Connecting Networks v6 Companion Guide, 1st edition

Introduction xix

Chapter 1 WAN Concepts 1

Objectives 1

Key Terms 1

Introduction (1.0) 3

WAN Technologies Overview (1.1) 3

Purpose of WANs (1.1.1) 3

Why a WAN? (1.1.1.1) 3

Are WANs Necessary? (1.1.1.2) 4

WAN Topologies (1.1.1.3) 5

Evolving Networks (1.1.1.4) 8

Small Office (1.1.1.5) 8

Campus Network (1.1.1.6) 9

Branch Networks (1.1.1.7) 10

Distributed Network (1.1.1.8) 11

WAN Operations (1.1.2) 13

WANs in the OSI Model (1.1.2.1) 13

Common WAN Terminology (1.1.2.2) 14

WAN Devices (1.1.2.3) 16

Circuit Switching (1.1.2.4) 17

Packet Switching (1.1.2.5) 18

Selecting a WAN Technology (1.2) 20

WAN Services (1.2.1) 20

WAN Link Connection Options (1.2.1.1) 20

Service Provider Network Infrastructure (1.2.1.2) 21

Private WAN Infrastructures (1.2.2) 23

Leased Lines (1.2.2.1) 23

Dialup (1.2.2.2) 25

ISDN (1.2.2.3) 26

Frame Relay (1.2.2.4) 28

ATM (1.2.2.5) 29

Ethernet WAN (1.2.2.6) 30

MPLS (1.2.2.7) 32

VSAT (1.2.2.8) 32

Public WAN Infrastructure (1.2.3) 33

DSL (1.2.3.1) 34

Cable (1.2.3.2) 35

Wireless (1.2.3.3) 36

3G/4G Cellular (1.2.3.4) 37

VPN Technology (1.2.3.5) 38

Selecting WAN Services (1.2.4) 39

Choosing a WAN Link Connection (1.2.4.1) 40

Choosing a WAN Link Connection (Cont.) (1.2.4.2) 41

Summary (1.3) 43

Practice 44

Class Activities 44

Labs 44

Check Your Understanding Questions 44

Chapter 2 Point-to-Point Connections 49

Objectives 49

Key Terms 49

Introduction (2.0) 51

Serial Point-to-Point Overview (2.1) 51

Serial Communications (2.1.1) 52

Serial and Parallel Ports (2.1.1.1) 52

Point-to-Point Communication Links (2.1.1.2) 53

Serial Bandwidth (2.1.1.3) 54

HDLC Encapsulation (2.1.2) 56

WAN Encapsulation Protocols (2.1.2.1) 56

HDLC Encapsulation (2.1.2.2) 57

Configuring HDLC Encapsulation (2.1.2.3) 58

Troubleshooting a Serial Interface (2.1.2.4) 59

PPP Operation (2.2) 63

Benefits of PPP (2.2.1) 63

Introducing PPP (2.2.1.1) 64

Advantages of PPP (2.2.1.2) 65

LCP and NCP (2.2.2) 65

PPP-Layered Architecture (2.2.2.1) 65

PPP: Link Control Protocol (LCP) (2.2.2.2) 66

PPP: Network Control Protocol (NCP) (2.2.2.3) 66

PPP Frame Structure (2.2.2.4) 67

PPP Sessions (2.2.3) 68

Establishing a PPP Session (2.2.3.1) 68

LCP Operation (2.2.3.2) 69

PPP Configuration Options (2.2.3.3) 72

NCP Explained (2.2.3.4) 72

PPP Implementation (2.3) 74

Configure PPP (2.3.1) 74

PPP Configuration Options (2.3.1.1) 74

PPP Basic Configuration Command (2.3.1.2) 76

PPP Compression Commands (2.3.1.3) 76

PPP Link Quality Monitoring Command (2.3.1.4) 77

PPP Multilink Commands (2.3.1.5) 78

Verifying PPP Configuration (2.3.1.6) 81

Configure PPP Authentication (2.3.2) 82

PPP Authentication Protocols (2.3.2.1) 83

Password Authentication Protocol (PAP) (2.3.2.2) 83

Challenge Handshake Authentication Protocol (CHAP) (2.3.2.3) 85

PPP Authentication Command (2.3.2.4) 86

Configuring PPP with Authentication (2.3.2.5) 87

Troubleshoot WAN Connectivity (2.4) 89

Troubleshoot PPP (2.4.1) 89

Troubleshooting PPP Serial Encapsulation (2.4.1.1) 90

Debugging PPP (2.4.1.2) 91

Troubleshooting a PPP Configuration with Authentication (2.4.1.3) 94

Summary 96

Practice 97

Class Activities 97

Labs 97

Packet Tracer Activities 98

Check Your Understanding Questions 98

Chapter 3 Branch Connections 101

Objectives 101

Key Terms 101

Introduction (3.0) 103

Remote-Access Connections (3.1) 104

Broadband Connections (3.1.1) 104

What Is a Cable System? (3.1.1.1) 104

Cable Components (3.1.1.2) 105

What Is DSL? (3.1.1.3) 107

DSL Connections (3.1.1.4) 107

Wireless Connection (3.1.1.5) 109

Select a Broadband Connection (3.1.2) 112

Comparing Broadband Solutions (3.1.2.1) 112

PPPoE (3.2) 113

PPPoE Overview (3.2.1) 113

PPPoE Motivation (3.2.1.1) 113

PPPoE Concepts (3.2.1.2) 114

Implement PPPoE (3.2.2) 115

PPPoE Configuration (3.2.2.1) 115

PPPoE Verification (3.2.2.2) 116

PPPoE Troubleshooting (3.2.2.3) 118

PPPoE Negotiation (3.2.2.4) 118

PPPoE Authentication (3.2.2.5) 119

PPPoE MTU Size (3.2.2.6) 120

VPNs (3.3) 122

Fundamentals of VPNs (3.3.1) 122

Introducing VPNs (3.3.1.1) 123

Benefits of VPNs (3.3.1.2) 124

Types of VPNs (3.3.2) 125

Site-to-Site VPNs (3.3.2.1) 125

Remote-Access VPNs (3.3.2.2) 126

DMVPN (3.3.2.3) 127

GRE (3.4) 128

GRE Overview (3.4.1) 129

GRE Introduction (3.4.1.1) 129

GRE Characteristics (3.4.1.2) 130

Implement GRE (3.4.2) 131

Configure GRE (3.4.2.1) 131

Verify GRE (3.4.2.2) 133

Troubleshoot GRE (3.4.2.3) 134

eBGP (3.5) 136

BGP Overview (3.5.1) 136

IGP and EGP Routing Protocols (3.5.1.1) 137

eBGP and iBGP (3.5.1.2) 138

BGP Design Considerations (3.5.2) 139

When to Use BGP (3.5.2.1) 139

When Not to Use BGP (3.5.2.2) 140

BGP Options (3.5.2.3) 140

eBGP Branch Configuration (3.5.3) 142

Steps to Configure eBGP (3.5.3.1) 142

BGP Sample Configuration (3.5.3.2) 143

Verify eBGP (3.5.3.3) 145

Summary (3.6) 148

Practice 149

Check Your Understanding Questions 150

Chapter 4 Access Control Lists 155

Objectives 155

Key Terms 155

Introduction (4.0.1.1) 156

Standard ACL Operation and Configuration Review (4.1) 156

ACL Operation Overview (4.1.1) 156

ACLs and the Wildcard Mask (4.1.1.1) 156

Applying ACLs to an Interface (4.1.1.2) 158

A TCP Conversation (4.1.1.3) 159

ACL Packet Filtering (4.1.1.4) 160

Types of IPv4 ACLs (4.1.2) 162

Standard and Extended IPv4 ACLs (4.1.2.1) 162

Numbered and Named ACLs (4.1.2.2) 163

Where to Place ACLs (4.1.2.3) 163

Standard ACL Placement Example (4.1.2.4) 165

Extended ACL Placement Example (4.1.2.5) 166

Standard IPv4 ACL Implementation (4.1.3) 167

Configure a Standard IPv4 ACL (4.1.3.1) 167

Apply a Standard IPv4 ACL (4.1.3.2) 169

Standard Named IPv4 ACLs (4.1.3.3) 170

Verify ACLs (4.1.3.4) 171

Extended IPv4 ACLs (4.2) 173

Structure of an Extended IPv4 ACLs (4.2.1) 173

Extended ACLs (4.2.1.1) 173

Filtering Ports and Services (4.2.1.2) 173

Configure Extended IPv4 ACLs (4.2.2) 175

Configuring Extended ACLs (4.2.2.1) 175

Applying Extended ACLs to Interfaces (4.2.2.2) 177

Filtering Traffic with Extended ACLs (4.2.2.3) 178

Creating Extended Named ACLs (4.2.2.4) 180

Verifying Extended ACLs (4.2.2.5) 181

Editing Extended ACLs (4.2.2.6) 182

IPv6 ACLs (4.3) 184

IPv6 ACL Creation (4.3.1) 184

Types of IPv6 ACLs (4.3.1.1) 184

Comparing IPv4 and IPv6 ACLs (4.3.1.2) 185

Configuring IPv6 ACLs (4.3.2) 186

Configuring IPv6 Topology (4.3.2.1) 186

Configuring IPv6 ACLs (4.3.2.2) 188

Applying an IPv6 ACL to an Interface (4.3.2.3) 189

IPv6 ACL Examples (4.3.2.4) 190

Verifying IPv6 ACLs (4.3.2.5) 192

Troubleshoot ACLs (4.4) 194

Processing Packets with ACLs (4.4.1) 194

Inbound and Outbound ACL Logic (4.4.1.1) 194

ACL Logic Operations (4.4.1.2) 195

Standard ACL Decision Process (4.4.1.3) 196

Extended ACL Decision Process (4.4.1.4) 197

Common ACL Errors (4.4.2) 197

Troubleshooting IPv4 ACLs: Example 1 (4.4.2.1) 197

Troubleshooting IPv4 ACLs: Example 2 (4.4.2.2) 198

Troubleshooting IPv4 ACLs: Example 3 (4.4.2.3) 199

Troubleshooting IPv4 ACLs: Example 4 (4.4.2.4) 200

Troubleshooting IPv4 ACLs: Example 5 (4.4.2.5) 200

Troubleshooting IPv6 ACLs: Example 1 (4.4.2.6) 201

Troubleshooting IPv6 ACLs: Example 2 (4.4.2.7) 203

Troubleshooting IPv6 ACLs: Example 3 (4.4.2.8) 205

Summary (4.5) 208

Practice 209

Check Your Understanding Questions 210

Chapter 5 Network Security and Monitoring 215

Objectives 215

Key Terms 215

Introduction (5.0.1.1) 217

LAN Security (5.1) 217

LAN Security Attacks (5.1.1) 218

Common LAN Attacks (5.1.1.1) 218

CDP Reconnaissance Attack (5.1.1.2) 219

Telnet Attacks (5.1.1.3) 220

MAC Address Table Flooding Attack (5.1.1.4) 222

VLAN Attacks (5.1.1.5) 225

DHCP Attacks (5.1.1.6) 226

LAN Security Best Practices (5.1.2) 227

Secure the LAN (5.1.2.1) 227

Mitigate MAC Address Flooding Table Attacks (5.1.2.2) 228

Mitigate VLAN Attacks (5.1.2.3) 229

Mitigate DHCP Attacks (5.1.2.4) 230

Secure Administrative Access Using AAA (5.1.2.5) 231

Secure Device Access Using 802.1X (5.1.2.6) 233

SNMP (5.2) 234

SNMP Operation (5.2.1) 234

Introduction to SNMP (5.2.1.1) 235

SNMP Operation (5.2.1.2) 236

SNMP Agent Traps (5.2.1.3) 237

SNMP Versions (5.2.1.4) 238

Community Strings (5.2.1.5) 241

Management Information Base Object ID (5.2.1.6) 243

SNMPv3 (5.2.1.7) 246

Configuring SNMP (5.2.2) 248

Steps for Configuring SNMP (5.2.2.1) 248

Verifying SNMP Configuration (5.2.2.2) 249

SNMP Best Practices (5.2.2.3) 252

Steps for Configuring SNMPv3 (5.2.2.4) 254

Verifying SNMPv3 Configuration (5.2.2.5) 254

Cisco Switch Port Analyzer (5.3) 255

SPAN Overview (5.3.1) 256

Port Mirroring (5.3.1.1) 256

Analyzing Suspicious Traffic (5.3.1.2) 257

Local SPAN (5.3.1.3) 257

Remote SPAN (5.3.1.4) 259

SPAN Configuration (5.3.2) 260

Configuring Local SPAN (5.3.2.1) 260

Verifying Local SPAN (5.3.2.2) 261

SPAN as a Troubleshooting Tool (5.3.3) 262

Troubleshooting with SPAN Overview (5.3.3.1) 262

Summary (5.4) 264

Practice 264

Check Your Understanding Questions 265

Chapter 6 Quality of Service 269

Objectives 269

Key Terms 269

Introduction (6.0.1.1) 271

QoS Overview (6.1) 271

Network Transmission Quality (6.1.1) 271

Prioritizing Traffic (6.1.1.1) 271

Bandwidth, Congestion, Delay, and Jitter (6.1.1.2) 272

Packet Loss (6.1.1.3) 273

Traffic Characteristics (6.1.2) 275

Network Traffic Trends (6.1.2.1) 275

Voice (6.1.2.2) 276

Video (6.1.2.3) 276

Data (6.1.2.4) 277

Queueing Algorithms (6.1.3) 278

Queuing Overview (6.1.3.1) 279

First-In First-Out (FIFO) (6.1.3.2) 279

Weighted Fair Queuing (WFQ) (6.1.3.3) 280

Class-Based Weighted Fair Queuing (CBWFQ) (6.1.3.4) 281

Low Latency Queuing (LLQ) (6.1.3.5) 282

QoS Mechanisms (6.2) 283

QoS Models (6.2.1) 283

Selecting an Appropriate QoS Policy Model (6.2.1.1) 283

Best Effort (6.2.1.2) 284

Integrated Services (6.2.1.3) 285

Differentiated Services (6.2.1.4) 286

QoS Implementation Techniques (6.2.2) 288

Avoiding Packet Loss (6.2.2.1) 288

QoS Tools (6.2.2.2) 289

Classification and Marking (6.2.2.3) 290

Marking at Layer 2 (6.2.2.4) 291

Marking at Layer 3 (6.2.2.5) 292

Trust Boundaries (6.2.2.6) 295

Congestion Avoidance (6.2.2.7) 296

Shaping and Policing (6.2.2.8) 297

Summary (6.3) 299

Practice 300

Check Your Understanding Questions 300

Chapter 7 Network Evolution 303

Objectives 303

Key Terms 303

Introduction (7.0.1.1) 305

Internet of Things (7.1) 305

IoT Elements (7.1.1) 305

What Is the IoT? (7.1.1.1) 305

The Converged Network and Things (7.1.1.2) 305

Challenges to Connecting Things (7.1.1.3) 306

The Six Pillars of the Cisco IoT System (7.1.1.4) 307

IoT Pillars (7.1.2) 307

The Network Connectivity Pillar (7.1.2.1) 308

The Fog Computing Pillar (7.1.2.2) 308

The Security Pillar (7.1.2.3) 311

Data Analytics Pillar (7.1.2.4) 312

Management and Automation Pillar (7.1.2.5) 313

Application Enablement Platform Pillar (7.1.2.6) 313

Cloud and Virtualization (7.2) 314

Cloud Computing (7.2.1) 314

Cloud Overview (7.2.1.2) 314

Cloud Services (7.2.1.3) 315

Cloud Models (7.2.1.4) 315

Cloud Computing versus Data Center (7.2.1.5) 316

Virtualization (7.2.2) 317

Cloud Computing and Virtualization (7.2.2.1) 317

Dedicated Servers (7.2.2.2) 318

Server Virtualization (7.2.2.3) 319

Advantages of Virtualization (7.2.2.4) 320

Abstraction Layers (7.2.2.5) 321

Type 2 Hypervisors (7.2.2.6) 321

Virtual Network Infrastructure (7.2.3) 323

Type 1 Hypervisors (7.2.3.1) 323

Installing a VM on a Hypervisor (7.2.3.2) 324

Network Virtualization (7.2.3.3) 324

Network Programming (7.3) 326

Software-Defined Networking (7.3.1) 326

Control Plane and Data Plane (7.3.1.1) 326

Virtualizing the Network (7.3.1.2) 327

SDN Architecture (7.3.1.3) 329

Controllers (7.3.2) 331

SDN Controller and Operations (7.3.2.1) 331

Cisco Application Centric Infrastructure (7.3.2.2) 332

Core Components of ACI (7.3.2.3) 332

Spine-Leaf Topology (7.3.2.4) 333

SDN Types (7.3.2.5) 334

APIC-EM Features (7.3.2.6) 336

APIC-EM ACL Analysis (7.3.2.7) 337

Summary (7.4) 340

Practice 341

Check Your Understanding Questions 341

Chapter 8 Network Troubleshooting 347

Objectives 347

Key Terms 347

Introduction (8.0.1.1) 349

Troubleshooting Methodology (8.1) 349

Network Documentation (8.1.1) 349

Documenting the Network (8.1.1.1) 349

Network Topology Diagrams (8.1.1.2) 352

Establishing a Network Baseline (8.1.1.3) 355

Steps to Establish a Network Baseline (8.1.1.4) 355

Measuring Data (8.1.1.5)