for workplace challenges in implementing remote access network
821 BCRAN
Layer 3
applications.
PRI
network
configuring
2nd 3rd 4th a better understanding of how remote access really works. It is also
questions
by providing
routing in preparing candidates for the new simulation-based questions that are on the Cisco
essential
configuring
2nd
certification
exams.
ISDN
(Integrated
Services Digital
Network) 2nd interest.
concepts,
regardless
of certification
preparation.
L2TP (Layer 2 Tunneling Protocol)
over IPSec 2nd
labs
asynchronous communication 2nd
LANs
creating
Table of Contents
WANs
Index
2nd
CCNP creating
Practical
LANs (local area networks)
creating
Layer 1
Publisher:
ISDN
2nd Cisco Press
LayerPub
2 Date: December 22, 2003
ISDNISBN: 1-58720-073-2
Layer 2 Pages:
Tunneling
528Protocol (L2TP)
over IPSec 2nd
Layer 3
ISDN
layers
ISDN
Layer 1 2nd
BCRAN exam.
Layer 2
Layer 3
LCP (Link
Control Protocol)
Prepare
for the
PPPexam
2nd
concepts
legacy DDR, advantages of dialer profiles over

limitations
Experience
dialer
profiles
2nd
you
through
line cards
Cisco
Review
6160 DSLAM
set-up
system
guides
line command
Ready
yourself
line types,
configuring
lines
CCNP
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642method
lists
821 BCRAN
applying to
applications.
Designed
link
compression 2nd
[See alsoas
compression]
network
Link
Controlsetting,
Protocol (LCP)
questions
PPP 2nd by providing a better understanding of how remote access really works. It is also
list
certification
custom queueexams. Finally, it serves anyone wanting a guide to real-world application of these
concepts,
definingregardless of certification interest.
list-names
Each
lists
implementation
methods
office-based
lab,
AAA [See also AAA]
even applying
as a stand-alone
guide.
to interfaces/lines
defining
priority
preparation.
defining
load backup feature, routing

load distribution
TCP 2nd
load sharing, configuring dial backup 2nd
load sharing, configuring dial backup for 2nd
local area networks [See LANs]

local interface addressing
configuring
login
accounting records
generating
input
specifying time for
Table of Contents
login authentication, configuring AAA
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
MAC (Media Access Control)
maintenance
IPSec 2nd
NAT 2nd
QoS
for VPNs Table of Contents
management
Index
bandwidth
CCNP
spectrums
configuring
map classes
dialer
Pub
configuring
maps
ISBN: 1-58720-073-2
dialerPages: 528
configuring ISDN
margins
MD5 (Message Digest 5)
Media Access Control (MAC)
memory
BCRAN exam.
IPSec
Message Digest 5 (MD5)

methodPrepare
lists
AAAexam
[See also
AAA]
concepts
defining
methods
Experience
arguments
you through
methods lists
interfaces/lines
Review set-up
applying
yourself
for the
modemReady
autoconfigure
command
modemcap database, configuring
CCNP Practical
modems
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821
ATBCRAN
commands
applications.
Designed
AUX port for EXEC
dial-in connectivity
network
cable 2nd
questions
by providing
a better
briding/routing
configuration
2nd understanding of how remote access really works. It is also
essential
in preparing
candidates
Cisco CMTS
configuration
2nd
certification
exams.2nd
DOCSIS hardware
concepts,
downstream/upstream
modulation
Each spectrums
chapter 2nd
implementation
troubleshooting 2nd
office-based
lab,
central-site
even configuring
as a stand-alone
guide.
2nd
compression 2nd
connections 2nd
preparation.
DCE
autoconfiguration 2nd
configuring 2nd
error control 2nd
internal lines
configuring
modulation standards
nonstandard commands
speed
modification
translation
timeouts 2nd
modulation
ADSL
QAM
Table of Contents
Index
modulation standards, modems

modules
ByWesley
AAA 2nd
configuring 2nd
monitoring
2ndCisco Press
Publisher:
IPSec
2nd December 22, 2003
Pub Date:
NAT 2nd
ISBN: 1-58720-073-2
QoS
Pages: 528
VPN
MPPC (Microsoft Point-to-Point Compression) 2nd

MPPP (Mulitlink PPP) [See also PPP]
Multilink PPP (MPPP) [See also PPP]
multiple routers
Gain
hands-on
IPSec
2nd
BCRAN exam.
exam concepts
preparation.
named method lists [See also method lists]
accounting
authorization
naming
hosts
configuringTable
PPP authentication
of Contents
NASI
(NetWare Asychronous
Services Interface)
Index
NAT
IPSec with GRE 2nd
maintenance 2nd
monitoring 2nd
Cisco Press
NAT Publisher:
(Network Adress
Translation) 2nd
Pub Date:
December 22, 2003
applying
2nd
configuring
ISBN: 1-58720-073-2
2nd 3rd 4th
dynamic
2nd
Pages:
528
overlapping 2nd
overloading
static 2nd
topologies 2nd
BCRAN exam.
negotiation phases
PPP 2nd
NetWare
Asynchronous
Services
Interface
(NASI)
Prepare
for the
CCNP
642-821
BCRAN
Network
Address
Translation [See NAT]
exam
concepts
NETWORK records
networks
Experience
devices
you
configuring AAA 2nd

IPSec
Review
3DES
Ready
AES
AH
CCNParchitetcure
Practical2nd
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN
DES
applications.
ESP
network
IKE 2nd
questions
bysets
providing
transform
2nd
essential
in preparing
transport
mode
certification
exams.
tunnel mode
2nd
concepts,
LANs
creating
Each
VPNs [See also VPNs]
implementation
WANs
office-based
lab,
creating 2nd
even
as
a
stand-alone
guide.
nonstandard modem commands
NULL
accounting records
preparation.
suppressing
numbering interfaces
[SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [L] [M] [N] [O] [P ] [Q ] [R ] [S] [T] [U] [V] [W]
optimization
accounting
authorzation
traffic
prioritizing 2nd
optmization
Table of Contents
compression Index
CCNP link
origin authentication
OSPF
load backup feature

Cisco Press
OSPFPublisher:
Demand Circuit
Pubglobal
Date: addresses
December 22, 2003
outside
outside local
ISBN:
addresses
1-58720-073-2
outside Pages:
source lists,
528 dynamic NAT 2nd
overlapping
addresses
translating 2nd
NAT 2nd 3rd [See also NAT]
overloading
inside global addresses
BCRAN exam.
NAT 2nd [See also NAT]
exam concepts
preparation.
[SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [L] [M] [N] [O ] [P] [Q ] [R ] [S] [T] [U] [V] [W]
packets
classification 2nd
encryption
NAT [See also NAT]
PAP
PAP
Protocol)
(Password Authentication
Table of Contents
parameters
Index
IKE Practical Studies: Remote Access
CCNP
defining 2nd
interfaces
configuring 2nd
Publisher:
Cisco Press
security
protocols
Pub
configuring
passive interfaces
ISBN: 1-58720-073-2
defining
Pages: 528
Password Authentication Protocol (PAP)
passwords
protection
enabling
payload compression [See also compression]
physical interfaces
BCRAN exam.
backup
triggering 2nd
dialer
profiles
Prepare
dialer
rotaryconcepts
groups
exam
dilaer profiles
configuring
Experience
PIX firewalls
you through
Cisco VPN 3000 clients

configuring
Review set-up
2nd
configuring 2nd
Ready
platforms
Cisco VPN 3000 series concentrators 2nd
CCNP Practical connections

Studies: Remote
point-to-multipoint
Access (CCNP Self-Study) prepares readers for the CCNP 642workplace challenges in implementing remote access network
applications.
Designed
as[See
a topic-by-topic
Point-to-Point
Protocol
over ATM
PPPoA]
network setting,
is [See
useful
Point-to-Point
Protocolthis
over book
Ethernet
PPPoE]
policers
essential
traffic in preparing candidates for the new simulation-based questions that are on the Cisco
pools
concepts,
dialer
821 BCRANProtocol
exam[See
andPPP]
for
Point-to-Point
ports
Each
upstream
implementation
enabling
office-based
lab,
PPP
even
as
a
stand-alone
guide.
AAA
configuring
authentication
preparation.
ISDN
unidirectional
troubleshooting 2nd
verification 2nd
PPP (Point-to-Point Protocol)
configuring 2nd

enabling DDR 2nd
interfaces 2nd
frames 2nd
framing
LCP 2nd
Table of Contents
PPPoA
Index
DSL
configuring over 2nd 3rd 4th
By
Wesley
Shuo, Dmitry
Bokotey
, Raymond
PPPoA
(Point-to-Point
Protocol
over
ATM)
PPPoE
DSL
configuring
over 2nd
Pub
Date: December
22, 2003
PPPoE (Point-to-Point
Protocol over Ethernet)
ISBN: 1-58720-073-2
PQ (priority queuing)
Pages: 528
preshared keys
VPNs 2nd
with NAT 2nd
prevention
routing updates
Gain
PRI
BCRAN
exam.calls/ISDN calls 2nd
asynchronous
ISDN [See also ISDN]
configuring 2nd
exam concepts
PRI (Primary Rate Interface)
primary line failures, configuring dial backup 2nd

primary links
backup
enabling 2nd
PrimaryReview
Rate Interface
(PRI)
set-up
guides
prioritization
traffic
2nd
Ready
priority queuing 2nd

configuring
2nd Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642CCNP
Practical
priority
queuing exam
(PQ)
821 BCRAN
private
addresses Designed as a topic-by-topic guide of how to apply remote access concepts in a real
applications.
IPSec 2nd
network
privileged
levels,
password
protection
on
questions
by enabling
providing
a better
understanding
profiles
dialer
certification
bindingregardless
2nd
concepts,
components 2nd
Each configuring
chapter includes
2nd 3rd 4tha5th
implementation
of
the
technology.
DDR 2nd
office-based
lab,
a
remote-accessible
limitations 2nd
even
as
a
stand-alone
guide.
DSL
protection
Allpasswords
preparation.
enabling
protocols
AAA [See also AAA]
ARAP
BAP
CCP
CHAP 2nd
DSL 2nd
IDSN layer
layer 1 2nd
Layer 2
Layer 3
IKE
IPSec
3DES
Table of Contents
Index
AES
AH
ByWesley
Shuo, Dmitry
architecture
2nd Bokotey, Raymond Morrow, Deviprasad Konda
DES
ESP
Publisher:
Cisco Press
IKEDate:
2nd December 22, 2003
Pub
transform
sets 2nd
ISBN: 1-58720-073-2
transport mode
Pages: 528
tunnel mode 2nd
ISAKMP
PAP 2nd
PPP
Gain configuring
hands-on2nd
BCRAN
exam.
enabling DDR 2nd
frames 2nd
framing
exam concepts

interfaces 2nd
LCP 2nd

security
configuring
parameters
Review set-up
guides
SLIP
WFQ
2nd
Ready
preparation.
[SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [L] [M] [N] [O ] [P ] [Q] [R ] [S] [T] [U] [V] [W]
QAM (Quadrature Amplitude Modulation)
QoS
VPNs
bandwidth management
CAR
configuringTable of Contents
congestionIndex
avoidance
2nd
CCNP CQ
Practical
DS
FRTS 2nd
monitoring
Publisher:
Cisco Press 2nd
packet classification
Pub
PQDate: December 22, 2003
traffic
ISBN:
shaping
1-58720-073-2
2nd
tunnels
Pages: 528
QPSK (Quadrature Phase Shift Keying)
Quadrature Amplitude Modulation (QAM)
Quadrature Phase Shift Keying (QPSK)
queuing 2nd
CQ 2nd
custom
BCRAN exam.
operations
custom
queuing
2nd
Prepare
for the
priority
2nd 3rd 4th 5th 6th
examqueuing
concepts
WFQ 2nd
PQ
priority
you
configuring 2nd
WFQ
Review
configuring 2nd
preparation.
RADIUS [See also AAA]
authentication
configuring 2nd
RADSL (Rate-Adaptive DSL)
Rate-Adaptive DSL (RADSL)
ratios
Table of Contents
compression Index
RBE
DSL
RBE (Routed Bridge Encapsulation)

records
accounting
generating
ISBN: 1-58720-073-2
interim
suppressing
Pages: 528
EXEC-stop
NETWORK
start-stop
reference points
ISDN BRI 2nd
remote office/branch office (ROBO)
BCRAN exam.
reports
accounting [See also AAA, accounting]

resource
failure stop
enabling
Prepare
foraccounting,
the CCNP
642-821
return path
exam
concepts
reverse connections
reverseExperience
path
implementation
reverseyou
Telnet
connections
through
their
reverse-Telnet
authorization
Review
configuring
Readysessions,
yourself
for the
reverse-Telnet
configuring
RFC 1483 bridging
CCNP
DSL Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN
exam
configuring
over 2nd
applications.
RJ-45
connectors Designed as a topic-by-topic guide of how to apply remote access concepts in a real
network
setting,
this book
ROBO
(remote
office/branch
office) is useful in preparing a CCNP candidate for the general exam
questions
providing[See
a better
Routed
Bridgeby
Encapsulation
RBE] understanding of how remote access really works. It is also
router-to-router
configurationcandidates for the new simulation-based questions that are on the Cisco
certification
IPSec 2nd exams. Finally, it serves anyone wanting a guide to real-world application of these
of certification
interest.
router-to-router
hub and spoke,
IPSec 2nd
routers
Each
AAA 2nd
implementation
configuring 2nd
office-based
lab,
asynchronous interfaces
even configuring
back-to-back connections through AUX ports
dial in/dial out
preparation.
interfaces
configuring 2nd
ISDN
DDR 2nd
identification 2nd
interfaces 2nd
PRI 2nd
NAT
applying 2nd
dynamic 2nd
overlapping 2nd
Table of Contents
overloading
Index
static 2nd
ByWesley
Shuo,2nd
Dmitry Bokotey, Raymond Morrow, Deviprasad Konda
topologies
three full-mesh IPSec 2nd
VPNs
2nd 3rd
Publisher:
Cisco Press
WANs
creating
ISBN: 2nd
1-58720-073-2
routes
Pages: 528
floating static
as backups
static
configuring
routing
Gain
hands-on
configuring
2nd experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN
exam.
ISDN
configuring 2nd
load backup
exam concepts
updating
preventing
RSA signatures
preparation.
SAs
IPSec 2nd
scripts
chat
configuring
SDSL
(symmetricTable
DSL) of Contents
SDSL
(Symmetric
DSL)
Index
Secure
Hash Algorithm
(SHA)
CCNP Practical
Studies:
Remote Access
security
AAA 2nd
configuring 2nd
firewalls
Pub
Date:
2003
Cisco
PIXDecember
500 series22,
2nd
IPSecISBN: 1-58720-073-2
3DES
Pages: 528
AES
AH
architecture 2nd
DES
ESP
IKE 2nd
BCRAN exam.
transform sets 2nd
transport mode
tunnel
modefor
2ndthe
Prepare
protocols
exam
concepts
configuring parameters
sequences
Experience
binding
you
dialer profiles 2nd

serial interfaces
Review
configuring 2nd
Ready
yourself
the
Serial Line
Internet
Protocolfor
(SLIP)
serial links
CCNP
servers
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821
access
applications.
configuring Designed
line types as a topic-by-topic guide of how to apply remote access concepts in a real
network
ACS
questions
NAT 2nd by providing a better understanding of how remote access really works. It is also
essential
in 2nd
applying
certification
exams.
configuring
2nd 3rd 4th
concepts,
regardless
dynamic
2nd
Each overloading
chapter includes
2nd 3rd
implementation
of
the
static 2nd
office-based
lab,
a
remote-accessible
even topologies
as a stand-alone
guide.
2nd
RADIUS
configuring authentication 2nd
preparation.
TACACS+
configuring accounting 2nd

configuring authentication 2nd
configuring authorization 2nd
ISDNcallback 2nd
services
AAA
configuring 2nd
session
reverse-Telnet
configuring authorization
sessions
accounting records
generating
Table of Contents
PPP
Index
configuring
SF (Super-Frame)
By
Wesley
Shuo
, Dmitry
SHA
(Secure
Hash
Algorithm)
shaping
traffic
2nd Cisco Press
Publisher:
FRTS
2ndDecember 22, 2003
Pub
Date:
sharing ISBN: 1-58720-073-2
spectrums 2nd
Pages: 528
show controller command
show line command
show modemcap command
signal-to-noise ratio (SNR)
signals
Gain
CD hands-on experience of CCNP Remote Access topics with lab scenarios for the new 642-821
BCRAN
site-to-siteexam.
VPNs
SLIP (Serial Line Internet Protocol)
small office/home office (SOHO)
exam concepts
SNR (signal-to-noise) ratio
SOHO (small office/home office)

sp autoconfiguration
spectrums
sharing 2nd
speed
modems
SPIDs
configuring
spokes
CCNP
Practical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642IPSec
router-to-router
hubfor
andworkplace
spoke 2nd
821
BCRAN
exam and
sprectrums
management
network
configuring
questions
standards
modem modulation
certification
start-stop
records
concepts,
static NAT 2nd 3rd [See also NAT]
Each
static routes
implementation
configuring
office-based
lab,
static translation
even
as
a
stand-alone
guide.
configuring
Super-Frame (SF)
All
suppresion
preparation.
accounting records
switches
AAA 2nd
configuring 2nd
types
configuring ISDN
VPNs
Symmetric DSL [See SDSL]
symmetric DSL (SDSL)
system components
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
TACACS+ [See also AAA]
accounting
configuring 2nd
authentication
configuring 2nd
authorization Table of Contents

configuringIndex
2nd
TACACS+ISDNcallback
2ndRemote Access
TCP
headers
compression [See also compression]
Publisher:
Cisco 2nd
Press
load
distribution
NAT
TDM (time-division
ISBN: 1-58720-073-2
multiplexing)
TDMA (time-division
Pages: 528 multiple access)
teardown
ISDN 2nd
technologies
analog connections
cable modems
DSL 2nd
BCRAN exam.
Frame Relay 2nd
ISDN 2nd
serial
links
Prepare
telecommuters
exam concepts
Telnet
reverse
Telnet connections
Experience
how remote
reverse-Telnet
you through
configuring authorization
reverse-Telnet
Review set-up
sessions guides
configuring
Ready yourself
telnet command
testing
CCNP
ICMPPractical Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642821 BCRAN
examrouters
and for
three
full-mesh IPSec
2nd workplace challenges in implementing remote access network
applications.
Designed
time-division
multiple
access (TDMA)
network setting,
this(TDM)
time-division
multiplexing
timeouts
essential
translation
certification
modifying exams.
2nd
timers
idle
Each configuring
chapter includes
ISDN
implementation
of
the
topologies
office-based
lab,
a
remote-accessible
NAT 2nd
even
as
a
stand-alone
guide.
tracking
accounting [See also AAA, accounting]
traffic
preparation.
custom queuing 2nd
DDR
interesting
defining
ISDN
interesting patterns
policers
prioritizing 2nd
priority queuing 2nd
shaping 2nd
FRTS 2nd
WFQ 2nd
training modes, Cisco 6160 DSLAM system
transform sets 2nd
IPSec
Table of Contents
Index
defining
translation
ByWesley
addresses
overlapping 2nd
timeouts
modifying
2nd
Pub
Date: December
22, 2003
transportISBN:
input 1-58720-073-2
command
transport mode
Pages: 528
triggering DDR calls, preventing routing updates from
triggering dial backup 2nd
triple DES (3DES)
troubleshooting
autoconfiguration [See a]
Gain
backup
BCRAN
exam.dial backup for load sharing 2nd
configuring
configuring dial backup for primary line failures 2nd
dialer profiles 2nd
exam concepts
enabling for primary links 2nd

cable modems 2nd
compression
link
congestion
custom
queuing
2ndguides
Review
set-up
priority 2nd 3rd 4th

priority
2nd
Readyqueuing
yourself
queuing
2nd
CCNPWFQ
Practical
Studies: Remote Access (CCNP Self-Study) prepares readers for the CCNP 642DSLBCRAN exam and for workplace challenges in implementing remote access network
821
interferenceDesigned
2nd
applications.
error control
2nd this book is useful in preparing a CCNP candidate for the general exam
network
setting,
IKE
questions
interfacesin preparing candidates for the new simulation-based questions that are on the Cisco
essential
backup exams. Finally, it serves anyone wanting a guide to real-world application of these
certification
triggering
backup 2ndof certification interest.
concepts,
regardless
IPSec 2nd
Each
NATchapter
2nd
implementation
PPP 2nd
office-based
lab,
QoS
even for
asVPNs
traffiic
All ofprioritizing
the topics
2ndon the new 642-821 BCRAN exam are covered, providing comprehensive exam
preparation.
TTY (asynchronous port)
tunnel mode 2nd
tunnels
GRE
IPSec with NAT 2nd
L2TP
over IPSec 2nd

QoS for VPN
types
of authorization
of users
switches
Table of Contents
Index


ISBN: 1-58720-073-2
Pages: 528
BCRAN exam.
exam concepts
preparation.
UAC
Cisco 6400 UAC 2nd
UAC (Universal Access Concentrator)
UARTs (Universal Asynchronous Receiver Transmitters)
unidirectional PPP authentication
uninteresting
traffic
Table of Contents
DDR
Index
Universal
Access Studies:
Conentrator
[See UAC]
CCNP Practical
Remote
Access
Universal Asynchronous Receiver Transmitters (UARTs)
updating
routing
Publisher:
Cisco Press
preventing
upstream
ADSLISBN: 1-58720-073-2
channel
bandwidth
configuration
Pages:
528
frequencies
configuring
input power level configuration
ports
enabling
users
BCRAN exam.
types of
exam concepts
preparation.
values
flags
PPP
variance command
VDSL (Very High Bit Rate DSL)
verification
Table of Contents
ISDN configuration
Index
PPPPractical
2nd
CCNP
PPP configuration
Very High Bit Rate DSL (VDSL)
virtual private networks [See VPNs]
VPNsPublisher: Cisco Press
Pub
PIX
firewalls
configuring
ISBN: 1-58720-073-2
2nd
QoS Pages: 528
bandwidth management
CAR
configuring
congestion avoidance
CQ 2nd
DS
BCRAN exam.
FRTS 2nd
monitoring
packet
classification
Prepare
for the 2nd
CCNP
PQ
exam
concepts
traffic shaping 2nd

tunnels
Experience
VPNs (virtual
private networks)
2nd
you through
Cisco PIX 500 series firewalls 2nd
Cisco
Review
VPN 3000
set-up
client
Cisco VPN 3000 series concentrators 2nd
Ready
routers
switches
CCNP
Practical
vty
(virtual
terminal)Studies:
preparation.
WAN
compression
link
WANs (wide area networks)
creating 2nd
Weighted
Fair Queuing
[See
WFQ]
Table of
Contents
WFQ
Index
configuring
CCNP
Practical2nd
WFQ (weighted fair queuing) 2nd
WFQ (Weighted Fair Queuing)
wide area networks [See WANs]
Publisher:
Cisco Press
wireless
communications
wiring
DTE-to-DCE
ISBN: 1-58720-073-2
2nd
DTE-to-DTE
2nd
Pages: 528
BCRAN exam.
exam concepts
preparation.

Cisco Press - CCNP Practical Studies - Exam 642-821 BCRAN

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cisco Press - CCNP Practical Studies - Exam 642-821 BCRAN

Hochgeladen von

Copyright:

Verfügbare Formate

Table of Contents

CCNP Practical Studies: Remote Access

Publisher: Cisco Press

CCNP Practical Studies: Remote Access

Publisher: Cisco Press

Practical Exercise 3-1 Solution

Basic Cable Modem Troubleshooting Using Cisco IOS Software Commands

Practical Exercise 8-1 Solution

Frame Relay Terminology

Frame Relay Devices

Chapter 12. Scaling IP Addressing with Network Address Translation

Practical Exercise 12-1: Dynamic NAT Using an Outside Source List

Practical Exercise 12-1 Solution

Practical Exercise 14-9 Solution

First Printing December 2003

Warning and Disclaimer

title and ISBN in your message.

Corporate and Government Sales

We greatly appreciate your assistance.

Fax: 408 526-4100

CCNP Practical Studies: Remote Access

About the Authors

About the Technical Reviewers

career possibilities. The rigors of

Goals of This Book

Access," introduces the various types of remote-access

Pub Date: December 22, 2003

discussed and its configuration demonstrated.

ByWesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda

Appendix A, "Answers to Review Questions," provides answers to the chapter-ending

How Best to Use This Book

the concepts Index

Publisher: Cisco Press

Publisher: Cisco Press

Pub Date: December 22, 2003

Icons Used in This Book

CCNP Practical Studies: Remote Access

Publisher: Cisco Press

CCNP Practical Studies: Remote Access

Publisher: Cisco Press

Command Syntax Conventions

mutually exclusive elements.

ByWesley Shuo, Dmitry Bokotey, Raymond Morrow, Deviprasad Konda

Square brackets ([ ]) indicate optional elements.

Pub Date: December 22, 2003

Chapter 1. Introduction to Remote Access

Types of Remote-Access Users

Types of Remote-Access Users

working from home These users use a wide variety of technologies,

Pub Date: December 22, 2003

to a serial link that has a flat per-month cost.

CCNP Practical Studies: Remote Access

Cable Modem Services

Publisher: Cisco Press

What are the main kinds of remote-access users?

CCNP Practical Studies: Remote Access

for frame routing?

What are some advantages of Frame Relay?

Publisher: Cisco Press

Pub Date: December 22, 2003

What are the two main varieties of ISDN?

are two advantages of ISDN?

What are the two main varieties of DSL?

What are two advantages of DSL?