Exploration Accessing WAN Semester 4

Services in a Converged WAN

Accessing the WAN – Chapter 1

ObjectivesDescribe how the Cisco Enterprise Composite Model (ECNM) provides integrated services over an Enterprise network.

Describe the key WAN technology concepts.

Identify the appropriate WAN technologies to use when matching ECNM best practices with typical enterprise requirements for WAN communications.

Describe How ECNM Provides Integrated Services over an Enterprise Network

Explain the purpose and function of WANs

Describe the stages of business growth, the corresponding business requirements for services and how those requirements are reflected in the Enterprise’s changing network topology

Describe the problems with the Hierarchical Design Model that Cisco's Enterprise Composite Model has been designed to address

Explain the purpose of Cisco Enterprise Architectures

Describe the Key WAN Technology Concepts

Describe WAN functions in terms of the OSI Reference Model

Describe the key WAN physical layer concepts for network and Internet communications

Describe the key WAN data link layer protocols used in today’s Enterprise WAN networks

Describe the switching technologies used for WANs in an Enterprise setting

Select the Appropriate WAN Technology to meet ECNM Requirements

List the various options for connecting subscribers to the WAN

Describe how Enterprises use leased line services to provide a WAN connection

Describe the circuit switching options available to provide a WAN connection

Describe the packet switching options available to provide a WAN connection

List factors to consider when selecting a WAN connection

Summary

A WAN is defined asA data communications network that operates beyond the geographic scope of a LAN

WAN primarily operate on layer 1 & 2 of the OSI model

WAN technologies include–Leased line–ISDN–Frame relay–X.25–ATM

SummaryCisco Enterprise Architecture

–This is an expansion of the hierarchical model that further divides the enterprise network into

•Physical areas•Logical areas•Functional areas

Selecting the appropriate WAN technology requires considering some of the following:

–WAN’s purpose–Geographic scope of WAN–Traffic requirements–If WAN uses a public or private infrastructure

Point-to-Point Protocol (PPP)

ObjectivesDescribe the fundamental concepts of point-to-point serial communication including TDM, demarcation point, DTE-DCE functions, HDLC encapsulation, and serial interface troubleshooting.Describe PPP concepts including PPP layered architecture, PPP frame structure, PPP session establishment, multiprotocolencapsulation support, link control protocol (LCP), network control protocol (NCP), and Internet Protocol Control Protocol (IPCP).Configure PPP on a serial interface including enabling PPP encapsulation, verifying the PPP connection and troubleshooting encapsulation problems.Configure PPP authentication including explaining PAP and CHAP authentication protocols, configuring PPP authentication using PAP and CHAP, and troubleshooting PPP authentication problems.

Describe the Fundamental Concepts of Point-to-Point Serial Communication

Describe the concept of serial communication as the basis of WAN technologies

Explain how two or more data streams are transported across a single physical connection using TDM

Define the location of the demarcation point relative to customer and service provider networks

Explain the terms DTE and DCE with relative to the location of devices in a network

Describe how high-level data link control (HDLC) uses one of three frame types to encapsulate data

Explain when and how to configure HDLC encapsulation on a router

Describe the procedure to follow when troubleshooting a serial connection

Describe Point-to-Point Concepts Describe PPP in terms of its use in WAN links

Describe Point-to-Point Concepts Describe the general function of each layer of PPP architecture

Describe Point-to-Point Concepts Describe the purpose and format of each of the fields in a PPP frame

Describe Point-to-Point Concepts Define the three phases of PPP session establishment

Describe Point-to-Point Concepts Explain the role of the LCP in PPP

Describe Point-to-Point Concepts Describe the characteristics of NCP

Configure PPP on a Serial Interface Describe how configuration options are communicated in the LCP frame

Configure PPP on a Serial Interface Explain the purpose of the commands used to configure and verify PPP connections

Configure PPP on a Serial Interface Explain the output of the show interfaces serial command

Configure PPP on a Serial Interface Explain the output of the debug ppp command

Configuring PPP with AuthenticationDifferentiate between PAP and CHAP

Configuring PPP with AuthenticationDescribe how to use PAP to authenticate a PPP connection

Configuring PPP with AuthenticationDescribe how to use CHAP to authenticate a PPP connection

Configuring PPP with AuthenticationOutline the PPP encapsulation and authentication process on a flow chart

Configuring PPP with AuthenticationExplain how to configure a PPP connection with authentication

Configuring PPP with AuthenticationExplain the output of the debug ppp authentication command

Summary

PPP is a widely used WAN protocol

PPP provides multi-protocol LAN to WAN connections

PPP session establishment – 4 phasesLink establishmentLink quality determinationNetwork layer protocol configuration negotiationLink termination

WAN Encapsulation–HDLC default encapsulation–PPP

SummaryPPP authentication

–PAP•2 way handshake

–CHAP•3 way handshake

–Use debug ppp authentication to confirm authentication configuration

PPP configuration–Done on a serial interface

After PPP configuration, use show interfaces command to display:

–LCP state–NCP state

Frame Relay

ObjectivesDescribe the fundamental concepts of Frame Relay technology in terms of Enterprise WAN services including Frame Relay operation, Frame Relay implementation requirements, Frame Relay maps, and LMI operation.Configure a basic Frame Relay PVC including configuring and troubleshooting Frame Relay on a router serial interface and configuring a static Frame Relay map.Describe advanced concepts of Frame Relay technology in terms of Enterprise WAN services including Frame Relay sub-interfaces, Frame Relay bandwidth and flow control.Configure an advanced Frame Relay PVC including solving reachability issues, configuring Frame Relay sub-interfaces, verifying and troubleshooting Frame Relay configuration.

Describe the Fundamental Concepts of Frame Relay Technology

Describe how Frame Relay is used to provide WAN services to the Enterprise

Describe how Frame Relay uses virtual circuits to carry packets from one DTE to another

Explain how Frame Relay encapsulation works

Describe the types of topologies that are used for implementing Frame Relay in different environments

Describe how a router attached to a Frame Relay network uses LMI status messages and inverse ARP queries to map VCs to layer 3 network IP Addresses

Configure a Basic Frame Relay PVCConfigure a basic Frame Relay PVC on a router serial interface

Configure a Basic Frame Relay PVCConfigure a static Frame Relay map

Describe Advanced Concepts of Frame Relay Technology

Explain the reachability issues associated with the Frame Relay NBMA topology

Describe how to implement bandwidth control in the Frame Relay technology

Describe how to implement flow control in Frame Relay technology

Configure an Advanced Frame Relay PVC Explain the steps to configure point-to-point subinterfaces on a physical interface

Configure an Advanced Frame Relay PVC Describe the commands used for verifying Frame Relay operation

Configure an Advanced Frame Relay PVC Describe the steps for troubleshooting a Frame Relay configuration

SummaryFrame relay is the most widely used WAN technology because it:

–Provides greater bandwidth than leased line–Reduces cost because it uses less equipment–Easy to implement

Frame relay is associated with layer 2 of the OSI model and encapsulates data packets in a frame relay frame

Frame relay is configured on virtual circuits–These virtual circuits may be identified by a DLCI

Frame relay uses inverse ARP to map DLCI to IP addresses

Summary

Configuring frame relay requires–Enable frame relay encapsulation–Configuring either static or dynamic mapping–Considering split horizon problems that develop when multiple VCs are placed on a single physical interface

Factor affecting frame relay configuration–How service provider has their charging scheme set up

Frame relay flow control–DE–FECN–BECN

Summary

The following commands can be used to help verify frame relay configuration

–Show interfaces–Show frame-relay lmi–Show frame-relay pvc ###–Show frame-relay map

Use the following command to help troubleshoot a frame relay configuration

–Debug frame-relay lmi

Enterprise Network Security

ObjectivesDescribe the general methods used to mitigate security threats to Enterprise networksConfigure Basic Router SecurityExplain how to disable unused Cisco router network services and interfacesExplain how to use Cisco SDMManage Cisco IOS devices

Describe the General Methods used to Mitigate Security Threats to Enterprise Networks

Explain how sophisticated attack tools and open networks have created an increased need for network security and dynamic security policies

Describe the most common security threats and how they impact enterprises

Describe the most common types of network attacks and how they impact enterprises

Describe the common mitigation techniques that enterprises use to protect themselves against threats

Explain the concept of the Network Security Wheel

Explain the goals of a comprehensive security policy in an organization

Configure Basic Router Security Explain why the security of routers and their configuration settings is vital to network operation

Configure Basic Router Security Describe the recommended approach to applying Cisco IOS security features on network routers

Configure Basic Router Security Describe the basic security measures needed to secure Cisco routers

Explain How to Disable Unused Cisco Router Network Services and Interfaces

Describe the router services and interfaces that are vulnerable to network attack

Explain the vulnerabilities posed by commonly configured management services

Explain how to secure a router with the command-line interface (CLI) auto secure command

Explain How to Use Cisco SDMProvide an overview of Cisco SDM

Explain How to Use Cisco SDMExplain the steps to configure a router to use Cisco SDM

Explain How to Use Cisco SDMExplain the steps you follow to start SDM

Explain How to Use Cisco SDMDescribe the Cisco SDM Interface

Explain How to Use Cisco SDMDescribe the commonly used Cisco SDM wizards

Explain How to Use Cisco SDMExplain how to use Cisco SDM for locking down your router

Manage Cisco IOS DevicesDescribe the file systems used by a Cisco router

Manage Cisco IOS DevicesDescribe how to backup and upgrade a Cisco IOS image

Manage Cisco IOS DevicesExplain how to back up and upgrade Cisco IOS software images using a network server

Manage Cisco IOS DevicesExplain how to recover a Cisco IOS software image

Manage Cisco IOS DevicesCompare the use of the show and debug commands when troubleshooting Cisco router configurations

Manage Cisco IOS DevicesExplain how to recover the enable password and the enable secret passwords

SummarySecurity Threats to an Enterprise network include:

–Unstructured threats–Structured threats–External threats–Internal threats

Methods to lessen security threats consist of:–Device hardening–Use of antivirus software–Firewalls–Download security updates

Summary

Basic router security involves the following:–Physical security–Update and backup IOS –Backup configuration files–Password configuration–Logging router activity

Disable unused router interfaces & services to minimize their exploitation by intruders

Cisco SDM–A web based management tool for configuring security measures on Cisco routers

Summary

Cisco IOS Integrated File System (IFS)–Allows for the creation, navigation & manipulation of directories on a cisco device

Access Control Lists

ObjectivesExplain how ACLs are used to secure a medium-size Enterprise branch office network.

Configure standard ACLs in a medium-size Enterprise branch office network.

Configure extended ACLs in a medium-size Enterprise branch office network.

Describe complex ACLs in a medium-size Enterprise branch office network.

Implement, verify and troubleshoot ACLs in an enterprise network environment.

Explain How ACLs are Used to Secure a Medium-Size Enterprise Branch Office Network

Describe the steps that occur in a complete TCP conversation

Explain how a packet filter allows or blocks traffic

Describe how ACLs control access to networks

Use a flow chart to show how ACLs operate

Describe the types and formats of ACLs

Explain how Cisco ACLs can be identified using standardized numbering or names

Describe where ACLs should be placed in a network

Explain the considerations for creating ACLs

Configure Standard ACLs in a Medium- Size Enterprise Branch Office Network

Explain why the order in which criteria statements are entered into an ACL is important

Explain how to configure a standard ACL

Describe how to use wildcard masks with ACLs

Describe how to apply a standard ACL to an interface

Explain the process for editing numbered ACLs

Explain how to create a named ACL

Describe how to monitor and verify ACLs

Explain the process for editing named ACLs

Configure Extended ACLs in a Medium- Size Enterprise Branch Office Network

Explain how an extended ACL provides more filtering then a standard ACL

Describe how to configure extended ACLs

Describe how to apply an extended ACL to an interface

Describe how to create named extended ACLs

Describe Complex ACLs in a Medium-Size Enterprise Branch Office Network

List the three types of complex ACLs

Explain how and when to use dynamic ACLs

Explain how and when to use reflexive ACLs

Explain how and when to use time-based ACLs

Describe how to troubleshoot common ACL problems

Implement, Verify and Troubleshoot ACLs in an Enterprise Network Environment

Create, place and verify a standard/ extended ACL and verify its placement.

Verify ACL’s functionality and troubleshoot as needed.

SummaryAn Access List (ACL) is:

A series of permit and deny statements that are used to filter traffic

Standard ACL–Identified by numbers 1 - 99 and 1300 - 1999–Filter traffic based on source IP address

Extended ACL–Identified by number 100 -199 & 2000 - 2699–Filter traffic based on

•Source IP address•Destination IP address•Protocol•Port number

Summary

Named ACL–Used with IOS 11.2 and above–Can be used for either standard or extended ACL

ACL’s use Wildcard Masks (WCM)–Described as the inverse of a subnet mask

•Reason–0 check the bit–1 ignore the bit

Summary

Implementing ACLs–1st create the ACL–2nd place the ACL on an interface

•Standard ACL are placed nearest the destination•Extended ACL are placed nearest the source

Use the following commands for verifying & troubleshooting an ACL

–Show access-list–Show interfaces–Show run

Summary

Complex ACL–Dynamic ACL–Reflexive ACL–Time based ACL

Providing Teleworker Services

ObjectivesDescribe the enterprise requirements for providing teleworker services

Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless

Describe how VPN technology provides secure teleworker services in an Enterprise setting

Describe the Enterprise Requirements for Providing Teleworker Services

Describe the benefits of teleworkers for business, society and the environment.

List remote connection technologies and describe scenarios in which each would be implemented.

Describe the key differences between private and public network infrastructures

Explain How Broadband Services extend Enterprise Networks

Briefly describe how broadband services allow teleworkers to use the Internet to connect to the Enterprise WAN

Describe how Enterprises use cable connectivity to extend their reach

Describe how Enterprises use DSL connectivity to extend their reach

Describe how Enterprises use broadband wireless connectivity to extend their reach

Describe how Enterprises defend themselves from threats to wireless network security

Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting

Explain the importance and benefits of VPN technology

Compare site-to-site VPNs to remote-access VPNs

Describe the hardware and software components that typically make up a VPN

Describe the characteristics of secure VPNs

Describe the concept of VPN tunneling

Describe the concept of VPN encryption

Describe the concept of IPsec Protocols

Summary

Requirements for providing teleworker services are:–Maintains continuity of operations–Provides for increased services–Secure & reliable access to information–Cost effective–Scalable

Components needed for a teleworker to connect to an organization’s network are:

–Home components–Corporate components

Summary

Broadband services used –Cable

• transmits signal in either direction simultaneously–DSL

• requires minimal changes to existing telephone infrastructure• delivers high bandwidth data rates to customers

–Wireless• increases mobility• wireless availability via:

» municipal WiFi» WiMax» satellite internet

Summary

Securing teleworker services–VPN security achieved through using

•Advanced encryption techniques•Tunneling

–Characteristics of a secure VPN•Data confidentiality•Data integrity•authentication

Implementing IP Addressing Services

ObjectivesConfigure DHCP in an enterprise branch network

Configure NAT on a Cisco router

Configure new generation RIP (RIPng) to use IPv6

Configure DHCP in an Enterprise Branch Network

Describe the function of DHCP in a network

Describe how DHCP dynamically assigns an IP address to a client

Describe the differences between BOOTP and DHCP

Describe how to configure a DHCP server

Describe how to configure a Cisco router as a DHCP client

Explain how DHCP Relay can be used to configure a router to relay DHCP messages when the server and the client are not on the same segment

Describe how to configure a Cisco router as a DHCP client using SDM

Describe how to troubleshoot a DHCP configuration

Configure NAT on a Cisco Router Describe the operation and benefits of using private and public IP addressing

Configure NAT on a Cisco Router Explain the key features of NAT and NAT overload

Configure NAT on a Cisco Router Explain the advantages and disadvantages of NAT

Configure NAT on a Cisco Router Describe how to configure static NAT to conserve IP address space in a network

Configure NAT on a Cisco Router Describe how to configure dynamic NAT to conserve IP address space in a network

Configure NAT on a Cisco Router Describe how to configure NAT Overload to conserve IP address space in a network

Configure NAT on a Cisco Router Describe how to configure port forwarding

Configure NAT on a Cisco Router Describe how to verify and troubleshoot NAT and NAT overload configurations

Configure New Generation RIP (RIPng) to use IPv6

Explain the need for IPv6 to provide a long-term solution to the depletion problem of IP address

Describe the format of the IPv6 addresses and the appropriate methods for abbreviating them

Explain the various methods of assigning IPv6 addresses to a device

Describe the transition strategies for implementing IPv6

Describe how Cisco IOS dual stack enables IPv6 to run concurrently with IPv4 in a network

Describe the concept of IPv6 tunneling

Describe how IPv6 affects common routing protocols, and how these protocols are modified to support IPv6

Explain how to configure a router to use IPv6

Explain how to configure and verify RIPng for IPv6

Explain how to verify and troubleshoot IPv6

Summary

Dynamic Host Control Protocol (DHCP)This is a means of assigning IP address and other configuration information automatically.

DHCP operation–3 different allocation methods

•Manual•Automatic•Dynamic

–Steps to configure DHCP•Define range of addresses•Create DHCP pool•Configure DHCP pool specifics

Summary

DHCP RelayConcept of using a router configured to listen for DHCP messages from DHCP clients and then forwards those messages to servers on different subnets

Troubleshooting DHCP–Most problems arise due to configuration errors–Commands to aid troubleshooting

•Show ip dhcp•Show run•debug

SummaryPrivate IP addresses

–Class A = 10.x.x.x–Class B = 172.16.x.x – 172.31.x.x–Class C = 192.168.x.x

Network Address Translation (NAT)–A means of translating private IP addresses to public IP addresses–Type s of NAT

•Static•Dynamic

–Some commands used for troubleshooting•Show ip nat translations•Show ip nat statistics•Debug ip nat

Summary

IPv6–A 128 bit address that uses colons to separate entries–Normally written as 8 groups of 4 hexadecimal digits

Cisco IOS Dual Stack–A way of permitting a node to have connectivity to an IPv4 & IP v6 network simultaneously

IPv6 Tunneling–An IPV6 packet is encapsulated within another protocol

Summary

Configuring RIPng with IPv61st globally enable IPv62nd enable IPv6 on interfaces on which IPv6 is to be enabled3rd enable RIPng using either

ipv6 rotuer rip nameipv6 router name enable

Network Troubleshooting

ObjectivesEstablish a network baseline

Describe troubleshooting methodologies and troubleshooting tools

Describe the common issues that occur during WAN implementation

Troubleshoot enterprise network implementation issues

Establish a Network Baseline Explain the importance of network documentation

Establish a Network Baseline Describe the stages of the network documentation process

Establish a Network Baseline Explain the purpose for measuring normal network performance when creating a baseline

Establish a Network Baseline Describe the steps for establishing a network baseline

Describe Troubleshooting Methodologies and Troubleshooting Tools

Explain why a systematic method is the generally the best approach to troubleshooting

Describe how layered models, such as the OSI reference model or TCP/IP model, are used for troubleshooting

Describe the three stages of the general troubleshooting process

Describe the three main methods for troubleshooting network problems

Describe the stages for gathering symptoms for troubleshooting a network problem

Describe the types of software and hardware tools that are commonly used when troubleshooting networks

Describe the Common Issues that Occur During WAN Implementation

Describe the fundamentals in WAN design and communication

Describe the steps for designing or modifying a WAN

Describe the considerations for analyzing WAN traffic

Describe the considerations for designing a WAN topology

Describe common WAN implementation issues

Describe the recommended steps for troubleshooting a WAN

Troubleshoot Enterprise Network Implementation Issues

Explain how network diagrams are used for troubleshooting

Describe how to troubleshoot network problems occurring at the physical layer

Describe how to troubleshoot network problems occurring at the data link layer

Describe how to troubleshoot network problems occurring at the network layer

Describe how to troubleshoot network problems occurring at the transport layer

Describe how to troubleshoot network problems occurring in the application layers

SummaryNetwork BaselineHow a network is expected to perform under normal conditions

Network documentation should include:– Network configuration table– End-system configuration table– Network topology diagram

Planning for the 1st baseline– Determine what type of data to collect– Identify devices and ports of interest– Determine baseline duration

Summary

3 stages of the troubleshooting process–Gather symptoms–Isolate problem–Correct problem

3 main methods for troubleshooting a network–Bottom up–Top down–Divide & conquer

Summary

Software troubleshooting tools–Cisco view–Solar winds–HP Open view

Hardware troubleshooting tools–Network analysis mode–Digital multi-meters–Cable testers–Network analyzer

Summary

Common WAN implementation issues include–QoS–Reliability–Security–Latency–Confidentiality–Public or Private

Using a layered approach to troubleshooting aids in

isolating and solving the problem

Exploration Accessing WAN Semester 4

Documents

Transcript of Exploration Accessing WAN Semester 4

Exploration accessing wan_chapter7

Exploration Accessing WAN Chapter8

CCNA Exploration Accessing the WAN - Cap2

Exploration Accessing WAN Chapter1 Enhan

CCNA Exploration Accessing the WAN - pearsoncmg.comptgmedia.pearsoncmg.com/images/9781587132551/samplepages/... · ciscopress.com Course Booklet Version 4.0 CCNA Exploration Accessing

Exploration Accessing WAN Chapter 1

Accessing WAN Chapter1

Accessing the WAN...Rick Graziani Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA 00_2052_fm.qxd 3/31/08 3:39 PM Page i ii Accessing the WAN, CCNA Exploration Companion

Lab: Basic Security Configuration - ut · Accessing the WAN: Enterprise Network Security Lab: Basic Security Configuration . CCNA Exploration Accessing the WAN: Enterprise Network

Accessing the WAN - Chapter - 5

CCNA Exploration 4.0 Accessing the WAN-Ch. 1(Introduction to WANs)

Exploration Accessing WAN Chapter5

Lecture Week 3 Frame Relay Accessing the WAN. 3.1 Basic Frame Relay Concepts Accessing the WAN.

Exploration Accessing WAN Chapter2 Enhan

EWAN Practice Final Exam - CCNA Exploration Accessing the WAN (Versión 4.0) _ ccna4 Examen práctico final 100% practice final exam

CCNA Exploration Accessing the WAN - Chapter 2 Overview Es

Exploration Accessing WAN Chapter4

Exploration Accessing WAN Chapter5 - Cópia

Accessing the WAN - Pearsoncmg

verdocumentos.comunisoft.comverdocumentos.comunisoft.com/.../Curso_CCNA_EXPLORATION:_AC… · CCNA Exploration: Accessing the WAN Cisco Networking Academy@ Mind Wide operf During