CCNA – Semester4

Module 1
Scaling IP Address

Objectives

• Scaling networks with NAT and PAT

• Dynamic Host Configuration Protocol
 Scaling networks with
NAT and PAT

Introducing NAT

• NAT is designed to conserve IP addresses and enable

networks to use private IP addresses on internal
networks.
• These private, internal addresses are translated to
routable, public addresses.
NAT terms
• Inside local address – The IP address assigned to a host on the inside network (not a
legitimate IP address-RFC 1918 private address).
• Inside global address – A legitimate IP address represents one or more inside local IP
addresses to the outside world.
• Outside local address – The IP address of an outside host as it is known to the hosts
on the inside network.
• Outside global address – The IP address assigned to a host on the outside network.
The owner of the host assigns this address.

Major NAT and PAT features

• NAT translations can be used for a variety of

purposes and can be either dynamically or
statically assigned.
• Dynamic NAT is designed to map a private IP
address to a public address.
• Overloading, or Port Address Translation (PAT),
maps multiple private IP addresses to a single
public IP address.
• Realistically, the number of ports that can be
assigned a single IP address is around 4000.
Major NAT and PAT features

NAT advantages

• Eliminates reassigning each host a new IP

address when changing to a new ISP.
• Conserves addresses through application port-
level multiplexing.
• Protects network security.
• Reduce address overlap occurrence.
NAT disadvantages

• Translation introduces switching path delays

and processing overhead.
• Loss of IP end-to-end traceability.
• Certain application will not function with NAT
enabled.

Cisco IOS NAT

Configure static NAT

Static translation
Configure dynamic NAT

Configure dynamic NAT

Configure dynamic NAT

Dynamic NAT example

Configure PAT

Clear NAT table

Show NAT translation

Troubleshooting NAT and PAT configuration

• Use the following steps to determine whether NAT is

operating as expected:
– Based on the configuration, clearly define what NAT is supposed to
achieve.
– Verify that correct translations exist in the translation table.
– Verify the translation is occurring by using show and debug
commands.
– Review in detail what is happening to the packet and verify that
routers have the correct routing information to move the packet along.
Debug IP NAT

Dynamic Host Configuration

Protocol
Introducing DHCP

• Dynamic Host Configuration Protocol (DHCP)

works in a client/server mode.
• DHCP enables DHCP clients on an IP network to
obtain their configurations from a DHCP server.
• Less work is involved in managing an IP
network when DHCP is used.
• The DHCP protocol is described in RFC 2131.

Easy IP

• Cisco routers can use a Cisco IOS feature set,

Easy IP, to offer an optional, full-featured DHCP
server.
• Easy IP leases configurations for 24 hours by
default.
• The DHCP service is enabled by default on
versions of Cisco IOS that support it.
• To disable DHCP service, use the no service dhcp
command.
BOOTP and DHCP

• Both protocols are client/server based and use UDP

ports 67 and 68. Those ports are still known as BOOTP
ports.
• The four basic IP parameters:
– IP address
– Gateway address
– Subnet mask
– DNS server address

DHCP Operation
DHCP Messages

• If the client detects that

the address is already
in use on the local
segment it will send a
DHCPDECLINE
message and the
process starts again.
• If the client received a DHCPNACK from the server after
sending the DHCPREQUEST, then it will restart the process
again.
• If the client no longer needs the IP address, the client sends a
DHCPRELEASE message to the server.

CISCO IOS DHCP

• Cisco IOS DHCP server always checks to make

sure that an address is not in use before the
server offers it to a client.
• By default, router will issue 2 ICMP echo
requests, or will ping, to a pool address before
sending the DHCPOFFER to a client.
Configuring DHCP

Excluding IP
Key DHCP Server Commands

Verifying DHCP operation

• To verify the operation of DHCP, the command show

ip dhcp binding can be used.
• To verify that messages are being received or sent
by the router, use the command show ip dhcp server
statistics.
Troubleshooting DHCP

Network services

• Remote clients will broadcast to locate servers

while routers, by default, will not forward client
broadcasts beyond their subnet.
IP helper-address
• Remote clients will broadcast to locate servers while
routers, by default, will not forward client broadcasts
beyond their subnet.
• When possible, administrators should use the ip helper-
address command to relay broadcast requests for these
key UDP services.
• By default, the ip helper-address command forwards the
following eight UDP services:
– Time
– TACACS
– DNS
– BOOTP/DHCP Server
– BOOTP/DHCP Client
– TFTP
– NetBIOS Name Service
– NetBIOS datagram Service

DHCP Relay
Summary

• NAT and PAT concepts and operation

• NAT and PAT configuration and
troubleshooting
• Comparison between DHCP and BOOTP
• Cisco Router DHCP configuration
• DHCP relay with ip helper-address

Lab Topology
Lab Requirements

1. NAT/PAT
• Each Site use network address 10.x.0.0/16. Global
address is 172.20.x.0/28. Network connecting to Center
is 203.162.x.0/30.
• Configuring a static NAT mapping and dynamic NAT
2. DHCP
• Each Site use Router as a DHCP server to provide IP
addresses to department network.

CCNA4 – Module1
 CCNA – Semester4

Module 2
WAN Technologies

Objectives

• Identify the devices used in a WAN and list

standards
• Differentiate between packet-switched and circuit-
switched WAN technologies
• Describe equipment involved in the implementation
of various WAN services
• Compare and contrast WAN design models
 WAN Technology Overview

Parts of a WAN service

Modem

• In order for the local loop to carry data, a device

such as a modem is needed to prepare the data for
transmission.

DTE and DCE

• Devices that put data

on the local loop are
called data circuit-
terminating equipment,
or data communications
equipment (DCE).
• The customer devices that pass the data to the DCE are
called data terminal equipment (DTE).
WAN Line Types and Bandwidth

WAN Devices
WAN Devices: Modem

• A modem is needed if the local loop is analog rather than

digital.
• Modems transmit data over voice-grade telephone lines by
modulating and demodulating the signal.

WAN Devices: CSU/DSU

• The communications link

needs signals in an
appropriate format.
• For digital lines, a channel
service unit (CSU) and a
data service unit (DSU) are
required.
• The CSU/DSU may also be
built into the interface card
in the router.
WAN standard organizations

WAN standard

• WANs use the OSI reference model, but focus

mainly on Layer 1 and Layer 2.
• WAN standards typically describe both physical
layer delivery methods and data link layer
requirements, including physical addressing,
flow control, and encapsulation.
WAN physical layer

• Describe how to provide electrical, mechanical, operational,

and functional connections to the services provided by a
communications service provider.

Physical Connectors
WAN data link layer

• The data link layer protocols define how data is

encapsulated for transmission to remote sites, and
the mechanisms for transferring the resulting
frames.

WAN encapsulation
• The choice of encapsulation protocols depends on the WAN
technology and the equipment.
• Most framing is based on the HDLC standard.
• The address field is not needed for WAN links, which are almost
always point-to-point.
• The control field indicates the frame type:
– Unnumbered frames carry line setup messages.
– Information frames carry network layer data.
– Supervisory frames control the flow of information frames and request data
retransmission in the event of an error.
WAN Data-link Protocols

Circuit Switching

• Fixed capacity may not be

efficient due to access
bursts.
• Generally an expensive
way of moving data.
• The data bits are
automatically delivered to
the far end because the
circuit is already
established.
Packet Switching

Packet Switching

• Two approaches:
connectionless or
connection-oriented.
• Connectionless systems
carry full addressing
information in each
packet.
• Connection-oriented
systems predetermine
the route for a packet,
and each packet need
only carry an identifier.
WAN link options

WAN Technologies
Analog dialup
• When intermittent, low-volume data transfers are needed, modems
and analog dialed telephone lines provide low capacity and
dedicated switched connections.
• The advantages are simplicity, availability, and low implementation
cost.
• The upper limit is around 33 kbps. The rate can be increased to
around 56 kbps if the signal is coming directly through a digital
connection.
• The disadvantages are the low
data rates and a relatively long
connection time, not proper for
voice or video traffic.

ISDN

• The connection uses 64 kbps bearer channels

(B) for carrying voice or data and a signaling,
delta channel (D) for call set-up.
• ISDN is used to provide additional capacity or
backup for leased-line.
• ISDN tariffs are based on a per-B channel basis
and are similar to those of analog voice
connections.
ISDN

• Basic Rate Interface (BRI) ISDN is intended for the home

and small enterprise.
• For larger installations, Primary Rate Interface (PRI)
ISDN is available.

Leased line

• The dedicated capacity gives no latency or jitter

between the endpoints.
• These dedicated circuits are generally priced based on
bandwidth required and distance between the two
connected points.
X.25

• Packet-switched networks using shared lines to reduce costs,

tariffs are based on the amount of data .
• Switched or permanent virtual circuits can be established
through the network and data packets are subject to delay.
• X.25 networks are usually low capacity

Frame Relay

• Frame Relay is a much simpler protocol with no error or flow

control
• The simplified handling of frames leads to reduced latency
• Most Frame Relay connections are PVCs rather than SVCs
• It can operate at much higher bit rate that provides permanent
shared medium bandwidth connectivity that carries both voice
and data traffic.
ATM

• ATM provide very low latency and jitter at much higher

bandwidths.
• ATM has data rates beyond 155 Mbps, capable of
transferring voice, video, and data.
• It is built on a cell-based architecture rather than on a
frame-based architecture. ATM cells are always a fixed
length of 53 bytes including 5 bytes header.

DSL
• Digital Subscriber Line (DSL) technology is a broadband technology
• Use existing twisted-pair telephone lines to transport high-bandwidth
data.
• Broadband refers to a technique which uses multiple frequencies
within the same physical medium to transmit data.
• The transfer rates are dependent on the actual length of the local
loop and the type and condition of its cabling.
Cable modem

• Network access is available from some cable

television networks allows greater bandwidth
than telephone local loop.
• Enhanced cable modems enable two-way, high-
speed data transmissions up to 6.5 times that of
T1 leased lines.
• It is an attractive medium for transferring large
amounts of digital information quickly, including
video clips, audio files, and large amounts of
data.

WAN Design
WAN design

• Approaching the design in a systematic manner can

lead to superior performance at a reduced cost.
• It is necessary to know what data traffic must be carried,
its origin, and its destination.

Traffic Characteristics

• For each pair of end points and for each traffic type,
information is needed on the various traffic
characteristics.
Steps in WAN design
• Several modifications may
be necessary before a
design is finalized.
• Continued monitoring and
re-evaluation are also
required after installation of
the WAN to maintain
optimal performance.

Designing a WAN

• Designing a WAN essentially consists of the

following:
– Selecting an interconnection pattern or layout for the links
between the various locations
– Selecting the technologies for those links to meet the
enterprise requirements at an acceptable cost
WAN topologies

• Knowing the various end points allows the

selection of a topology or layout for the WAN.
• The topology will be influenced by geographic
considerations but also by requirements such
as availability

WAN Technologies

• With the end points and the links chosen, the necessary
bandwidth can be estimated.
• Type of traffic on the links may have varying
requirements for latency and jitter.
• With the bandwidth availability already determined,
suitable link technologies must be selected.
Three-layer design model

• A systematic approach is needed when many

locations must be joined. A hierarchical solution
with three layers offers many advantages.
• This three-layer model follows the hierarchical
design used in telephone systems.

Advantages of the hierarchical approach

Advantages of the hierarchical approach

Three-layer design model

Other layered design models

• Many networks do not require the complexity of a

full three-layer hierarchy. Simpler hierarchies may
be used.

Summary

• Identify the devices used in a WAN and list standards

• Packet-switched and circuit-switched WAN
technologies
• Overview of analog dialup, ISDN, leased line, X.25,
Frame Relay, cable modem and ATM services
• Steps in WAN design and WAN design requirements
• Advantages offered with a three-layer hierarchical WAN
design
CCNA4 – Module2
 CCNA – Semester4

Module 3
PPP

Objectives

• Explain serial communications

• PPP concepts, components, operations
• PAP, CHAP and PPP authentication process
• PPP configuration
 Serial Point-to-Point Links

Time-division multiplexing

• Time-Division Multiplexing (TDM) is the transmission

of several sources of information using one common
channel, or signal, and then the reconstruction of the
original streams at the remote end.
DTE-DCE

• A serial connection has a data terminal equipment (DTE)

device at one end of the connection and a data
communications equipment (DCE) device at the other
end.

WAN Serial connection options

HDLC
• In 1979, the ISO agreed on HDLC as a standard bit-
oriented data link layer protocol that encapsulates data
on synchronous serial data links.
• The following examples of derivative protocols are
called link access protocols:
– Link Access Procedure, Balanced (LAPB) for X.25
– Link Access Procedure on the D channel (LAPD) for ISDN
– Link Access Procedure for Modems (LAPM) and PPP for modems
– Link Access Procedure for Frame Relay (LAPF) for Frame Relay
• HDLC defines a Layer 2 framing structure that allows for
flow control and error control using acknowledgments
and a windowing scheme.

Cisco HDLC

• Standard HDLC does not inherently support

multiple protocols on a single link
• Cisco HDLC frame uses a proprietary ‘type’ field
that acts as a protocol field.
• HDLC is the default Layer 2 protocol for Cisco
router serial interfaces.
HDLC frames

• HDLC defines the following three types of frame, each

with a different control field format:
– Information frames (I-frames) – Carry the data to be transmitted for
the station. Additional flow and error control - data may be
piggybacked on an information frame.
– Supervisory frames (S-frames) – Provide request/response
mechanisms when piggybacking is not used.
– Unnumbered frames (U-frames) – Provide supplemental link control
functions, such as connection setup. The code field identifies the U-
frame type.

HDLC encapsulation
Troubleshooting a serial interface

Show controller
Debug serial interface

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

 PPP Authentication

PPP
• PPP uses a layered architecture including
NCP, LCP and the lowest encapsulation
protocol which is HDCL.
• PPP provides a method for encapsulating
multi-protocol datagrams over a point-to-
point link, and uses the data link layer for
testing the connection.
PPP Physical Layer

PPP Data-link Layer

PPP Network Layer

Frame format: Flag

Flag-Indicates the beginning or

end of a frame and consists of
the binary sequence 01111110.
Frame format: Address

Consists of the standard broadcast

address, which is the binary sequence
11111111. PPP does not assign
individual station addresses.

Frame format: Control

1 byte: 00000011, which calls

for transmission of user data
in an unsequenced frame.
Frame format: Protocol

2 bytes that identify the

protocol encapsulated in
the data field of the frame.

PPP frame format: Protocol types

• 0021: Internet Protocol
• 0029: Appletalk
• 002B: Novell IPX
• 8021: Internet Protocol Control Protocol
• 8029: Appletalk Control Protocol
• 802B: Novell IPX Control Protocol
• C021: Link Control Protocol
• C023: Authentication Protocol
Frame format: Data

Contain the datagram for the protocol

specified in the protocol field.
The default maximum length of the
data field is 1,500 bytes.

Frame format: FCS

Normally 16 bits (2 bytes). Refers

to the extra characters added to a
frame for error control purposes.
4 phases of a PPP session

1. Link establishment and configuration negotiation

2. Link quality determination
3. Network layer protocol configuration negotiation
4. Link termination

LCP Frames
There are three classes of LCP frames:
• Link establishment frames: Used to
establish and configure a link.
• Link termination frames: Used to terminate
a link.
• Link maintenance frames: Used to manage
and debug a link.
Phase I: Link establishment
• An originating PPP node sends LCP
frames to configure and establish the data
link.
• LCP packets contain a configuration option
fields: MTU, compression, and link
authentication protocol.
• LCP must first open the connection and
negotiate the configuration parameters.
• This phase is complete when a
configuration acknowledgment frame has
been sent and received.

LCP Configuration Options

Phase II (Optional): Authentication
• The link is tested to determine whether the
link quality is good enough to bring up
network-layer protocols.
• Then, the client or user workstation can be
authenticated.
• Authentication takes place before the
network-layer protocol configuration phase
begins.
• PPP supports two authentication protocols:
PAP and CHAP.

Phase III: Network layer protocol

• The PPP devices send NCP packets to

choose and configure one or more network-
layer protocols (such as IP).
• When each of the chosen network-layer
protocols has been configured, datagrams
from each network-layer protocol can be sent
over the link.
• You can check LCP and NCP states by using
the show interfaces command.
Phase IV: Link termination

• LCP can terminate the link at any time.

• This is usually done at the request of a user.
• Can happen because of a physical event,
such as the loss of a carrier or a timeout.
• If LCP closes the link, it informs the network-
layer protocols so that they can take
appropriate action.

PPP Authentication: PAP

PPP Authentication: PAP
• PAP provides a simple method for a remote
node to establish its identity, using a two-
way handshake.
• PAP is not a strong authentication protocol.
• Passwords are sent across the link in clear
text.
• There is no protection from playback or
repeated trial-and-error attacks.

PPP Authentication: CHAP

PPP Authentication: CHAP

• CHAP is used to periodically verify the identity of the

remote node, using a three-way handshake.
• CHAP offers features such as periodic verification to
improve security; this makes CHAP more effective than
PAP.
• The remote node responds with a value calculated using
a one-way hash function, which is typically Message
Digest 5 (MD5).
• CHAP provides protection against playback attacks
through the use of a variable challenge value that is
unique and unpredictable.

CHAP process
CHAP process

CHAP process
CHAP process

CHAP process
 Configuring PPP

PPP compression and error detection

PPP Multilink

Configuring PPP authentication

PPP authentication: PAP

Connect to
Client Server

# hostname LAB_A # hostname LAB_B

# interface serial 0 # username R_A password CISCO_A
# encapsulation ppp # interface serial 0
# ppp pap sent-username R_A # encapsulation ppp
password CISCO_A # ppp authentication pap

PPP authentication: CHAP

Connect to
Client Server

# hostname LAB_A # hostname LAB_B

# interface serial 0
# encapsulation ppp
# ppp chap hostname R_A
# ppp chap password
CISCO_A
# username R_A password CISCO_A
# interface serial 0
# encapsulation ppp
# ppp authentication chap
PPP 2-way PAP authentication
Connect
Client Server

# hostname LAB_A # hostname LAB_B

# username R_B password
CISCO_B
# interface serial 0
# encapsulation ppp
# ppp authentication pap
# ppp pap sent-username R_A
password CISCO_A
# username R_A password CISCO_A
# interface serial 0
# encapsulation ppp
# ppp authentication pap
# ppp pap sent-username R_B
password CISCO_B

Configuring PPP Multilink

interface Multilink1
ip address 1.1.1.2 255.255.255.0
ppp multilink

interface Serial0/0
no ip address
encapsulation ppp S0/0 S0/0
clockrate 64000
ppp multilink
S0/1 S0/1
ppp multilink group 1

interface Serial0/1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
Verifying the serial PPP encapsulation
configuration

Troubleshooting the serial encapsulation

configuration
• The debug ppp command is used to display
information about the operation of PPP. The no
form of this command disables debugging output.
Router#debug ppp {authentication | packet | negotiation |
error | chap}
Debug ppp authentication

Summary

• Characteristics of point-to-point links

• HDLC encapsulation protocol
• Parts of PPP and functions of LCP and NCP.
• Phases of PPP session
• Differences between PAP and CHAP
• PPP authentication configuration and verification
• Troubleshooting problems with PPP
Lab1 Topology

Lab1 Requirements

• Routing: make sure the two ASes can connect

to each other and the Internet
• PPP authentication:
– on a link between 2 routers, the left one uses PAP to
authenticate, the right one uses CHAP to authenticate
– To access router Westx, use username pppwestx and
password Pr1ntx
– To access router Eastx, use username pppeastx and
password Pr1ntx
Lab2 Topology

Lab2 Requirements

1. PPP Multilink
• Use multilink to connect each link Site-Center
• Use EIGRP as routing protocol AS 100
• IP address 172.20.0.0/16. Each Ethernet and
Loopback network requires 60 IPs.
2. PPP Authentication:
• One physical link use PAP authentication, the
other use CHAP authentication, both with
username bundlepx, and password 4eveRx
CCNA4 – Module3
 CCNA – Semester4

Module 4
ISDN

Objectives

• ISDN standards used for addressing, concepts, and

signaling
• ISDN physical and data link layers
• Configure the router ISDN interface
• Configure Dial-on-demand Routing
 ISDN Concepts

Introducing ISDN

• ISDN can be used as a solution to the low bandwidth problems,

carries a variety of user traffic signals, including data, voice, and
video .
• Offers much faster call setup than modem connections
• ISDN allows digital signals to be transmitted over existing
telephone wiring.
ISDN Data

• The bearer channel, or B channel, is defined as

a clear digital path of 64 kbps.
• It is said to be clear because it can be used to
transmit any type of digitized data in full-duplex
mode.
• It uses either HDLC or PPP as the Layer 2
protocol.

ISDN signaling

• ISDN uses out-of-band signaling, the delta (D

channel), for call setup and signaling.
• D channel carries signaling messages, such as
call setup and teardown, to control calls on B
channels.
• The delta channel, or D channel can either be 16
kbps for the Basic Rate Interface (BRI) or 64
kbps for the Primary Rate Interface (PRI).
• Traffic over the D channel employs the Link
Access Procedure on the D Channel (LAPD)
protocol. LAPD is a data link layer protocol
based on HDLC.
ISDN standards

• The ISDN standards are a set of protocols that

encompass digital telephony and data
communications.
• The ITU-T groups and organizes the ISDN
protocols according to the following general
topic areas:
– E Protocols
– I Protocols
– Q Protocols

ISDN standards
ISDN D channel

• The delta channel, or D channel can either be 16

kbps for the Basic Rate Interface (BRI) or 64 kbps
for the Primary Rate Interface (PRI).
• The D channel is used to carry control information
for the B channel.
• D channel carries signaling messages, such as call
setup and teardown, to control calls on B channels.
• Traffic over the D channel employs the Link Access
Procedure on the D Channel (LAPD) protocol. LAPD
is a data link layer protocol based on HDLC.

ISDN access method

• ISDN specifies two standard access methods:

– Basic Rate Interface - BRI
– Primary Rate Interface - PRI
• A single BRI or PRI interface provides a multiplexed
bundle of B and D channels.
ISDN BRI

• BRI uses two 64 kbps B channels plus one

16kbps D channel.
• Because it uses two B channels and one D
channel, BRI is sometimes referred to as 2B+D.

ISDN PRI

• In North America and Japan, PRI offers twenty-three 64

kbps B channels and one 64 kbps D channel. A PRI
offers the same service as a T1 or DS1 connection.
• In Europe and much of the rest of the world, PRI offers
30 B channels and one D channel in order to offer the
same level of service as an E1 circuit.
• PRI uses a Data Service Unit/Channel Service Unit
(DSU/CSU) for T1/E1 connections.
ISDN 3-layers model

• ISDN BRI and PRI physical layer specifications are

defined in ITU-T I.430 and I.431, respectively.
• ISDN data link specification is based on LAPD and is
formally specified in Q920, Q921, Q922, Q923.
• ISDN network layer is defined in ITU-T Q.930, also
known as I.450 and ITU-T Q.931, also known as I.451.
These standards specify user-to-user, circuit-switched,
and packet-switched connections.

ISDN physical layer: Frame format

ISDN BRI bit rate
• Note that ISDN BRI frames are sent at a rate
of 8000=8K per second.
• Bit rate: (2*8B+2D+6F)*8K = 192Kbps
• Effective rate: (2*8B+2D)*8K = 144Kbps
• Bearer (B) rate: (8B)*8K = 64Kbps
• Delta (D) rate: (2D)*8K = 16Kbps

ISDN D channel: Framing

ISDN components

ISDN component: TE
• Specialized ISDN terminals are referred to
as Terminal Equipment type 1 (TE1).
– Connect to the ISDN network through a four-wire,
twisted-pair digital link.
• Non-ISDN terminals such as DTE that
predate the ISDN standards are referred to
as Terminal Equipment type 2 (TE2). It is
connected to the ISDN network through a
TA.
ISDN component: NT
• Network Termination type 1 (NT1) or Network
Termination type 2 (NT2) device.
• These are NT devices that connect the four-wire
subscriber wiring to the conventional two-wire local
loop.
– In North America, the NT1 is a Customer Premises Equipment
(CPE) device.
– In most parts of the world, the NT1 is part of the network provided
by the carrier.
• The NT2 is a more complicated device, that performs
L2 and L3 protocol services.
• An NT1/2 is a single device that combines the
functions of an NT1 and an NT2.

ISDN reference points

• ISDN standards define functional groups as

devices or pieces of hardware that enable the
user to access the services of the BRI or PRI.
• Vendors can create hardware that supports one
or more functions.
ISDN reference points

Cisco ISDN BRI interface

ISDN switch types

• Routers must be configured to identify the type

of switch with which they will communicate.
• As a consequence of various implementations
of Q.931, the D channel signaling protocol used
on ISDN switches varies from vendor to vendor.

Service profile identifiers

• SPID is a number provided by the ISDN carrier

to identify the line configuration of the BRI
service.
• SPIDs allow multiple ISDN devices, such as
voice and data equipment, to share the local
loop.
• SPIDs are required by DMS-100 and National
ISDN-1 switches.
 ISDN Configuration

Configure ISDN switch type

• isdn switch-type switch-type
can be configured at the global or interface command mode to
specify the provider ISDN switch.

• National ISDN-1 and DMS-100 ISDN switches require SPIDs to be

configured, but the AT&T 5ESS switch does not.
Sample configuration

Configuring ISDN PRI

• ISDN PRI is delivered over a leased T1 or E1 line. The main

PRI configuration tasks are as follows:
– Specify the correct PRI switch type that the router interfaces with at
the CO of the ISDN provider.
– Specify the T1/E1 controller, framing type, and line coding for the
facility of the ISDN provider.
– Set a PRI group timeslot for the T1/E1 facility and indicate the speed
used.
Configure ISDN PRI

Configure T1/E1 Controller

• Specify an interface for PRI D-channel

operation. The interface is a serial interface to a
T1/E1 on the router:

Router(config)#interface serial{slot/port: | unit:}{23 | 15}

• The interface carries IP configuration that need

to traverse the link:

Router(config)#ip address ip_address subnet_mask

Interface channels

• Channel 16, the E1 signaling channel, is channel

15 on the interface.
• Channel 24, the T1 signaling channel, becomes
channel 23 on the interface.
• Channels use a colon instead of a dot to
indicate the channel number:
– S0/0.23 refers to a Subinterface
– S0/0:23 refers to a channel

ISDN PRI example

Verifying ISDN configuration: show isdn status

• The show isdn status command to inspect the

status of the BRI interfaces:
– verify that the TE1, or router, is communicating correctly
with the ISDN switch
– displays the number of active calls

Show isdn status

Verifying ISDN configuration: show isdn active

• The show isdn active command displays current

call information, including all of the following:
– Called number
– Time until the call is disconnected
– Advice of charge (AOC)
– Charging units used during the call
– Whether the AOC information is provided during calls or
at end of calls

Show isdn active

Verifying ISDN configuration: show dialer

• The show dialer command displays information

about the dialer interface:
– Current call status
– Dialup timer values
– Dial reason
– Remote device that is connected

Show dialer
Verifying ISDN configuration: show interface bri

• The show interface bri0/0 displays statistics for

the BRI interface configured on the router.
– The B channel is using PPP encapsulation.
– LCP has negotiated and is open.
– There are two NCPs running, IPCP and Cisco Discovery
Protocol Control Protocol (CDPCP).

Show interface bri

Troubleshooting ISDN configuration

DDR Configuration
Dial-on-demand routing

• DDR is triggered when traffic that matches a

predefined set of criteria is queued to be sent
out a DDR-enabled interface.
• The traffic that causes a DDR call to be placed is
referred to as interesting traffic.
• Once the router has transmitted the interesting
traffic, the call is terminated.

DDR operation
DDR operation

Configuring legacy DDR

• Legacy DDR is a term used to define a very

basic DDR configuration with the following
steps:
– Define static routes
– Specify interesting traffic
– Configure the dialer information
Defining static routes for DDR

• When configuring static routes, consider the

following:
– By default, a static route will take precedence over a
dynamic route because of its lower administrative
distance.
– To reduce the number of static route entries, define a
summarized or default static route.

Specifying interesting traffic for DDR

• Interesting traffic may be defined as any of the

following:
– IP traffic of a particular protocol type
– Packets with a particular source address or destination
– Other criteria as defined by the network administrator
• Use the dialer-list command to identify
interesting traffic. The command syntax is as
follows:
Router(config)#dialer-list dialer-group-num protocol
protocol-name {permit | deny | list access-list-number}

dialer-group-num: an integer between 1 and 10

Specifying interesting traffic

Dialer-group

• A dialer list specifying the interesting traffic for

this DDR interface needs to be associated with
the DDR interface.
Router(config-if)#dialer-group group-number
• Group-number must match the dialer-list group-
number.
• Each interface can have only one dialer group.
Dialer-map

• The correct dialing information for the remote

DDR interface needs to be specified.
• The dialer map command maps the remote
protocol address to a telephone number.
Router(config-if)#dialer map protocol next-hop-address [name
hostname] [speed 56 | 64] [broadcast] dial-string

Dialer-map command
Other commands

• If dialing only one site, use an unconditional

dialer string command that always dials the one
phone number regardless of the traffic
destination.
• The dialer idle-timeout seconds command may
be used to specify the number of idle seconds
before a call is disconnected. The default is 120.

Configuration sample
Dialer profiles

• Remove the configuration from the interface receiving or

making calls and only bind the configuration to the
interface on a per-call basis.

Dialer profile tasks

• Configure B channels of an ISDN interface with different

IP subnets.
• Use different encapsulations on the B channels of an
ISDN interface.
• Set different DDR parameters for the B channels of an
ISDN interface.
• Eliminate the waste of ISDN B channels by letting ISDN
BRIs belong to multiple dialer pools.
Dialer profile elements

• A dialer profile consists of the following elements :

– Dialer interface
– Dialer pool
– Physical interfaces

Configuring interface dialer

• Each dialer interface is the complete configuration for a
destination.
• Configure one or more dialer interfaces with all the basic
DDR commands:
– IP address
– Encapsulation type and authentication
– Idle-timer
– Dialer-group for interesting traffic
• Configure the physical interfaces and assign them to a
dialer pool using the dialer pool-member command.
Dialer priority

• If more than one physical interface exists in the

pool, use the priority option of the dialer pool-
member command to set the priority of the
interface within a dialer pool.
• The dialer pool with the highest priority is the
one that dials out first.

Configuring dialer interface

Configuring physical interface

Verifying DDR configuration

• The show dialer interface [BRI] command displays

information on incoming and outgoing calls.
• The show isdn active command displays
information about the current active ISDN calls.
• The show isdn status command displays
information about the three layers of the BRI
interface.
Troubleshooting the DDR configuration

• There are two major types of DDR problems.

– A router is not dialing when it should,
– A router is constantly dialing when it should not.
• Several debug commands can be used to help
troubleshoot problems with a DDR
configuration.

Debug isdn q921

Debug isdn q931

Debug dialer events

Isdn call interface

Summary

• ISDN uses standards for addressing,

concepts, and signaling
• ISDN uses the physical and data-link layers
• Interfaces and reference points for ISDN
• Router configuration for ISDN BRI and PRI
• Legacy DDR and dialer profiles
• ISDN and DDR verification and
troubleshooting.
CCNA4 – Module4
 CCNA – Semester4

Module 5
Frame Relay

Objectives

• Components of a Frame Relay network

• The technology of Frame Relay and topology of a
Frame Relay network
• Configuring Frame Relay
• Issues of a non-broadcast multi-access network
 Frame Relay Concepts

Introducing Frame Relay

• An ITU-T and ANSI standard.

• A packet-switched, connection-oriented, WAN
service.
• It operates at the data link layer of the OSI
reference model.
• Uses a subset of HDLC protocol LAPF.
Frame Relay operation

• Frames carry data between user devices called DTE, and

the DCE at the edge of the WAN.

FRAD

• Computing equipment that is not on a LAN may

also send data across a Frame Relay network.
• The computing equipment will use a Frame
Relay access device (FRAD) as the DTE.
Frame Relay Toll network

• May be privately owned, but it is more commonly provided as

a service by a public carrier.
• Typically consists of many geographically scattered Frame
Relay switches interconnected by trunk lines.

Frame Relay terminology

• Connection through the Frame Relay network

between two DTEs is called a virtual circuit (VC).
• VCs established dynamically by sending
signaling messages to the network are SVCs.
• PVCs are preconfigured by the carrier
Terminologies: Access Rate

• The clock speed of the connection (local loop) to

the Frame Relay cloud.
• It is the rate at which data travels into or out of the
network.

Terminologies: DLCI

• Data-link connection identifier.

• A number that identifies the end point in a Frame
Relay network.
• Significant only to the local network.
• The Frame Relay switch maps the DLCIs between a
pair of routers to create a permanent virtual circuit.
Terminologies: LMI

• Local management interface.

• A signaling standard between the CPE device and
the Frame Relay switch.
• Responsible for managing the connection and
maintaining status between the devices.

Terminologies: CIR

• Committed information rate (in bps).The average

rate at which you want to transmit in periods of
noncongestion.
• The CIR is the guaranteed rate, that the service
provider commits to providing.
• While a frame is being transmitted, each bit will be
sent at the port speed.
Terminologies: Tc

• Committed Rate Measurement Interval. The time

interval over which the rates are calculated is called
the committed time.
• The time interval shouldn’t exceed 125 ms, almost
always 125 ms.

Terminologies: Bc

• The number of committed bits in Tc is the

committed burst.
• Bc=CIR x Tc
Terminologies: Excess burst

• The maximum number of uncommitted bits that the

switch attempts to transfer beyond the CIR.
• Dependent on the service offerings available by the
vendor, but is typically limited to the port speed of
the local access loop.

Terminologies

MinCIR
Frame Relay flow control

• The switch maintains a bit counter for each VC.

• An incoming frame is marked DE if it puts the
counter over Bc.
• An incoming frame is discarded if it pushes the
counter over Bc + Be.
• At the end of each Tc seconds the counter is
reduced by Bc.

Terminologies: FECN

• Forward explicit congestion notification.

• When a switch recognizes congestion in the
network, it sends a FECN packet to the destination
device.
Terminologies: BECN

• Backward explicit congestion notification.

• When a switch recognizes congestion in the
network, it sends a BECN packet to the source
router, instructing the router to reduce the rate at
which it is sending packets.

Frame Relay congestion

Terminologies: DE

• Discard eligibility indicator.

• A set bit that indicates the frame may be discarded
in preference to other frames if congestion occurs.
• The DE bit is set on the oversubscribed traffic.

Frame Relay bandwidth

• The serial connection or access link to the

Frame Relay network is normally a leased line.
• The speed of the line is the access speed or port
speed.
• Port speeds are typically between 64 kbps and 4
Mbps. Some providers offer speeds up to 45
Mbps.
Frame Relay frame format

• DLCI: Indicates the DLCI value. Consists of the

first 10 bits of the Address field.
• Congestion Control: The last 3 bits in the
address field. These are the FECN, BECN, and
discard eligible (DE) bits.

Frame Relay addressing

• DLCI address space is limited to 10 bits. Æ possible 1024

DLCI addresses.
• The usable portion of these addresses are determined by
the LMI type:
– The Cisco LMI type supports a range of DLCI addresses from DLCI
16-1007.
– The ANSI/ITU LMI type supports the range of addresses from DLCI
16-992.
• The remaining DLCI addresses are reserved for vendor
implementation.
Frame Relay Topology

Frame Relay LMI functions

• The heartbeat mechanism, which verifies that a

VC is operational
• The multicast mechanism
• The flow control
• The ability to give DLCIs global significance
• The VC status mechanism
LMI types

• The LMI type configured on the router must

match the type used by the service provider.
• Three types of LMIs are supported by Cisco
routers:
– Cisco – The original LMI extensions
– Ansi – Corresponding to the ANSI standard T1.617
Annex D
– q933a – Corresponding to the ITU standard Q933 Annex
A

LMI frame format

• LMI messages are sent in frames distinguished by an

LMI-specific DLCI.
• Cisco specification as DLCI 1023.
• The LMI frame contains 4 mandatory bytes:
– The 1st bytes has the same format as the LAPB unnumbered
information (UI) frame indicator, with the poll/final bit set to zero.
– The 2nd byte is referred to as the protocol discriminator, which is set
to a value that indicates LMI.
– The 3rd byte (call reference) is always filled with zeros.
– The final byte is the message type field:
• Status messages
• Status enquiry messages
Frame Relay mapping
• Network address ÅÆ DLCI
• The routing table is then used to supply the next-hop protocol
address or the DLCI for outgoing traffic.
• The resolution is done through a data structure called a Frame Relay
map.
• This data structure can be statically configured in the router, or the
Inverse ARP feature can be used for automatic setup of the map.

LMI operation

• LMI status messages combined with Inverse ARP

messages allow a router to associate network layer and
data link layer addresses.
• When a router that is connected to a Frame Relay
network is started, it sends an LMI status inquiry
message to the network.
• The network replies with an LMI status message
containing details of every VC configured on the access
link.
• Subsequent responses include only status changes.
Frame Relay mapping

Frame Relay switching table

• The Frame Relay switching table consists of four entries:

incoming port and DLCI, and outgoing port and DLCI.
• The DLCI may be remapped as it passes through each
switch.
 Configuring Frame Relay

Frame Relay encapsulation

• Frame Relay is configured on a serial interface

and the default encapsulation type is the Cisco
proprietary version of HDLC.
• To change the encapsulation to Frame Relay
use the
encapsulation frame-relay [cisco | ietf]
LMI type

• The LMI connection is established and

configured by the command:
frame-relay lmi-type [ansi | cisco | q933a]
• IOS Release 11.2 or later, the LMI-type is
autosensed and no configuration is needed.
• The default LMI type is cisco.
• The LMI type is set on a per-interface basis and is
shown in the output of the show interfaces
command.

Configuring basic Frame Relay

Configuring a static Frame Relay map
• The local DLCI must be statically mapped to the network
layer address when:
– Remote router does not support Inverse ARP.
– Broadcast traffic and multicast traffic over the PVC must be
controlled.
– Paritial-mesh Frame Relay topology.

router(conf-if)#frame-relay map protocol protocol-address

dlci [broadcast]

• Static frame-relay map disables InverseARP, to turn it

back on use the command:

router(conf-if)#frame-relay inverse-arp [protocol] [dlci]

Configuring a static Frame Relay map

Split Horizon

• When a single interface is used to interconnect multiple sites,

there may be reachability issues as nonbroadcast multiaccess
(NBMA) nature of Frame Relay .
• Split horizon does not allow routing updates to be sent out the
same interface that was the source of the route information.

Frame Relay subinterfaces

• Use subinterfaces in Frame Relay:

– To enable the forwarding of broadcast in a hub-and-spoke Frame
Relay topology.
– To subject problem regarding split-horizon
– To reduce overall cost of many physical interfaces
• Frame Relay subinterfaces can be configured in either
point-to-point or multipoint mode:
– Point-to-point
– Multipoint
Frame Relay subinterfaces

• The encapsulation frame-relay command is assigned to

the physical interface. All other configuration items,
such as the network layer address and DLCIs, are
assigned to the subinterface.

Configuring Frame Relay subinterfaces

• Configure encapsulation and no shut the physical

interface without ip address.
router(config-if)#interface serial number.subinterface-number
{multipoint | point-to-point}
• Using major interface as point-to-point, DLCI
configuration is not required as it can be learned via LMI
from Frame Relay switch.
• With subinterfaces, use this command configure the
local DLCI:
router(config-subif)#frame-relay interface-dlci dlci-number
[cisco|ietf]
Subinterface configuration sample

Configure Cisco router as Frame Relay switch

• Cisco router can be configured as Frame Relay switch

using command:
Router(config)#frame-relay switching
• Then all connections should be DCE type and be
specified with the command:
Router(conf-if)#frame-relay intf-type dce|dte
• Configure LMI type on Frame Relay switch:
Router(conf-if)#frame-relay lmi-type {ansi | cisco | q933a}
• Configure Frame Relay routes to create switching table:
Router(conf-if)#frame-relay route in_dlci interface out_interface out_dlci
Frame Relay routes

Verifying the Frame Relay configuration

• show interfaces command displays LMI type, LMI DLCI,
Frame Relay DTE/DCE type
• show frame-relay lmi command to display LMI traffic
statistics.
• show frame-relay pvc [interface interface] [dlci] command
to display the status of each configured PVC as well as
traffic statistics.
• show frame-relay map command to display the current
map entries and information about the connections.
• show frame-relay route command on frame relay switch to
display switching table.
Show interface

Show frame-relay lmi

Show frame-relay pvc

Show frame-relay map

Troubleshooting the Frame Relay configuration

• debug frame-relay lmi command to determine

whether the router and the Frame Relay switch
are sending and receiving LMI packets properly.
• debug frame-relay events command to display
frame-relay packets.

Debug frame-relay lmi

Summary
• The components of a Frame Relay network
• The technology of Frame Relay
• Point-to-point and point-to-multipoint topologies
• The topology of a Frame Relay network and potential
problems
• How to configure a Frame Relay Permanent Virtual Circuit
(PVC)
• How to create a Frame Relay Map on a remote network
• Why subinterfaces are needed and how they are configured
• How to verify and troubleshoot a Frame Relay connection

Lab1 Topology

1. PVC(21-42) and PVC(32-41) belong to 1 subnet (partial-mesh)

2. All interfaces are multipoint subinterface (full-mesh)
3. IP address is 192.168.1.0/24 . Each Loopback interface requires 30
IPs. Rouing protocol is EIGRP with AS 100
Lab2 Topology

Lab2 Requirements

• PVC(111-121), PVC(123-143), PVC(142-112) form

1 subnet
• PVC(122-131) form 1 subnet
• PVC(132-141) form 1 subnet
• Routing protocol is EIGRP, AS 200
• Network address is 172.30.0.0/16, each loopback
interface requires 31 IPs.
CCNA4 – Module5
 CCNA – Semester4

Module 6
Network Management

Objectives

• Differences between a NOS and a traditional OS

• Identify network management tools
• Describe SNMP and CMIP
 Workstations and Servers

Workstations

• A workstation uses special softwares to perform the

following tasks:
– Intercepts user data and application commands
– Decides if the command is for the local operating system or for the
NOS.
– Directs the command to the local operating system or to the network
interface card (NIC) for processing and transmission onto the network
– Delivers transmissions from the network to the application running on
the workstation
Server

• Server systems must be equipped to support

multiple concurrent users and multiple tasks as
clients make demands on the server for remote
resources.
• Servers usually have high-capacity, high-speed
disk drives, large amounts of RAM, high-speed
NICs, and in some cases, multiple CPUs.

Introduction to NOS

• A computer OS is the software foundation on

which computer applications and services run
on a workstation.
• A NOS enables communication between
multiple devices and the sharing of resources
across a network.
Windows NT

• NT 4 was designed to provide an environment for

mission critical business that would be more stable than
the Microsoft consumer operating systems.
• Program failures are isolated and do not require a
system restart.
• Windows provide preemptive multitasking, file level
security, file-by-file compression

Windows 2000 Professional

• Windows 2000 Professional is not designed to

be a full NOS.
• The primary purpose is to be part of a domain
as a client-side operating system.
• It can be a file server, a print server, an FTP
server, and a web server, but will only support
up to ten simultaneous connections.
Windows 2000 Server
• The Active Directory Services feature serves as the
centralized point of management of users, groups,
security services, and network resources.
• It includes the multipurpose capabilities required for
workgroups and branch offices as well as for
departmental deployments of file and print servers,
application servers, web servers, and communication
servers.
• Windows 2000 Advanced Server provides the additional
hardware and software support needed for enterprise
and extremely large networks.

Windows .NET Server

• Windows .NET Server is built on the Windows

2000 Server kernel, but tailored to provide a
secure and reliable system to run enterprise-
level web and FTP sites in order to compete with
the Linux and UNIX server operating systems.
Origins of UNIX

• UNIX was designed to support multiple users,

multitasking and marketed for network servers only.
• UNIX, in its various forms, continues to advance its
position as the reliable, secure OS of choice for mission-
critical applications that are crucial to the operation of a
business or other organization.
• UNIX is also tightly integrated with TCP/IP.

Origins of Linux

• Linux was UNIX-like in its operation but used

software code that was open and completely
free of charge to all users.
• Linux is one of the most powerful and reliable
operating systems in the world today.
• Application support must be considered when
Linux is implemented on a desktop system.
Apple

• Apple Macintosh computers were designed for

easy networking in a peer-to-peer, workgroup
situation.
• Network interfaces are included as part of the
hardware and networking components are built
into the Macintosh operating system.
• The Macintosh, or Mac, is popular in many
educational institutions and corporate graphics
departments.

MAC OSX

• Mac OS X support for

protected memory,
preemptive multitasking,
advanced memory
management, and
symmetric
multiprocessing. It
allows AppleTalk and
Windows connectivity.
Concept of service on servers

• Remote management is a powerful service that allows

administrators to configure networked systems that are
miles apart.
• Network processes are referred to as services in
Windows 2000 and daemons in UNIX and Linux.

Network Management
Network management requirements
• The network administrator must actively manage the network,
diagnose problems, prevent situations from occurring, and
provide the best performance of the network for the users.

Network management model

SNMP and CMIP standards

SNMP protocols

• SNMP was adopted as the standard for TCP/IP

internets in 1989
• SNMPv2c provides support for centralized and
distributed network management strategies,
improves the SMI, protocol operations,
management architecture, and security.
• SNMPv3 provides secure access to MIBs by
authenticating and encrypting packets over the
network.
Organizational model for SNMP
• The organizational model for SNMP based network management includes four
elements:
– Management station
– Management agent
– Management information base
– Network management protocol

Network management station

• Usually a standalone workstation, but it may be

implemented over several systems.
• It includes a collection of software called the network
management application (NMA).
• SNMP uses User Datagram Protocol (UDP) and
communicates over ports 161 and 162. It is based on an
exchange of messages. There are three common
message types:
– Get: Enables the management station to retrieve the value of MIB
objects from the agent.
– Set: Enables the management station to set the value of MIB objects
at the agent.
– Trap: Enables the agent to notify the management station of
significant events.
Management information base

• MIB is used to store the structured information

representing network elements and their
attributes.
• The structure itself is defined in a standard
called the structure of management information
(SMI)
• SMI defines the data types that can be used to
store an object, how those objects are named,
and how they are encoded for transmission over
a network.

Management agents

• Are key network platforms and devices, other hosts,

routers, bridges and hubs, equipped with SNMP so that
they can be managed.
• Provide management information to the NMS. All the
management information of a particular agent is stored
in the MIB on that agent.
• An agent might keep track of the following:
– Number and state of its virtual circuits
– Number of certain kinds of error messages received
– Number of bytes and packets in and out of the device
– Maximum output queue length, for routers and other internetworking
devices
– Broadcast messages sent and received
– Network interfaces going down and coming up
RMON

• Network management applications often offload

some network management functionality to a
remote monitor (RMON) probe.
• The RMON probe gathers management
information locally, and then the network
manager periodically retrieves a summary of
this data.
• RMON gather statistics by analyzing every
frame on a segment.

Components of organization model

Network management applications

• The network management applications rely on

the host operating system, and on the
communication architecture.
• Includes a GUI interface to allow the network
administrator to monitor and manage the
network
• Examples of network management applications
are Ciscoworks2000, HP Openview, and
SNMPv2c.

Understanding the protocol

Understanding the community strings

SNMPv2c message format

SNMPv3 message format

Configuring SNMP

• More than one read-only string is supported.

• The default on most systems for this community string
is public. It is not advisable to use the default value in an
enterprise network.
• To set the read-only community string used by the
agent, use the following command:
Router(config)#snmp-server community string ro
– String – Community string that acts like a password and permits access to
the SNMP protocol
– ro – (Optional) Specifies read-only access. Authorized management stations
are only able to retrieve MIB objects.
Configuring SNMP

• More than one read-write string is supported.

• All SNMP objects are available for write access.
• The default on most systems for this community string
is private. It is not advisable to use this value in an
enterprise network.
• To set the read-write community string used by the
agent, use the following command:
Router(config)#snmp-server community string rw
– rw – (Optional) Specifies read-write access. Authorized management
stations are able to both retrieve and modify MIB objects

Configuring SNMP

• There are several strings that can be used to

specify location of the managed device and the
main system contact for the device.
Router(config)#snmp-server location text
Router(config)#snmp-server contact text
Cisco syslog

• The Cisco syslog logging utility is based on the

UNIX syslog utility.
• System events are usually logged to the system
console unless disabled.
• The syslog utility is a mechanism for
applications, processes, and the operating
system of Cisco devices to report activity and
error conditions.

Syslog facility
Configuring syslog
• To enable logging to all supported destinations:
Router(config)#logging on
• To send log messages to a syslog server host, such as
CiscoWorks2000:
Router(config)#logging hostname | ip address
• To set logging severity level to level 6, informational:
Router(config)#logging trap informational
• To include timestamp with syslog message:
Router(config)#service timestamps log datetime

Summary
• The functions of a workstation and a server
• Development of Networking Operating Systems (NOS)
• An overview of the various Windows platforms and other
OSes
• Reasons for network management
• The layers of OSI and network management model
• The role that SNMP and CMIP play in network monitoring
CCNA4 – Module6