WAN Flashcards
connectionless WAN system
i.e. internets
carries full addressing info in each packet
connection oriented WAN system
- predetermines packet’s route
- each packet only carries an identifier such as Data Link Connection Identifiers (DLCIs)
metro ethernet
use IP aware ethernet switches in the service provider’s network cloud to offer converged voice, data, and video services at ethernet speeds
3 classes of VPN protocols
carrier protocol-protocol over which info travels (frame-relay, ATM, MPLS)
encapsulation protocol-protocol that is wrapped around data (GRE, IPsec, L2F, PPTP, L2TP_
passenger protocol-protocol over which original data was carried (IPX, Appletalk, IPv4/6)
HMAC
keyed hashed message authentication code
-data integrity algorithm used by VPNs
VPN Authentication methods
PSK (pre-shared key) secret key is shared between 2 parties using secure channel
RSA signature: uses exchange of digital certificates
4 IPsec squares administrators must fill
- IPsec protocol
- encryption algorithm
- authentication algorithm
- DH (diffie-hellman) group which handles key exchange
CPE
Customer premises equipment, self explanatory
Demarcation point
Where service providers responsibility ends and CPE begins
Local loop
Connects demarc to central office
Digital signal 0(DS0)
64 Kbps
T1
DS1, containes 24 DS0 circuits, 1.544 Mbps
E1
European equivalent of t1, 2.048 Mbps
T3
DS3
28 DS1’s or 672 DS0’s
44.736 Mbps
OC-3
Optical carrier 3
Fiber
3 DS3’s
155.52 Mbps
OC-12
4 OC-3’s
622.08 Mbps
OC-48
4 OC-12’s
2488.32 Mbps
Frame relay
Packet switched
ISDN
Integrated services digital network
Uses phone lines
Faster than pots
HDLC
High-level data-link control
Data link protocol
PPP
Point to point protocol
Uses link control protocol(lcp)
To manage data link connections
Network control protocol(ncp) is used to allow multiple upper layer protocols to be used
PPPoE
Point to point protocol over ethernet
LCP
Link control protocol
Method of establishing, configuring, and maintaining and terminating point to point connections
NCP
Network control protocol
Method of establishing and configuring different network layer protocols for transport across the PPP link
LCP configuration options
Authentication Compression Error detection Multilink PPP callback
PPP session establishment steps
Link-establishment phase
Authentication phase(if used)
Network layer protocol phase
Frame relay access rate
Maximum speed at which frame relay interface can transmit
Frame relay CIR
Committed information rate
Max bandwidth of data guaranteed to be delivered
Configure frame relay on Cisco router
Use encapsulation frame-relay command on serial interface
DLCI
Data link connection identifiers
Identifies the virtual circuit in frame relay circuita
Inverse ARP (IARP)
Maps a known DLCI to an IP address
Commonly used frame relay show commands
Show frame-relay lmi, PVC, and map
PVC status active
Switch is correctly programmed with the DLCI and there is a successful DTE-to-DTE circuit(router to router)
PVC status inactive
Router is connected to the switch(DTE to DCE) but there’s not a connection to the far end router (DTE)
Can be a router or switch issue
PVC status deleted
The router(DTE) is configured for a DLCI that the switch (DCE) does not recognize or is not configured correctly
Troubleshooting frame relay
Check encapsulation type (Cisco or ietf) matches
Check frame relay mappings
Check to see if broadcasts need to be allowed (they aren’t on by default) for routing updates
Layer 2 forwarding(L2F)
Cisco proprietary tunneling protocol
Old
Point-to-point tunneling protocol(PPTP)
Created by Microsoft to allow secure transfer of data from remote networks to the corporate network
Layer 2 tunneling protocol(L2TP)
Creates by Cisco and Microsoft to replace L2F and PPTP. Merged the capabilities of both L2F and PPTP into one protocol
generic routing encapsulation(GRE)
Cisco proprietary tunneling protocol. Forms virtual point-to-point links, allowing a variety of protocols to be encapsulated in IP tunnels
2 primary IPSec security protocols
Authentication header(ah) Encapsulating security payload(ESP)
4 services of ESP encapsulating security payload
Confidentiality
Data origin authentication and connection less integrity
Anti-replay service
Traffic flow
Which interface provides clocking, DTE or DCE?
DCE
command used to view physical information about serial interface, such as the type of cable connected
show controller interface #
command to set serial encapsulation to HDLC
in interface configuration mode
encapsulation HDLC
What are the 3 basic components of PPP
A method for encapsulating multiprotocol datagrams
An LCP for establishing, configuring, and testing the data-link connection
A family of NCP for establishing and configuring different network layer protocols
command to set serial interface in PPP mode
encapsulation ppp
What is PAP?
password authentication protocol
username and password sent in cleartext
2 types of devices connected frame relay network
DTE - customer side
DCE - service providor side, provides clocking
What does local access rate mean in Frame Relay parlance?
The connection speed from the local loop to the frame relay cloud
What is a PVC?
permanent virtual circuit, for frame-relay
What is an SVC?
switched virtual circuit, for frame-relay but most commonly used in X.25 circuits.
What is a DLCI?
The DLCI contains a 10-bit number in the address field of the Frame Relay frame header that identifies the VC. DLCIs have only local significance because the identifier references the point between the local router and the local Frame Relay switch to which the DLCI is connected
What is the frame relay CIR?
committed information rate
specifies the maximum average data rate that the network undertakes to deliver under normal conditions.
What is inverse ARP?
used in frame relay to discover the network address of the remote DTE from the DLCI. maps DLCI to IP
what is LMI in frame relay?
Local Management Interface. Set of enhancements to the basic Frame Relay specification. LMI includes support for a keepalive mechanism, which verifies that data is flowing; a multicast mechanism, which provides the network server with its local DLCI and the multicast DLCI; global addressing, which gives DLCIs global rather than local significance in Frame Relay networks; and a status mechanism, which provides an on-going status report on the DLCIs known to the switch. Known as LMT in ANSI terminology.
formula to calculate the number of PVCs needed for a full mesh frame relay topology
The formula n x (n - 1) / 2 describes how to calculate the total number of links that are required to achieve a full-mesh topology, where n is the number of nodes. In a small network of 4 nodes, only 6 PVCs are required: 4 x (4 - 1) / 2 = 6.
How to prevent spoke routers from becoming OSPF BDR over frame relay
configure the interface facing the hub with a priority of 0
How to configure hub router interface to avoid split horizon issues?
use multiple point to point subinterfaces
what number assignments are possible for DLCIs?
DLCI numbers 0 (zero) and 1023 are reserved for management.
DLCI numbers 1 to 15 and 1008 to 1022 are reserved for future use.
DLCI numbers 992 to 1007 are reserved for Layer 2 management of Frame Relay bearer service.
DLCI numbers 16 to 991 are assigned to customer endpoints in a Frame Relay network.
what are the 3 LMI types?
Cisco
ANSI
Q.933A
what are the 3 possible frame-relay VC statuses?
Active: Indicates that the VC connection is active and that routers can exchange data over the Frame Relay network
Inactive: Indicates that the local connection to the Frame Relay switch is working, but the remote router connection to the remote Frame Relay switch is not working
Deleted: Indicates that either no LMI is being received from the Frame Relay switch, or there is no service between the router and the local Frame Relay switch
In what situations to you need to configure static frame-relay mappings
A Frame Relay peer does not support Inverse ARP.
You want to control broadcast traffic across a PVC.
You need to support different Frame Relay encapsulations across PVCs.
how to configure point to point frame relay subinterfaces
To configure point-to-point Frame Relay subinterfaces, first enable Frame Relay encapsulation on the physical interface. Then create a point-to-point subinterface and assign an IP address, bandwidth, and DLCI to the subinterface
command to bind DLCI to frame relay subinterface
frame-relay interface-dlci dlci#
BR1(router)# interface Serial0/0/0
BR1(router-if)# no ip address
BR1(router-if)# encapsulation frame-relay
BR1(router-if)# no shutdown
BR1(router-if)# interface Serial0/0/0.210 point-to-point
BR1(router-subif)# ip address 10.1.1.2 255.255.255.252
BR1(router-subif)# bandwidth 256
BR1(router-subif)# frame-relay interface-dlci 210
BR1(router)# interface Serial0/0/0
BR1(router-if)# no ip address
BR1(router-if)# encapsulation frame-relay
BR1(router-if)# no shutdown
BR1(router-if)# interface Serial0/0/0.210 point-to-point
BR1(router-subif)# ip address 10.1.1.2 255.255.255.252
BR1(router-subif)# bandwidth 256
BR1(router-subif)# frame-relay interface-dlci 210
process to configure multipoint frame relay subinterfaces
When configuring Frame Relay multipoint subinterfaces, first enable Frame Relay encapsulation on the physical interface. Then create a multipoint subinterface and assign an IP address and bandwidth. Create static mappings between IP addresses and DLCIs using the frame-relay map command.
What is IPSEC?
a framework of open standards that can provide security for a VPN. The IPsec framework is algorithm-independent and is not bound to any specific encryption, authentication, security algorithms, or keying technology
What are the 4 critical functions IPSEC provides?
confidentiality
data integrity
authentication
antireplay protection
what protocol does IPSEC use to authenticate peers?
IKE (internet key exchange)
What are the headers a tunnel interface supports?
A passenger protocol or encapsulated protocol such as IPv4 or IPv6. This protocol is the one that is being encapsulated.
A carrier or encapsulation protocol (GRE, in this case).
A transport delivery protocol, such as IP, which is the protocol that carries the encapsulated protocol.
What is GRE?
Generic Routing Encapsulation. Tunneling protocol that was developed by Cisco and that can encapsulate a variety of protocol packet types inside IP tunnels. This process creates a virtual point-to-point link to Cisco routers at remote points over an IP network.
steps necessary to configure a GRE tunnel
Branch(config)#interface Tunnel 0
Branch(config-if)#tunnel mode gre ip
Branch(config-if)#ip address 192.168.2.1 255.255.255.0
Branch(config-if)#tunnel source 209.165.201.1
Branch(config-if)#tunnel destination 209.165.202.130
When adding a GRE tunnel to an OSPF routing process, what additional step is required?
set the bandwidth to ensure proper routing metrics
Command to verify a GRE tunnel state
show interface tunnel tunnel#
