640-505 BCRAN (Building Cisco Remote Access Networks)
This study guide is developed to provide you with an overview of the Cisco 505 BCRAN subject. You are suggested to use this study guide to give yourself a “bird eye view” of the exam. For further study and more in-depth coverage of the topics, the following books are recommended:
Cisco CCNP Preparation Library, Second Edition (Cisco Career Certifications) -- Diane Teare, et al; Hardcover
CCNP Remote Access Study Guide Exam 640-505 (With CD-ROM) -- Todd Lammle, et al; Hardcover
CCNP Remote Access Exam Cram (Exam 640-505) -- Craig Dennis, Eric Quinn; Paperback
CCNP Building CISCO Remote Access Networks Study Guide (Exam 640-505) -- Syngress Media; Hardcover
Exam Objectives
According to Cisco, the Cisco Remote Access exam includes topics on wide area network concepts, configuration of an asynchronous interface on a Cisco router, implementing Point-to-Point Protocol and various authentication schemes, Dial-on-Demand Routing, and leased lines.
Readings
Similar to most of the Cisco exam, you must be familiar with concepts of TCP/IP and the OSI model.
For a good tutorial on TCP/IP, you may visit http://www.3com.com/nsc/501302.html
In addition, you may learn more about the OSI model at http://www.rad.com/networks/1994/osi/intro.htm
This exam has a lot of WAN stuff. You should have solid knowledge on ISDN, X.25 and Frame Relay:
For information on ISDN: http://www.ralphb.net/ISDN/
For tutorial on Frame Relay: http://www.uswest.com/products/data/frame/tutorial/
For tutorial on X.25: http://www.rad.com/networks/1996/x25/x25.htm
Tutorials on PPP: http://cio.cisco.com/warp/public/779/smbiz/service/knowledge/wan/ppp_auth.htm
Commands for setting up X.25 and LAPB: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_c/wcdx25.htm
Configuring Frame Relay: http://www.cisco.com/warp/public/125/13.html
Configuring ISDN DDR http://www.cisco.com/warp/public/793/access_dial/ddr_dialer_profile.html
Configuring ISDN line http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/1600/1600icg/isdn.htm
Apart from WAN connectivity, you must also be familiar with the various remote access authentication and security technologies:
Tutorials on PAP and CHAP: http://www.cisco.com/warp/public/474/9.html
Advanced traffic shaping http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/class/qpm1_1/using_qo/c1plan.htm#xtocid321011
Outbound traffic queuing http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ciscoasu/class/qpm1_1/using_qo/c1plan.htm#xtocid321016
Tutorial on RADIUS: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt2/scradius.htm
Tutorial on TACACS: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt2/sctcacs.htm
Introduction to VPN: http://www.cisco.com/warp/public/779/largeent/learn/technologies/VPNs.html
NAT Configuration http://www.cisco.com/warp/public/701/60.html
===========================================================
Do NOT use this study guide as your sole study resource. Successful completion of the 505 exam requires both practical experience as well as lots and lots of reading.
On the actual exam you will encounter questions on IOS commands as well as many terms. For the commands, Cisco’s original documentation has very detailed coverage.
Here you go….
===========================================================
WAN Connections
3 types of connection:
- Dedicated connection via Synchronous serial
- Continuously available links
- Protocols include PPP, HDLC, SLIP
- Circuit-switched connection via Asynchronous serial or ISDN
- Requires call setup
- Requires call teardown
- Connections are made based on needs
- Protocols include PPP, SLIP
- Packet-switched connection via Synchronous serial
- Establish VCs
- Share bandwidth
- Lower cost than leased line
- Protocols include X.25, Frame Relay, ATM
Considerations when choosing a WAN connection type
- Amount of data transfer
- Availability
- Bandwidth
- Cost
- Management
- QoS
- Security
Comparison between the alternatives
|
Dedicated Lease Line |
Circuit-Switching |
Packet-switching |
|
|
|
Site Considerations
- Central Site
- Must provide access to multiple users from different sites
- Must control the costs
- Branch Site
- Must be able to connect to the central site
- Telecommuter Site
- Must be able to access company information on demand
- Request may be made from various remote locations
You use the Cisco Product Selection Tools to choose the appropriate products for the connection types.
Cisco 700 series router is for:
- Telecommuter
- Small office
- Home office
Functions include:
- Networking
- Routing
- WAN Connectivity
- ISDN
- Telephony
Router Access Modes
- Character mode‘s 4 line types:
- AUX stands for Auxiliary port
- Uses RJ45
- CON stands for Console port
- Uses RJ45
- TTY refers to the Asynchronous port
- VTY refers to the Virtual terminal
- Packet mode’s types:
- Async or Group-async
- BRI or PRI
- Serial
- Dialer profiles
- Dialer rotaries
Modem
- Classified as Data communications equipment DCE
- Converts digital signals to analog signals
- Signaling functions:
- TxD - Transmit data
- RxD - Receive data
- GRD - Grounding
- Hardware flow control:
- RTS - Request To Send
- CTS - Clear To Send
- Modem control:
- DTR - Data Terminal Ready
- CD - Carrier Detect
- DSR - Data Set Ready
- Modem Modulation ITU Standards:
- V.22 : 1200 bps
- V.22bis : 2400 bps
- V.32 : 9600 bps
- V.32bis : 14.4 kbps
- V.34 : 28.8 kbps
- V.34 annex 1201H : 33.6 kbps
- V.90 : 56 kbps
- Error detection & correction with Microcom Networking Protocol MNP
- MNP 2–4 in public domain
- MNP 10 for cellular
- Error detection & correction with CCITT V.42
- LAP-M
- MNP 4
- Data compression
- MNP - 5: 2:1 compression ratio
- V.42bis - 4:1 compression ratio
- Modem autoconfiguration
- Can configure the modems without the need to use modem configuration commands
- Can auto-discover the modems
- Can reconfigure the modems each time the AT commands are sent to match the current line settings
PPP
- Multiple protocol encapsulations are done with NCP
- Link setup and control are done with LCP
- Multiple protocols supported
- PPP PAP is a type of authentication that uses clear text
- Keep in mind that clear text transfer is always insecure
- PPP CHAP is a type of authentication much more secure than PAP, as traffic is encrypted
- To enable CHAP, you need to enable PPP encapsulation for the router interface, then enable chap with ppp and finally set the usernames and passwords
- Provide callback when the callback timer is stopped
- Also provide callback service when the PPP NCP negotiation is successful
Multilink PPP
- Load balanced PPP
- Controlled by adding a sequencing header in the PPP frame
- Can work with:
- Asynchronous serial interface
- Synchronous serial interface
- BRI and PRI interfaces
- Can work on a dialer rotary group
LAPB
- A serial encapsulation method for private serial line
- Work at the data link layer
- Enable orderly reliable data exchange between DTE and DCE
- Need to use one of the X.25 packet-level encapsulations when this is attaching to an X.25 network
- 2 types of hosts:
- Data terminal equipment DTE
- Data circuit-terminating equipment DCE
- Router using LAPB can act as a DTE or DCE at the protocol level
- Provide greater throughput than High-Level Data Link Control encapsulation in congested environment
- Router resends the missing frame but not waiting for the higher layers to recover
- Uses priority and custom queueing to improve the responsiveness of a link to a given type of traffic
- Priority queueing assigns packets to one of the 4 output queues: high, medium, normal, or low priority
- Custom queueing assigns packets to one of the 10 output queues and controls the % of the available bandwidth for the queue
X.25
- Work at layer 3
- Router can act as a DTE or DCE protocol device
- Default serial encapsulation is HDLC
- Can use DDN, BFE encapsulation or IETF standard encapsulation
- An X.25 encapsulation method must be explicitly configured
- Can maintain multiple connections over one physical link between DTE and DCE
- Can maintain max 4095 VCs
- X.25 VC can be identified by its logical channel identifier LCI or virtual circuit number VCN
- VC numbers are broken into 4 ranges:
- Permanent virtual circuits
- Incoming-only circuits
- For SVC
- Only DCE can initiate call
- Two-way circuits for SVC
- DCE and DTE can initiate call
- Outgoing-only circuits for SVC
- Only DTE can initiate call
- DTE and DCE devices must have identical VC ranges and identical modulos
Modulo
- LAPB modulo128
- Also known as extended mode
- Can be used to achieve higher throughput across the DTE or DCE interface
- X.25 PLP modulo 128
- For achieving higher end-to-end throughput for VCs
- Allows more data packets to be in transit across the X.25 network
ISDN
- Stands for Integrated Services Digital Network
- Refers to a specific set of digital services provided through a standard interface
- Provides end-to-end digital connectivity
- Voice and data are carried by bearer B channels
- Control is handled by D channel
- Out-of-Band signal does not disturb established connections
- Very fast call setup time
- Basic Rate Interface BRI = 2 64 kbps B channels + 1 16 kbps D channel
- Primary Rate Interface PRI = 23 B channels + 1 64 kbps D channel
- In Europe, PRI = 30 B channels + 1 64 kbps D channel
- H channels can aggregate B channels
- ISDN devices include ISDN Terminal Adapters and ISDN Routers
- In the U.S, phone company provides BRI customers with U interface
- U interface is a two-wire single pair interface
- Only a single device can be connected to a U interface
- The device connected to a U interface is called a Network Termination 1 NT-1
- NT-1 converts the 2-wire U interface into the 4-wire S/T interface
- Devices designed for ISDN are designated as Terminal Equipment 1 TE1
- POTS telephone interface is known as the R interface
- Analog phones, FAX and modems are designated as Terminal Equipment 2 TE2
- We use Terminal Adapters TA to connect a TE2 to an ISDN S/T bus
- ISDN is a common choice for DDR
DDR
- Short for Dial on Demand Routing
- Dialer rotary group allows a single logical interface configuration for a number of physical interfaces
- Dialer profiles allow the separation of logical and physical interface configuration
- For DDR to work, we must define the interesting traffic and assign the definition to the ISDN interface
Dialer Profile
- You can create different configurations for the ISDN B channels of a PRI connection
- Allows BRIs to join multiple dialer pools
You can set different DDR parameters for each B channel - You can bridge multiple destinations
- Remote routers or users can have independent customized dialer profiles
- Components include:
- Dialer interfaces
- Dialer pool
- Physical interfaces
- Dialer map-class (optional)
Dial Backup
- When a line is in standby mode, the line will be activated when the primary line fails or when it reaches a certain utilization level
- Dialer interfaces allow us to have the backup without deactivating the physical interface.
- If you are running OSPF, IGRP and EIGRP, you can load share between the primary and backup links
BOD
- Short for Bandwidth on demand
- Provides dynamic bandwidth allocation and sharing
- Triggered by outgoing traffic levels
Frame Relay
- Works at the data link layer
- Handles multiple virtual circuits
- Uses HDLC encapsulation
- More efficient than X.25
- PVCs are permanent
- SVCs are temporary
- Topology supported:
- Star
- Full-mesh
- Partial-mesh
- Subinterface types supported:
- Point-to-point
- Multipoint
- DLCIs
- Used to identify logical virtual circuit between the CPE and the Frame Relay Switch
- Short for data-link connection identifier
- Specifies a PVC or SVC in a Frame Relay network
- In Frame Relay specification DLCIs are locally significant
- In LMI DLCIs are globally significant
- LMI signaling
- Short for Local Management Interface
- Enhancements to the basic Frame Relay specification
- Keepalive mechanism -verify data flow
- Multicast mechanism - provide network server with local DLCI
- Status mechanism - provide outgoing status on known DLCIs
Traffic Shaping
- Limits the rate of data transmission
- Limitation based on:
- Specific configured rate
- Derived rate based on the level of congestion
- Methods:
- Rate enforcement on per-VC basis
- Generalized BECN support on per-VC basis
- Priority/custom/weighted fair queuing
QoS related services
- Smart Queuing Techniques:
- Assigns different amounts of queue space to various packet service queues in round-robin fashion
- No one user can monopolize all the bandwidth
- Weighted Random Early Detection:
- Combines IP precedence and Random Early Detection capabilities
- Provide differentiated performance characteristics for different service classes
- Generic Traffic Shaping:
- Uses queuing on ATM, Frame Relay or other network
- Limit surges that cause congestion
- Committed Access Rate:
- Allocate bandwidth commitments and limitations to traffic sources and destinations
- Link Fragmentation and Interleaving:
- Designed for packetized voice running on slow links
- RTP Header Compression:
- Designed for multimedia traffic
- Fair Queuing Operation
- Messages are sorted into conversations
- Conversations are assigned a channel
- Queues are sorted by the order of the last bit crossing the channel
- Messages are transmitted in “fair order”
- Custom Queuing
- Handles the queues in a round-robin fashion
PBR
- Short for Policy-based routing
- Introduced in Cisco IOS Release 11.0
- Provides a mechanism to mark packets - certain kinds of traffic receive differentiated, preferential service
- Classify traffic using ACLs
- Distributes traffic among multiple paths
- Implement routing based on:
- Application
- End system identity
- Protocol
- Packet sizes
- Specified on the interface that receives the packets
- Never specified on the interface from which the packets are sent
- Source-Based Transit Provider Selection – for routing traffic from different sets of users through different Internet connections across the policy routers
Compression
- Processor utilization proportional to the traffic amount being compressed
- Cisco hardware compression adapters support PPP stacker compression and frame relay FRF.9 stacker compression – speed up compression processing
- With VIP2 slot, compression works can be offloaded to the VIP2's processor
- IOS supports the following compression:
- Link compression for per-interface compression
- Protocol independent
- Uses STAC or Predictor
- Payload compression for per-virtual circuit compression
- Compresses only the data portion
- TCP header compression
- Compresses the TCP/IP header only
- Microsoft Point-to-Point Compression
CiscoSecure
- Provides AAA services
- Authentication = determining users identity
- Authorization = determining what the users can do
- Accounting = billing based on usage
- CiscoSecure ACS server includes:
- AAA server
- Netscape Fastrack server
- RDBMS
- GUI client
- We use Cisco Secure Policy Manager to define security policies for multiple Cisco firewalls and VPN gateways
RADIUS
- Short for remote access dial in user services
- Runs in a distributed client server setup
- For securing your network against possible unauthorized access
- Authentication + Authorization
- Possible RADIUS server responses
- ACCEPT
- REJECT
- CHALLENGE
- CHANGE PASSWORD
TACACS+
- Next generation of TACACS
- Runs with AAA
- Separates authentication, authorization, and accounting
NAT
- Short for Network Address Translation
- Translation is done by the mapping between inside local addresses and global addresses
- Used when:
- You do not have enough true IP addresses for use
- You want to hide your internal IP addressing
- Components:
- Inside local IP addresses
- Inside global IP addresses for representing the inside local IP addresses
- Outside global IP address
- Outside local IP address
- Type of mappings:
- Simple translation for mapping one IP address to another.
- Extended translation entry for mapping address and ports. You can have different inside local addresses mapped to the same inside global address. By doing this you are actually using port numbers as the real identification.
- Inside-to-outside translation occurs after routing
- Outside-to-inside translation occurs before routing
- TCP load distribution - dynamic form of round-robin translation based on destination
- Number of session that can be handled is bounded by available Router RAM, as each NAT translation session will use about 160 bytes of RAM
- PAT:
- Can enables hosts on your private networks to communicate over the public networks
- Can conserves IP addresses
- Porthandler Operation - only packets destined for the server are allowed to go through. This is on a by-type basis
This study guide is developed in Year 2001 by Yu Chak Tin Michael.
His personal web site is located at: http://michaelyu.freeservers.com. You may also email him at: ycthk@i-cable.com
Copyright 2000 http://www.CERTguide.com/