Symbols Aptgmedia.pearsoncmg.com/images/1587051486/index/... · 2009. 6. 9. · (CHAP) 121–128...

I

N

D

E

X

Symbols

A

AAA (authentication, authorization, and accounting) 43–44, 421

commands 53–68aaa accounting system command 51aaa authentication enable command 58aaa authentication login command 55aaa authentication ppp command 59aaa authorization command 61aaa new-model command 62

configuring 45–52defining 44–45protocols 45–46

accessbroadband 11–12, 365

ADSL 384–392cable 366DSL 366, 380–383satellite 367–368wireless 368–369

central site connections 19Cisco Access Control 46, 49

administrator GUI client 50components 49–50options 48routers 46–47

LAPM 83remote node connections 112–113routers 51servers 48WAN 16

remote access 26–37remote/branch offices 22

access listsconfiguring 179DDR 172dialer lists 178–179IPSec 455

access-list command 172accounting.

See also

AAA

ACL (access control list) 466configuring 467symmetrical peer 468

ACS (Cisco Secure Access Control Server) 46, 49administrator GUI client 50components 49–50options 48routers 46–47

activation of dial backups 275–276active states, Frame Relay 236adaptation rates 186adding routes 286addresses

async interface commands 119–120DLCI 234IP

configuring 343–354global addresses 342–343NAT 331–338source addresses 339–342troubleshooting 354–359

mapping 238–240overlapping 353PAT 333

configuring 395, 400DSL 396

administration of networks 47administrator GUI client, ACS 50ADSL (asymmetric digital subscriber line) 381,

384–392Advanced Voice Video and Integrated Data

(AVVID) 379AH (Authentication Header) 421, 437, 464algorithms

Diffie-Helman 434hashing 435LZ 136

amplifiers 74antenna sites 373applications

dialer profiles 215traffic (WAN) 16

applying DLCIs 240architecture, PPP 113–115asymmetric digital subscriber line (ADSL) 381,

384–392 asymmetric encryption 433.

See also

encryptionasync interface 117

1486fmFIX.fm Page 575 Tuesday, January 13, 2004 1:58 PM

576

async interface commands 117–120asynchronous analog dialup connections, 73.

See also

modems asynchronous callback 130Asynchronous Callback Line/Interface Commands

132asynchronous connections

chat scripts 104–105configuring 93–95interface async command 87

asynchronous interfaces, rotary groups 207asynchronous lines, connecting NAS 91ATM (Asynchronous Transfer Mode) 13

configuring 399troubleshooting 402

authentication 420.

See also

AAALayer 2 B channel 58login 55PPP 59, 121–128remote/branch offices 23

Authentication Header (AH) 421, 437, 464authentication, authorization, and accounting

(AAA)43–44, 421

commands 53–68configuring 45–52defining 44–45protocols 45–46

authorization 420.

See also

AAAwith character mode 65commands 64configuring 60

autoconfiguration.

See also

configurationchat scripts 104–105modems 96–103

debugging 103troubleshooting 104

autoconfigure type command 99autodiscovery

configuring 98modems 97

autoselectioncommand, 118PPP encapsulation 116

AUX ports, connecting 90availability

remote/branch offices 23WAN 16

AVVID (Advanced Voice Video and Integrated Data) 379

B

B channels, ISDN dialer profiles 214backups

central site connections 20commands

backup delay command 276backup interface command 275–276backup interface dialer number command

282backup load command 278

dialconfiguring 273–280dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286

load 282–290backward explicit congestion notification (BECN)

252balancing loads, 284 bandwidth

command 183compression 320–325MLP 182–184queuing 297.

See also

queuing speed comparisons 16–18WAN 16

basic rate interface.

See

BRIBECN (backward explicit congestion notification)

252binding outbound calls, troubleshooting 223branch offices

installing 33WAN 21–23

BRI (basic rate interface)configuring 153–160monitoring 187, 190–191

bridge-group virtual interface (BVI) 387bridging ADSL, 387.

See also

ADSL broadband.

See also

bandwidth; connectionsaccess 11–12cable

components 376–378HFC 373–374infrastructure 370–373provisioning 379RF channels 374–376router configuration 379–380

async interface commands


577

connectionsADSL 384–392cable 366DSL 366, 380–383satellite access 367–368wireless access 368–369

DSLconfiguring 393troubleshooting 400–405

buffered mode 84BVI (bridge-group virtual interface) 387

C

C/N (carrier-to-noise) 377CA (Certificate of Authority) 420cable.

See also

bandwidth; connectionsconnections 30infrastructure 370–373

components 376–378HFC 373–374provisioning 379RF channels 374–376router configuration 379–380

modems 366cable modem termination system (CMTS) 373CAB-OCTAL-ASYNC 80CAB-OCTAL-KIT 80callback

asynchronous 130clients 133disconnecting 135PPP 121, 128, 131–133servers 134

called party number verification 185–186calling line identification (CLID) 184–185calls, configuring simple ISDN 175CAP modulation 385carrier signals 377carrier-to-noise (C/N) 377CBWFQ (Class-Based Weighted Fair Queuing) 297

class defaults 312configuring 305–314

CCITT (Consultative Committee of International Telegraph and Telephone) 74

central office (CO) broadband connections 365

central sitesprotocols 48routers 21WAN 18, 19–21

Certificate of Authority (CA) 420CET (Cisco Encryption Technology) 436Challenge Handshake Authentication Protocol

(CHAP) 121–128channel service units/data service units (CSUs/

DSUs) 6channel service units (CSUs) 74channels, ADSL 385.

See also

ADSL CHAP (Challenge Handshake Authentication

Protocol) 121–128character mode, authorization commands 65chat scripts 104–105CIR (committed information rate) 252circuits, Frame Relay 233.

See also

Frame Relay circuit-switched connections

dial backups 273–280dialer interfaces as 280–282

Cisco Access Control 46, 49administrator GUI client 50components 49–50options 48routers 46–47

Cisco Encryption Technology (CET) 436Cisco product selection tools 36Cisco Secure Access Control Server.

See

ACSclass class-default command 312Class-Based Weighted Fair Queuing (CBWFQ) 297,

305–314classes

class-map command 310defaults 312defining 212dialer maps 211

clearing commands 477NAT entries 357

CLID (calling line identification) 184–185clients

ACS 50configuring 394CPE as 392–397PPP callback 133PPPoE 394RADIUS 54security 48TACACS+ 53

clients


578

clock source command 165clock speed 252clouds, Frame Relay 232CMTS (cable modem termination system) 373CO (central office) broadband connections 365coaxial cable 376.

See also

cablecodecs (coders/decoders) 73coexistence, ADSL/POTS 384commands 117

AAA 53–68aaa accounting system 51aaa authentication enable 58aaa authentication login 55aaa authentication ppp 59aaa authorization 61aaa new-model 62

access-list 172accounting 66–68async interface 119–120Asynchronous Callback Line/Interface 132autoconfigure type 99autoselect 118backups

backup delay 276backup interface 275–276backup interface dialer number 282backup load 278

bandwidth 183class class-default 312class-map 310clear 477clock source 165crypto

crypto ipsec security-association lifetime 466

crypto ipsec transform-set 464crypto isakmp enable 457crypto isakmp identity 461crypto isakmp key 461crypto isakmp policy 457crypto maps 472

debug 189debug confmodem 103debug crypto ipsec 478debug dialer 192debug dialer packet 226debug isdn events 192debug ppp authentication 144, 192debug ppp multilink 142debug ppp negotiation 144, 192, 404

delay 0 40 277dial backups 275dialer

dialer callback-secure 135dialer callback-server username 135dialer enable-timeout 129dialer hold-queue timeout 129dialer idle-timeout 168dialer isdn speed 56 218dialer load-threshold 170, 182dialer load-threshold load 143dialer map 135, 157, 173dialer pool-member 219, 220, 223dialer pool-member number 281dialer profiles 214dialer rotary-group 206dialer string 212dialer watch 289–290dialer-group 172dialer-list 171dialer-map 125

dsl operating-mode 398encapsulation hdlc 159EXEC 92fair-queue 304frame-relay

frame-relay map 239frame-relay traffic-rate 260

group-range 207import all DHCP pool configuration 397interface

interface async 87interface atm number 394interface dialer 205interface dialer global 217interface serial 87interface serial interface-number 159

ipip address 119ip dhcp pool name global configuration

397ip route 288ip tcp header-compression 138ip tcp header-compression passive 138ip unnumbered 119

isdnisdn answer1 186isdn answer2 186isdn call interface 192isdn caller 185

clock source command


579

isdn configuration 157isdn disconnect interface 192isdn switch-type 158, 162

line 85–88linecode 164load-interval 278load-interval interface 278login authentication list-name 55map-class

map-class 135map-class dialer class-name 218

match 310modems 94

modem autoconfiguration 96modem autoconfigure discovery 98modem autoconfigure name 99modemcap edit usr_new 102modemcap entry modem-name 101

physical layer-sync 91ping 454policy-map 311ppp 118

ppp authentication 59ppp authentication CHAP 127ppp callback accept 135ppp callback request 133ppp multilink interface configuration 182ppp pap sent-username 124

pri-group 165priority 315pulse-time 129pvc interface configuration 399queue-limit 315radius-server

radius-server host 54radius-server key 54

random-detect 315show 454

show command 316show compress 139show crypto ipsec transform-set 476show crypto map 477show dialer 143, 144show dialer interface bri number 221show frame-relay pvc 264show interface 242show interface atmo 403show interface dialer 221show interface type number 286

show interfaces bri 190show ip nat translation 354show isdn status 187show line 85show modemcap 98show ppp multilink 191show privilege 64show process cpu 137show queuing custom 318show traffic-shape 264show traffic-shape statistics 265

tacacs-server host 54traffic-share

traffic-share balanced 286traffic-share min 286

transform 464transport input control 89username 135variance

variance 2 285–286variance multiplier 285

vpdnvpdn enable 393vpdn-group name 393

committed burst (B) 252comparisons

queuing 319transport mode/tunneling 438

compatibility of IPSec 455components

ACS 49–50cable 376–378DLCI 234–235Frame Relay 232–234ISDN BRI 154PPP 113WAN 3

compression 320–325configuring 138enabling 325MPPC 323PPP 121speed 84STAC 321, 324standards 83TCP headers 136V.42bis 83verifying 138

compression

1486fmFIX.fm 79 Tuesday, January 13, 2004 1:58 PM

580

configurationAAA 43–44, 52

commands 53–68defining 44–45protocols 45–46

authentication 59authorization 60autodiscovery 98cable 379–380CBWFQ 305–314command authorization 64compression 138, 324CPE as PPPoE clients 392–397crypto ACLs 467crypto maps 471DDR 167–181

testing 192verifying 186–192

default static routes 397DHCP 397dial backups 273–280

dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286

dialer interfaces 217, 394dialer lists 179dialer map classes 211dialer profile commands 214DSL 393

dialer interfaces 399PAT 400PPPoA 398–400

Frame Relay 236–238applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244–250traffic shaping 255–266troubleshooting 242–244

global IPSec SAs 466IKE 456–462interface protocols 158IOS command privilege levels 63IPSec 445–454, 463–475

IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481

ISDNBRI interfaces 153–160called party number 185–186CLID 184–185commands 157MPP 182–184PPP 181–182PRI interfaces 160–167rate adaptation 186simple calls 175

legacy DDR 201–203dialer profiles 208–220troubleshooting dialer profiles 221–227

login authentication 55LQQ 314–316modems 93–95

autoconfiguration 96–103debugging autoconfiguration 103troubleshooting autoconfiguration 104

Multilink PPP 140–143named lists 57NAT 343–354PAT 395physical interfaces 219PPP 115–120

authentication 121–128callback clients 133LCP options 128–140servers 134

PPPoE clients 394preshared keys 461queuing 316–319RADIUS 54rotary groups 203–206

interfaces 207ISDN 206limitations 207

SPIDs 159symmetrical crypto ACLs 468TACACS+ 53transform sets 463WAN 16WFQ 301–304WRED 311

congestion 296–297.

See also

troubleshootingoptions 299–301policies 298prioritization 297

configuration


581

connections, 91asynchronous analog dialup 73.

See also

modems

asynchronous modems 8AUX ports 90broadband 365

ADSL 384–392cable 366DSL 366, 380–383satellite access 367–368wireless access 368–369

cablecomponents 376–378HFC 373–374infrastructure 370–373provisioning 379RF channels 374–376router configuration 379–380

compression 321console ports 90DDR

configuring 167–181verifying 186–192

dial backups 273–280DSL

configuring 393troubleshooting 400–405

Frame Relayapplying DLCIs 240components 232–234configuring 236–238configuring traffic shaping 255–266DLCI 234–235hub-spoke topologies 241–242mapping addresses 238–240signaling 235–236subinterfaces 244–250traffic shaping 251–255troubleshooting 242–244

interfaces 207ISDN, 153

CLID 184–185configuring rotary groups 206dialer profiles with B channels 214

limitations of rotary groups 207modems 73–74, 88–90

autoconfiguration 96–103autodiscovery 97chat scripts 104–105

commands 94compression 84configuring 93–95debugging autoconfiguration 103DTE-DCE interface 74–75DTE-to-DTE wiring 78error control 83EXEC command 92initialization strings 95line commands 85–88modulation 81–83NAS 91operations 77–78RJ-45 wiring 79routers 90–91signaling data 75–77troubleshooting autoconfiguration 104working connections 80–81

MPPC 323PPP

configuring 115debugging 143–145

PVC 274queuing 296–297

options 299–301policies 298prioritization 297

remote node 111–113resetting 168serial 91VPNs

selecting 427–430types of 417–427

WAN 4–6broadband access 11–12cabling 30central sites 19–21dedicated circuit-switched 6–7encapsulation protocols 12–15on-demand circuit-switched 7–10packet-switched virtual 10–11remote access 26–37remote/branch offices 21–23routers (central sites) 21site requirements 18SOHO 24–25speed comparisons 16–18types 16

console ports, connecting 90

console ports, connecting


582

Consultative Committed of International Telegraph and Telephone (CCITT) 74

controllers, parameters of 164conversion

hashing 435speed 84

costscentral site connections 19WAN 16, 22

CPE (customer premises equipment) 232, 365, 392–397

CPU usage, compression 137crypto ACLs 466

creating 467symmetrical peer 468

crypto commandscrypto ipsec security-association lifetime

command 466crypto ipsec transform-set command 464crypto isakmp enable command 457crypto isakmp identity command 461crypto isakmp key command 461crypto isakmp policy command 457

crypto maps 469commands 472configuring 471interfaces 473

cryptosystems 420, 430–436CSU/DSU (channel service unit/data service unit) 6CSUs (channel service units) 74customer premises equipment.

See

CPE customization

AAA 43–44, 52commands 53–68defining 44–45protocols 45–46

ACS 48authentication 59authorization 60autodiscovery 98cable 379–380CBWFQ 305–314command authorization 64compression 138, 324CPE as PPPoE clients 392–397crypto ACLs 467crypto maps 471DDR 167–181













Consultative Committed of International Telegraph and Telephone (CCITT)


583

Multilink PPP 140–143named lists 57NAT 343–354PAT 395physical interfaces 219PPP 115–120





D

data communications equipment (DCE) 6, 232data compression.

See

compression Data Over Cable Service Interface Specification

(DOCSIS) 375data service units (DSUs) 74data terminal equipment (DTE) 232databases, creating entries 101DBS (direct broadcast satellite) 365DCE (data communications equipment) 6, 232DDR (dial-on-demand routing).

See also

routingaccess lists 172configuring 167–181destination parameters 173dial backups 274.

See also

backups legacy DDR 201–203

dialer profiles 208–220troubleshooting dialer profiles 221–227

testing 192troubleshooting 187verifying 186–192

DE (discard eligibility) 252debug commands 189

debug confmodem command 103debug crypto ipsec command 478debug dialer command 192debug dialer packet command 226debug isdn events command 192debug ppp authentication command 144, 192debug ppp multilink command 142debug ppp negotiation command 144, 192, 404

debugging.

See also

troubleshootingautoconfiguration 103IPSec 475–481NAT 356PPP 143–145

decryption 420dedicated circuit-switched connections 6–7default classes, configuring 312default static routes, configuring 397defining

AAA 44–45interesting traffic 171map classes 212

delay 0 40 command 277deleted states, Frame Relay 236demilitarized zone (DMZ) 424design





dialer interfaces as 280–282dialer watch 289–290

design


584

floating static routes 287verifying 286










Multilink PPP 140–143named lists 57NAT 343–354

PAT 395physical interfaces 219PPP 115–120





destination parameters, DDR 173devices

ACS 46–48DCE 6ISDN 155VPNs 422WAN 111–112

DHCP (Dynamic Host Configuration Protocol) 119, 396–397

dial backupsactivating 276configuring 273–280dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286

dial map command options 173dialer commands

dialer callback-secure command 135dialer callback-server username command 135dialer enable-timeout command 129dialer hold-queue timeout command 129dialer idle-timeout command 168dialer isdn speed 56 command 218dialer load-threshold command 170 182dialer load-threshold load command 143dialer map command 135, 157

design


585

dialer pool-member command 219, 220, 223dialer pool-member number command 281dialer rotary-group command 206dialer string command 212dialer watch commands 289–290dialer-group command 172dialer-list command 171dialer-map command 125

dialer interfaces.

See also

interfacesconfiguring 217, 394as dial backups 280DSL 399

dialer listsaccess lists 178configuring 179

dialer mapsclasses 211statements 202

dialer profilesapplications 215commands 214legacy DDR 203, 208–227

dialer rotary groupsconfiguring 203–206interfaces 207ISDN 206limitations 207

dial-on-demand routing (DDR).

See also

routingaccess lists 172configuring 167–181destination parameters 173dial backups 274.

See also

backups legacy DDR 201–203

dialer profiles 208–220troubleshooting dialer profiles 221–227

testing 192troubleshooting 187verifying 186–192

dialup connections 73.

See also

connections; modems

Differentiated Services Code Point (DSCP) 308Diffie-Hellman algorithm 434digital amplifiers 74digital subscriber line.

See

DSL direct broadcast satellite (DBS) 365disabling split horizons 246discard eligibility (DE) 252disconnections.

See also

connectionscallback 135troubleshooting 225

discoveryconfiguring 98modem autodiscovery 97

discrete multitone (DMT) 385distribution network 373DLCI (data-link connection identifier)

applying 240Frame Relay 233–235

DMT (discrete multitone) 385DMZ (demilitarized zone) 424DOCSIS (Data Over Cable Service Interface

Specification) 375downstream (DS) 376DS (downstream) 376DSCP (Diffentiated Services Code Point) 308DSL (digital subscriber line) 366, 380–381.

See also

connections

ATM interfaces 399configuring 393dialer interfaces 399limitations 383modulation 398PAT 396, 400PPPoA 398–400PPPoE 394scaling 396troubleshooting 400–405types of 382–392

dsl operating-mode command 398DSLAM (DSL access multiplexer) 381DSUs (data service units) 74DTE (data terminal equipment) 232DTE-DCE interface 74–75DTE-to-DTE wiring 78dynamic address mapping 238–239Dynamic Host Configuration Protocol (DHCP) 119dynamic mapping 332dynamic NAT, configuring 350.

See also

NAT

E

E1 controller parameters 164ease of management, WAN 16editing

modemcap databases 101transform sets 465

EIA (Electronics Industries Association) 74EIGRP (Enhanced IGRP), load sharing 284EIR (excess information rate) 254

EIR (excess information rate)


586

electromagnetic frequencies 374Electronic Industries Association (EIA) 74elements, dialer profiles 210.

See also

dialer profilesenabling

AAA 52CLID 184–185IKE 457passwords 58PPP 116, 117rate adaptation 186STAC compression 324TCP/IP header compression 325

Encapsulating Security Payload (ESP) 421, 438, 464encapsulation

configuring 115Frame Relay 15GRE 429hdlc command 159ISDN 155Layer 2 B channel protocols 158PPP 13protocols 158WAN 12–15

encoding ADSL 385.

See also

ADSL encryption 420.

See also

securityasymmetric 433cryptosystems 430–436symmetric 432tunneling 421VPNs 427–430

end-to-end keepalives 286entries, modemcap databases 101errors.

See also

troubleshootingISAKMP 481modems 83

ESP (Encapsulating Security Payload) 421, 438, 464excess burst (B) 252excess information rate (EIR) 254excessive traffic loads, configuring dial backups 277EXEC

commands 92sessions 91, 117

extended ACLs, creating crypto ACLs 467

F

fair-queue command 304FDM (frequency-division multiplexing) 377FEC (forward error correction) 378

FECN (forward explicit congestion notification) 252FIFO (first-in, first-out) 296filters, microfilters 385Firewalls, PIX 46.

See also

securityfixed wireless broadband markets 368floating static routes 287flowcharts

asynchronous callback 130autoselect 118IKE/IPSec 443queuing options 299

formatting.

See also

configurationcrypto ACLs 467frames 115modemcap database entries 101

forward error correction (FEC) 378forwarding L2F 429Frame Relay 12

commandsframe-relay map command 239frame-relay traffic-rate command 260

components 232–234configuring 236–238

applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244traffic shaping 255–266troubleshooting 242–244

DLCI 234–235encapsulation 15signaling 235–236traffic shaping 251–255

framescontrollers 164PPP 115

frequencies, DSL 381.

See also

DSLfrequency-division multiplexing (FDM) 377

G

global addresses 342–343global IPSec SAs, configuring 466granularity of CBWFQ 307GRE (Generic Routing Encapsulation) 419, 429group-range command 207groups, configuring PPPoE 393

electromagnetic frequencies


587

GSOs (geostationary orbit satellites) 368GUI (graphical user interface) 50.

See also

interfaces

H

hashing 420, 435HDLC (high-level data link control) 12, 115headends 373.

See also

cable headers

TCP compression 136TCP/IP compression 322

HFC (hybrid fiber-coaxial) 373–374high primary lines, dial backups 275how modemcap command 98hub-spoke topologies 241–242hunt groups 204.

See also

rotary groups hybrid fiber-coaxial cable 373–374

I

IARP (Inverse Address Resolution Protocol) 235identities, ISAKMP 460IKE (Internet Key Exchange) 421

configuring 456–462enabling 457flowcharts 443IPSec 441Phase 1 policy 446–449Phase 2 policy 449–452policies

creating 457negotiation 459

implementation.

See also

configurationPPP callback 129VPNs 427–430

import all DHCP pool configuration command 397inactive states, Frame Relay 236in-band PPP sessions 117incoming calls

rotary groups 204troubleshooting 225

increasing bandwidth 182–184infrastructure (cable) 370–373

components 376–378

HFC 373–374provisioning 379RF channels 374–376router configuration 379–380

ingress noise 377initialization strings 95inside global address overloading, configuring 352inside global addresses 336installation

branch offices 33SOHO 34WAN 31

integrated routing and bridging (IRB) 387Integrated Services Digital Network.

See

ISDNintegrity of hashing 435interfaces

ACS 50async commands 117–120Backup 274BRI

configuring ISDN 153–160monitoring 187, 190–191

BVI 387commands

interface async command 87interface atm number command 394interface dialer command 205interface dialer global command 217interface serial command 87interface serial interface-number

command 159crypto maps 473dial backup 276dialer 211

configuring 217, 394as dial backups 280DSL 399

DSL 399, 402DTE-DCE 74–75Frame Relay signaling 235–236LMI 286Multilink PPP 142–143NNI 232, 286physical

configuring 219limitations as dial backups 280

PRI 160–167protocols 158R 155

interfaces


588

rotary groups 207S/T 155serial 91show interface command 242subinterfaces

Frame Relay 244–250U 155UNI 232WAN 28–29

International Organization for Standardization Connectionless Network Service (ISO CLNS) 201

International Organization for Standardization’s high-level data link control (ISO-HDLC) 111

International Telecommunication Union-Telecommunications Standards Sector (ITU-T) 74

Internet Key Exchange (IKE) 421configuring 456–462enabling 457flowcharts 443IPSec 441Phase 1 policy 446–449Phase 2 policy 449–452policies

creating 457negotiation 459

Internet Security Association and Key Management Protocol.

See

ISAKMPinterpretability (PPP) 111–112

architecture 113–115configuring 115frames 115

interesting traffic (ISDN DDR) 171Inverse Address Resolution Protocol (IARP) 235IOS command privilege levels 63IOS cryptosystem 430–436IP (Internet Protocol)

crypto ACLs 466commands

ip address command 119ip dhcp pool name global configuration

command 397ip route command 288ip tcp header-compression command 138ip tcp header-compression passive

command 138ip unnumbered command 119

NAT 331–338configuring 343–354global addresses 342–343

source addresses 339–342troubleshooting 354–359

PAT 333IPSec (IP Security Protocol) 429, 436–445

configuring 445–446, 453–454, 463–475IKE

configuring 456–462Phase 1 policy 446–449Phase 2 policy 449–452

peers 452–453transforms 449troubleshooting 454–456, 475–481

IRB (integrated routing and bridging) 387ISAKMP (Internet Security Association and Key

Management Protocol) 421error messages 481identities 460policies 476

ISDN (Integrated Services Digital Network).

See also

connectionsB channel dialer profiles 214BRI

configuring 153–160monitoring 187, 190–191

commands 157isdn answer1 command 186isdn answer2 command 186isdn call interface command 192isdn caller command 185isdn disconnect interface command 192isdn switch-type command 158, 162

DDRconfiguring 167–181verifying 186–192

Layer 2 debug commands 189Layer 3 debug commands 189layers 155PPP 181–182

called party number 185–186CLID 184–185MLP 182–184rate adaptation 186

PRI 160–167protocols 154rotary groups 129, 206services 160simple calls 175SPIDs 159troubleshooting 187

interfaces


589

ISO (International Organization for Standardization’s high-level data link control (ISO-HDLC) 111

ISO CLNS (International Organization for Standardization Connectionless Network Service) 201

ITU-T (International Telecommunication Union-Telecommunications Standards Sector) 74

K

keepalivesdial backups 276end-to-end 286

key exchanges, cryptosystems 430–436keys

management 420preshared 461

L

L2F (Layer 2 Forwarding) 429L2TP (Layer 2 Tunneling Protocol) 419, 429LAPB (Link Access Procedure Balanced) protocol

201, 321LAPM (Link Access Procedure for Modems) 83Layer 1

DSL 402status messages 188

Layer 2channel encapsulation protocols 158DSL 403ISDN debug commands 189

layersDSL 401ISDN protocols 155VPNs 427–430

LCP (Link Control Protocol)configuring 128–140PPP 121

legacy DDR 201–203.

See also

DDRdialer profiles 208–220troubleshooting 221–227

Lempel-Ziv (LZ) algorithm 136

LEOS (low-earth-orbit satellites) 368lifetimes, IPSec SAs 466limitations

of DSL 383physical interfaces as backup interfaces 280rotary groups 207

line commands 85–88linecode command 164lines

numbering 87types 87

Link Access Procedure Balanced (LAPB) protocol 201, 321

Link Access Procedure for Modems (LAPM) 83links

compression 321WAN 297

listsACL.

See

ACLDDR 172

LLQ (Low Latency Queuing) 297LMDS (Local Multipoint Distribution Service) 368LMI (Local Management Interface) 235–236, 286.

See also

interfacesload backups, primary line failures 282–290load distribution, TCP 345load sharing

EIGRP 284OSPF 283

load-interval command 278load-interval interface configuration command 278local access rates 252local best metrics 286local loops, PSTN 73Local Multipoint Distribution Service (LMDS) 368login, configuring authentication 55login authentication list-name command 55loops, PSTN 73Low Latency Queuing (LLQ) 297, 314–316low-earth-orbit satellites (LEOS) 368LZ (Lempel-Ziv) algorithm 136

M

managementcompression 320–325keys 420

management


590

networks 47queuing 296–297


WAN 16map classes

commandsmap-class command 135map-class dialer class-name command

218defining 212dialers 211

mapsaddresses 238–240class 310crypto 469

configuring 471interfaces 473

DLCI 234masks, DHCP 397match command 310Maximum Received Reconstructed Unit (MRRU)

141memory, compression 137messages

errors.

See

errors; troubleshootinghashing 435ISAKMP 481status 188

metrics, local best 286Microcom’s Networking Protocol (MNP) 83microfilters 385Microsoft Point-to-Point Compression (MPPC) 136,

323mismatch, speed 84MLP (Multilink PPP)

configuring 182–184troubleshooting 192verifying 191

MNP (Microcom’s Networking Protocol) 83modemcap databases 101

modemcap edit usr_new command 102modemcap entry modem-name command 101

modems.

See also

connectionsasynchronous analog dialup connections 73asynchronous connections 8autoconfiguration 96–103

debugging 103troubleshooting 104

autodiscovery 97–98cable 366, 379chat scripts 104–105commands 94

modem autoconfigure command 96modem autoconfigure discovery command

98modem autoconfigure name command 99

configuring 93–95connections 73–74, 88–90

compression 84DTE-DCE interface 74–75DTE-to-DTE wiring 78error control 83EXEC commands 92line commands 85–88modulation 81–83NAS 91operations 77–78RJ-45 wiring 79routers 90–91signaling data 75–77working connections 80–81

DSL 366, 380–381, 393initialization strings 95

modesaccess 51buffered 84character authorization 65packets 66

modification of transform sets 465modular interfaces, WAN 29.

See also

interfacesmodulation 81–83

CAP 385DSL 398

monitoringISDN BRI 187–191PPP 191traffic 277

MPPC (Microsoft Point-to-Point Compression) 136, 323

MRRU (Maximum Received Reconstructed Unit) 141

Multilink PPP 140–143

See

MLPmultiple access connections

central site connections 19remote/branch offices 22

multiple async interfaces, sharing IP addresses 119multiple destinations, legacy DDR with 202

management


591

multiple WANs 111–112multiplexing

Frame Relay 233.

See also

Frame Relay troubleshooting 164

multipoint subinterfaces 248.

See also

subinterfaces

N

named lists, configuring 57NAS (Network Access Server) modems 91NAT (Network Address Translation) 331–338

configuring 343–354global addresses 342–343source addresses 339–342troubleshooting 354–359

National Television Systems Committee (NTSC) 375, 377

NBMA (nonbroadcast multiaccess) networks 233negotiation

IKE policies 459PAP 123PPP 404transform sets 465

networks.

See also

connectionscable 373management 47NAT 331–338


NBMA 233overlapping 343STDM 254WAN

broadband access 11–12central sites 19–21components 3connections 4–6dedicated circuit-connections 6–7encapsulation protocols 12–15on-demand circuit-connections 7–10packet-switched virtual 10–11remote access 26–37remote/branch office 21–23routers (central sites) 21site requirements 18

SOHO 24–25speed comparisons 16–18types 16

NGSOs (nongeostationary orbit satellites) 368NNI (Network-to-Network Interface) 232, 286nodes, remote connections 111–113noise, troubleshooting 377nonbroadcast multiaccess (NBMA) networks 233nonoccurrence of dialing, troubleshooting 222NT1/NT2 functions 155NTSC (National Television Systems Committee)

375, 377null modems 78.

See also

modems numbering lines 87

O

ODN (public data network) 232on-demand circuit-switched connections 7–10Open Shortest Path First (OSPF) 283Open System Interconnection (OSI) 111operations, modems 77–78optimization






optimization


592










Multilink PPP 140–143named lists 57NAT 343–354PAT 395physical interfaces 219

PPP 115–120authentication 121–128callback clients 133LCP options 128–140servers 134




options.

See also

customizationACS 48dialer map command 173LCP

configuring PPP 128–140PPP 121

PPP configuration 182queuing 299–301

OSI (Open System Interconnection) 111OSPF (Open Shortest Path First) 283outbound calls, troubleshooting 223out-of-band EXEC sessions 117overlapping

addresses 353networks 343

overloading addresses 342oversubscription 252

P

packetsDLCI 234modes 66PADT 391

packet-switched virtual connections 10–11PADT (PPP Active Discovery Terminate) 391PAL (Phase Alternating Line) 375–377

optimization


593

PAP (Password Authentication Protocol) 121–128parameters

controllers 164crypto maps 470destination 173IKE 448ISAKMP policies 476

passing data over Frame Relay 234Password Authentication Protocol.

See

PAPpasswords.

See also

securityenabling 58PAP 121–128

PAT (Port Address Translation) 333, 395configuring 400DSL 396

payload compression 321.

See also

compression PCM (pulse code modulation) 73PDUs (protocol data units) 387peers

IPSec 452–453symmetrical crypto ACLs 468

performance.

See also

optimizationcompression 320–325queuing 297

per-interface compression 321.

See also

compression

permanent virtual connection (PVC) 274per-virtual circuit compression 321.

See also

compression

Phase Alternating Line (PAL) 375Physical Layer, DSL 402physical interfaces.

See also

interfacesconfiguring 219dial backups 280

physical layer-async command 91ping command, IPSec 454PIX (Private Internet Exchange) Firewalls 46.

See also

firewalls; securityplanning NAT 337Point-to-Point Protocol.

See

PPPpoint-to-point subinterfaces 247.

See also

subinterfaces

policiesIKE

creating 457negotiation 459Phase 1 446–449Phase 2 449–452

ISAKMP 476queuing 296

policy-map command 311Port Address Translation (PAT) 333port address translation (PAT) 395–396port-rate adjustment 84ports.

See also

connectionsAUX 90console 90speed 252

POTS (Plain Old Telephone Service) 384power supplies, troubleshooting 402PPP (Point-to-Point Protocol) 13

architecture 113–115authentication 59, 121–128callback131commands

ppp authentication CHAP command 127ppp authentication command 59ppp callback accept command 135ppp callback request command 133ppp command 118ppp multilink interface configuration

command 182ppp pap sent-username command 124

configuring 115connections

compression 321MPPC 323

debugging 143–145enabling 116, 117encapsulation 13frames 115ISDN 181–182

called party number 185–186CLID 184–185MLP 182–184rate adaptation 186

LCP options 121, 128–140monitoring 191Multilink PPP 140–143negotiation 404overview of 111–112sessions 117

PPPoA (PPP over ATM)ADSL 392DSL 398–400

PPPoE (PPP over Ethernet) 365, 394ADSL 389

PPPoE (PPP over Ethernet)


594

CPE 392–397DSL 394VPDN 393

PPPoE Active Discovery Terminate (PADT) 391Predictor 136, 321preshared keys, configuring 461PRI (Primary Rate Interface) 160–167. See also

interfacespri-group command 165primary lines

dial backupsactivating 276starting 275

load backups 282–290primary links, dial backups 274prioritization 297. See also queuing priority command 315Private Internet Exchange. See PIXprivate network dial-in services, spanning remote

access servers 393profiles (dialer)

applications 215commands 214legacy DDR 203, 208–220troubleshooting 221–227

protections, enabling passwords 58protocol data units (PDUs) 387protocols

AAA 45–46central sites 48clients 48DHCP 119GRE 429IARP 235interfaces 158IPSec 429, 436–445

configuring 445–446, 453–454, 463–475IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481

ISDN 154–155L2TP 429LAPB 201MNP 83multiplexing 114PPP 12, 111–112

callback 131configuring LCP options 128–140

configuring Multilink PPP 142–143debugging 143–145encapsulation 13LCP options 121Multilink PPP 140–142

VPN 428WAN 12

provisioning cable modems 379PSTN (public switched telephone network) 7, 73public data network (PDN) 232public networks 332pulse code modulation (PCM) 73pulse-time command 129PVC (permanent virtual connection) 274pvc interface configuration command 399

QQAM (quadrature amplitude modulation) 377QoS (Quality of Service)

central site connections 20WAN 16

QPSK (quadrature phase shifting keying) 377queue-limit command 315queuing 296–297

CBWFQ 305–314comparisons 319LQQ 314–316options 299–301policies 298prioritization 297verifying 316–319WFQ 301–304

RR interfaces 155RADIUS (Remote Authentication Dial-In User

Service) 421commands

radius-server host command 54radius-server key command 54

configuring 54Random Early Detection (RED) 308random-detect command 315

PPPoE (PPP over Ethernet)


595

ratesadaptation 186enforcement 258

reachability, subinterfaces 245RED (Random Early Detection) 308redundancy

central site connections 20WAN remote/branch offices 22

reference pointsISDN BRI 154PRI 161S/T 155

regeneration repeaters 74reliability of WAN 16remote access. See also access

broadband 365ADSL 384–392cable 366DSL 366, 380–383satellite access 367–368wireless access 368–369

VPNs 425WAN 26–37

Remote Authentication Dial-In User Service. See RADIUS

remote destinations, identifying 173remote node connections 111–113remote offices, WAN 21–23remote routers, DLCI 240remote sites, WAN 18repeaters 74requests, IARP 236. See also IARP requirements, WAN 18resetting connections 168reverse Telnet terminal sessions 92revisions

modemcap databases 101transform sets 465

RF channels 374–376RJ-45 wiring 79rotary groups

configuring 203–206interfaces 207ISDN 129, 206limitations 207

RouterAaccess lists 179ISDN DDR 175

RouterB, ISDN DDR 175

routers 47access modes 51ACS 46–47branch offices 23cable modems 379–380callback clients 133DDR

configuring 167–181verifying 186–192

Frame Relay 235lines 87modems

connections 88–91EXEC commands 92NAS 91

queuing 316–319remote 240spoke 241WAN central sites 21

routesadding 286default static 397floating static 287

routingDDR 168GRE 429load backups 282–290Snapshot Routing 169updating 245

SSA (Security Association) 421, 466SADB (SA database) 440satellite access 367–368scalability

CBWFQ 307central site connections 20DSL 396NAT 331–338

configuring 343–354global address 342–343source address 339–342troubleshooting 354–359

screening CLID 184. See also CLID scripts, chat 104–105SDSL (Symmetric Digital Subscriber Line) 381

SDSL (Symmetric Digital Subscriber Line)


596

SECAM (Sequential Couleur Avec Memoire) 377secret key encryption 432. See also encryption

Diffie-Helman algorithm 434hashing 435

securityAAA 43–44

commands 53–68configuring 52defining 44–45protocols 45–46

CLID 184–185clients 48firewalls 46IPSec 436–445

configuring 445–446, 453–454, 463–475IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481

PPP authentication 121–128routers 47servers 48VPN 419

Security Association (SA) 421, 439selection

Cisco product selection tools 36of ISDN switches 158of VPNs 427–430

Sequential Couleur Avec Memoire (SECAM) 377serial connections 87, 91. See also connectionsserial lines, dial backups 273–280servers

AAAcommands 53–68configuring 52

access 48ACS 46, 49

administrator GUI client 50components 49–50options 48routers 46–47

DHCP 397NAS 91PPP callback 134security 48spanning 393TACACS+ 53

service profile identifiers (SPIDs) 159, 207

servicesCA 420ISDN 153security 47WAN 3

broadband access 11–12central sites 19–21connections 4–6dedicated circuit-switched connections 6–7encapsulation protocols 12–15on-demand circuit-switched connections

7–10packet-switched virtual connections 10–11remote access 26–37remote/branch offices 21–23routers (central sites) 21site requirements 18SOHO 24–25speed comparisons 16–18types 16

sessionsEXEC

commands 92console ports 91

PPP 117sharing loads

EIGRP 284OSPF 283

show commands 454show compress command 139show crypto ipsec transform-set command 476show crypto map command 477show dialer command 143, 144show dialer interface bri number command 221show frame-relay pvc command 264show interface atm0 command 403show interface command 242show interface dialer command 221show interface type number command 286show interfaces bri command 190show ip nat translation command 354show isdn status command 187show line command 85show ppp multilink command 191show privilege command 64show process cpu command 137show queueing command 316show queueing custom command 318show traffic-shape command 264show traffic-shape statistics command 265

SECAM (Sequential Couleur Avec Memoire)


597

signalingFrame Relay 235–236modems 75–77

signal-to-noise (S/N) 377simple ISDN calls, configuring 175site requirements, WAN 18site-to-site VPNs, GRE 430S/N (signal-to-noise) 377Snapshot Routing 169SOHO (small office, home office) 365

installing 34site requirements 18WAN 24–25

SONET/SDH (Synchronous Optical NETwork/Synchronous Digital Hierarchy) 6

source addresses 339–342spanning servers 393spectrum resuse 377speed

mismatch 84modems 84WAN 16–18

SPIDs (service profile identifiers) 159, 207split horizons, reachability 246spoke routers 241STAC compression 321, 324Stacker compression scheme 136standards

compression 83modems 81–83

standby modebackup interfaces 274dial backups 276

starting dial backups 275statements, dialer map 202static address mapping 239–240static inside source NAT, configuring 347static outside source NAT, configuring 349static translation 332statistical time division multiplexing (STDM)

network 254status, Layer 1 188STDM (statistical time division multiplexing)

network 254strings, initialization 95stub domains 332subinterfaces, Frame Relay 244–250subnets, configuring 397subscriber drop 373

suites, configuring 463switches

Frame Relay 235ISDN types 158Telco IDSN types 163troubleshooting 164

Symmetric Digital Subscriber Line (SDSL) 381symmetric encryption 432symmetrical peer crypto ACLs 468synchronization, troubleshooting 164synchronous connections, EXEC/PPP sessions 118synchronous modem connections 8Synchronous Optical NETwork/Synchronous

Digital Hierarchy (SONET/SDH) 6synchronous serial standards 6

TT1 controller parameters 164tables, adding routes 286TACACS+ (Terminal Access Controller Access

Control System Plus) 53, 421tacacs-server host commands 54tail drops, CBWFQ 307TCP (Transmission Control Protocol)

header compression 136load distribution 345

TCP/IP (Transmission Control Protocol/Internet Protocol)

encryption 421header compression 322

Telco ISDN switch types 163Telnet, reverse terminal sessions 92Terminal Access Controller Access Control System

Plus (TACACS+) 53, 421testing

DDR 192IPSec 475–481

thresholdsdialer load-threshold command 170MLP 182

tools, Cisco product selection 36topologies, hub-spoke 241–242traffic

applications 16compression 320–325crypto ACLs 466

traffic


598

DDR 168excessive loads 277interesting 171queuing 296–297


traffic shapingconfiguring 255–266Frame Relay 251–255

traffic-share commandstraffic-share balanced command 286traffic-share min command 286

transform setsconfiguring 463editing 465negotiation 465

transformscommands, 464IPSec 449

translationNAT 331–338


PAT 333, 395configuring 400DSL 396

transport input protocol command 89transport mode, tunneling 438transportation networks 373troubleshooting 402

autoconfiguration 104compression speed 84DDR 187dialer profiles 221disconnections 225DSL 400–405Frame Relay 242–244, 264incoming calls 225IPSec 454–456, 475–481ISDN 187MLP 192modems 83multiplexers 164NAT 354–359negotiation 404nonoccurrence of dialing 222

outbound calls 223PPP 143–145primary line load backups 282–290PVC failures 274queuing 296–297

options 299–301policies 298prioritization 297verifying 316–319

reachability 246switches 164synchronization 164

tunnelingencryption 421GRE 429IKE 442transport mode 438types of 417–430VPN protocols 428

types of DSL 382–392of lines 87of queuing 297, 319of switches

ISDN 158Telco ISDN 163

of VPNs 417–427of WAN 16

UU interfaces 155UARTs (Universal Asynchronous Receiver/

Transmitters) 84UNI (User-Network Interface) 232updating routing 245upstream (US) 376US (upstream) 376username command 135User-Network Interface (UNI) 232

VV.42bis compression 83variance 2 command 285, 286variance multiplier command 285

traffic


599

VCs (virtual circuits) 233verification

autoconfiguration 103branch office installation 33called party number 185–186compression 138DDR 186–192dial backups 286dialer profiles 221DSL data 403Frame Relay 242, 264IKE configuration 462IPSec 475–481MLP 191NAT 354–359PPP 143–145, 404queuing 316–319SOHO installation 34WAN installation 31

viewingISAKMP policies 476line commands 85–88working connections 80–81

virtual path identifier/virtual channel identifier (VPI/VCI) 394

VPDN (virtual private data network) 393vpdn enable command 393vpdn-group name command 393VPI/VCI (virtual channel identifier) 394

VPNs (virtual private networks)cryptosystems 430–436IKE 456–462IPSec 436–445

configuration 463–475configuring 445–454IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481

selecting 427–430types of 417–427

VTYs (virtual terminal lines) 55, 87

WWAN

cabling 30central sites 19

broadband access 11–12dedicated circuit switched 6–7on-demand circuit switched 7–10packet-switched virtual 10–11

components 3connections 4–6dial backups

configuring 273–280dialer interfaces as 280–282

encapsulation protocols 12–15Frame Relay. See Frame Relayinstalling 31ISDN

called party number 185–186CLID 184–185DDR 168MLP 182–184PPP 181–182rate adaptation 186

PPP 111–112architecture 113–115configuring 115frames 115

queuing 296–297options 299–301policies 298prioritization 297

remote access 26–37remote/branch office 21–23site requirements 18SOHO 24–25speed comparisons 16–18types 16VPNs. See VPNs

WFQ (Weighted Fair Queuing) 297–304wireless access 368–369wiring

DTE-to-DTE 78RJ-45 79

working connections, viewing 80–81WRED (Weighted Random Early Detection) 308–311

Zzones, DMZ 424

zones


Symbols Aptgmedia.pearsoncmg.com/images/1587051486/index/... · 2009. 6. 9. · (CHAP) 121–128...

Documents

Transcript of Symbols Aptgmedia.pearsoncmg.com/images/1587051486/index/... · 2009. 6. 9. · (CHAP) 121–128...