7/27/2019 Remote Access Network
1/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 1
ContentsIntroduction ..............................................................................................................................................................2
Type and Size of Data ................................................................................................................................................3
Primary Link ........................................................................................................................................................... 11
Secondary Link ....................................................................................................................................................... 15
Network Diagram ................................................................................................................................................... 21
Redundant LINK ..................................................................................................................................................... 22
Installation ............................................................................................................................................................. 24
Security .................................................................................................................................................................. 29
Conclusion .............................................................................................................................................................. 32
References ............................................................................................................................................................. 33
Appendices ............................................................................................................................................................ 35
Work Break Down .................................................................................................................................................. 36
7/27/2019 Remote Access Network
2/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 2
Introduction
Network has been an essential element in any field. Network will be able to connect two users
that apart from each other. Banks, schools, offices, public services, and many more are all use networkeither local area network or wide area network. Local Area Network will mostly used for connecting
the device with limited space, such as LAN in the office. Wide Area Network (WAN) will connects
some LANs to join together in the one network.
Network can be used as for many purposes. For communication purpose, we can use Voice
Over Internet Protocol (VOIP) and video conferencing that is booming in the market. VOIP or video
conferencing will help the company or institution to save cost, because they are free of charge. All the
company need is just the high speed internet for having a smooth conversation. Another advantage is
that it can connect to many user instead of only having one on one conversation.
Another feature that a network has is file transfer. For example from main office needs to send a
important file and the recipient needs it immediately. It will consume a time if from the main office a
sender needs to travel all the way to branch office to pass the file. It will be such a big problem if the
distance between two offices is far away apart. File transferring can send the file through the internet
and the recipient can get the file immediately.
7/27/2019 Remote Access Network
3/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 3
Type and Size of Data1. Voice Over Internet Protocol (VOIP)
Voice Over Internet Protocol (VOIP) is IP based network that transmit voice conversation, without
loss in functionality, quality and reliability. VOIP has been very famous because it save cost over thetraditional telephone, especially to make long distance or crossed nation calls.
Voice signal from VOIP phone or it can use traditional phone that is connected to an adapter will go
through a VOIP device that convert the normal telephone signal to the digital signal in order to use the
broadband internet connection. The digital signal then will be converted back to the normal signal
(original voice call). When the caller calls the recipient number, the VOIP adapter will log on to the
routing server. It will look to the destination IP number which is associated with the recipient number.
The call will be routed through PSTN if the dialed number is not using VOIP and there is no phone
number which tied to an IP number.
Figure 1-1 How the VOIP works
7/27/2019 Remote Access Network
4/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 4
Types of VOIP calls:
VOIP which placed to other VOIP device or on the PSTN
PC to phone calls, calls from VOIP device to a PSTN device
PC to PC, call from a VOIP device to another VOIP device
Equipment Needed:
High speed internet is needed; it can be a connection through cable modem or high speed
service such as DSL. Other device needed are a PC, an adaptor, or a specialized phone. Some VOIP
service only works on the pc or on the specialized phone. Using pc, it will require a particular software
and a high quality of microphone. The service allows the user to use a traditional phone which must
have connected to a VOIP adapter. Using a traditional phone which have connected to an adapter is like
make a normal phone call which may have dial tone as well.
Advantage of Voice Over Internet Protocol (VOIP)
Save cost
It is a main advantage of VOIP. It is very effective to reduce a production cost for a company which
needs to make a lot of calls, especially for a company which have to make a international calls.
Manageability
Each employee has the ability to route the call by themselves. Each employee will have their
personal extensions number, so it is easy to reach a particular person.
Integration
It can better integrate the phones, voicemail, email, SMS, faxes and other communication.
7/27/2019 Remote Access Network
5/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 5
2. File Sharing
File sharing can be public or private sharing of data or space in the network. A file transfer system
that commonly used it File Transfer Protocol (FTP). FTP can be a public access or a limited access
which require username and password to access it.
The objective of FTP:
To promote sharing of files
To encourage indirect or implicit use of the remote computer
To shield a user from variation in the file storage system among hosts
To transfer data efficient and reliably
Requirement of using FTP
An FTP client installed on the computer, for example Auto FTP Manager
Information about FTP server destination, including a username and password if needed
To transfer files, server address, username, and password have to be set in the client software. Once
it is connected to the server, the user can upload, download, or delete files.
FTP and Internet Connections
For sending and receiving data, FTP uses one connection and for commands FTP uses another
connection. FTP has a standard number port which is logical connection point that FTP server listens
for every connections. The standard [ort number for FTP is 21 and it is only for sending commands.
7/27/2019 Remote Access Network
6/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 6
Figure 1-2 Transferring data in FTP
File Transfer Protocol supports active and passive connections. Active FTP means the client open
as a port and listen and the server actively connects to it. Passive FTP means the server open and listen
passively and the client connects to it.
3. SQL
SQL is a tool to organize, manage, and retrieve data that have been stored in a computer database.
SQL is more than just a query tool. Retrieving data is the most important feature in the SQL. Some
functions that SQL has are:
Data Definition
Structure and the organization of the stored data will be defined by the user.
Data retrieval
The user is able to retrieve stored data from database and make use of it.
Data Manipulation
The user is able to add data, remove data, or modify the data.
Access Control
The user can protect the database from unauthorized user.
7/27/2019 Remote Access Network
7/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 7
Data Integrity
SQL defines integrity constraint in the database and protect it from corruption caused by system
failure.
Figure1-3 How Database is being stored
SQL is not a structure language compare to other programming languages such as C or Java.
SQL has few inconsistencies and some rules that looks perfectly legal but do not make sense. SQL has
been a standard language for using relational database. SQL is powerful languages that relative easy to
learn compare to the other programming language.
7/27/2019 Remote Access Network
8/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 8
4. Closed Circuit TV (CCTV)
CCTV consists of some video cameras that transmit video images to a monitor. CCTV is
privately broadcast and not for public consumption. CCTV can use both wireless and wired
transmission to broadcast the video images from video camera to monitor. The common usage of
CCTV is for safety purposes.
Figure 1-4 Installation of CCTV
Wired cable connection
The video camera will be physically connected to the monitor via cable. The type of cable
that commonly used for CCTV is coaxial cable. This type of connection has a disadvantage which
is the longer cable connects from video camera to monitor the higher possibility to decrease the
quality of the video images.
7/27/2019 Remote Access Network
9/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 9
Wireless connection
To transmit the video images to a monitor most of the CCTV cameras use 2.4 Gigahertz
frequencies. With that frequency CCTV cameras can easily transmit the video images to the
monitor trough any types of obstacle including walls. Wireless connection will enable the CCTV to
be placed at anywhere as the user want. As a result some of CCTV wireless connection are using
battery as a power supply.
5. Video conferencing
Video conferencing has become more and more popular. Video conferencing happens when
there are two or more parties communicate in the real time with audio and video signals. List of
technologies that use in the video conferencing, such as:
Video input
It can be a video camera or a webcam. It at least have to be two or more devices to be connected
each other. Video camera can be projected to larger display such as in the larger monitor or using
projector to get larger view of the video images.
Video Output
Standard video output will be a monitor or a digital tv set.
Audio Input
A microphone will be source for audio input in the video conferencing. It also can be a headset that
has microphone on it.
7/27/2019 Remote Access Network
10/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 10
Audio Output
Speaker will be the device as an audio output device. A headphone can be a source for audio
output as well.
Figure 1-5 How Video Conferencing works
Video conferencing works on many kind of technology that is being used such as digital and
analog technology. ISDN line, normal broadband internet, radio frequencies, and satellite transmission
are eligible to provide video conferencing. The main advantage of video conferencing is to save time
and money. It also can involve multiple users to join the video conferencing.
7/27/2019 Remote Access Network
11/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 11
Primary Link
Just about all office-based and modern retail businesses require some type of Internet access in
order to carry out their daily operations and countless have mission critical Internet requirements that
allow them to continue business operations at all times (Lemm, 2010). There are many choices to fulfill
this need for Internet access, including Dial-up connections, ISDN, DSL, Cable, Wireless applications,
a T1 Line, or something larger like a DS3 or OC-3 (Lemm, 2010). In selecting the appropriate choice
for the primary link of the remote network for Big Boss Public Limited, our team looked into a few
popular choices for primary links of similar circumstances. Among the factors looked at during
selection are mainly costing, practicality, speed of transmission, bandwidth and security. After careful
consideration, we have decided to use a T1 link to connect the main office to the branch office
compared to other solutions such as DSL, Frame Relay or ISDN. This is because T1 has numerous
advantages over the others.
A "Full T1 Line" is a term normally used to depict a circuit that provides 1.5 megabits per
second of high speed Internet access, which is the most general type of T1 (Lemm,2010). A Full T1 can
also be used to carry telephone lines, data, video and/or VoIP calls. A T1 Line is made up of 24
channels that transmit data at 64Kbps each, therefore giving a Full T1 Line the capacity to transmit
1.54Mbps of data synchronously (upstream and downstream). Using today's standard email
applications and common Internet searching, this amount of bandwidth could sustain anywhere from 1
to approximately 75 users depending on their requirements, preferences, and the company's budget
(Rucker, 2004). Most commonly Full T1 Lines are used in offices with 5 to 50 employees.
A T1 circuit provides the most consistent and reliable bandwidth available when leased from a
high quality T1 Provider, which is why businesses are willing to pay more for a T1 than for other
services like DSL or Cable. In some applications, a T1 can save money for a company who uses a less
reliable bandwidth connection. Since multiple services can be combined on a single T1, cost efficient
solutions are often available by the service providers.
A point to point T1, often referred to as a "P2P", provides a very secure and reliable connection, usually
from a corporate office to any number of satellite offices. Although a P2P does not actually offer
7/27/2019 Remote Access Network
12/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 12
Internet access or phone lines, corporations use P2P T1s to share these services. For example, the
company's home office in Kuala Lumpur might have numerous telephone lines and huge Internet
access pipes installed at one location to get the best available rates. This company can then utilize P2P
T1 to transmit any combination of telephone lines, Internet access, and data between offices to share
software systems, and provide in-office dialling from locations across the country ( in this case the
branch office in Seremban). The possibilities are endless because there are no restrictions on how a
point to point T1 can be used, assuming you have the correct equipment and a source at one end of the
P2P. This can be a great way to save money, because a satellite or branch office might have to pay huge
prices to have telephone and bandwidth services installed directly, whereas the home office can get
better rates because of bulk buying and location.
The key advantage of a P2P line is that it is truly and strictly private, making it top choice for
those demanding a circuit with a dedicated connection to only their business, therefore offering the
highest security available (Lemm, 2010). Principally T1's are business connections. Cable/DSL services
are usually residential.
T1's normally have:
unlimited throughput
a guaranteed uptime per month
no port blocking, allowing servers
upload 2-5x as high as cable/DSL
faster repair times, as in the company will most likely take priority repairing them
a dedicated line
allows technologies such as video conferencing and VoIP
Cable/DSL typically has an AUP or TOS that disallows servers, and may have high downtimes.
Plus when there is no internet, there might be no business either. Cable/DSL have high download
speeds, but in a business setting, the employees might only be checking email/browsing the
web/updating database records, so there is less need for so much download. However the company may
be running a server that uploads a lot or might be updating a website and need to send files often. The
7/27/2019 Remote Access Network
13/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 13
upload of a T1 helps in this setting. Raw peak speed is not the most vital to a connection. T1 is
marketed as a business class service. That means it is symmetrical, making it easy to run servers, and
comes with a service level agreement that guarantees minimal acceptable performance and mean time
to repair (MTTR). These are critical components in the marketing of different services. If you are a
business the cost of a network outage could be dramatic (Lemm, 2010). The widespread availability of
extremely low cost residential services is putting tremendous price pressure on traditional business
class services. With that, you see the cost of T1 lines (as well as DS3 even OC3) dropping steadily over
the last year.
Below are some comparisons between T1 Leased Line, Frame Relay, ISDN and DSL:
T1 Leased Line Frame Relay ISDN DSL
It is private,dedicated
connection which
not sharing the
bandwidth with
others
Bandwidth
implemented at
1.5Mbps to
45Mbps
It gives 24-hours
service of data,
voice and video
capabilities which
means it is always
active
Provides constant
and stable digital
connection
High security as
the line is not
shared
Suitable for the
An advanceversion of X.25
Operates at data-
link layer
Bandwidth
implemented at
56Kbps to 45Mbps
Provides the
Permanent Virtual
Circuit service,
which mean like
leased line giving
dedicated
connection but do
not need to pay
high cost as leased
line
Feasible and costeffective for the
organization which
needs flexible and
fast connectivity
Less secure than
T1
Integrated ServicesDigital Network
Provide digital datacommunication
over regulartelephone wire
Bandwidthcommonlyimplemented
between 64 Kbps
to 512Kbps
Provides twoflavour: BRI and
PRI
Available in themost geographicalareas
Allows multiple
devices share insingle line
Digital SubscriberLine
Using the regulartelephone lines to
transmit the data
Bandwidthimplemented
between 128Kbpsto 8Mbps
Able to do the dataand voicetransmissionsimultaneouslyover the same
phone line
Provides severaldifferent types ofservice to suit the
purpose of the
organization like
ADSL, SDSL andso on
7/27/2019 Remote Access Network
14/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 14
business that needs
high bandwidth,
fast and stabile
transmission
Feature
Leased Line Frame Relay ISDN DSL
Bandwidth High Medium Low Low
Cost *High installationfee
*Varies withdistance
*Cost effective forP2P
*Mediuminstallation fee
*Varies withbandwidth used
*Cost does notincrease as the
distance betweenpoints increases
*Lowinstallation fee
*Monthly fee +per minute
charge
*Cost increases
as the distancebetween points
increases
*Low installationfee
*Monthly fee
*Cost increases asthe distancebetween points
increases
Uses Voice, Data, Video Voice, Data Voice, Data Voice, Data
Switching Dedicated Packet Circuit Circuit
Availability High High High Low
QoS and
Reliability
High Medium Medium Low
Security High Medium Medium Low
7/27/2019 Remote Access Network
15/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 15
Secondary Link
For the secondary link, Digital Subscriber Line (DSL) connection seems to be a good choice.
DSL is a high-speed internet connection which is also known as broadband. It is much faster than a
typical 56K modem connection, and also exceeds speeds available from Integrated Services Digital
Network (ISDN) services. DSL uses copper wiring and a standard phone line to connect computers to
internet. To connect to a DSL, an Internet Services provider (ISP), Ethernet or wireless card or DSL
modem is required.
DSL is an innovative connection that allows users to transmit data and information through the
internet at a much higher frequency over existing phone line. Because it utilizes a higher frequency,
users will be able to use the phone line at the same time, without any interference. Telephone call will
remain clear and crisp, and the connection will seemed like lightning compared to a 56K modem
connection.
There are a few ISP that offer inexpensive DSL based internet connection. The most common
form of DSL connection will be Asymmetric Digital Subscriber Line (ADSL). ADSL download
information from the internet faster than it can upload. Its definitely suits the business requirement
nowadays as majority of internet browsing nowadays involve information downloading.
Regular telephone uses low frequency while DSL can be used at the same time and on the same
telephone line with regular telephone, as it uses high frequency bands. The download speed of DSL
mainly depends on DSL technology, line conditions and service-level implementation. It typically
ranges from 256Kbit/s to 24,000Kbit/s.
http://nethelper.com/article/Telephone_linehttp://nethelper.com/article/Plain_Old_Telephone_Servicehttp://nethelper.com/article/Plain_Old_Telephone_Servicehttp://nethelper.com/article/Telephone_line7/27/2019 Remote Access Network
16/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 16
Heres some comparison between DSL, Frame Relay and Leased Line:
DSL Frame Relay Leased Line
Digital Subscriber Line An advance version of
X.25
It is private, dedicated
connection which not
sharing the bandwidth
with others
Using the regular
telephone lines to
transmit the data
Operates at data-link
layer
Bandwidth
implemented at
1.5Mbps to 45Mbps
Bandwidth
implemented between
128Kbps to 8Mbps
Bandwidth
implemented at 56Kbps
to 45Mbps, and now
can be higher
It gives 24-hours
service, which means it
is always active
Able to do the data and
voice transmission
simultaneously over
the same phone line
Provides the
Permanent Virtual
Circuit service, which
mean like leased line
giving dedicated
connection but do not
need to pay high cost
as leased line
Provides constant and
stable digital
connection
Provides several
different types of
service to suit the
Feasible and cost
effective for the
organization which
High security as the line
is not shared
7/27/2019 Remote Access Network
17/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 17
purpose of the
organization like ADSL,
SDSL and so on
needs flexible and fast
connectivity
It is always on Suitable for the
business that needs
high bandwidth, fast
and stabile
transmission
Among all these connection, DSL suits our scenario best. As we all know, a fast DSL access
allows us to download images, videos and other large files at a lightning fast speed. DSL connection is
always on, which means that there is no wait to get connected, no busy signals and no dialling needed
to get connected.
DSL also does not need an extra phone line. DSL uses any existing phone line which allows
users to utilise the phone and internet at the same time. Besides, other devices can also be used on the
telephone. DSL will not interfere with the devices installed.
DSL provides a lightning fast download speed, ranging up to 2.4 Mb/s. This means that users
will be able to download files faster than other connection available. This will contribute to a faster and
smoother run of operations as daily operations using internet can be carried out at a higher speed.
Another advantage of using DSL is that it is using a dedicated line. This means that the users
will be the only one using the line, instead of sharing it with other users. Normal connection using cable
and modems does have the problem of sharing the connection with others, making their connectivity a
lot slower. With DSL, the internet speed will be more private, stable and have fewer delays.
7/27/2019 Remote Access Network
18/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 18
Technology
Feature
DSL Frame Relay Leased Line
Bandwidth Low Medium High
Cost Low
installation
fee
Monthly fee
Cost increases
as the
distance
between
points
increases
Medium
installation
fee
Varies with
bandwidth
used
Cost does not
increase as
the distance
between
points
increases
High
installation
fee
Varies with
distance
Cost increases
as the
distance
between
points
increases
Uses Voice, Data Voice, Data Voice, Data,
Video
Switching Circuit Packet Dedicated
Availability Low High High
QoS and Reliability
Low
Medium
High
Security Low Medium High
7/27/2019 Remote Access Network
19/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 19
DSL is chosen over frame relay and leased line as it is only as a secondary link. In this case the
priority will be on the price. It is available at a much lower price, no matter installation or the monthly
price.
To improve the security features, we will implement a Virtual Private Network (VPN) through
the DSL. VPN utilizes public telecommunications networks to conduct private data communications.
Most VPN implementations use the Internet as the public infrastructure and a variety of specialized
protocols to support private communications through the Internet.
VPN follows a client and server approach. VPN clients authenticate users, encrypt data, and
otherwise manage sessions with VPN servers utilizing a technique called tunnelling. The main benefit
of a VPN is the lower cost needed to support this technology compared to alternatives like traditional
leased lines or remote access servers.
VPN users typically interact with simple graphical client programs. These applications support
creating tunnels, setting configuration parameters, and connecting to and disconnecting from the VPN
server. VPN solutions utilize several different network protocols including PPTP, L2TP, IPsec, and
SOCKS.
VPN servers can also be connected directly to other VPN servers. A VPN server-to-server
connection extends the intranet or extranet to span multiple networks.
At the head quarter a VPN secure tunnel will be needed to set up. This will need a VPN
capable device. This can be done on some internet gateway routers, some Internet firewalls, or a
separate VPN aggregation device. You also need a security server at your central site, to authenticate
incoming VPN users. At the headquarter we must make sure that the DSL is connected to the internet,
and we also need a VPN client software.
Basically the process is, the headquarters DSL user has an open internet connection. Then, they
must launch the VPN client software. The client software will set up a L2TP or PPTP tunnel to the
head sites internet gateway, which is encrypted with IPsec, 3DES, DES56, etc. The VPN Client then
asks for a unique user name and password, which must match that in your central sites security
database. When properly authenticated, the user then has a high speed secure encrypted tunnel into your
central site.
http://compnetworking.about.com/library/glossary/bldef-protocol.htmhttp://compnetworking.about.com/library/glossary/bldef-protocol.htm7/27/2019 Remote Access Network
20/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 20
The performance is dependent to the bandwidth on the DSL. Normally it depends on the ISP,
but in general, setting up a VPN tunnel and encrypting the data causes a little bit of a speed loss in
comparison to purely sending data into the internet. Even in consideration of this, the
price/performance ratio is much, much better than that of any dial-up modem service.
7/27/2019 Remote Access Network
21/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 21
Network Diagram
7/27/2019 Remote Access Network
22/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 22
Redundant LINK
The proposed solution is to use two different types of link via two ISPs. This is measured the
perfect setup for full redundancy. In a situation that we have one failed ISP; we still have one link as
backup. When we have both up links to both ISPs, we may possibly do load balance or load share
between the two links.
There are some considerations to follow:
We are required to run BGP with both ISP (BGP Multihoming)
Usually on each link, we are required to have at least full T1/E1 circuit
Each BGP relationship with each ISP should ride over dispersed POP circuit
We are required to have Public AS (Autonomous System) number
We are required to have Public Subnet within the Public AS number (Redundant link Juniper,
2009)
Remember that with multiple ISP scenario, we still need to consider the basic physical connection
redundancy as with a single ISP scenario. This basic contains connection to different CO or different
backbone network. When both ISP terminate to the same backbone network, then we have a single
point of failure on the backbone network.
BGP is used when one ISP needs to communicate with different ISP and to whole Internet users.When we are planning to have redundancy connection over multiple ISP, we are considered as ISP
even though our network is not like one. This is why we need to run BGP with both ISP.
We need to have at least full T1/E1 circuit to each ISP
Redundancy involving BGP needs the "real" data network that is originally designed to carry
and support Internet data. Broadband connection such as cable Internet and DSL is most likely
considered the "extension" of existing non-data network. Cable Internet network is formerly designed
to broadcast TV programs. DSL network is originally designed for voice communication (POTS).
Neither network is designed originally to carry and support Internet data.
Although some ISP might be able to support BGP over DSL, the DSL technology used is most
likely SDSL instead of ADSL. Still, BGP over DSL is uncommon.
7/27/2019 Remote Access Network
23/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 23
On the other hand, T1/E1 circuit is originally designed to transmit and support Internet data;
including the BGP support. T1/E1 circuit falls under the similar "real" data network as other "larger
bandwidth" circuit technologies such as DS3, OC-x, ATM, and Gigabit Ethernet.
That is the reason why most ISP requires us to have T1/E1 circuit or larger to them to be able to
do BGP peering with them.
Each BGP relationship with each ISP run over different POP termination (Dispersed POP)
This is essentially following the same theory of dispersed POP for Multilink (bonded) circuit
concept. Note that BGP Multihoming is just a logical separation and redundancy, and does not
necessarily mean physical separation and redundancy. We can't really have a full redundancy without
having both physical and logical separation.
We need to have we own Public AS number
Once ISP runs BGP with different ISP, then each ISP needs its own Public AS number. This AS
number is used to distinguish between one ISP network and other ISP network.
Since we are considered as ISP when running BGP to multiple ISP, then we are also need to
have our own BGP AS number. When we don't have one yet, then one of the ISP can provide us one.
Keep in mind that we need to inform both ISP beforehand that we will run redundancy over
multiple ISP. This is to make sure that all parties involved understand what required setup to
implement. The key is to make sure that we would-be Public AS number will be recognized by all ISP
as valid Internet-routable Public AS number (or in other words, the Public AS number will be seen by
any ISP and the rest of the Internet users).
When we don't inform the ISP of we purpose and we are requesting AS number from one of the
ISP, the ISP might provide us Private AS number or AS number that is only seen by single ISP and
unknown to other ISP and the rest of the Internet users. (Thomas Akin, 2002)
7/27/2019 Remote Access Network
24/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 24
Installation
This guide presents a general idea and explains how to install, connect, and perform initial
configuration for the Cisco 1900 series Integrated Services Routers (ISRs).
This model of Cisco Router is modular router with LAN and WAN connections that can be
configured by means of exchangeable interface cards and internal service modules. The series currently
consists of the 1905, 1921, 1941, and 1941W (wireless) models. The 1941W is Wi-Fi CERTIFIED
and 802.11a/b/g/n-compliant. The modular design of the routers provides flexibility, allowing us to
configure usr router according to usr needs.
Chassis Views
Figure 1-1 Front Panel of the Cisco 1905, and Cisco 1921 Router
1 SYS 2 ACT
3 PoE
7/27/2019 Remote Access Network
25/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 25
Figure 1-2 Back Panel of the Cisco 1905 and Cisco 1921 Router (1921 shown)
1 EHWIC (HWIC, WIC, or VWIC) slots 0 and 1slot 0
(Right), slot 1 (Left), or double wide
2 EN (Enable RJ-45 console)
3 RJ-45 serial console port 4 AUX port
5 GE 0/1 6 GE 0/0
7 S (Speed) 8 L (Link)
9 USB portUSB 2.0 Type-A port 10 Kensington security slot
11 PoE 12 Ground connector
13 On/Off switch 14 Input power connection
15 Baud reset 16 USB serial portUSB 5-pin mini
USB Type-B
17 EN (Enable USB console) 18 Flash
7/27/2019 Remote Access Network
26/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 26
Port number 5 and 6 will be used as our LAN interface which is connected to LAN switched.
On the slot 1, Cisco High-Speed WAN Interface Card Expansion Module - 2 Ports (HWIC-2FE) will
be installed as WAN ports which are connected to two different ISPs via T1 and DSL routers.
Figure 1-3 1-Port T1/E1 HWIC Front Panel
1 RJ-48C connector 2 Port number
3 CD/LP LED (bicolor LED) 4 AL LED
Figure 1-4 ADSL and G.SHDSL WIC Front Panels
7/27/2019 Remote Access Network
27/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 27
There aresome basic
steps to get connectivity from routers as following:
Step 1: Enter the setup command facility
Router> enable
Password:
Router# setup
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]:
Step 2:Basic management setup configures only enough connectivity
Would you like to enter basic management setup? [yes/no]: yes
Step 3:Enter a hostname for the router (this example uses myrouter):
Configuring global parameters:
Enter host name [Router]: myrouter
Step 4:Enter an enable secret password. And Router Password
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco
Step 5: Select one of the available interfaces for connecting the router to the management network
Enter interface name used to connect to the
management network from the above interface summary: gigabitethernet0/1
Step 6: Respond to the following prompts as appropriate for your network(Cisco 1900 Series, 2011)Configuring interface GigabitEthernet0/1:
Configure IP on this interface? [yes]: yes
Table 1 ADSL WIC LEDs
LED Color Description
CD LED Green Lit when the unit is connected to the network and operating normally. On ADSL
interface cards only, this LED blinks while training with DSLAMs. Does not apply to
the WIC-1SHDSL-V2 or WIC-1SHDSL-V3 interface cards.
LP LED Yellow DSL interface is in loopback mode.
Off Normal operation.
OK LED Green Enabled when the card is detected by the router.
LINK
(CD)
LED
Green
and
Yellow
Green when cells or frames are passing between the host and the DSLAM. Yellow
when the T1E1 framer detects an alarm. Applies only to the WIC-1SHDSL-V2 and
WIC-1SHDSL-V3 interface cards.
7/27/2019 Remote Access Network
28/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 28
IP address for this interface [10.10.10.12]:
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
In order to have link failover and load balancing we can use different method. If we want the backup link
to have no traffic over it unless the primary link is down we may setup what Cisco used to call "dialup backup
using object tracking". Dialup is a misnomer. The technique uses a ping of a known destination to verify the
primary link functions. If a few pings fail then the routing is switched to the backup. The backup can be any link.
Both primary and backup are ethernet ports at the site we have this configured.
When pings start working again traffic is switched back. (NAT must be configured for both links)
We may also use OER to load balance over the links if we wish to use both at the same time. There are many
different options for configuring OER. We can configure to load balance based on bandwidth at some sites and
to fill the primary to 80% before using the backup at other sites.
7/27/2019 Remote Access Network
29/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 29
Security
The Cisco 1921 builds on the best-in-class offering of the Cisco 1841 Integrated Services Routers. All
Cisco 1900 Series Integrated Services Routers offer embedded hardware encryption acceleration, optional
firewall, intrusion prevention, and advanced security services. (Cisco 1921, 2011)
Figure 0-1 Embedded hardware Encryption
Embedded hardware encryption in comparing with software encryption is much faster and
reliable due to using encryption and decryption algorithm by using hardware resources directly.
7/27/2019 Remote Access Network
30/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 30
Figure 0-2 Intrusion prevention system framework
Source:http://www.asia-net.com.hk/solutions/intrusion_prevention.htm
Intrusion Prevention Systems (IPS), also identified as Intrusion Detection and Prevention
Systems (IDPS), are network security services that monitor network and/or system activities for
malicious activity. The main job ofintrusion prevention systems is to identify malicious activity, log
information about said activity, attempt to block/stop activity, and report activity.
IPSs are considered extensions of intrusion detection systems because they both monitor
network traffic and/or system behaviord for malicious activity. The main differences are, unlike
intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively
prevent/block intrusions that are detected. More exclusively, IPS can take such actions as sending an
http://www.asia-net.com.hk/solutions/intrusion_prevention.htmhttp://www.asia-net.com.hk/solutions/intrusion_prevention.htmhttp://www.asia-net.com.hk/solutions/intrusion_prevention.htmhttp://www.asia-net.com.hk/solutions/intrusion_prevention.htm7/27/2019 Remote Access Network
31/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 31
alarm, resetting the connection, dropping the malicious packets, and/or blocking the traffic from the
attacker IP address. An IPS can also correct CRC, unfragment packet flow, prevent TCP sequencing
issues, and clean up unwanted transport and network layer options.
7/27/2019 Remote Access Network
32/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 32
Conclusion
BigBoss Company needs to build a network that connects the main office and the branch office.
It will help the company to do day to day works. Some features that the company will be having are
VOIP, video conferencing, File transfer, Database, CCTV. The company can save cost by using VOIP
and video conferencing rather than use the traditional phone call. The company will make many calls
per day regards stockings and the cost of phone call can be very high. Furthermore it gives more
advantages that the company can make video conferencing that involves more users rather than one on
one conversation. The main idea of having all the features is to build a stable connection. The primary
link of the BigBoss network uses T1 that more stable and faster than the other options. The secondary
link uses IP sec. The implementation, maintenance and security are will be decisive to define the rate
of the network.
7/27/2019 Remote Access Network
33/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 33
References
Cisco 1900 Series, 2011, Available on
http://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.html ,
Access on 12th March 2011
Cisco 1921, 2011, Available on
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-
598389.html, Accessed on 13th March 2011
Thomas Akin, 2002, Hardening Cisco Routers, OReilly
Redundant link Juniper, 2009, Available on
http://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.html ,
Accessed on 15th March 2011
Ross, D, -, How Video Conferencing Security Works, Available on
http://communication.howstuffworks.com/how-video-conferencing-security-works.htm, Accessed on
12th
March 2011
Chiltern District Council, -, How Does CCTV Work, Available on
http://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3,
Accessed on 12th
March 2011
Red Hat Inc., -, How FTP works, Available on
http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.html, Accessed
on 13th
March 2011
Topbits, -, FTP, Available onhttp://www.tech-faq.com/ftp.html, Accessed on 13th
March 2011
http://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.htmlhttp://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.htmlhttp://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.htmlhttp://communication.howstuffworks.com/how-video-conferencing-security-works.htmhttp://communication.howstuffworks.com/how-video-conferencing-security-works.htmhttp://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3http://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.htmlhttp://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.htmlhttp://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3http://communication.howstuffworks.com/how-video-conferencing-security-works.htmhttp://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.html7/27/2019 Remote Access Network
34/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 34
Lemm, M, 2010, Available on : http://russbellew.com/broadband_t1_vs_dsl.aspx , Accessed on 12th
March 2011
Rucker, L, 2004, Available from:http://www.usavetelecom.com/who-benefits-t1-line.shtml, Accessed
on 13th
March 2011
http://www.usavetelecom.com/who-benefits-t1-line.shtmlhttp://www.usavetelecom.com/who-benefits-t1-line.shtmlhttp://www.usavetelecom.com/who-benefits-t1-line.shtmlhttp://www.usavetelecom.com/who-benefits-t1-line.shtml7/27/2019 Remote Access Network
35/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Remote Access Network Page 35
Appendices
Gant Chart
7/27/2019 Remote Access Network
36/36
March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Work Break Down
Part Name Student Full Name
User requirements Edwin Kusuma
Network design and configuration of primary link Shasi Rao
Network design and configuration of secondary link Ooi
Implementation Danial Doustarmoghaddam
Documentation All Members
Diagrams All Members
Top Related