Symbols Aptgmedia.pearsoncmg.com/images/1587051486/index/... · 2009. 6. 9. · (CHAP) 121–128...
Transcript of Symbols Aptgmedia.pearsoncmg.com/images/1587051486/index/... · 2009. 6. 9. · (CHAP) 121–128...
I
N
D
E
X
Symbols
A
AAA (authentication, authorization, and accounting) 43–44, 421
commands 53–68aaa accounting system command 51aaa authentication enable command 58aaa authentication login command 55aaa authentication ppp command 59aaa authorization command 61aaa new-model command 62
configuring 45–52defining 44–45protocols 45–46
accessbroadband 11–12, 365
ADSL 384–392cable 366DSL 366, 380–383satellite 367–368wireless 368–369
central site connections 19Cisco Access Control 46, 49
administrator GUI client 50components 49–50options 48routers 46–47
LAPM 83remote node connections 112–113routers 51servers 48WAN 16
remote access 26–37remote/branch offices 22
access listsconfiguring 179DDR 172dialer lists 178–179IPSec 455
access-list command 172accounting.
See also
AAA
ACL (access control list) 466configuring 467symmetrical peer 468
ACS (Cisco Secure Access Control Server) 46, 49administrator GUI client 50components 49–50options 48routers 46–47
activation of dial backups 275–276active states, Frame Relay 236adaptation rates 186adding routes 286addresses
async interface commands 119–120DLCI 234IP
configuring 343–354global addresses 342–343NAT 331–338source addresses 339–342troubleshooting 354–359
mapping 238–240overlapping 353PAT 333
configuring 395, 400DSL 396
administration of networks 47administrator GUI client, ACS 50ADSL (asymmetric digital subscriber line) 381,
384–392Advanced Voice Video and Integrated Data
(AVVID) 379AH (Authentication Header) 421, 437, 464algorithms
Diffie-Helman 434hashing 435LZ 136
amplifiers 74antenna sites 373applications
dialer profiles 215traffic (WAN) 16
applying DLCIs 240architecture, PPP 113–115asymmetric digital subscriber line (ADSL) 381,
384–392 asymmetric encryption 433.
See also
encryptionasync interface 117
1486fmFIX.fm Page 575 Tuesday, January 13, 2004 1:58 PM
576
async interface commands 117–120asynchronous analog dialup connections, 73.
See also
modems asynchronous callback 130Asynchronous Callback Line/Interface Commands
132asynchronous connections
chat scripts 104–105configuring 93–95interface async command 87
asynchronous interfaces, rotary groups 207asynchronous lines, connecting NAS 91ATM (Asynchronous Transfer Mode) 13
configuring 399troubleshooting 402
authentication 420.
See also
AAALayer 2 B channel 58login 55PPP 59, 121–128remote/branch offices 23
Authentication Header (AH) 421, 437, 464authentication, authorization, and accounting
(AAA)43–44, 421
commands 53–68configuring 45–52defining 44–45protocols 45–46
authorization 420.
See also
AAAwith character mode 65commands 64configuring 60
autoconfiguration.
See also
configurationchat scripts 104–105modems 96–103
debugging 103troubleshooting 104
autoconfigure type command 99autodiscovery
configuring 98modems 97
autoselectioncommand, 118PPP encapsulation 116
AUX ports, connecting 90availability
remote/branch offices 23WAN 16
AVVID (Advanced Voice Video and Integrated Data) 379
B
B channels, ISDN dialer profiles 214backups
central site connections 20commands
backup delay command 276backup interface command 275–276backup interface dialer number command
282backup load command 278
dialconfiguring 273–280dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286
load 282–290backward explicit congestion notification (BECN)
252balancing loads, 284 bandwidth
command 183compression 320–325MLP 182–184queuing 297.
See also
queuing speed comparisons 16–18WAN 16
basic rate interface.
See
BRIBECN (backward explicit congestion notification)
252binding outbound calls, troubleshooting 223branch offices
installing 33WAN 21–23
BRI (basic rate interface)configuring 153–160monitoring 187, 190–191
bridge-group virtual interface (BVI) 387bridging ADSL, 387.
See also
ADSL broadband.
See also
bandwidth; connectionsaccess 11–12cable
components 376–378HFC 373–374infrastructure 370–373provisioning 379RF channels 374–376router configuration 379–380
async interface commands
1486fmFIX.fm Page 576 Tuesday, January 13, 2004 1:58 PM
577
connectionsADSL 384–392cable 366DSL 366, 380–383satellite access 367–368wireless access 368–369
DSLconfiguring 393troubleshooting 400–405
buffered mode 84BVI (bridge-group virtual interface) 387
C
C/N (carrier-to-noise) 377CA (Certificate of Authority) 420cable.
See also
bandwidth; connectionsconnections 30infrastructure 370–373
components 376–378HFC 373–374provisioning 379RF channels 374–376router configuration 379–380
modems 366cable modem termination system (CMTS) 373CAB-OCTAL-ASYNC 80CAB-OCTAL-KIT 80callback
asynchronous 130clients 133disconnecting 135PPP 121, 128, 131–133servers 134
called party number verification 185–186calling line identification (CLID) 184–185calls, configuring simple ISDN 175CAP modulation 385carrier signals 377carrier-to-noise (C/N) 377CBWFQ (Class-Based Weighted Fair Queuing) 297
class defaults 312configuring 305–314
CCITT (Consultative Committee of International Telegraph and Telephone) 74
central office (CO) broadband connections 365
central sitesprotocols 48routers 21WAN 18, 19–21
Certificate of Authority (CA) 420CET (Cisco Encryption Technology) 436Challenge Handshake Authentication Protocol
(CHAP) 121–128channel service units/data service units (CSUs/
DSUs) 6channel service units (CSUs) 74channels, ADSL 385.
See also
ADSL CHAP (Challenge Handshake Authentication
Protocol) 121–128character mode, authorization commands 65chat scripts 104–105CIR (committed information rate) 252circuits, Frame Relay 233.
See also
Frame Relay circuit-switched connections
dial backups 273–280dialer interfaces as 280–282
Cisco Access Control 46, 49administrator GUI client 50components 49–50options 48routers 46–47
Cisco Encryption Technology (CET) 436Cisco product selection tools 36Cisco Secure Access Control Server.
See
ACSclass class-default command 312Class-Based Weighted Fair Queuing (CBWFQ) 297,
305–314classes
class-map command 310defaults 312defining 212dialer maps 211
clearing commands 477NAT entries 357
CLID (calling line identification) 184–185clients
ACS 50configuring 394CPE as 392–397PPP callback 133PPPoE 394RADIUS 54security 48TACACS+ 53
clients
1486fmFIX.fm Page 577 Tuesday, January 13, 2004 1:58 PM
578
clock source command 165clock speed 252clouds, Frame Relay 232CMTS (cable modem termination system) 373CO (central office) broadband connections 365coaxial cable 376.
See also
cablecodecs (coders/decoders) 73coexistence, ADSL/POTS 384commands 117
AAA 53–68aaa accounting system 51aaa authentication enable 58aaa authentication login 55aaa authentication ppp 59aaa authorization 61aaa new-model 62
access-list 172accounting 66–68async interface 119–120Asynchronous Callback Line/Interface 132autoconfigure type 99autoselect 118backups
backup delay 276backup interface 275–276backup interface dialer number 282backup load 278
bandwidth 183class class-default 312class-map 310clear 477clock source 165crypto
crypto ipsec security-association lifetime 466
crypto ipsec transform-set 464crypto isakmp enable 457crypto isakmp identity 461crypto isakmp key 461crypto isakmp policy 457crypto maps 472
debug 189debug confmodem 103debug crypto ipsec 478debug dialer 192debug dialer packet 226debug isdn events 192debug ppp authentication 144, 192debug ppp multilink 142debug ppp negotiation 144, 192, 404
delay 0 40 277dial backups 275dialer
dialer callback-secure 135dialer callback-server username 135dialer enable-timeout 129dialer hold-queue timeout 129dialer idle-timeout 168dialer isdn speed 56 218dialer load-threshold 170, 182dialer load-threshold load 143dialer map 135, 157, 173dialer pool-member 219, 220, 223dialer pool-member number 281dialer profiles 214dialer rotary-group 206dialer string 212dialer watch 289–290dialer-group 172dialer-list 171dialer-map 125
dsl operating-mode 398encapsulation hdlc 159EXEC 92fair-queue 304frame-relay
frame-relay map 239frame-relay traffic-rate 260
group-range 207import all DHCP pool configuration 397interface
interface async 87interface atm number 394interface dialer 205interface dialer global 217interface serial 87interface serial interface-number 159
ipip address 119ip dhcp pool name global configuration
397ip route 288ip tcp header-compression 138ip tcp header-compression passive 138ip unnumbered 119
isdnisdn answer1 186isdn answer2 186isdn call interface 192isdn caller 185
clock source command
1486fmFIX.fm Page 578 Tuesday, January 13, 2004 1:58 PM
579
isdn configuration 157isdn disconnect interface 192isdn switch-type 158, 162
line 85–88linecode 164load-interval 278load-interval interface 278login authentication list-name 55map-class
map-class 135map-class dialer class-name 218
match 310modems 94
modem autoconfiguration 96modem autoconfigure discovery 98modem autoconfigure name 99modemcap edit usr_new 102modemcap entry modem-name 101
physical layer-sync 91ping 454policy-map 311ppp 118
ppp authentication 59ppp authentication CHAP 127ppp callback accept 135ppp callback request 133ppp multilink interface configuration 182ppp pap sent-username 124
pri-group 165priority 315pulse-time 129pvc interface configuration 399queue-limit 315radius-server
radius-server host 54radius-server key 54
random-detect 315show 454
show command 316show compress 139show crypto ipsec transform-set 476show crypto map 477show dialer 143, 144show dialer interface bri number 221show frame-relay pvc 264show interface 242show interface atmo 403show interface dialer 221show interface type number 286
show interfaces bri 190show ip nat translation 354show isdn status 187show line 85show modemcap 98show ppp multilink 191show privilege 64show process cpu 137show queuing custom 318show traffic-shape 264show traffic-shape statistics 265
tacacs-server host 54traffic-share
traffic-share balanced 286traffic-share min 286
transform 464transport input control 89username 135variance
variance 2 285–286variance multiplier 285
vpdnvpdn enable 393vpdn-group name 393
committed burst (B) 252comparisons
queuing 319transport mode/tunneling 438
compatibility of IPSec 455components
ACS 49–50cable 376–378DLCI 234–235Frame Relay 232–234ISDN BRI 154PPP 113WAN 3
compression 320–325configuring 138enabling 325MPPC 323PPP 121speed 84STAC 321, 324standards 83TCP headers 136V.42bis 83verifying 138
compression
1486fmFIX.fm Page 579 Tuesday, January 13, 2004 1:58 PM
580
configurationAAA 43–44, 52
commands 53–68defining 44–45protocols 45–46
authentication 59authorization 60autodiscovery 98cable 379–380CBWFQ 305–314command authorization 64compression 138, 324CPE as PPPoE clients 392–397crypto ACLs 467crypto maps 471DDR 167–181
testing 192verifying 186–192
default static routes 397DHCP 397dial backups 273–280
dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286
dialer interfaces 217, 394dialer lists 179dialer map classes 211dialer profile commands 214DSL 393
dialer interfaces 399PAT 400PPPoA 398–400
Frame Relay 236–238applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244–250traffic shaping 255–266troubleshooting 242–244
global IPSec SAs 466IKE 456–462interface protocols 158IOS command privilege levels 63IPSec 445–454, 463–475
IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
ISDNBRI interfaces 153–160called party number 185–186CLID 184–185commands 157MPP 182–184PPP 181–182PRI interfaces 160–167rate adaptation 186simple calls 175
legacy DDR 201–203dialer profiles 208–220troubleshooting dialer profiles 221–227
login authentication 55LQQ 314–316modems 93–95
autoconfiguration 96–103debugging autoconfiguration 103troubleshooting autoconfiguration 104
Multilink PPP 140–143named lists 57NAT 343–354PAT 395physical interfaces 219PPP 115–120
authentication 121–128callback clients 133LCP options 128–140servers 134
PPPoE clients 394preshared keys 461queuing 316–319RADIUS 54rotary groups 203–206
interfaces 207ISDN 206limitations 207
SPIDs 159symmetrical crypto ACLs 468TACACS+ 53transform sets 463WAN 16WFQ 301–304WRED 311
congestion 296–297.
See also
troubleshootingoptions 299–301policies 298prioritization 297
configuration
1486fmFIX.fm Page 580 Tuesday, January 13, 2004 1:58 PM
581
connections, 91asynchronous analog dialup 73.
See also
modems
asynchronous modems 8AUX ports 90broadband 365
ADSL 384–392cable 366DSL 366, 380–383satellite access 367–368wireless access 368–369
cablecomponents 376–378HFC 373–374infrastructure 370–373provisioning 379RF channels 374–376router configuration 379–380
compression 321console ports 90DDR
configuring 167–181verifying 186–192
dial backups 273–280DSL
configuring 393troubleshooting 400–405
Frame Relayapplying DLCIs 240components 232–234configuring 236–238configuring traffic shaping 255–266DLCI 234–235hub-spoke topologies 241–242mapping addresses 238–240signaling 235–236subinterfaces 244–250traffic shaping 251–255troubleshooting 242–244
interfaces 207ISDN, 153
CLID 184–185configuring rotary groups 206dialer profiles with B channels 214
limitations of rotary groups 207modems 73–74, 88–90
autoconfiguration 96–103autodiscovery 97chat scripts 104–105
commands 94compression 84configuring 93–95debugging autoconfiguration 103DTE-DCE interface 74–75DTE-to-DTE wiring 78error control 83EXEC command 92initialization strings 95line commands 85–88modulation 81–83NAS 91operations 77–78RJ-45 wiring 79routers 90–91signaling data 75–77troubleshooting autoconfiguration 104working connections 80–81
MPPC 323PPP
configuring 115debugging 143–145
PVC 274queuing 296–297
options 299–301policies 298prioritization 297
remote node 111–113resetting 168serial 91VPNs
selecting 427–430types of 417–427
WAN 4–6broadband access 11–12cabling 30central sites 19–21dedicated circuit-switched 6–7encapsulation protocols 12–15on-demand circuit-switched 7–10packet-switched virtual 10–11remote access 26–37remote/branch offices 21–23routers (central sites) 21site requirements 18SOHO 24–25speed comparisons 16–18types 16
console ports, connecting 90
console ports, connecting
1486fmFIX.fm Page 581 Tuesday, January 13, 2004 1:58 PM
582
Consultative Committed of International Telegraph and Telephone (CCITT) 74
controllers, parameters of 164conversion
hashing 435speed 84
costscentral site connections 19WAN 16, 22
CPE (customer premises equipment) 232, 365, 392–397
CPU usage, compression 137crypto ACLs 466
creating 467symmetrical peer 468
crypto commandscrypto ipsec security-association lifetime
command 466crypto ipsec transform-set command 464crypto isakmp enable command 457crypto isakmp identity command 461crypto isakmp key command 461crypto isakmp policy command 457
crypto maps 469commands 472configuring 471interfaces 473
cryptosystems 420, 430–436CSU/DSU (channel service unit/data service unit) 6CSUs (channel service units) 74customer premises equipment.
See
CPE customization
AAA 43–44, 52commands 53–68defining 44–45protocols 45–46
ACS 48authentication 59authorization 60autodiscovery 98cable 379–380CBWFQ 305–314command authorization 64compression 138, 324CPE as PPPoE clients 392–397crypto ACLs 467crypto maps 471DDR 167–181
testing 192verifying 186–192
default static routes 397DHCP 397dial backups 273–280
dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286
dialer interfaces 217, 394dialer lists 179dialer map classes 211dialer profile commands 214DSL 393
dialer interfaces 399PAT 400PPPoA 398–400
Frame Relay 236–238applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244–250traffic shaping 255–266troubleshooting 242–244
global IPSec SAs 466IKE 456–462interface protocols 158IOS command privilege levels 63IPSec 445–454, 463–475
IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
ISDNBRI interfaces 153–160called party number 185–186CLID 184–185commands 157MPP 182–184PPP 181–182PRI interfaces 160–167rate adaptation 186simple calls 175
legacy DDR 201–203dialer profiles 208–220troubleshooting dialer profiles 221–227
login authentication 55LQQ 314–316modems 93–95
autoconfiguration 96–103debugging autoconfiguration 103troubleshooting autoconfiguration 104
Consultative Committed of International Telegraph and Telephone (CCITT)
1486fmFIX.fm Page 582 Tuesday, January 13, 2004 1:58 PM
583
Multilink PPP 140–143named lists 57NAT 343–354PAT 395physical interfaces 219PPP 115–120
authentication 121–128callback clients 133LCP options 128–140servers 134
PPPoE clients 394preshared keys 461queuing 316–319RADIUS 54rotary groups 203–206
interfaces 207ISDN 206limitations 207
SPIDs 159symmetrical crypto ACLs 468TACACS+ 53transform sets 463WAN 16WFQ 301–304WRED 311
D
data communications equipment (DCE) 6, 232data compression.
See
compression Data Over Cable Service Interface Specification
(DOCSIS) 375data service units (DSUs) 74data terminal equipment (DTE) 232databases, creating entries 101DBS (direct broadcast satellite) 365DCE (data communications equipment) 6, 232DDR (dial-on-demand routing).
See also
routingaccess lists 172configuring 167–181destination parameters 173dial backups 274.
See also
backups legacy DDR 201–203
dialer profiles 208–220troubleshooting dialer profiles 221–227
testing 192troubleshooting 187verifying 186–192
DE (discard eligibility) 252debug commands 189
debug confmodem command 103debug crypto ipsec command 478debug dialer command 192debug dialer packet command 226debug isdn events command 192debug ppp authentication command 144, 192debug ppp multilink command 142debug ppp negotiation command 144, 192, 404
debugging.
See also
troubleshootingautoconfiguration 103IPSec 475–481NAT 356PPP 143–145
decryption 420dedicated circuit-switched connections 6–7default classes, configuring 312default static routes, configuring 397defining
AAA 44–45interesting traffic 171map classes 212
delay 0 40 command 277deleted states, Frame Relay 236demilitarized zone (DMZ) 424design
AAA 43–44, 52commands 53–68defining 44–45protocols 45–46
ACS 48authentication 59authorization 60autodiscovery 98cable 379–380CBWFQ 305–314command authorization 64compression 138, 324CPE as PPPoE clients 392–397crypto ACLs 467crypto maps 471DDR 167–181
testing 192verifying 186–192
default static routes 397DHCP 397dial backups 273–280
dialer interfaces as 280–282dialer watch 289–290
design
1486fmFIX.fm Page 583 Tuesday, January 13, 2004 1:58 PM
584
floating static routes 287verifying 286
dialer interfaces 217, 394dialer lists 179dialer map classes 211dialer profile commands 214DSL 393
dialer interfaces 399PAT 400PPPoA 398–400
Frame Relay 236–238applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244–250traffic shaping 255–266troubleshooting 242–244
global IPSec SAs 466IKE 456–462interface protocols 158IOS command privilege levels 63IPSec 445–454, 463–475
IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
ISDNBRI interfaces 153–160called party number 185–186CLID 184–185commands 157MPP 182–184PPP 181–182PRI interfaces 160–167rate adaptation 186simple calls 175
legacy DDR 201–203dialer profiles 208–220troubleshooting dialer profiles 221–227
login authentication 55LQQ 314–316modems 93–95
autoconfiguration 96–103debugging autoconfiguration 103troubleshooting autoconfiguration 104
Multilink PPP 140–143named lists 57NAT 343–354
PAT 395physical interfaces 219PPP 115–120
authentication 121–128callback clients 133LCP options 128–140servers 134
PPPoE clients 394preshared keys 461queuing 316–319RADIUS 54rotary groups 203–206
interfaces 207ISDN 206limitations 207
SPIDs 159symmetrical crypto ACLs 468TACACS+ 53transform sets 463WAN 16WFQ 301–304WRED 311
destination parameters, DDR 173devices
ACS 46–48DCE 6ISDN 155VPNs 422WAN 111–112
DHCP (Dynamic Host Configuration Protocol) 119, 396–397
dial backupsactivating 276configuring 273–280dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286
dial map command options 173dialer commands
dialer callback-secure command 135dialer callback-server username command 135dialer enable-timeout command 129dialer hold-queue timeout command 129dialer idle-timeout command 168dialer isdn speed 56 command 218dialer load-threshold command 170 182dialer load-threshold load command 143dialer map command 135, 157
design
1486fmFIX.fm Page 584 Tuesday, January 13, 2004 1:58 PM
585
dialer pool-member command 219, 220, 223dialer pool-member number command 281dialer rotary-group command 206dialer string command 212dialer watch commands 289–290dialer-group command 172dialer-list command 171dialer-map command 125
dialer interfaces.
See also
interfacesconfiguring 217, 394as dial backups 280DSL 399
dialer listsaccess lists 178configuring 179
dialer mapsclasses 211statements 202
dialer profilesapplications 215commands 214legacy DDR 203, 208–227
dialer rotary groupsconfiguring 203–206interfaces 207ISDN 206limitations 207
dial-on-demand routing (DDR).
See also
routingaccess lists 172configuring 167–181destination parameters 173dial backups 274.
See also
backups legacy DDR 201–203
dialer profiles 208–220troubleshooting dialer profiles 221–227
testing 192troubleshooting 187verifying 186–192
dialup connections 73.
See also
connections; modems
Differentiated Services Code Point (DSCP) 308Diffie-Hellman algorithm 434digital amplifiers 74digital subscriber line.
See
DSL direct broadcast satellite (DBS) 365disabling split horizons 246discard eligibility (DE) 252disconnections.
See also
connectionscallback 135troubleshooting 225
discoveryconfiguring 98modem autodiscovery 97
discrete multitone (DMT) 385distribution network 373DLCI (data-link connection identifier)
applying 240Frame Relay 233–235
DMT (discrete multitone) 385DMZ (demilitarized zone) 424DOCSIS (Data Over Cable Service Interface
Specification) 375downstream (DS) 376DS (downstream) 376DSCP (Diffentiated Services Code Point) 308DSL (digital subscriber line) 366, 380–381.
See also
connections
ATM interfaces 399configuring 393dialer interfaces 399limitations 383modulation 398PAT 396, 400PPPoA 398–400PPPoE 394scaling 396troubleshooting 400–405types of 382–392
dsl operating-mode command 398DSLAM (DSL access multiplexer) 381DSUs (data service units) 74DTE (data terminal equipment) 232DTE-DCE interface 74–75DTE-to-DTE wiring 78dynamic address mapping 238–239Dynamic Host Configuration Protocol (DHCP) 119dynamic mapping 332dynamic NAT, configuring 350.
See also
NAT
E
E1 controller parameters 164ease of management, WAN 16editing
modemcap databases 101transform sets 465
EIA (Electronics Industries Association) 74EIGRP (Enhanced IGRP), load sharing 284EIR (excess information rate) 254
EIR (excess information rate)
1486fmFIX.fm Page 585 Tuesday, January 13, 2004 1:58 PM
586
electromagnetic frequencies 374Electronic Industries Association (EIA) 74elements, dialer profiles 210.
See also
dialer profilesenabling
AAA 52CLID 184–185IKE 457passwords 58PPP 116, 117rate adaptation 186STAC compression 324TCP/IP header compression 325
Encapsulating Security Payload (ESP) 421, 438, 464encapsulation
configuring 115Frame Relay 15GRE 429hdlc command 159ISDN 155Layer 2 B channel protocols 158PPP 13protocols 158WAN 12–15
encoding ADSL 385.
See also
ADSL encryption 420.
See also
securityasymmetric 433cryptosystems 430–436symmetric 432tunneling 421VPNs 427–430
end-to-end keepalives 286entries, modemcap databases 101errors.
See also
troubleshootingISAKMP 481modems 83
ESP (Encapsulating Security Payload) 421, 438, 464excess burst (B) 252excess information rate (EIR) 254excessive traffic loads, configuring dial backups 277EXEC
commands 92sessions 91, 117
extended ACLs, creating crypto ACLs 467
F
fair-queue command 304FDM (frequency-division multiplexing) 377FEC (forward error correction) 378
FECN (forward explicit congestion notification) 252FIFO (first-in, first-out) 296filters, microfilters 385Firewalls, PIX 46.
See also
securityfixed wireless broadband markets 368floating static routes 287flowcharts
asynchronous callback 130autoselect 118IKE/IPSec 443queuing options 299
formatting.
See also
configurationcrypto ACLs 467frames 115modemcap database entries 101
forward error correction (FEC) 378forwarding L2F 429Frame Relay 12
commandsframe-relay map command 239frame-relay traffic-rate command 260
components 232–234configuring 236–238
applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244traffic shaping 255–266troubleshooting 242–244
DLCI 234–235encapsulation 15signaling 235–236traffic shaping 251–255
framescontrollers 164PPP 115
frequencies, DSL 381.
See also
DSLfrequency-division multiplexing (FDM) 377
G
global addresses 342–343global IPSec SAs, configuring 466granularity of CBWFQ 307GRE (Generic Routing Encapsulation) 419, 429group-range command 207groups, configuring PPPoE 393
electromagnetic frequencies
1486fmFIX.fm Page 586 Tuesday, January 13, 2004 1:58 PM
587
GSOs (geostationary orbit satellites) 368GUI (graphical user interface) 50.
See also
interfaces
H
hashing 420, 435HDLC (high-level data link control) 12, 115headends 373.
See also
cable headers
TCP compression 136TCP/IP compression 322
HFC (hybrid fiber-coaxial) 373–374high primary lines, dial backups 275how modemcap command 98hub-spoke topologies 241–242hunt groups 204.
See also
rotary groups hybrid fiber-coaxial cable 373–374
I
IARP (Inverse Address Resolution Protocol) 235identities, ISAKMP 460IKE (Internet Key Exchange) 421
configuring 456–462enabling 457flowcharts 443IPSec 441Phase 1 policy 446–449Phase 2 policy 449–452policies
creating 457negotiation 459
implementation.
See also
configurationPPP callback 129VPNs 427–430
import all DHCP pool configuration command 397inactive states, Frame Relay 236in-band PPP sessions 117incoming calls
rotary groups 204troubleshooting 225
increasing bandwidth 182–184infrastructure (cable) 370–373
components 376–378
HFC 373–374provisioning 379RF channels 374–376router configuration 379–380
ingress noise 377initialization strings 95inside global address overloading, configuring 352inside global addresses 336installation
branch offices 33SOHO 34WAN 31
integrated routing and bridging (IRB) 387Integrated Services Digital Network.
See
ISDNintegrity of hashing 435interfaces
ACS 50async commands 117–120Backup 274BRI
configuring ISDN 153–160monitoring 187, 190–191
BVI 387commands
interface async command 87interface atm number command 394interface dialer command 205interface dialer global command 217interface serial command 87interface serial interface-number
command 159crypto maps 473dial backup 276dialer 211
configuring 217, 394as dial backups 280DSL 399
DSL 399, 402DTE-DCE 74–75Frame Relay signaling 235–236LMI 286Multilink PPP 142–143NNI 232, 286physical
configuring 219limitations as dial backups 280
PRI 160–167protocols 158R 155
interfaces
1486fmFIX.fm Page 587 Tuesday, January 13, 2004 1:58 PM
588
rotary groups 207S/T 155serial 91show interface command 242subinterfaces
Frame Relay 244–250U 155UNI 232WAN 28–29
International Organization for Standardization Connectionless Network Service (ISO CLNS) 201
International Organization for Standardization’s high-level data link control (ISO-HDLC) 111
International Telecommunication Union-Telecommunications Standards Sector (ITU-T) 74
Internet Key Exchange (IKE) 421configuring 456–462enabling 457flowcharts 443IPSec 441Phase 1 policy 446–449Phase 2 policy 449–452policies
creating 457negotiation 459
Internet Security Association and Key Management Protocol.
See
ISAKMPinterpretability (PPP) 111–112
architecture 113–115configuring 115frames 115
interesting traffic (ISDN DDR) 171Inverse Address Resolution Protocol (IARP) 235IOS command privilege levels 63IOS cryptosystem 430–436IP (Internet Protocol)
crypto ACLs 466commands
ip address command 119ip dhcp pool name global configuration
command 397ip route command 288ip tcp header-compression command 138ip tcp header-compression passive
command 138ip unnumbered command 119
NAT 331–338configuring 343–354global addresses 342–343
source addresses 339–342troubleshooting 354–359
PAT 333IPSec (IP Security Protocol) 429, 436–445
configuring 445–446, 453–454, 463–475IKE
configuring 456–462Phase 1 policy 446–449Phase 2 policy 449–452
peers 452–453transforms 449troubleshooting 454–456, 475–481
IRB (integrated routing and bridging) 387ISAKMP (Internet Security Association and Key
Management Protocol) 421error messages 481identities 460policies 476
ISDN (Integrated Services Digital Network).
See also
connectionsB channel dialer profiles 214BRI
configuring 153–160monitoring 187, 190–191
commands 157isdn answer1 command 186isdn answer2 command 186isdn call interface command 192isdn caller command 185isdn disconnect interface command 192isdn switch-type command 158, 162
DDRconfiguring 167–181verifying 186–192
Layer 2 debug commands 189Layer 3 debug commands 189layers 155PPP 181–182
called party number 185–186CLID 184–185MLP 182–184rate adaptation 186
PRI 160–167protocols 154rotary groups 129, 206services 160simple calls 175SPIDs 159troubleshooting 187
interfaces
1486fmFIX.fm Page 588 Tuesday, January 13, 2004 1:58 PM
589
ISO (International Organization for Standardization’s high-level data link control (ISO-HDLC) 111
ISO CLNS (International Organization for Standardization Connectionless Network Service) 201
ITU-T (International Telecommunication Union-Telecommunications Standards Sector) 74
K
keepalivesdial backups 276end-to-end 286
key exchanges, cryptosystems 430–436keys
management 420preshared 461
L
L2F (Layer 2 Forwarding) 429L2TP (Layer 2 Tunneling Protocol) 419, 429LAPB (Link Access Procedure Balanced) protocol
201, 321LAPM (Link Access Procedure for Modems) 83Layer 1
DSL 402status messages 188
Layer 2channel encapsulation protocols 158DSL 403ISDN debug commands 189
layersDSL 401ISDN protocols 155VPNs 427–430
LCP (Link Control Protocol)configuring 128–140PPP 121
legacy DDR 201–203.
See also
DDRdialer profiles 208–220troubleshooting 221–227
Lempel-Ziv (LZ) algorithm 136
LEOS (low-earth-orbit satellites) 368lifetimes, IPSec SAs 466limitations
of DSL 383physical interfaces as backup interfaces 280rotary groups 207
line commands 85–88linecode command 164lines
numbering 87types 87
Link Access Procedure Balanced (LAPB) protocol 201, 321
Link Access Procedure for Modems (LAPM) 83links
compression 321WAN 297
listsACL.
See
ACLDDR 172
LLQ (Low Latency Queuing) 297LMDS (Local Multipoint Distribution Service) 368LMI (Local Management Interface) 235–236, 286.
See also
interfacesload backups, primary line failures 282–290load distribution, TCP 345load sharing
EIGRP 284OSPF 283
load-interval command 278load-interval interface configuration command 278local access rates 252local best metrics 286local loops, PSTN 73Local Multipoint Distribution Service (LMDS) 368login, configuring authentication 55login authentication list-name command 55loops, PSTN 73Low Latency Queuing (LLQ) 297, 314–316low-earth-orbit satellites (LEOS) 368LZ (Lempel-Ziv) algorithm 136
M
managementcompression 320–325keys 420
management
1486fmFIX.fm Page 589 Tuesday, January 13, 2004 1:58 PM
590
networks 47queuing 296–297
options 299–301policies 298prioritization 297
WAN 16map classes
commandsmap-class command 135map-class dialer class-name command
218defining 212dialers 211
mapsaddresses 238–240class 310crypto 469
configuring 471interfaces 473
DLCI 234masks, DHCP 397match command 310Maximum Received Reconstructed Unit (MRRU)
141memory, compression 137messages
errors.
See
errors; troubleshootinghashing 435ISAKMP 481status 188
metrics, local best 286Microcom’s Networking Protocol (MNP) 83microfilters 385Microsoft Point-to-Point Compression (MPPC) 136,
323mismatch, speed 84MLP (Multilink PPP)
configuring 182–184troubleshooting 192verifying 191
MNP (Microcom’s Networking Protocol) 83modemcap databases 101
modemcap edit usr_new command 102modemcap entry modem-name command 101
modems.
See also
connectionsasynchronous analog dialup connections 73asynchronous connections 8autoconfiguration 96–103
debugging 103troubleshooting 104
autodiscovery 97–98cable 366, 379chat scripts 104–105commands 94
modem autoconfigure command 96modem autoconfigure discovery command
98modem autoconfigure name command 99
configuring 93–95connections 73–74, 88–90
compression 84DTE-DCE interface 74–75DTE-to-DTE wiring 78error control 83EXEC commands 92line commands 85–88modulation 81–83NAS 91operations 77–78RJ-45 wiring 79routers 90–91signaling data 75–77working connections 80–81
DSL 366, 380–381, 393initialization strings 95
modesaccess 51buffered 84character authorization 65packets 66
modification of transform sets 465modular interfaces, WAN 29.
See also
interfacesmodulation 81–83
CAP 385DSL 398
monitoringISDN BRI 187–191PPP 191traffic 277
MPPC (Microsoft Point-to-Point Compression) 136, 323
MRRU (Maximum Received Reconstructed Unit) 141
Multilink PPP 140–143
See
MLPmultiple access connections
central site connections 19remote/branch offices 22
multiple async interfaces, sharing IP addresses 119multiple destinations, legacy DDR with 202
management
1486fmFIX.fm Page 590 Tuesday, January 13, 2004 1:58 PM
591
multiple WANs 111–112multiplexing
Frame Relay 233.
See also
Frame Relay troubleshooting 164
multipoint subinterfaces 248.
See also
subinterfaces
N
named lists, configuring 57NAS (Network Access Server) modems 91NAT (Network Address Translation) 331–338
configuring 343–354global addresses 342–343source addresses 339–342troubleshooting 354–359
National Television Systems Committee (NTSC) 375, 377
NBMA (nonbroadcast multiaccess) networks 233negotiation
IKE policies 459PAP 123PPP 404transform sets 465
networks.
See also
connectionscable 373management 47NAT 331–338
configuring 343–354global addresses 342–343source addresses 339–342troubleshooting 354–359
NBMA 233overlapping 343STDM 254WAN
broadband access 11–12central sites 19–21components 3connections 4–6dedicated circuit-connections 6–7encapsulation protocols 12–15on-demand circuit-connections 7–10packet-switched virtual 10–11remote access 26–37remote/branch office 21–23routers (central sites) 21site requirements 18
SOHO 24–25speed comparisons 16–18types 16
NGSOs (nongeostationary orbit satellites) 368NNI (Network-to-Network Interface) 232, 286nodes, remote connections 111–113noise, troubleshooting 377nonbroadcast multiaccess (NBMA) networks 233nonoccurrence of dialing, troubleshooting 222NT1/NT2 functions 155NTSC (National Television Systems Committee)
375, 377null modems 78.
See also
modems numbering lines 87
O
ODN (public data network) 232on-demand circuit-switched connections 7–10Open Shortest Path First (OSPF) 283Open System Interconnection (OSI) 111operations, modems 77–78optimization
AAA 43–44, 52commands 53–68defining 44–45protocols 45–46
ACS 48authentication 59authorization 60autodiscovery 98cable 379–380CBWFQ 305–314command authorization 64compression 138, 324CPE as PPPoE clients 392–397crypto ACLs 467crypto maps 471DDR 167–181
testing 192verifying 186–192
default static routes 397DHCP 397dial backups 273–280
dialer interfaces as 280–282dialer watch 289–290floating static routes 287verifying 286
optimization
1486fmFIX.fm Page 591 Tuesday, January 13, 2004 1:58 PM
592
dialer interfaces 217, 394dialer lists 179dialer map classes 211dialer profile commands 214DSL 393
dialer interfaces 399PAT 400PPPoA 398–400
Frame Relay 236–238applying DLCIs 240hub-spoke topologies 241–242mapping addresses 238–240subinterfaces 244–250traffic shaping 255–266troubleshooting 242–244
global IPSec SAs 466IKE 456–462interface protocols 158IOS command privilege levels 63IPSec 445–454, 463–475
IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
ISDNBRI interfaces 153–160called party number 185–186CLID 184–185commands 157MPP 182–184PPP 181–182PRI interfaces 160–167rate adaptation 186simple calls 175
legacy DDR 201–203dialer profiles 208–220troubleshooting dialer profiles 221–227
login authentication 55LQQ 314–316modems 93–95
autoconfiguration 96–103debugging autoconfiguration 103troubleshooting autoconfiguration 104
Multilink PPP 140–143named lists 57NAT 343–354PAT 395physical interfaces 219
PPP 115–120authentication 121–128callback clients 133LCP options 128–140servers 134
PPPoE clients 394preshared keys 461queuing 316–319RADIUS 54rotary groups 203–206
interfaces 207ISDN 206limitations 207
SPIDs 159symmetrical crypto ACLs 468TACACS+ 53transform sets 463WAN 16WFQ 301–304WRED 311
options.
See also
customizationACS 48dialer map command 173LCP
configuring PPP 128–140PPP 121
PPP configuration 182queuing 299–301
OSI (Open System Interconnection) 111OSPF (Open Shortest Path First) 283outbound calls, troubleshooting 223out-of-band EXEC sessions 117overlapping
addresses 353networks 343
overloading addresses 342oversubscription 252
P
packetsDLCI 234modes 66PADT 391
packet-switched virtual connections 10–11PADT (PPP Active Discovery Terminate) 391PAL (Phase Alternating Line) 375–377
optimization
1486fmFIX.fm Page 592 Tuesday, January 13, 2004 1:58 PM
593
PAP (Password Authentication Protocol) 121–128parameters
controllers 164crypto maps 470destination 173IKE 448ISAKMP policies 476
passing data over Frame Relay 234Password Authentication Protocol.
See
PAPpasswords.
See also
securityenabling 58PAP 121–128
PAT (Port Address Translation) 333, 395configuring 400DSL 396
payload compression 321.
See also
compression PCM (pulse code modulation) 73PDUs (protocol data units) 387peers
IPSec 452–453symmetrical crypto ACLs 468
performance.
See also
optimizationcompression 320–325queuing 297
per-interface compression 321.
See also
compression
permanent virtual connection (PVC) 274per-virtual circuit compression 321.
See also
compression
Phase Alternating Line (PAL) 375Physical Layer, DSL 402physical interfaces.
See also
interfacesconfiguring 219dial backups 280
physical layer-async command 91ping command, IPSec 454PIX (Private Internet Exchange) Firewalls 46.
See also
firewalls; securityplanning NAT 337Point-to-Point Protocol.
See
PPPpoint-to-point subinterfaces 247.
See also
subinterfaces
policiesIKE
creating 457negotiation 459Phase 1 446–449Phase 2 449–452
ISAKMP 476queuing 296
policy-map command 311Port Address Translation (PAT) 333port address translation (PAT) 395–396port-rate adjustment 84ports.
See also
connectionsAUX 90console 90speed 252
POTS (Plain Old Telephone Service) 384power supplies, troubleshooting 402PPP (Point-to-Point Protocol) 13
architecture 113–115authentication 59, 121–128callback131commands
ppp authentication CHAP command 127ppp authentication command 59ppp callback accept command 135ppp callback request command 133ppp command 118ppp multilink interface configuration
command 182ppp pap sent-username command 124
configuring 115connections
compression 321MPPC 323
debugging 143–145enabling 116, 117encapsulation 13frames 115ISDN 181–182
called party number 185–186CLID 184–185MLP 182–184rate adaptation 186
LCP options 121, 128–140monitoring 191Multilink PPP 140–143negotiation 404overview of 111–112sessions 117
PPPoA (PPP over ATM)ADSL 392DSL 398–400
PPPoE (PPP over Ethernet) 365, 394ADSL 389
PPPoE (PPP over Ethernet)
1486fmFIX.fm Page 593 Tuesday, January 13, 2004 1:58 PM
594
CPE 392–397DSL 394VPDN 393
PPPoE Active Discovery Terminate (PADT) 391Predictor 136, 321preshared keys, configuring 461PRI (Primary Rate Interface) 160–167. See also
interfacespri-group command 165primary lines
dial backupsactivating 276starting 275
load backups 282–290primary links, dial backups 274prioritization 297. See also queuing priority command 315Private Internet Exchange. See PIXprivate network dial-in services, spanning remote
access servers 393profiles (dialer)
applications 215commands 214legacy DDR 203, 208–220troubleshooting 221–227
protections, enabling passwords 58protocol data units (PDUs) 387protocols
AAA 45–46central sites 48clients 48DHCP 119GRE 429IARP 235interfaces 158IPSec 429, 436–445
configuring 445–446, 453–454, 463–475IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
ISDN 154–155L2TP 429LAPB 201MNP 83multiplexing 114PPP 12, 111–112
callback 131configuring LCP options 128–140
configuring Multilink PPP 142–143debugging 143–145encapsulation 13LCP options 121Multilink PPP 140–142
VPN 428WAN 12
provisioning cable modems 379PSTN (public switched telephone network) 7, 73public data network (PDN) 232public networks 332pulse code modulation (PCM) 73pulse-time command 129PVC (permanent virtual connection) 274pvc interface configuration command 399
QQAM (quadrature amplitude modulation) 377QoS (Quality of Service)
central site connections 20WAN 16
QPSK (quadrature phase shifting keying) 377queue-limit command 315queuing 296–297
CBWFQ 305–314comparisons 319LQQ 314–316options 299–301policies 298prioritization 297verifying 316–319WFQ 301–304
RR interfaces 155RADIUS (Remote Authentication Dial-In User
Service) 421commands
radius-server host command 54radius-server key command 54
configuring 54Random Early Detection (RED) 308random-detect command 315
PPPoE (PPP over Ethernet)
1486fmFIX.fm Page 594 Tuesday, January 13, 2004 1:58 PM
595
ratesadaptation 186enforcement 258
reachability, subinterfaces 245RED (Random Early Detection) 308redundancy
central site connections 20WAN remote/branch offices 22
reference pointsISDN BRI 154PRI 161S/T 155
regeneration repeaters 74reliability of WAN 16remote access. See also access
broadband 365ADSL 384–392cable 366DSL 366, 380–383satellite access 367–368wireless access 368–369
VPNs 425WAN 26–37
Remote Authentication Dial-In User Service. See RADIUS
remote destinations, identifying 173remote node connections 111–113remote offices, WAN 21–23remote routers, DLCI 240remote sites, WAN 18repeaters 74requests, IARP 236. See also IARP requirements, WAN 18resetting connections 168reverse Telnet terminal sessions 92revisions
modemcap databases 101transform sets 465
RF channels 374–376RJ-45 wiring 79rotary groups
configuring 203–206interfaces 207ISDN 129, 206limitations 207
RouterAaccess lists 179ISDN DDR 175
RouterB, ISDN DDR 175
routers 47access modes 51ACS 46–47branch offices 23cable modems 379–380callback clients 133DDR
configuring 167–181verifying 186–192
Frame Relay 235lines 87modems
connections 88–91EXEC commands 92NAS 91
queuing 316–319remote 240spoke 241WAN central sites 21
routesadding 286default static 397floating static 287
routingDDR 168GRE 429load backups 282–290Snapshot Routing 169updating 245
SSA (Security Association) 421, 466SADB (SA database) 440satellite access 367–368scalability
CBWFQ 307central site connections 20DSL 396NAT 331–338
configuring 343–354global address 342–343source address 339–342troubleshooting 354–359
screening CLID 184. See also CLID scripts, chat 104–105SDSL (Symmetric Digital Subscriber Line) 381
SDSL (Symmetric Digital Subscriber Line)
1486fmFIX.fm Page 595 Tuesday, January 13, 2004 1:58 PM
596
SECAM (Sequential Couleur Avec Memoire) 377secret key encryption 432. See also encryption
Diffie-Helman algorithm 434hashing 435
securityAAA 43–44
commands 53–68configuring 52defining 44–45protocols 45–46
CLID 184–185clients 48firewalls 46IPSec 436–445
configuring 445–446, 453–454, 463–475IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
PPP authentication 121–128routers 47servers 48VPN 419
Security Association (SA) 421, 439selection
Cisco product selection tools 36of ISDN switches 158of VPNs 427–430
Sequential Couleur Avec Memoire (SECAM) 377serial connections 87, 91. See also connectionsserial lines, dial backups 273–280servers
AAAcommands 53–68configuring 52
access 48ACS 46, 49
administrator GUI client 50components 49–50options 48routers 46–47
DHCP 397NAS 91PPP callback 134security 48spanning 393TACACS+ 53
service profile identifiers (SPIDs) 159, 207
servicesCA 420ISDN 153security 47WAN 3
broadband access 11–12central sites 19–21connections 4–6dedicated circuit-switched connections 6–7encapsulation protocols 12–15on-demand circuit-switched connections
7–10packet-switched virtual connections 10–11remote access 26–37remote/branch offices 21–23routers (central sites) 21site requirements 18SOHO 24–25speed comparisons 16–18types 16
sessionsEXEC
commands 92console ports 91
PPP 117sharing loads
EIGRP 284OSPF 283
show commands 454show compress command 139show crypto ipsec transform-set command 476show crypto map command 477show dialer command 143, 144show dialer interface bri number command 221show frame-relay pvc command 264show interface atm0 command 403show interface command 242show interface dialer command 221show interface type number command 286show interfaces bri command 190show ip nat translation command 354show isdn status command 187show line command 85show ppp multilink command 191show privilege command 64show process cpu command 137show queueing command 316show queueing custom command 318show traffic-shape command 264show traffic-shape statistics command 265
SECAM (Sequential Couleur Avec Memoire)
1486fmFIX.fm Page 596 Tuesday, January 13, 2004 1:58 PM
597
signalingFrame Relay 235–236modems 75–77
signal-to-noise (S/N) 377simple ISDN calls, configuring 175site requirements, WAN 18site-to-site VPNs, GRE 430S/N (signal-to-noise) 377Snapshot Routing 169SOHO (small office, home office) 365
installing 34site requirements 18WAN 24–25
SONET/SDH (Synchronous Optical NETwork/Synchronous Digital Hierarchy) 6
source addresses 339–342spanning servers 393spectrum resuse 377speed
mismatch 84modems 84WAN 16–18
SPIDs (service profile identifiers) 159, 207split horizons, reachability 246spoke routers 241STAC compression 321, 324Stacker compression scheme 136standards
compression 83modems 81–83
standby modebackup interfaces 274dial backups 276
starting dial backups 275statements, dialer map 202static address mapping 239–240static inside source NAT, configuring 347static outside source NAT, configuring 349static translation 332statistical time division multiplexing (STDM)
network 254status, Layer 1 188STDM (statistical time division multiplexing)
network 254strings, initialization 95stub domains 332subinterfaces, Frame Relay 244–250subnets, configuring 397subscriber drop 373
suites, configuring 463switches
Frame Relay 235ISDN types 158Telco IDSN types 163troubleshooting 164
Symmetric Digital Subscriber Line (SDSL) 381symmetric encryption 432symmetrical peer crypto ACLs 468synchronization, troubleshooting 164synchronous connections, EXEC/PPP sessions 118synchronous modem connections 8Synchronous Optical NETwork/Synchronous
Digital Hierarchy (SONET/SDH) 6synchronous serial standards 6
TT1 controller parameters 164tables, adding routes 286TACACS+ (Terminal Access Controller Access
Control System Plus) 53, 421tacacs-server host commands 54tail drops, CBWFQ 307TCP (Transmission Control Protocol)
header compression 136load distribution 345
TCP/IP (Transmission Control Protocol/Internet Protocol)
encryption 421header compression 322
Telco ISDN switch types 163Telnet, reverse terminal sessions 92Terminal Access Controller Access Control System
Plus (TACACS+) 53, 421testing
DDR 192IPSec 475–481
thresholdsdialer load-threshold command 170MLP 182
tools, Cisco product selection 36topologies, hub-spoke 241–242traffic
applications 16compression 320–325crypto ACLs 466
traffic
1486fmFIX.fm Page 597 Tuesday, January 13, 2004 1:58 PM
598
DDR 168excessive loads 277interesting 171queuing 296–297
options 299–301policies 298prioritization 297
traffic shapingconfiguring 255–266Frame Relay 251–255
traffic-share commandstraffic-share balanced command 286traffic-share min command 286
transform setsconfiguring 463editing 465negotiation 465
transformscommands, 464IPSec 449
translationNAT 331–338
configuring 343–354global addresses 342–343source addresses 339–342troubleshooting 354–359
PAT 333, 395configuring 400DSL 396
transport input protocol command 89transport mode, tunneling 438transportation networks 373troubleshooting 402
autoconfiguration 104compression speed 84DDR 187dialer profiles 221disconnections 225DSL 400–405Frame Relay 242–244, 264incoming calls 225IPSec 454–456, 475–481ISDN 187MLP 192modems 83multiplexers 164NAT 354–359negotiation 404nonoccurrence of dialing 222
outbound calls 223PPP 143–145primary line load backups 282–290PVC failures 274queuing 296–297
options 299–301policies 298prioritization 297verifying 316–319
reachability 246switches 164synchronization 164
tunnelingencryption 421GRE 429IKE 442transport mode 438types of 417–430VPN protocols 428
types of DSL 382–392of lines 87of queuing 297, 319of switches
ISDN 158Telco ISDN 163
of VPNs 417–427of WAN 16
UU interfaces 155UARTs (Universal Asynchronous Receiver/
Transmitters) 84UNI (User-Network Interface) 232updating routing 245upstream (US) 376US (upstream) 376username command 135User-Network Interface (UNI) 232
VV.42bis compression 83variance 2 command 285, 286variance multiplier command 285
traffic
1486fmFIX.fm Page 598 Tuesday, January 13, 2004 1:58 PM
599
VCs (virtual circuits) 233verification
autoconfiguration 103branch office installation 33called party number 185–186compression 138DDR 186–192dial backups 286dialer profiles 221DSL data 403Frame Relay 242, 264IKE configuration 462IPSec 475–481MLP 191NAT 354–359PPP 143–145, 404queuing 316–319SOHO installation 34WAN installation 31
viewingISAKMP policies 476line commands 85–88working connections 80–81
virtual path identifier/virtual channel identifier (VPI/VCI) 394
VPDN (virtual private data network) 393vpdn enable command 393vpdn-group name command 393VPI/VCI (virtual channel identifier) 394
VPNs (virtual private networks)cryptosystems 430–436IKE 456–462IPSec 436–445
configuration 463–475configuring 445–454IKE Phase 1 policy 446–449IKE Phase 2 policy 449–452peers 452–453troubleshooting 454–456, 475–481
selecting 427–430types of 417–427
VTYs (virtual terminal lines) 55, 87
WWAN
cabling 30central sites 19
broadband access 11–12dedicated circuit switched 6–7on-demand circuit switched 7–10packet-switched virtual 10–11
components 3connections 4–6dial backups
configuring 273–280dialer interfaces as 280–282
encapsulation protocols 12–15Frame Relay. See Frame Relayinstalling 31ISDN
called party number 185–186CLID 184–185DDR 168MLP 182–184PPP 181–182rate adaptation 186
PPP 111–112architecture 113–115configuring 115frames 115
queuing 296–297options 299–301policies 298prioritization 297
remote access 26–37remote/branch office 21–23site requirements 18SOHO 24–25speed comparisons 16–18types 16VPNs. See VPNs
WFQ (Weighted Fair Queuing) 297–304wireless access 368–369wiring
DTE-to-DTE 78RJ-45 79
working connections, viewing 80–81WRED (Weighted Random Early Detection) 308–311
Zzones, DMZ 424
zones
1486fmFIX.fm Page 599 Tuesday, January 13, 2004 1:58 PM