Chapter 6 - Teleworker Services

CCNA Exploration 4.0

1
Introduction

Học viện mạng Bach Khoa - Website: www.bkacad.com 2

Business Requirements for
Teleworker Services

Học viện mạng Bach Khoa - Website: www.bkacad.com 3

The Business Requirements for Teleworker Services

• When designing network architectures that support a teleworking

solution, designers must balance organizational requirements for
security, infrastructure management, scalability, and affordability
against the practical needs of teleworkers for ease of use, connection
speeds, and reliability of service.
Học viện mạng Bach Khoa - Website: www.bkacad.com 4
The Teleworker Solution

• The term broadband refers to advanced communications systems capable of

providing high-speed transmission of services, such as data, voice, and video,
over the Internet and other networks.
• Transmission is provided by a wide range of technologies, including digital
subscriber line (DSL) and fiber-optic cable, coaxial cable, wireless technology,
and satellite.

Học viện mạng Bach Khoa - Website: www.bkacad.com 5

The Teleworker Solution

• Soon, voice over IP (VoIP) and videoconferencing components will become expected
parts of the teleworkers toolkit.
• Home Office Components - The required home office components are a laptop or
desktop computer, broadband access (cable or DSL), and a VPN router or VPN client
software installed on the computer. Additional components might include a wireless
access point. When traveling, teleworkers need an Internet connection and a VPN client
to connect to the corporate network over any available dialup, network, or broadband
connection.
• Corporate Components - Corporate components are VPN-capable routers, VPN
concentrators, multifunction security appliances, authentication, and central
management devices for resilient aggregation and termination of the VPN connections.
Học viện mạng Bach Khoa - Website: www.bkacad.com 6
Broadband Services

Học viện mạng Bach Khoa - Website: www.bkacad.com 7

 Connecting Teleworkers to the WAN

• The choice of access

network technology and
the need to ensure
suitable bandwidth are
the first considerations
to address when
connecting teleworkers.

Học viện mạng Bach Khoa - Website: www.bkacad.com 8

Connecting Teleworkers to the WAN

Học viện mạng Bach Khoa - Website: www.bkacad.com 9

Cable

Học viện mạng Bach Khoa - Website: www.bkacad.com 10

Cable

Học viện mạng Bach Khoa - Website: www.bkacad.com 11

Cable

Học viện mạng Bach Khoa - Website: www.bkacad.com 12

Cable

• The Data-over-Cable Service Interface Specification (DOCSIS) is an international

standard developed by CableLabs, a non-profit research and development consortium
for cable-related technologies.
• DOCSIS specifies the OSI Layer 1 and Layer 2 requirements:
– Physical layer - For data signals that the cable operator can use, DOCSIS specifies
the channel widths (bandwidths of each channel) as 200 kHz, 400 kHz, 800 kHz, 1.6
MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques (the
way to use the RF signal to convey digital data).
– MAC layer - Defines a deterministic access method, time-division multiple access
(TDMA) or synchronous code division multiple access method (S-CDMA).

Học viện mạng Bach Khoa - Website: www.bkacad.com 13

Cable

Học viện mạng Bach Khoa - Website: www.bkacad.com 14

Học viện mạng Bach Khoa - Website: www.bkacad.com 15
DSL

• DSL is a means of providing high-speed connections over installed copper wires.

• Several years ago, Bell Labs identified that a typical voice conversation over a local loop
only required bandwidth of 300 Hz to 3 kHz.
• Advances in technology allowed DSL to use the additional bandwidth from 3 kHz up to 1
MHz to deliver high-speed data services over ordinary copper lines.
• The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL).
• The transfer rates are dependent on the actual length of the local loop, and the type and
condition of its cabling. For satisfactory service, the loop must be less than 5.5
kilometers (3.5 miles).

Học viện mạng Bach Khoa - Website: www.bkacad.com 16

 DSL

• The two key components are the DSL transceiver

and the DSLAM:
– Transceiver - Connects the computer of the
teleworker to the DSL. Usually the transceiver is
a DSL modem connected to the computer using
a USB or Ethernet cable. Newer DSL
transceivers can be built into small routers with
multiple 10/100 switch ports suitable for home
office use.
– DSLAM - Located at the CO of the carrier, the
DSLAM combines individual DSL connections
from users into one high-capacity link to an ISP,
and thereby, to the Internet.

Học viện mạng Bach Khoa - Website: www.bkacad.com 17

DSL

• The major benefit of ADSL is the ability to provide data services along with
POTS voice services.
• ADSL signals distort voice transmission and are split or filtered at the customer
premises. There are two ways to separate ADSL from voice at the customer
premises: using a microfilter or using a splitter.

Học viện mạng Bach Khoa - Website: www.bkacad.com 18

DSL

• A microfilter is a passive low-pass filter with two ends. One end connects to
the telephone, and the other end connects to the telephone wall jack. This
solution eliminates the need for a technician to visit the premises and allows
the user to use any jack in the house for voice or ADSL service.

Học viện mạng Bach Khoa - Website: www.bkacad.com 19

 DSL

• POTS splitters separate the DSL traffic from the POTS traffic. The POTS
splitter is a passive device. In the event of a power failure, the voice traffic still
travels to the voice switch in the CO of the carrier.
• Splitters are located at the CO and, in some deployments, at the customer
premises. At the CO, the POTS splitter separates the voice traffic, destined for
POTS connections, and the data traffic destined for the DSLAM.

Học viện mạng Bach Khoa - Website: www.bkacad.com 20

Broadband Wireless

• Broadband access by ADSL or cable provides teleworkers with faster connections than
dialup, but until recently, SOHO PCs had to connect to a modem or a router over a Cat 5
(Ethernet) cable.
• Wireless networking, or Wi-Fi (wireless fidelity), has improved that situation, not only in
the SOHO, but on enterprise campuses as well.
• The benefits of Wi-Fi extend beyond not having to use or install wired network
connections. Wireless networking provides mobility. Wireless connections provide
increased flexibility and productivity to the teleworker.

Học viện mạng Bach Khoa - Website: www.bkacad.com 21

Broadband Wireless

• The significant limitation of wireless access has been the need to be within the
local transmission range (typically less than 100 feet) of a wireless router or
wireless access point that has a wired connection to the Internet.
• The concept of hotspots has increased access to wireless connections across
the world. A hotspot is the area covered by one or more interconnected access
points.
Học viện mạng Bach Khoa - Website: www.bkacad.com 22
Broadband Wireless

• The figure shows a typical

home deployment using a
single wireless router.
• This deployment uses the
hub-and-spoke model.

Học viện mạng Bach Khoa - Website: www.bkacad.com 23

Broadband Wireless

• A mesh is a series of access points (radio transmitters) as shown in the figure.

Each access point is in range and can communicate with at least two other
access points.
• A meshed network has several advantages over single router hotspots.
– Installation is easier and can be less expensive because there are fewer
wires.
– Deployment over a large urban area is faster. From an operational point of
view, it is more reliable.
– If a node fails, others in the mesh compensate for it.
Học viện mạng Bach Khoa - Website: www.bkacad.com 24
Broadband Wireless

• WiMAX (Worldwide Interoperability for Microwave Access) is

telecommunications technology aimed at providing wireless data over
long distances in a variety of ways, from point-to-point links to full
mobile cellular type access.
• A WiMAX network consists of two main components:
– A tower that is similar in concept to a cellular telephone tower. A
single WiMAX tower can provide coverage to an area as large as
3,000 square miles, or almost 7,500 square kilometers.
– A WiMAX receiver that is similar in size and shape to a PCMCIA
card, or built into a laptop or other wireless device.
Học viện mạng Bach Khoa - Website: www.bkacad.com 25
Broadband Wireless

• Satellite Internet services

are used in locations where
land-based Internet access
is not available, or for
temporary installations that
are continually on the move.

• There are three ways to connect to the Internet using satellites: one-way multicast, one-
way terrestrial return, and two-way.
1. One-way multicast satellite Internet systems are used for IP multicast-based data,
audio, and video distribution. Even though most IP protocols require two-way
communication, for Internet content, including web pages, one-way satellite-based
Internet services can be "pushed" pages to local storage at end-user sites by
satellite Internet. Full interactivity is not possible.
2. One-way terrestrial return satellite Internet systems use traditional dialup access
to send outbound data through a modem and receive downloads from the satellite.
3. Two-way satellite Internet sends data from remote sites via satellite to a hub,
which then sends the data to the Internet. The satellite dish at each location needs
precise positioning to avoid interference with other satellites.
Học viện mạng Bach Khoa - Website: www.bkacad.com 26
Broadband Wireless

• The most common standards are included in the IEEE 802.11 wireless local
area network (WLAN) standard, which addresses the 5 GHz and 2.4 GHz
public (unlicensed) spectrum bands.
• The 802.11n standard is a proposed amendment that builds on the previous
802.11 standards by adding multiple-input multiple-output (MIMO).
• The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and has
a range of up to 30 miles (50 km). It can operate in licensed or unlicensed
bands of the spectrum from 2 to 6 GHz.
Học viện mạng Bach Khoa - Website: www.bkacad.com 27
Broadband Wireless solution

Học viện mạng Bach Khoa - Website: www.bkacad.com 28

VPN Technology

Học viện mạng Bach Khoa - Website: www.bkacad.com 29

VPNs and Their Benefits

• VPN technology enables organizations to create private networks over

the public Internet infrastructure that maintain confidentiality and
security.

Học viện mạng Bach Khoa - Website: www.bkacad.com 30

VPNs and Their Benefits

• Consider these benefits when

using VPNs:
• Cost savings - Organizations can
use cost-effective, third-party
Internet transport to connect
remote offices and users to the
main corporate site. This eliminates
expensive dedicated WAN links
and modem banks.
• Security - Advanced encryption
and authentication protocols
protect data from unauthorized
access.
• Scalability - VPNs use the Internet infrastructure within ISPs and carriers, making it easy for
organizations to add new users. Organizations, big and small, are able to add large amounts of
capacity without adding significant infrastructure.

Học viện mạng Bach Khoa - Website: www.bkacad.com 31

Types of VPNs

• Organizations use site-to-site VPNs to connect dispersed locations in

the same way as a leased line or Frame Relay connection is used.
• Because most organizations now have Internet access, it makes sense
to take advantage of the benefits of site-to-site VPNs.

Học viện mạng Bach Khoa - Website: www.bkacad.com 32

Types of VPNs

• Mobile users and

telecommuters use
remote access VPNs
extensively. In the
past, corporations
supported remote
users using dialup
networks. This usually
involved a toll call and
incurring long distance
charges to access the
corporation.
• In a remote-access
VPN, each host
typically has VPN
client software.

Học viện mạng Bach Khoa - Website: www.bkacad.com 33

VPN Components

• Components required to establish this VPN include:

1. An existing network with servers and workstations
2. A connection to the Internet
3. VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs,
that act as endpoints to establish, manage, and control VPN connections
4. Appropriate software to create and manage VPN tunnels
Học viện mạng Bach Khoa - Website: www.bkacad.com 34
Characteristics of Secure VPNs

• VPNs use advanced encryption techniques and tunneling

to permit organizations to establish secure, end-to-end,
private network connections over the Internet.

Học viện mạng Bach Khoa - Website: www.bkacad.com 35

VPN Tunneling

• Tunneling allows the use of public networks like the Internet to carry
data for users as though the users had access to a private network.
• Tunneling encapsulates an entire packet within another packet and
sends the new, composite packet over a network.

Học viện mạng Bach Khoa - Website: www.bkacad.com 36

VPN Data Integrity

• For encryption to work, both the sender and the receiver must know the rules used to
transform the original message into its coded form.
• VPN encryption rules include an algorithm and a key. An algorithm is a mathematical
function that combines a message, text, digits, or all three with a key. The output is an
unreadable cipher string.

Học viện mạng Bach Khoa - Website: www.bkacad.com 37

VPN Data Integrity

• Some of the more common encryption algorithms and the length of

keys they use are as follows:
– Data Encryption Standard (DES) algorithm
– Triple DES (3DES) algorithm
– Advanced Encryption Standard (AES)
– Rivest, Shamir, and Adleman (RSA)
Học viện mạng Bach Khoa - Website: www.bkacad.com 38
 VPN Data Integrity

• Hashes contribute to data integrity

and authentication by ensuring that
unauthorized persons do not tamper
with transmitted messages.
• A hash, also called a message
digest, is a number generated from
a string of text.
• The hash is smaller than the text
itself. It is generated using a formula
in such a way that it is extremely
unlikely that some other text will
produce the same hash value.
• There are two common HMAC
algorithms:
– Message Digest 5 (MD5)
– Secure Hash Algorithm 1
(SHA-1)
• There are two peer authentication
methods:
– Pre-shared key (PSK)
– RSA signature

Học viện mạng Bach Khoa - Website: www.bkacad.com 39

IPsec Security Protocols

• IPsec is protocol suite for securing IP communications which provides

encryption, integrity, and authentication.
• There are two main IPsec framework protocols.
– Authentication Header (AH)
– Encapsulating Security Payload (ESP)
Học viện mạng Bach Khoa - Website: www.bkacad.com 40
IPSec encryption with pre-shared keys

• The process for configuring IKE pre-shared keys in Cisco

IOS software for Cisco routers consists of the following four
major tasks:
– Task 1 is to prepare for IPSec: This task involves determining the
detailed encryption policy, identifying the hosts and networks to
protect, determining details about the IPSec peers, determining the
needed IPSec features, and ensuring existing ACLs are compatible
with IPSec
– Task 2 involves configuring IKE: This task includes enabling IKE,
creating the IKE policies, and validating the configuration
– Task 3 is configuring IPSec: This task includes defining the
transform sets, creating crypto ACLs, creating crypto map entries,
and applying crypto map sets to interfaces
– Task 4 is to test and verify IPSec: Using show, debug, and
related commands to test and verify that IPSec encryption works

Học viện mạng Bach Khoa - Website: www.bkacad.com 41

Task 1 is to prepare for IPSec

Học viện mạng Bach Khoa - Website: www.bkacad.com 42

Task 2 involves configuring IKE:

Học viện mạng Bach Khoa - Website: www.bkacad.com 43

Task 3 is configuring IPSec:

Học viện mạng Bach Khoa - Website: www.bkacad.com 44

Học viện mạng Bach Khoa - Website: www.bkacad.com 45
IPsec Security Protocols

• Activity 6.3.7
Học viện mạng Bach Khoa - Website: www.bkacad.com 46
IPsec Security Protocols

Học viện mạng Bach Khoa - Website: www.bkacad.com 47

IPsec Security Protocols

Học viện mạng Bach Khoa - Website: www.bkacad.com 48

IPsec Security Protocols

Học viện mạng Bach Khoa - Website: www.bkacad.com 49

IPsec Security Protocols

Học viện mạng Bach Khoa - Website: www.bkacad.com 50

IPsec Security Protocols

Học viện mạng Bach Khoa - Website: www.bkacad.com 51

Labs

Học viện mạng Bach Khoa - Website: www.bkacad.com 52

Summary

Học viện mạng Bach Khoa - Website: www.bkacad.com 53