WAN Network
CSU/DSU is a
device use in wan, CSU stand for channel service unit. DSU stand for data
service unit.
CSU/DSU is
use for avoiding local loop.
WAN
Technologies: leased line, circuit switching, and
packet switching.
- Leased line
technology: in this technology
two routers can connect purchased a dedicated line. i.e. E1, T2, T3. E1
line provides 2.048 mbps speed. T2 line provides 1.544 mbps speed. T3 line
provides 45 mbps speed. Advantage of leased line: always available. Disadvantage: it
is very expensive.
- Circuit switching technology: work on physical circuit same as telephone line. In circuit switching wireless modem and ISD are used. ISDN (integrated services digital network).
- Packet switching technology: work on virtual circuit, in this logical bandwidth is build. Same as road/highway which are divided logically.
- Permanent virtual circuit (PVC): same as leased line but it is not dedicated; frame relay is use in (PVC)
- Switch virtual circuit (SVC): same as ISDN, ATM is use in switch virtual circuit (SVC)
WAN
Protocols: HDLC
(high level data link control), PPP (Point to Point Protocol), Frame Relay.
HDLC: always use in leased line, data link
layer protocol. HDLC is CISCO proprietary protocol; provide no security (authentication).
To change
protocol: Router(config)# interface s0/0
Router(config-if)#
encapsulation PPP
PPP: Support multi vendors (CISCO,
Juniper etc), can work on lease line and circuit switching. PPP provide
security (authentication) for authentication two protocols are used.
- PAP (password authentication protocol): send user name and password in plain text form.
- CHAP (challenge handshake authentication): send user name and password in encrypted form.
PPP
consist of two ports:
LCP (link control protocol), NCP (network control protocol).
LCP perform
following task: connection establishment, compression, authentication, multi-link.
NCP allow
multiple routed protocols to send data.
PPP
configuration:
Router1(config)#
hostname Branch
Branch(config)#
enable secret CISCO
Branch(config)#
username Head password icne@123
Branch(config)#
interface serial 0/0
Branch(config-if)#
encapsulation PPP
Branch(config-if)#
ppp authentication pap/chap
Branch(config-if)#
ip address 10.0.0.1 255.0.0.0
Branch(config-if)#
no shutdown
Branch(config-if)#
clock rate 64000
Router2(config)#
hostname Head
Head(config)#
enable secret Microsoft
Head(config)#
user name Branch Password icne@123
Head(config)#
interface serial 0/0
Head(config-if)#
encapsulation ppp
Head(config-if)#
ip address 10.0.0.2 255.0.0.0
Head(config-if)#
no shutdown
Frame
Relay: Frame relay
is a packet switching technology, frame relay use a packet switching type
called PVC. Frame relay use a number called DLCI (Data link connection
identifier).
DLCI use to
identify PVC connection, in frame relay leased line but not dedicated.
Encapsulation: Frame relay (only use on CISCO
routers), IETF (Globally used).
LMI
(local management interface): through LMI packets are share between frame relay routers
and switches.
LMI
Types: CISCO LMI
(use only on CISCO routers)
ANSI LMI
(Globally used).
Frame
relay configuration
Router1(config)#
interface s0/0/0
Router1(config-if)#
no ip address
Router1(config-if)#
no shutdown
Router1(config-if)#
encapsulation frame-relay
Router1(config)#
interface s0/0/0.102 point-to-point
Router1(config-router1)# ip address 1.1.1.100 255.255.255.0
Router1(config-router)#
bandwith 64
Router1(config-router1)#
frame-relay interface-dlci 102
Router1(config-router1)#
frame-relay lmi-type cisco, ansi, q933a
(optional)
Router1(config)#
interface s0/0/0.103 point-to-point
Router1(config-router1)#
ip address 2.2.2.100 255.255.255.0
Router1(config-router1)#
bandwith 64
Router1(config-router1)#
frame-relay interface-dlci 103
Router1# show frame-relay lmi or show
frame-relay pvc or show frame-relay map
Router2(config)#
interface s0/0/0
Router2(config-if)#
encapsulation frame-relay
Router2(config-if)#
no ip address
Router2(config-if)#
no shutdown
Router2(config-if)# interface s0/0/0.201 point-to point
Router2(config-router2)#
ip address 1.1.1.1 255.255.255.0
Router2(config-router2)# bandwith 64
Router2(config-router2)#
frame-relay interface-dlci 201
Router3(config)#
interface s0/0/0
Router3(config-if)#
encapsulation frame-relay
Router3(config-if)#
no ip address
Router3(config-if)#
no shutdown
Router3(config-if)#
interface s0/0/0.301 point-to-point
Router3(config-router3)#
ip address 2.2.2.2 255.255.255.0
Router3(config-router3)#
bandwith 64
Router3(config-router3)#
frame-relay interface-dlci 301
Routing
on frame-relay:
Router2(config)#
router rip
Router2(config-router)#
network 1.1.1.0
Router3(config)#
router rip
Router3(config-router)#
network 2.2.2.0
Router1(config)#
router rip
Router1(config-router)#
network 1.1.1.0
Router1(config-router)#
network 2.2.2.0
Cloud
configuration:
Config >
serial1 > lmi (cisco) > dlci (201) > name (r2 to r1) > add.
Serial2 >
lmi (cisco) > dlci (301) > name (r3 to r1) > add.
Serial3 >
lmi (cisco) > dlci (102) > name (r1 to r3) > add.
Serial3 >
lmi (cisco) > dlci (103) > name (r1 to r3) > add.
Frame-relay
> select here their paths.
Using DNS
to resolve names:
Router(config)#
ip domain-lookup
Router(config)#
ip name-server 192.168.1.50
Router(config)#
ip domain-name corvit.com
Router# ping router2 or show processes
Backup
and Restore IOS:
Backup:
Router# show
version or show flash (remember the IOS name)
Router# copy flash tftp
Source file
name []? Give name of the IOS
Address or
name of remote host [] 10.0.0.100
Destination
file name [] any
Restore:
Router# copy tftp flash
Router# copy tftp startup-config
Router and
Switch configuration software: Hyper terminal, Teraterm (SSH), Secure CRT, Putty.
Switch(config)#
interface VLAN 1
Switch(config-if)#
ip address 1.1.1.1 255.0.0.0
Switch(config-if)#
no shutdown
And give
default gateway.
Banner
motd: banner is
message of the day.
Switch(config)# banner motd @don’t login to the router, if you are not
authorized@ > enter
Description:
Switch(config)#
interface f0/0
Switch(config-if)#
description This is IT department line
SSH
(Secure shell):
Switch(config)#
aaa new-mode
Switch(config)# username ali password corvit
Switch(config)# ip domain-name Kabul.com
Switch(config)#
crypto key generate rsa general-key modelus 1024
Switch(config)#
ssh version 2
Switch(config)#
line vty 0 4
Switch(config-line)#
transport input ssh telnet
Router# show ip arp
Cmd: route print , cmd: tracert –d
yahoo.com
To give
privilege exec mode permission to users:
Router(config)#
line vty 0 4
Router(config-line)#
login local
Router(config-line)#
transport input telnet
To give
permission to one user:
Router(config)#
username Ali privilege 15 password CISCO
Router# show run | include network
Router# dir all (shows all memories partitions and IOS).
IP OSPF
Authentication key:
Router1(config)# interface s0/0/1
Router1(config-if)#
ip ospf authentication
Router1(config-if)#
ip ospf authentication-key icne@123
Router1(config)#
service password-encryption
Router2(config)#
interface s0/0/0
Router2(config-if)#
ip ospf authentication
Router2(config-if)#
ip ospf authentication-key icne@123
Router2(config-if)#
service password-encryption
Note: we
must configure the authentication-key command on each port of router, to
authenticate. Now without authentication router can’t share its routing table
with neighbors.
Internet
and VPN (virtual private network):
Advantages: lower cost, security, scalability.
Data sends in tunnel by encrypted form, using public network as private
network.
Two types
of VPN: Site to Site
VPN, Remote access VPN.
Note: in
remote access VPN, user will install a software by name (CISCO easy VPN) or
secure socket layer (SSL) on his laptop.
Redundancy
FHRP Technologies:
HSRP
(Hot-standby redundancy protocol): CISCO introduced in 1994, hello timer 3 sec,
hold timer 10 sec.
Virtual load
balancing, Version1 mac(07:ac). Version2 mac(DC:9F).
If R1 wan
link were down how R2 know to become active? We will give a command to R1 to
decrement priority value. Ex: -20
The higher
priority router will be active and second router will be standby.
If R2 3hello
packets not received then R2 will be active.
Router1(config)#
interface f0/0
Router1(config-if)#
standby 1 ip 1.1.1.1 (1 is the group number it
will be same on both side)
Router2(config)#
interface f0/0
Router2(config-if)#
standby 1 ip 1.1.1.1
Router1# show standby brief (router1 changed status to active and router2 status changed to standby
mode.
Router1(config-if)#
standby preempt
To change
priority:
Router1(config-if)# standby 1 priority 130
Router1(config-if)#
standby version 2
When WAN
link were down:
Router1(config-if)#
standby 1 track s0/0 20
Router2(config-if)#
standby 1 preempt
GLBP
(Gateway load balancing protocol): CISCO introduced in 2005. AVG (Active virtual gateway), it
will reply to all ARP requests for the virtual ip addresses.
AVF(Active
virtual forwarder), if Router1 down, the AVF will active the next higher
priority router.
If all
routers have same priority, then the higher gateway address routers will be
AVG.
Router1(config)#
interface s0/0
Router1(config-if)#
ip address 20.20.20.2 255.255.255.0
Router1(config-if)#
no shutdown
Router1(config)#
interface f0/1
Router1(config-if)#
ip address 1.1.1.2 255.255.255.0
Router1(config-if)#
no shutdown
Router2(config)#
interface s0/0
Router2(config-if)#
ip address 30.30.30.3 255.255.255.0
Router2(config-if)#
no shutdown
Router2(config)#
interface f0/1
Router2(config-if)#
ip address 1.1.1.3 255.255.255.0
Router2(config-if)#
no shutdown
Router3(config)#
interface f0/1
Router3(config-if)#
ip address 1.1.1.4 255.255.255.0
Router3(config-if)#
no shutdown
Router1(config)#
interface f0/1
Router1(config-if)#
glbp 1 ip 1.1.1.1
Router2(config)#
interface f0/1
Router2(config-if)#
glbp 1 ip 1.1.1.1
Router3(config)#
interface f0/1
Router3(config-if)#
glbp 1 ip 1.1.1.1
Router3#
show glbp
Router(config-if)#
glbp 1 load-balancing weighted
Router(config-if)#
glbp 1 authentication md5 key-string cisco
Router(config-if)#
glbp 1 weighting 110 lower 80 upper 90
No comments:
Post a Comment