1 / 93

Chapter 11

Chapter 11. Wide Area Networking Protocols. Objectives. Identify PPP operations to encapsulate WAN data on Cisco routers Configure authentication with PPP Understand how Frame Relay works on a large WAN network Configure Frame Relay Local Management Interface, maps, and subinterfaces

kalliyan
Download Presentation

Chapter 11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 11 Wide Area Networking Protocols

  2. Objectives • Identify PPP operations to encapsulate WAN data on Cisco routers • Configure authentication with PPP • Understand how Frame Relay works on a large WAN network • Configure Frame Relay Local Management Interface, maps, and subinterfaces • Monitor Frame Relay operation in the router • Understand the ISDN protocols, function groups, and reference points • Describe how Cisco implements ISDN BRI

  3. Defining WAN Terms • Customer Premises Equipment (CPE) • Routers • Switches • FRAD • NT1 • PC’s • CSU/DSUs • Etc… • Demarcation (demarc) • Point of entry into the Local Loop • Point where service providers responsibility begins • Usually RJ45 connection

  4. Defining WAN Terms • Local Loop • Connection between Demarc and Central Office • Last Mile • POTS • ISDN • ADSL • Central Office (POP) • Service providers facilities where traffic enters switching network • Toll Network • Trunk lines inside the provider’s WAN network • Switching facilities

  5. WAN Connection Types

  6. WAN Connection Types • Dedicated • Usually a leased line • Permanent connection • T1, T3, Fraction T1 etc… • Circuit Switched - telephone, ISDN • Dial up service • No need for source or destination address • Temporary • Acts as if a Leased Line for the duration of the connection • Packet Switched – X.25, Frame Relay, ATM • PVCs permanent logical circuits • Share bandwidth • SVC’s must be setup each time a connection is required

  7. Network Services Hierarchy

  8. Terms • Asynchronous • Without clocking • Events occur in a unpredictable manner • Synchronization established with each character • Stop / Start bits • Synchronous • Timing provided by a clock signal • Modem / carrier

  9. X.25 Packet Switched 3-layer protocol Physical --- Serial DataLink --- HDLC Ensures reliable delivery Network --- PLP Packet Layer Protocol Establish, maintain, and terminate virtual circuits Up to 9.6 kbs Frame Relay 2-Layer Protocol Physical --- Serial DataLink --- Cisco 0r IETF Successor to X.25 Unreliable / faster Error Detection Bandwidth on demand T1 maybe T3 speeds WAN Support

  10. Key X.25 Protocols Map to the Three Lower Layers of the OSI Reference Model

  11. WAN Support • ISDN • Voice, Data, Mulimedia • Existing telephone lines • Basic Rate Interface - BRI • 2 64 kbps B(earer) Channels (128Kbps) • 1 16 kbps D(ata) Channel • Primary Rate Interface – PRI (1.4 Mbps) • 23 64 kbs B(earer) Channels • 1 64 kbs D(ata) Channel

  12. WAN SupportSerial Connection Protocols • HDLC • Bit-oriented Data Link layer ISO standard protocol • Specifies a data encapsulation method • PtP protocol used on leased lines • No authentication can be used • No layer 3 protocol identification • Proprietary • Cisco HDLC • LAPB • Similar to HDLC • More overhead • PPP • More functional than SLIP • Uses NCP to carry different Layer 3 protocols

  13. WAN OSI Mapping

  14. HDLC Frame Format

  15. Point-to-Point Protocol (PPP) • Purpose: • Transport layer-3 packets across a Data Link layer point-to-point link • Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN) media • Uses Link Control Protocol (LCP) • Builds & maintains data-link connections

  16. Point-to-Point Protocol Stack

  17. PPP Main Components • EIA/TIA-232-C • Intl. Std. for serial communications • HDLC • Serial link datagram default encapsulation method • LCP – Link Control Protocol • Used in P-t-P connections: • Establishing • Maintaining • Terminating • NCP • Method of establishing & configuring Network Layer protocols • Allows simultaneous use of multiple Network layer protocols

  18. PPP

  19. LCP Configuration Options • Authentication • PAP • CHAP • Compression • Stacker • Predictor • Error detection • Quality • Magic Number • Aids in detection of loop-back conditions • down-when-loopback • Multilink • Splits the load for PPP over 2+ parallel circuits; a bundle • ppp multilink

  20. LCP Link Configuration • Link-establishment phase • Open and configure PPP • Authentication phase (optional) • CHAP / PAP • Verify identity • Link-quality determination (optional) • Network-layer protocol phase • Negotiates the proper layer-3 protocol • Link Termination

  21. PPP Authentication Methods • Password Authentication Protocol (PAP) • At start up only • Passwords sent in clear text • Remote node returns username & password • username = remote router hostname • Does not prevent access • Challenge Authentication Protocol (CHAP) • Done at start-up & periodically • Challenge & Reply • Remote router sends a one-way hash ~ MD5 • Does not prevent access

  22. PPP Authentication • Password Authentication Protocol (PAP) PAP is not a strong authentication protocol. Passwords are sent across the link in clear text. Also known as 2-way handshake

  23. PPP Authentication • Challenge Handshake Authentication Protocol (CHAP) • CHAP is used to periodically verify the identity of the remote node, using a three-way handshake • CHAP provides protection against playback attacks through the use of a variable challenge value that is unique and unpredictable • CHAP does not allow a caller to attempt authentication without a challenge

  24. Configuring PPP • Step #1: Configure PPP on RouterA & RouterB: Router__#config t Router__(config)#int s0 Router__(config-if)#encapsulation ppp Router__(config-if)#^Z • Step #2: Define the username & password on each router: • RouterA: RouterA(config)#username RouterB password cisco • RouterB: RouterB(config)#username RouterA password cisco NOTE: (1) Username maps to the remote router (2) Passwords must match • Step #3: Choose Authentication type for each router; CHAP/PAP Router__(Config)#int s0 Router__(config-if)#ppp authentication chap Router__(config-if)#ppp authentication pap Router__(config-if)#^Z Step #4: Verify setup Router# sh int s0

  25. PPP Authentication Setup • Set hostname on both routers • Set username • Set password • Must be the same on both routers • Set authentication type • CHAP • PAP • Both

  26. Frame Relay • Background • High-performance WAN encapsulatuon method • OSI Physical & data Link layer • Originally designed for use across ISDN • Supported Protocols • IP, DECnet, AppleTalk, Xerox Network Service (XNS), Novell IPX, Banyan Vines, Transparent Bridging, & ISO

  27. Frame Relay • Purpose • Provide a communications interface between DTE (router) & DCE equipment (teleco switch) • Connection-oriented Data Link layer communication • Via virtual circuits • Provides a complete path from the source to destination before sending the first frame

  28. Frame Relay Terminology

  29. Frame Relay • Some networks will use a separate router and CSU/DSU. • Some routers have built-in cards that allow them to make WAN connections. • The network device that connects to the frame relay Switch is known as a Frame Relay Access Device (FRAD) or Frame Relay Assembler/Disassembler. • The frame relay switch is called the Frame Relay Network Device (FRND)

  30. CSU/DSU on Router

  31. Router With Built-In CSU/DSU

  32. Virtual Circuits • Nearly any serial interface • Multiplexing, which means it combines multiple data streams onto one physical link. • Data stream is separated into logical connections • Virtual circuits. • SVCs • Less common • Controlled by software • Only active while a connection to the WAN is active. • PVCs • Permanently connected to the WAN • Network administrator manually defines the PVC

  33. Frame Relay Encapsulation • Specified on serial interfaces • Encapsulation types: • Cisco (default encapsulation type) • IETF (used between Cisco & non-Cisco devices) RouterA(config)#int s0 RouterA(config-if)#encapsulation frame-relay ? ietf Use RFC1490 encapsulation <cr>

  34. Data Link Connection Identifiers (DLCIs) • Frame Relay PVCs are identified by DLCIs • IP end devices are mapped to DLCIs • Mapped dynamically or mapped by IARP • Global Significance: • Advertised to all remote sites as the same PVC • Local Significance: • DLCIs do not need to be unique • Configuration RouterA(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface RouterA(config-if)#frame-relay interface-dlci 16

  35. DLCI Numbers • 10 bits - 210 = 1024 • 1 – 15 future use • 16 – 1007 used to assign PVCs • 1008 – 1018 future use • 1019 – 1022 Multicast • 0,1023 – administrative DLCI for LMI

  36. Frame Relay Map • Routers that support frame relay will have a frame relay map • A table that defines the specific interface to which a specific DLCI number is mapped. • The frame relay switching table maps its ports to the correct DLCI numbers for the virtual connection • Entries consists of the incoming port on the switch, the incoming DLCI number, the outgoing port on the switch, and the outgoing DLCI number

  37. Frame Relay Map Example

  38. Local Management Interface (LMI) • Background • Frame Relay Extensions • Gang of Four • Strata, nothern Telecom, Cisco and DEC • Purpose • Provide additional capabilities

  39. LMI Messages • Report type • Indicates whether the message is just a keep-alive frame or a full status message. • Keep-alive • LMI sends keep-alive frames every 5 – 30 seconds (10 by default) to ensure that the link is still active. • PVC status • PVC status messages contain DLCI status in addition to the keep-alive information • Also provides • Multicasting • Multicast Addressing • Global Addressing

  40. PVC Status • New • A new DLCI connection has been configured • Active • The virtual circuit is available • Deleted • LMI information is not being received from switch • Receiver not ready • Flow control; indicates the vc is congested. • Minimum bandwidth • Usually indicates the CIR • Some providers use this information to dynamically adjust the connection to adapt to changing traffic conditions. • Global addressing • Gives DLCI global significance, as described earlier. • Multicasting • Configure a group of destination addresses • Provider-Initiated Status Update • Allows the provider to initiate a status inquiry.

  41. LMI Encapsulation Types • Different frame relay switches and routers employ or support different types of LMI encapsulation • Different protocol encapsulation types supported by Cisco • cisco: • Defined by Gang of Four • Allows for 992 virtual circuit addresses • Uses DLCI 1023 as a management circuit • ansi: • ANSI standard T1.617 Annex-D • Allows for 976 virtual-circuit addresses • Uses DLCI 0 as the management circuit. • q933a: ITU-T Q.933 Annex A • Similar to ANSI T1.617 Annex D • Uses DLCI 0 as a management circuit.

  42. LMI Encapsulation Types Continued • Cisco routers (using IOS Release 11.2 or later) • Autosense the LMI encapsulation type used by the frame relay switch. • If more than one LMI type identified, the Cisco router will automatically configure itself to use the last LMI type received. • The administrator can also manually configure the LMI type.

  43. LMI Types • Configuration: RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a

  44. Basic Configuration Graphic

  45. Basic Configuration Commands

  46. Sub-interfaces • Definition • Multiple virtual circuits on a single serial interface • Enables the assignment of different network-layer characteristics to each sub-interface • IP routing on one sub-interface • IPX routing on another • Mitigates difficulties associated with: • Partial meshed Frame Relay networks • Split Horizon protocols

  47. Partial Meshed Networks

  48. Creating Sub-interfaces • Configuration: #1: Set the encapsulation on the serial interface #2: Define the subinterface RouterA(config)#int s0 RouterA(config)#encapsulation frame-relay RouterA(config)#int s0.? <0-4294967295> Serial interface number RouterA(config)#int s0.16 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link • point-to-point • Each PtP sub-iterface requires a unique subnet • Must assign DLCI • Multipoint • Multiple PVC connections to multiple remote (sub)interfaces • DLCI can be resolved via inverse ARP

More Related