Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/9781587201769/index/15872017… ·...
Transcript of Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/9781587201769/index/15872017… ·...
Index
Numerics802.11 Wired Equivalent Privacy (WEP), 259802.11i, 269–272802.1x
authentication, 278–280EAP standard, 260–272
AAAR (automated alternate routing), 43access
APs. See APscategories, 237communication devices, 10databases, 10guest, 292switches, 235WFQ, 134
access points. See APsACS (Access Control Server), 260adding
locations, 310–312maps, 309–310WLC, 307–308
administrationcongestion, 127–130dial plans, 45dynamic RF, 296EAP, 261keys, 269phone features, 46radio (WLSE), 295RF, 306RRM, 301SDM, 81–88
WLANsCisco Unified Wireless Management,
291–292components, 294implementations, 292–293need for, 291WCS, 299–313WLSE, 295–299
WLSE, 296WPA, 269–272
admission control, 73AES (Advanced Encryption Standard), 260AF (assured forwarding), 103–105agents, call, 11aggregation
traffic shaping, 165troubleshooting, 127
aggressive dropping, WFQ, 135AH (Authentication Header), 182alarms
rogue APs, 312–313WCS Base, 301
algorithmscodecs, 24queuing, 128voice compression standards, 24–25
Allowed setting, 246amplitude, 22analog interfaces, VoIP, 13analog phones, 11analog voice
converting from digital, 20–21converting to digital, 19–20
applicationsCisco Wireless Location Appliance,
305–306classification, 206conferencing, 10
dynamic port, 207interfaces, 46QoS
pre-classify, 181–183TCP, 62VoIP, 187
servers, 11APs (access points), 293
autonomous, 293Cisco WCS Servers, 308deployment, 296lightweight, 272–280SSID, 258WCS Base, 301WLSE, 295–296
architectureCisco Wireless Location Appliance, 305LWAP, 238–240Split MAC Architecture, 238–239
asset tags, Cisco Wireless Location Appliance, 305
assigningchannels, 301sequence numbers, 134
assured forwarding (AF), 103–105ATM (asynchronous Transfer Mode), 99attacks
CoPP, 192–193DoS, 259
audio. See also voicekeywords, 117signals, 31streams, 26VAD, 42
audits, 301business, 70networks, 70
authentication, 272–273802.1x, 278–280configuring, 272–280EAP, 260–261LEAP, 262–264PEAP, 267–269static WEP, 273–274VPNs, 180WPA, 269–272WPA PSK, 274–275
Authentication Header (AH), 182authorization
objects, 74rogue APs, 259
authorized users, 74auto discovery qos command, 81, 210auto qos command, 79, 81, 210auto qos voip cisco-phone command, 211auto qos voip command, 81auto qos voip trust command, 211auto re-site surveys, 298autodiscovery, 212, 218automated alternate routing (AAR), 43automated monitoring, WCS Base, 301automation, AutoQoS, 215–217autonomous APs, 293–296AutoQoS, 79–81, 205–212, 215–221
automation, 215–217configurations, 219–221for Enterprise, 206
availability of bandwidth, 63–64avoidance (congestion), 67, 153
CBWRED, 158–162limitations of tail drop, 153–154link efficiency mechanisms, 167RED, 154–156traffic shaping and policing, 163–167WRED, 156–157
356
BBA (behavior aggregate), 101background
access, 237VAD, 42
backups, WCS Base, 301backward explicit congestion notification
(BECN), 99bandwidth
availability, 63–64codecs, 35–36guarantees, 67
CBWFQ, 139–140SLAs, 187
packet telephony networks, 10requirements
codecs, 24compression, 24–25
reserving, 141VAD, 41–42voice, 34–36VoIP, 34–42
bandwidth command, 140, 219bandwidth percent command, 140BECN (backward explicit congestion
notification), 99behavior aggregate (BA), 101benefits
of CBWFQ, 140of LLQ, 144of telephony packet networks, 10–11of WEQ, 135
best-effortaccess, 237models (QoS), 72
bits, CoS, 98–99boundaries, trust, 108–110, 189British Telecom, 25broadcast key management, 269Bronze access, 237buffers, increasing space, 67buildups, queues, 192business audits, 70bytes, ToS, 102
CCAC (call admission control), 15, 49, 69calculating bandwidth for VoIP, 34–42call
agents, 11control models, 16–19processing, 45routing, 15
call admission control, 15, 49, 69campus maps, adding, 310–312campus networks, QoS, 188–190carrier sense multiple access collision avoid
(CSMA/CA), 236–235carrier sense multiple access collision detect
(CSMA/CD), 236CAS (channel associated signaling), 14CBWFQ (Class-Based Weighted Fair
Queuing), 138–139benefits/drawbacks, 140classification, 139–140configuration, 141–142monitoring, 161
CBWRED (class-based weighted random early detection), 158–162
CCM (Cisco CallManager), 45–46CCMP (Cipher Block Chaining Message
Authentication Code Protocol), 271CCO (Cisco Connection Online), 111CCS (common channel signaling), 14CDP (Cisco Discovery Protocol), 110CDT (congestive discard threshold), 135CEF (Cisco Express Forwarding), 209cell loss priority (CLP), 99centralized call control, 16–19centralized RF management, LWAP, 239certificates, PKI, 260channel associated signaling (CAS), 14channels, assigning, 301characters, NBAR, 116Cipher Block Chaining Message
Authentication Code Protocol (CCMP), 271CIR (committed information rate), 165, 186Cisco Aironet 128-bit devices, 259Cisco CallManager (CCM), 45–46Cisco Compatible Extensions program, 291Cisco Connection Online (CCO), 111Cisco Discovery protocol (CDP), 110Cisco Express Forwarding (CEF), 209
BA (behavior aggregate)
357
Cisco IOSconfiguring, 183NBAR, 112–117policing and shaping mechanisms, 167switches, 210–212voice, 48–49
Cisco IP Communicator, 11Cisco Key Integrity Protocol (CKIP), 260Cisco LEAP, 259, 262–264Cisco Message Integrity Check (CMIC), 260Cisco Unified Communication System, 45–46Cisco Unified Wireless Networks, 291–292Cisco WCS, 299–313Cisco WCS Base, 300–301Cisco Wireless Location Appliance, 304–306CiscoWorks WLSE, 295–299CKIP (Cisco Key Integrity Protocol), 260Class-Based Weighted Fair Queuing
(CBWFQ), 138–139benefits/drawbacks, 140classification, 139–140configuration, 141–142monitoring, 161
class-based weighted random early detection (CBWRED), 158–162
classesmaps, 219selector PHBs, 102service, 106–108statements, 78traffic, 106
AutoQoS, 216defining QoS, 71marking, 97–100SLAs, 187
classification, 73, 97–100applications, 206AutoQoS, 79, 220CBWFQ, 139–140CoS on 802.1Q/P Ethernet frames, 98–99DE and CLP on ATM/Frame Relay, 99MPLS EXP field, 100NBAR, 110–112subport, 111traffic, 64, 189video and voice, 189WEQ, 133–134
class-map command, 77, 97CLI (command-line interface), 76
clientsCisco Unified Wireless Networks, 291EAP, 261LEAP, 262open authentication, 272–273
CLP (cell loss priority), 99clustering over WAN models, 48CMIC (Cisco Message Integrity Check), 260codecs
compression algorithms, 24types, 35–36
collection (statistics), NBAR, 110–112coloring traffic, 98command-line interface (CLI), 76commands
auto discovery qos, 81, 210auto qos, 79, 81, 210auto qos voip, 81auto qos voip cisco-phone, 211auto qos voip trust, 211AutoQoS, 79–81bandwidth, 140, 219bandwidth percent, 140class-map, 77, 97fair-queue 16, 135, 141hold-queue max-limit out, 136IOS, 112–117IP CEF, 112ip nbar port-map, 113ip nbar protocol-discovery, 114match protocol, 115max-reserved-bandwidth, 139mls qos, 211no auto discovery qos, 210no auto qos, 221police, 193policy-map, 77priority, 219priority-list, 131qos pre-classify, 181–184queue-limit, 141random-detect, 158service-policy, 77–78, 142, 193service-policy output, 114show, 112show auto discovery qos, 212show auto discovery qos interface, 212show auto qos, 212, 214, 219
commands
358
show auto qos interface, 213show class-map, 78show controllers serial, 130show interface, 67, 136show mls qos interface, 215show mls qos maps, 212show mls qos maps dscp-cos, 215show policy-map, 78show policy-map interface, 79, 142,
212–213show queue interface, 137tx-ring-limit, 129voices, 48–49
committed information rate (CIR), 165, 186common channel signaling (CCS), 14communication, device access, 10components, 261
EAP, 261queuing, 128telephony packet networks, 11–13WLANs, 294
Compressed RTP (cRTP), 32–34, 64, 208compression, 20, 64
codecs, 24configuring, 64cRTP, 32–34headers, 66, 169–170Layer 2, 66payload (Layer 2), 168–169standards, 24–25
concurrent calls, limiting, 49conferencing
applications, 10DSPs, 26
confidentiality, VPNs, 180configuration
802.1x authentication, 278–280APs, 308AutoQoS, 79–81CAC, 49CBWFQ, 141–142CBWRED, 158–162CiscoWorks WLSE, 295compression, 64gateways (voice), 44–45IOS (qos pre-classify command), 183legacy CLIs, 76LLQ, 144–145NBAR, 112–117
open authentication, 273Over the Air QoS fields, 245static WEP authentication, 273–274utoQoS Enterprise, 206voice, 48–49WCS, 299–313web authentication, 276–278WEQ, 135–137WLANs
QoS, 243–246security, 272–280
WLSE, 297WPA PSK authentication, 274–275
confluence problem, 127congestion
avoidance, 67, 153CBWRED, 158–162limitations of tail drop, 153–154link efficiency mechanisms, 167RED, 154–156traffic shaping and policing, 163–167WRED, 156–157
management, 127–130notification, 99
congestive discard threshold (CDT), 135connections
access switches, 235VPNs, 180–181
consistency, AutoQoS, 79, 206consolidated network expenses, 10contention window (CWmin), 237control
and management plane traffic, 192policies (EAP), 261
control plane policing (CoPP), 192–193Controller option, 244controllers
WCS Base, 301WLAN, 243–244
converged networks, QoS, 62–68converting voice
analog to digital, 19–20digital to analog, 20–21Nyquist theorem, 21quantization, 22–23
CoPP (control plane policing), 192–193CQ (custom queuing), 128cRTP (Compressed RTP), 32–34, 64, 208
commands
359
CSMA/CA (carrier sense multiple access collision avoid), 236–237
CSMA/CD (carrier sense multiple access collision detect), 236
custom queuing (CQ), 128customization. See also configuration
WCS, 300–302Web Login Page, 277
CWmin (contention window), 237
DDashboard (Network), 303–304data integrity, VPNs, 180data links, overhead, 35–37Data Link Control, 235data plane traffic, 192databases
access, 10EAP, 261LEAP, 262packet telephony networks, 11
data-link connection identifier (DLCI), 207DCF (distributed coordinated function),
236–237DE (discard eligible), 99decimal bits, CoS bits, 98–99default PHBs, 103defining
AutoQoS, 216QoS policies, 71
delayend-to-end (VoIP), 16, 62–65link fragmentation, 171processing, 65propagation, 65queuing, 65serialization, 65variation (jitter), 63, 65–66
delivery, voice, 27–34denial of service, 259, 270deployment
APs, 296AutoQoS
on Enterprise on Cisco routers, 206, 209–210
on IOS-based switches, 210–212IP Telephony options, 46–48
QoSend-to-end, 185–193pre-classification options, 183–184
queuing, 64wizards (WLSE), 296
descriptors, traffic, 97design
802.1x authentication, 278–280APs, 308AutoQoS, 79–81CAC, 49CBWFQ, 141–142CBWRED, 158–162CiscoWorks WLSE, 295compression, 64gateways (voice), 44–45IOS (qos pre-classify command), 183legacy CLIs, 76LLQ, 144–145NBAR, 112–117open authentication, 273Over the Air QoS fields, 245static WEP authentication, 273–274trust boundaries, 108–110AutoQoS Enterprise, 206voice, 48–49WCS, 299–313web authentication, 276–278WEQ, 135–137WLANs
QoS, 243–246security, 272–280
WLSE, 297WPA PSK authentication, 274–275
detectionCisco WCS Servers, 312–313IDS, 260rogue APs, 259
devicesAutoQoS, 79–81campus LAN, 189Cisco Unified Wireless Networks, 291Cisco Wireless Location Appliance,
304–306communication, 10control, 45DSPs, 25–26SDM, 81–88trust boundaries, 108–110
devices
360
dial plan administration, 45Differentiated Services Code Point (DSCP),
100–105DiffServ
fields, 100models, 100–105QoS, 74–75
digital interfaces, VoIP, 14–15digital signal processors. See DSPsdigital voice
converting from analog, 19–20converting to analog, 20–21
directories, services, 46Disables setting, 246discard eligible, 99discovery, 218
autodiscovery, 212NBAR, 110–112
distributed callcontrol, 16–19processing, 47
distributed coordinated function, 236–237distribution (multilayer) switches, 235DLC (Data Link Control), 235DLCI (data-link connection identifier), 207DoS (denial of service) attacks, 259, 270drawbacks
of CBWFQ, 140of WFQ, 135
dropinput queue, 67output, 67WFQ, 135
DSCP (Differentiated Services Code Point), 100–105
CBWRED, 160IP precedence, 102–105
DSPs (digital signal processors), 12, 25–26dynamic keys, WPA2, 279dynamic port applications, 207dynamic queues, WFQ, 134dynamic RF management, 296dynamic WEP keys, 261dynamic-queues parameter, 136
EE&M (Earth and Magneto or Ear and
Mouth), 13EAP (Extensible Authentication Protocol),
260–272EAP over LAN (EAPOL), 265EAP-FAST (Extensible Authentication
Protocol-Flexible Authentication via Secure Tunneling), 264–266
EAPOL (EAP over LAN, 265EAP-TLS (Extensible Authentication
Protocol-Transport Layer Security), 266–267
early dropping, WFQ, 135Earth and Magneto or Ear and Mouth
(E&M), 13ease, best-effort QoS model, 72EDCF (Enhanced Distributed Coordination
Function), 238Edit QoS Profile Page, 245editing profiles, 244EF (expedited forwarding), 103efficiency
links, 167packet telephony networks, 10
elements of WLAN managementCisco Unified Wireless Networks, 291–292components, 294implementations, 292–293need for, 291WCS, 299–313WLSE, 295–299
employees, productivity, 10enabling, 207–212. See also configurationEncapsulating Security Payload (ESP), 182encapsulation
HDLC, 207voice packets, 27–34
encoding, 20encryption. See also security
configuring, 272–280EAP, 261
endpointscentralized call control, 17video, 12
end-to-end delay, VoIP, 16, 62–65end-to-end delivery voice, 27–30
dial plan administration
361
end-to-end QoS. See also QoSdeployment, 185–193maintaining, 240
Enhanced Distributed Coordination Function (EDCF), 238
enterprise campus QoS implementations, 188–190
Enterprise mode, WPA, 272enterprise networks, VoIP, 42–49Enterprise on Cisco routers, deploying
AutoQoS, 209–210Equipment, packet telephony networks, 10equivalent to direct conversation, 24errors. See also troubleshooting
frames, 67quantization, 22
ESP (Encapsulating Security Payload), 182event logs, WCS Base, 301evolution of WLAN security solutions,
259–260EXP field (MPLS), 100expedited forwarding (EF), 103expressions, regular (NBAR), 116Extensible Authentication Protocol, 260–272Extensible Authentication Protocol-Flexible
Authentication via Secure Tunneling, 264–266
Extensible Authentication Protocol-Transport Layer Security, 266–267
extensible markup language, 10, 46external applications, programming
interfaces to, 46
Ffair-queue 16 command, 141fair-queue command, 135FastTrack traffic, NBAR, 116–117fault monitoring, WLSE, 295FECN (forward explicit congestion
notification), 99fields
DiffServ, 100EXP (MPLS), 100inner QoS, 241Over the Air QoS, 245
FIFO (first in, first out), 128–132filters, MAC, 259
firmware, WLSE, 295first in, first out, 128–132Foreign Exchange Office (FXO), 13Foreign Exchange Station (FXS), 13forward explicit congestion notification
(FECN), 99forwarding
AutoQoS, 209important packets first, 66
four-way handshakes, 264fragile flows, 66fragment size, 171Frame Relay, DE and CLP on, 99frame errors, 67FXO (Foreign Exchange Office), 13FXS (Foreign Exchange Station), 13
Ggatekeepers, 11gateways
centralized call control, 17DSPs, 25–26interfaces
analog, 13digital, 14–15
packet telephony networks, 11voice, 44–45VoIP, 29
generating hashes, 133global synchronization, TCP, 153Gold access, 237GTK (group transient key), 270guarantees
bandwidth, 67CBWFQ, 139–140SLAs, 187
lack of service, 72services, 75
guest access, 292
Hhackers, 258. See also securityhandshakes, four-way, 264hardware
packet telephony networks, 10QoS, 189queuing, 128
hardware
362
hashes, generating, 133HDLC (high-level data link control)
encapsulation, 207headers
compression, 66, 169–170MPLS, 100overhead, 32–34
hierarchies, trust boundaries, 109high availability, WLSE, 298high-level data link control (HDLC)
encapsulation, 207hold-queue max-limit out command, 136
IIBNS (Identity Based Networking Services),
292IDSs (Intrusion Detection Systems), 260, 292IEEE (Institute of Electrical and Electronics
Engineers)802.11 Wired Equivalent Privacy (WEP),
259802.11i, 269–272802.1x
authentication, 278–280EAP standard, 260–272
IETF (Internet Engineering Task Force), 15, 99
IFS (inter-frame spacing), 236Ignore counter, 67images, WLSE, 296implementation. See also configuration
AutoQoSenabling, 207–212troubleshooting, 215–221verifying, 212, 215
LLQ (policy maps), 161QoS
AutoQoS, 205–207best-effort model, 72converged network issues, 62–68DiffServ model, 74–75enterprise campus, 188–190IntServ model, 73–74models, 72policies, 62, 68–71, 76, 88, 106–108pre-classify, 180–184WAN edge, 190–192
trust boundaries, 109VoIP enterprise networks, 42–49WLANs, 239–242, 292–293
increase (upgrade) link bandwidth, 64–67increasing capacity, comparing to queuing,
128initialization vector (IV), 259inner QoS fields, mapping, 241input
keywords, 78queue drop, 67
insertion, WEQ, 135installation, rogue APs, 259Institute of Electrical and Electronics
Engineers. See IEEEintegrity, VPNs, 180interfaces
applications, 46legacy CLI, 76MQC, 76–79, 139QoS, 183–184queuing, 130–132transmit, 189VIP, 65VoIP
analog, 13digital, 14–15
WCS, 302web
authentication, 276–278users, 243–244
inter-frame spacing (IFS), 236Internet Engineering Task Force (IETF), 15,
99Internet Protocol. See IPInternetwork Operating System. See IOSInternetwork Packet Exchange (IPX), 112interpreting AutoQoS configurations, 219–221Intrusion Detection Systems, 260, 292IntServ models, QoS, 73–74IOS (Internetwork Operating System)
configuring, 183NBAR, 112–117policing and shaping mechanisms, 167switches, 210–212voice, 48–49
IP (Internet Protocol)CEF command, 112overhead, 35
hashes, generating
363
phones, 11precedence
CBWRED, 159DSCP, 102–105
QoSconverged network issues, 62–68implementing, 68–71overview of, 62
Telephony deployment options, 46–48ip nbar port-map command, 113ip nbar protocol-discovery command, 114IPsec (IP Security), VPNs, 182IPX (Internetwork Packet Exchange), 112IV (initialization vector), 259
Jjitter, 30, 143
converged networks, 63–66VoIP, 16
JPEG (Joint Photographics Expert Group), 115
Kkeepalives, CoPP, 192keys
dynamic (WPA2), 279GTK, 270management, 269PMK, 264PSK, 274–275PTK, 270session, 260
keywordsaudio, 117input/output, 78payload-type, 117statistics, 215trust, 210video, 117voip, 210
KPN Research, 25
Llack of service, 72LANs (local-area networks)
campus devices, 189EAPOL, 265
laptops, Cisco Wireless Location Appliance, 305
Layer 2compression, 66payload compression, 64, 168–169QoS
CoS on 802.1Q/P Ethernet frames, 98–99
DE and CLP on ATM/Frame Relay, 99Layer 2, 100layers, implementing trust boundaries, 109LEAP (Lightweight Extensible
Authentication Protocol), 259, 262–264legacy CLIs, 76levels, services, 70, 75LFI (link fragmentation and interleaving),
208LightWeight Access Point Protocol (LWAPP),
291lightweight AP wireless architecture. See
LWAPLightweight Extensible Authentication
Protocol, 259, 262–264limitations
of CAC, 49of NBAR, 111of tail drop, 153–154of traffic rates, 163
linear quantization, 23link fragmentation and interleaving (LFI ),
208links
efficiency, 167utilization with/without RED, 154
LLC (Logical Link Control), 235LLQ (Low-Latency Queuing), 142–143
AutoQoS, 208benefits of, 144configuration, 144–145policy maps, 161
local-area networks. See LANs
local area networks
364
locationsCisco WCS Servers, 310–312Cisco Wireless Location Appliance,
304–306rogue APs, 313services, 292WCS tracking options, 300–302
logarithmic quantization, 23Logical Link Control, 235login
Cisco WCS Server, 306Web Login Page, 277
logs, events, 301loss, packets, 63–68Low Latency Queuing. See LLQlow-speed serial links, enabling AutoQoS, 207LWAPP (Lightweight Access Point Protocol),
291LWAP (lightweight AP wireless architecture,
238–239, 293tunnels in Split MAC architecture, 240viewing, 308WCS, 299–313
MMAC (Media Access Control)
filters, 259Split MAC Architecture, 238–239
maintenance, call, 16management
congestion, 127–130dial plans, 45dynamic RF, 296EAP, 261keys, 269phone features, 46radio (WLSE), 295RF, 306RRM, 301SDM, 81–88WLANs
Cisco Unified Wireless Management, 291–292
components, 294implementations, 292–293need for, 291
WCS, 299–313WLSE, 295–299
WLSE, 296WPA, 269–272
mappingCisco WCS Server, 309–310inner QoS fields, 241LLQ, 144, 161markings, 107modifying, 219policies, 141QoS markings, 240–241
mark probability denominator (MPD), 154marking, 97–100
DSCP, 100–105enterprise campus QoS, 189mapping, 107QoS, 240–241traffic, 64trust boundaries, 108–110
match protocol command, 115match statements, 77, 97, 113, 219max-reserved-bandwidth command, 139MCUs (multipoint control units), 11MD5 (Message Digest 5), 182mean opinion score (MOS), 24measurements
traffic rates, 165–167voice signals, 24
Media Access Control. See MACMedia Gateway Control Protocol, 15menus, WCS, 302Message Digest 5 (MD5), 182Message Integrity Check, 15MGCP (Media Gateway Control Protocol), 15MIC (Message Integrity Check), 260, 269mismatch, speed, 165missed trap polling, 301mixed-mode conferences, 26MLP (Multilink PPP), 207mls qos command, 211mobile devices, Cisco Wireless Location
Appliance, 305mobility platforms, Cisco Unified Wireless
Networks, 291models
call control, 16–19DiffServ, 100–105
locations
365
QoS, 72best-effort, 72DiffServ, 74–75IntServ, 73–74
modifyingAutoQoS configurations, 219–221mapping, 219root passwords, 306
modular QoS command-line interface (MQC), 76–79, 139
MOH (music on hold), 41monitoring
AutoQoS, 79, 206CBWFQ, 141–142, 161LLQ, 144–145threshold-based, 296WCS Base, 300–301WFQ, 135–137WLSE, 295
MOS (mean opinion score), 24MPD (mark probability denominator), 154MPLS (Multi-Protocol Label Switching), 100MQC (modular QoS command-line
interface), 76–79, 139Multilink PPP (MLP), 207multiple queues, 189multiplexing, 31multipoint control units (MCUs), 11Multi-Protocol Label Switching, 100multisite
with centralized call processing model, 46with distributed call processing model,
47–48music on hold (MOH), 41
NNAC (Network Admission Control), 292National Institute of Standards and
Technology (NIST), 271navigating WCS, 302NBAR (Network Based Application
Recognition), 97, 110–117, 205Network Admission Control (NAC), 292Network Based Application Recognition,
97, 110–117, 205Network Dashboard, 303–304network interface card, 258
network module high density voice (NM-HDV), 25
networksaudits, 70campus, 188–190Cisco Unified Wireless Networks, 291–292converged, 62–68enterprise, 42–49outages, 62packet telephony networks
benefits of, 10–11components, 11–13
services, 295unification, 291VPNs, 180–181
NIC (network interface card), 258NIST (National Institute of Standards and
Technology), 271NM-HDV (network module high density
voice), 25no auto discovery qos command, 210no auto qos command, 221notification, congestion, 99Nyquist theorem, 21
Ooff-hook, calling phones, 18one-time password (OTP), 261open authentication, 272–273operating systems, LEAP support for, 262optimizing WLSE, 298options. See also configuration; customization
Controller, 244IP Telephony deployment, 46–48WCS tracking, 300–302
OTP (one-time password), 261outages, networks, 62output
drop, 67keywords, 78
Over the Air QoS fields, configuring, 245overhead
data link, 35–37headers, 32–34IP, 35security, 37–39tunneling, 35–39
overhead
366
Overrun counter, 67overutilization, 154
PPacket Description Language Modules
(PDLMs), 111packet voice DSP modules (PVDMs), 25packets
access, 134loss, 63, 66–68periods, 36size, 35telephony networks
benefits of, 10–11components, 11–13
voice, 27–34packets per second (pps), 35pairwise master key (PMK), 264pairwise transient key (PTK), 270PAM (pulse amplitude modulation), 20parameters
queues, 136traffic, 219
passwordsOTP, 261root, 306
payloadscompression (Layer 2), 168–169voice, 34–36
payload-type keyword, 117PBX phones, 11PCM (pulse code modulation), 20PDLMs (Packet Description Language
Modules), 111PDU (protocol data unit), 100PEAP (Protected Extensible Authentication
Protocol), 267–269people, tracking with Cisco Wireless Location
Appliances, 305perceptual analysis measurement system
(PAMS), 25perceptual evaluation of speech quality
(PESQ), 25perceptual speech quality measurement
(PSQM), 25perfect conversation, 24Per-Hop Behavior (PHB), 100–105
permanent virtual circuits (PVC), 207per-packet keying (PPK), 269Personal mode, WPA, 272PESQ (perceptual evaluation of speech
quality), 25phases, EAP-FAST, 264PHB (Per-Hop Behavior), 100–105phones
feature administration, 46IP phones, 11packet telephony networks, 11stages of phone calls, 15–19
PKI (Public Key Infrastructure) certificates, 260
placement of trust boundaries, 108–110planning QoS policy implementation, 106–108Platinum access, 237PMK (pairwise master key), 264polarity, 22police command, 193policies
AutoQoS, 206control, 261drop, 135maps, 141
LLQ, 144, 161modifying, 219
objects, 74QoS
AutoQoS, 79converged network issues, 62–68implementing, 62, 68–71, 76, 88,
106–108pre-classify deployment, 183–184
trust boundaries, 108–110WCS Base, 301WLSE, 295
policing, 73CoPP, 192–193traffic, 163–167, 189
policy-map command, 77polling, missed trap, 301ports
dynamic application, 207subport classification, 111
PPK (per-packet keying), 269pps (packets per second), 35PQ (priority queuing), 128–132precedence, IP, 159
Overrun counter
367
pre-classify (QoS), implementing, 180–184prerequisites, enabling AutoQoS, 209prioritization
delay-sensitive packets, 66traffic, 237
priority command, 219priority queuing (PQ), 128–132priority-list command, 131processes, voice, 27–34processing
delay, 65distributed call, 47
processors, DSPs, 25–26productivity, employees, 10profiles, 244
RED, 155WRED, 156
programming interfaces to external applications, 46
propagation, delay, 65Protected Extensible Authentication Protocol
(PEAP), 267–269protocol data unit (PDU), 100protocols
CCMP, 271CDP, 110CKIP, 260discovery, 111EAP, 260–272EAP-FAST, 264–266EAP-TLS, 266–267LEAP, 259, 262–264LWAPP, 291MGCP, 15PEAP, 267–269RTP, 65, 117, 169–170signaling, 15–19SIP, 15TCP
global synchronization, 153header compression, 170starvation, 154
TKIP, 269tunneling, 37UDP, 15voice, 27–34
PSQM (Perceptual speech quality measurement), 25
PSTN (public switched telephone network), 19PTK (pairwise transient key), 270
Public Key Infrastructure (PKI) certificates, 260
public switched telephone network, 19pulse amplitude modulation (PAM), 20pulse code modulation (PCM), 20PVCs (permanent virtual circuits), 207PVDMs (packet voice DSP modules), 25
QQoS (Quality of Service)
AutoQoS, 79–81, 205–207enabling, 207–212modifying configurations, 219–221troubleshooting, 215–221verifying, 212, 215
converged network issues, 62–68CoPP, 192–193end-to-end, 185–193hardware, 189implementing, 68–71, 76, 88markings, 240–241models, 72
best-effort, 72DiffServ, 74–75IntServ, 73–74
MQC, 76–79overview of, 62policies, 106–108pre-classify, 180–184SDM, 81–88SLAs, 186–187WANs, 190–192WLANs
configuration, 243–246description of, 237–238implementation, 239–242need for, 235–237Split MAC architecture, 238–239
qos pre-classify command, 181, 183–184quantization, 20–23queue-limit command, 141queues, 73, 127–130
buildups, 192CBWFQ, 138–139
benefits/drawbacks, 140classification, 139–140configuration, 141–142monitoring, 161
queues
368
CQ, 128delay, 65deploying, 64LLQ, 142–143, 208
benefits of, 144configuration, 144–145policy maps, 161
multiple, 189TxQ, 128types of, 130–132WFQ, 132
benefits/drawbacks, 135classification, 133–134configuration, 135–137insertion and drop policies, 135
WRR, 128
Rradio frequency. See RFradio frequency identification, 305radio management, WLSE, 295radio resource management (RRM), 301RADIUS (Remote Authentication Dial In
User Service)EAP features, 260servers, 262
random early detection (RED), 154–156random wait timers, 236random-detect command, 158rates
CIR, 165, 186packets, 35traffic, 165–167
RC4 vulnerabilities, 259Real-Time Protocol Control Protocol (RTCP),
117Real-time Transport Protocol. See RTPREAP (Remote-Edge Access Point), 293received signal strength indicator (RSSI), 296RED (random early detection), 154–156reducing header overhead, 32–34regular expressions, NBAR, 116releasing signals, 31re-marking traffic, 163
remote access VPNs, 180–181Remote Authentication Dial In User Service.
See RADIUSRemote-Edge Access Point (REAP), 293reports
AutoQoS, 79, 206WLSE, 295–296
reprioritization, packets, 66Required setting, 246requirements
bandwidthcodecs, 24compression, 24–25
EAP-TLS, 266system, 302traffic, 70–71
reservable-queues parameter, 136reserving bandwidth, 141Resource Reservation Protocol (RSVP), 101response times, CoPP, 192restrictions, AutoQoS, 207return on investment (ROI), 11RF (radio frequency)
Cisco Wireless Location Appliance, 304–306
dynamic management, 296management, 306visibility, 296
RFID (radio frequency identification), 305roaming, EAP, 261rogue APs. See also APs
Cisco WCS Serversdetecting, 312–313viewing, 313
detecting, 312–313viewing, 313
ROI (return on investment), 11root passwords, modifying, 306round-robin (RR) queuing, 130–132routers
Cisco Enterprise on, 209–210congestion, 128queuing, 128voice, 44–45
routingcall, 15updates, 192
RR (round-robin) queuing, 130–132RRM (radio resource management), 301
queues
369
RSSI (received signal strength indicator), 296RSVP (Resource Reservation Protocol), 101RTCP (Real-Time Protocol Control Protocol),
117RTP (Real-Time Transport Protocol),
65, 117, 169header compression, 170VoIP, 30–32
Ssamples, 20
Nyquist Theorem, 21voice payloads, 34–36
scalabilitybest-effort QoS model, 72DiffServ model, 75
scheduling, 74CBWFQ, 139–140WFQ, 133–134
SDM (Security Device Manager), 81–88Secure Hash Algorithm (SHA), 182security
evolution of, 259–260overhead, 37–39SOHO, 272troubleshooting, 258–259WLANs, 296
Cisco Wireless Location Appliance, 306
configuring, 272–280EAP, 260–272overview of, 258–260
WPA, 269–272Security Device Manager (SDM), 81–88segments, 22Self-Defending Network, 292self-healing, WLSE, 298sequence numbers, assigning, 134serialization, delay, 65servers
ACS, 260application, 11RADIUS
EAP, 260LEAP, 262
WCS requirements, 302service level agreement (SLA), 101, 186–187
Service Set Identifier (SSID), 258service-policy command, 77–78, 142, 193service-policy output command, 114services, 46
directories, 46DSPs, 25–26guarantees, 75levels
defining, 70DiffServ model, 75
networks, 295QoS, 106–108XML, 46
Session Initiation Protocol, 15session keys, 260set statement, 219SHA (Secure Hash Algorithm), 182shaping traffic, 163–167show auto discovery qos command, 212show auto discovery qos interface command,
212show auto qos command, 212, 214, 219show auto qos interface command, 213show class-map command, 78show command, 112show controllers serial command, 130show interface command, 67, 136show mls qos interface command, 215show mls qos maps command, 212show mls qos maps dscp-cos command, 215show policy-map command, 78show policy-map interface command, 79, 142,
212–213show queue interface command, 137signals, 15–19
control, 45DSPs, 25–26releasing, 31
signal-to-noise quantization ratio (SQR), 23Silver access, 237single-mode conferences, 26single-site model, IP Telephony, 46SIP (Session Initiation Protocol), 15site-to-site VPNs, 181. See also VPNs, 180–181size
packetization, 35voice payloads, 34–36
size
370
SLA (service level agreement), 101, 186–187small office, home office (SOHO), 272sniffers, 258software, queuing, 128SOHO (small office, home office), 272space, increasing buffer, 67special characters, NBAR, 116speed mismatch
traffic shaping, 165troubleshooting, 127
Split MAC architecture, 238–240SQR (signal-to-noise quantization ratio), 23SSID (Service Set Identifier), 258stages of phone calls, 15–19standards
AES, 260codecs, 35–36compression, 24–25
starvation, TCP, 154statements
class, 78match, 77, 97, 113, 219set, 219
static WEP authentication, 273–274statistics
call maintenance, 16keywords, 215NBA, 110–112
status, monitoring with WCS Base, 301streams, audio, 26strings, NBAR, 116subport classification, 111summaries
LWAPs, 308WCS, 303–304
switchesaccess, 235congestion, 128IOS-based, 210–212
synchronization, TCP global, 153system requirements, WCS, 302
Ttagging traffic, 98tail drop, 67, 128
limitations of, 153–154
TCP (Transmission Control Protocol)applications, 62global synchronization, 153header compression, 64, 170starvation, 154
TCP/IP (Transmission Control Protocol/Internet Protocol), 30–32
telemetry, Cisco Wireless Location Appliance, 306
telephone clients, 305telephony
IP Telephony deployment options, 46–48packet networks
benefits of, 10–11components, 11–13
templates, WLSE, 296–297Temporal Key Integrity Protocol (TKIP), 269thresholds
CDT, 135monitoring, 296MPD, 154
timers, random wait, 236TKIP (Temporal Key Integrity Protocol), 269tools, AutoQoS, 205ToS (type of service), 100–102tracking
Cisco Wireless Location Appliance, 304–306
WCS, 300–302traffic
classes, 106AutoQoS, 216defining QoS, 71SLAs, 187
classification, 64, 97–100congestion management, 127–130CoPP, 192–193enterprise campus QoS, 189FastTrack, 116–117mapping, 107NBAR, 110–112parameters, 219policing, 163–167, 189prioritization, 237rates, 165–167re-marking, 163requirements, 70–71shaping, 163–167types, 70
SLA (service level agreement)
371
transcoding, 12, 26Transmission Control Protocol. See TCPTransmission Control Protocol/Internet
Protocol, 30–32transmissions, packet telephony networks, 10transmit interfaces, 189transmit queue (TxQ), 128troubleshooting, 215, 220–221
bandwidth availability, 64congestion, 127–130, 153. See also
congestionsecurity, 258–259
trunks, CoS on 802.1Q/P Ethernet frames, 98–99
trustboundaries, 108–110, 189keywords, 210
tunnelinginterfaces, 183–184LWAP, 240modes (ESP), 182overhead, 35, 37–39protocols, 37
TxQ (transmit queue), 128tx-ring-limit command, 129type of service (ToS), 100types
of codecs, 35–36of queuing, 130–132of traffic
mapping, 107identifying, 70
UUDP (User Datagram Protocol), 15, 30–32underutilization, 154unicast key management, 269unification, networks, 291updating
images, 296routing, 192
upgrading firmware, WLSE, 295User Datagram Protocol. See UDPutilization
CoPP, 192Links with/without RED, 154
Vvalues
AF DSCP, 104CoS bits, 98–99MOS, 24MPD, 154
verification, 212, 215versatile interface processor (VIP), 65versions
AutoQoS, 206CiscoWorks WLSE, 296–297
videoaccess, 237classification, 189endpoints, 12keywords, 117packet telephony networks, 10
viewingLWAPs, 308rogue APs, 313
views, WCS, 300–301VIP (versatile interface processor), 65VIP-DTS (virtual IP distributed traffic
shaping), 163virtual IP distributed traffic shaping
(VIP-DTS), 163virtual private networks, 180–181visibility
Cisco Wireless Location Appliance, 305RF, 296
VNMs (voice network modules), 25voice
access, 237classification, 189encoding
converting analog to digital, 19–20converting digital to analog, 20–21Nyquist Theorem, 21quantization, 22–23
end-to-end delivery, 27–30gateways, 25–26, 44–45IOS, 48–49packets
encapsulating, 27–34telephony networks, 10
payloads, 34–36signals, 24, 31
voice
372
voice interface cards (VIC) XE, 19voice network modules (VNM), 25VoIP (Voice over IP)
AutoQoS, 210–212bandwidth, 34–42Cisco Wireless Location Appliance, 305compression standards, 24–25DSPs, 25–26end-to-end delay, 62–65enterprise networks, 42–49IP QoS SLAs, 187Nyquist Theorem, 21packets
benefits of networks, 10–11components, 11–13encapsulating, 27–34
phone calls, 15–19voice encoding
converting analog to digital, 19–20converting digital to analog, 20–21Nyquist Theorem, 21quantization, 22–23
voip keyword, 210VPNs (virtual private networks), 180–181
WWANs (wide-area networks)
clustering over model, 48congestion, 128QoS, 190–192
war driving, 258WCS (Wireless Control System), 299–313WCS Base, 300–301WCS Location + 2700 Series Wireless
Location Appliance, 300–301WCS Network Summary (Network
Dashboard), 303–304WDSs (Wireless Domain Services), 294web authentication, 276–278Web Login Page, customizing, 277web user interfaces, 243–244Weighted Fair Queuing. See WFQweighted random early detection (WRED),
104, 128, 156–157WEP (Wired Equivalent Privacy), 259
EAP, 261keys, 260static authentication, 273–274
WFQ (Weighted Fair Queuing), 132benefits/drawbacks, 135classification, 133–134configuration, 135–137insertion and drop policies, 135
wide-area networks. See WANsWi-Fi, 305Wi-Fi Multimedia, 237–239Wi-Fi Protected Access. See WPAWired Equivalent Privacy. See WEPWireless Control System (WCS), 299–313wireless devices, LEAP support, 263Wireless Domain Services (WDS), 294wireless LAN controller, 235, 291, 307–308Wireless LAN Solution Engine (WLSE),
295–299wireless local-area networks. See WLANswireless sniffers, 258wizards
deployment, 296SDM QoS, 81–88
WLANs (wireless local-area networks)controllers, 243–244management
Cisco Unified Wireless Networks, 291–292
components, 294implementations, 292–293need for, 291WCS, 299–313WLSE, 295–299
QoSconfiguration, 243–246description of, 237–238implementation, 239–242need for, 235–237Split MAC architecture, 238–239
security, 296Cisco Wireless Location Appliance,
306configuring, 272–280EAP, 260–272overview of, 258–260
WLC (wireless LAN controller), 235, 291, 307–308
WLSE (Wireless LAN Solution Engine), 295–299
WMM (Wi-Fi Multimedia), 237–239
voice interface cards (VICs) XE
373
workflow automation, Cisco Wireless Location Appliance, 305
WPA (Wi-Fi Protected Access), 269–272802.1x authentication, 279PSK authentication, 274–275
WPA2, 269–272, 279WRED (weighted random early detection),
104, 128, 156–157WRR (weighted round-robin) queuing,
128–132
XXML (extensible markup language), 10, 46
XML (extensible markup language)