TVET CERTIFICATE V in NETWORKING

IMPLEMENTING CONNECTIONS TO REMOTE SITE

NEWCR501 Implement connections to remote site

Credits: 7 Learning hours

Sector: ICT 70
Sub-sector: NETWORKING

Module Note Issue date: June, 2020

Purpose statement

This module is intended to the learner pursuing TVET certificate V in networking, at the end
of this module the learner will be able to Plan and Design Remote connectivity, Install,
Configure and Troubleshoot WAN and Document the work done, he or she will be able to
work.

Page 1 of 142
 Table of Contents
Elements of competence and performance criteria Page No.
Learning Unit Performance Criteria
1. Plan and Design Remote 1.1 Proper Analysis of network requirements for 3
connectivity the type of applications, traffic volume, traffic
pattern, redundancy and backup needed.
1.2 Proper analysis of Enterprise facilities and
existing WIFI &WIRED networks and sites for
technology used, location of hosts, servers,
terminals and others end nodes
1.3 Systematic identification of Security
requirements
1.4 Proper Selection of WAN technology,
hardware and software components to support
requirements based on existing technology.
1.5 Appropriate identification of tools, equipment
and materials used in Remote connection
1.6 Systematic design and interpretation of
network blueprint.
2. Install, Configure and 2.1 Proper Configuration and verification of serial 59
Troubleshoot WAN. WAN configuration
2.2 Proper Configuration and verification of WAN
protocols
2.3 Proper Configuration and verification of site
to site VPN
2.4 Proper Configuration and verification of an
ADSL connection
2.5 Proper Troubleshooting of WAN Network
2.6
3. Document of the work 3.1 Accurate documentation and submission of 138
done review process
3.2 Systematic Documentation of all logs issues
and action taken for future reference

Total Number of Pages: 142

Page 2 of 142
Learning Unit 1 –Plan and Design Remote connectivity

LO 1.1 – Analyze network requirements

● Content/Topic 1 : Description of Network architectures

1. Network architectures

Computer Network Architecture is defined as the physical and logical design of the
software, hardware, protocols, and media of the transmission of data. Simply we can say
that how computers are organized and how tasks are allocated to the computer.
1.1 The types of network architectures
 Peer-To-Peer network(P2P)
 Client/Server network
 Hybrid of client server and Peer-to-peer (P2P)
1. 1.1 Peer-to-Peer network Architecture
In a peer-to-peer network, tasks are allocated to every device on the network. Furthermore,
there is no real hierarchy in this network, all computers are considered equal and all have
the same abilities to use the resources available on this network. Instead of having a central
server which would act as the shared drive, each computer that connected to this network
would act as the server for the files stored on it.

Figure: Peer to Peer network architecture

Advantages Of Peer-To-Peer Network:

It is easy to install and so is the configuration of computers on this network,

All the resources and contents are shared by all the peers, unlike server-client
architecture where Server shares all the contents and resources.
P2P is more reliable as central dependency is eliminated. Failure of one peer doesn’t
affect the functioning of other peers. In case of Client –Server network, if server goes
down whole network gets affected.
There is no need for full-time System Administrator. Every user is the administrator
of his machine. User can control their shared resources.

Page 3 of 142
 The over-all cost of building and maintaining this type of network is comparatively
very less.

Disadvantages of Peer-To-Peer Network:

In this network, the whole system is decentralized thus it is difficult to administer.
That is one person cannot determine the whole accessibility setting of whole
network.
Security in this system is very less viruses, spywares, Trojans; etc malwares can easily
transmit over this P-2-P architecture.
Data recovery or backup is very difficult. Each computer should have its own back-
up system
Lot of movies, music and other copyrighted files are transferred using this type of
file transfer. P2P is the technology used in torrents.

1. 1.2 Client/Server Network

In client Server network, one or more computer work as servers and other computers work
as client. It is used to store data and programs to be shared among different computers in
the network. The server computers control the whole network. The client computer
requests a service from the server , the server computer provides service to client

Figure: Client/Server network

Advantages Of Client/Server network:

A Client/Server network contains the centralized system. Therefore we can back up
the data easily.
A Client/Server network has a dedicated server that improves the overall
performance of the whole system.
Security is better in Client/Server network as a single server administers the shared
resources.
It also increases the speed of the sharing resources.
Disadvantages Of Client/Server network:
Client/Server network is expensive as it requires the server with large memory.

Page 4 of 142
 A server has a Network Operating System (NOS) to provide the resources to the
clients, but the cost of NOS is very high.
It requires a dedicated network administrator to manage all the resources.

1. 1.3 Hybrid of client server and Peer-to-peer (P2P)

The hybrid network is the combination of client-server and peer to peer network.
Many network use mixture of both network networks. This network can provide the
advantage of both networks.

● Content/Topic 2 : Applications of Computer Networks

2. Network applications

Network application is application running on one host and provides a communication to

another application running on a different host.
A network application development is writing programs that run on different end systems
and communicate with each other over the network.

In the web application there are two different programs that communicate with each other.
 Browser program running in the user’s host
 Web server program running in the web server host.

Page 5 of 142
Examples of network applications:
2.1 E-mail
Short for electronic mail, email (or e-mail) is defined as the transmission of
messages over communications networks. Typically the messages are notes entered
from the keyboard or electronic files stored on disk. Most mainframes,
minicomputers, and computer networks have an email system.

Examples:
2.2 Web
The Web, or World Wide Web (W3), is basically a system of Internet servers that support
specially formatted documents. The documents are formatted in a markup language called
HTML (HyperText Markup Language) that supports links to other documents, as well as
graphics, audio, and video files.
A web page or webpage is a document, commonly written in HTML, that is viewed in an
Internet browser. A web page can be accessed by entering a URL address into a
browser's address bar. A web page may contain text, graphics, and hyperlinks to other web
pages and files.
A website refers to a central location that contains more than one web page. For example,
Computer Hope is considered a website, which includes thousands of different web pages,
including this web page you are reading now.

Page 6 of 142
 1. Instant messaging

(IM) technology is a type of online chat that offers real-time text transmission over the
Internet. A LAN messenger operates in a similar way over a local area network. Short
messages are typically transmitted between two parties, when each user chooses to
complete a thought and select "send"

Figure: application used in Instant messaging

2.3 Remote login

A remote login allows a user terminal to connect to a host computer via a network or direct
telecommunication link, and to interact with that host computer as if the user terminal were
directly connected to that host computer. Synonym remote logon.

Figure: remote login using TeamViewer.

2.4 P2P file sharing

The basic premise of peer-to-peer file-sharing networks is to allow people who want to
share files on their computer to freely connect with other persons of like mind without
having to know anything about how the network operates or anything about other
computers on the network. Every computer in a file-sharing network can be both a client

Page 7 of 142
and a server, and the methods for connecting them together into one huge network are all
handled by the file-sharing software

Figure: Applications used in p2p file sharing

2.5 Multi-user network games

Multi user games are games where you play online with other online gamers. For example
you can play your component online; you can be playing an opponent which is sitting on the
other side of the earth. The internet creates a server for all the gamers to come into and
play each other. You can play online games from your PC, PS3 and X Box because they can
be connected to internet and play online. Online games can range from simple text
based environments to games incorporating complex graphics and virtual worlds populated
by many players simultaneously.

Figure: Multi-user network games

2.6 Streaming stored video clips

Streaming means a user can listen (or watch) the file after the downloading has started. In
the first category, streaming stored audio/video, the files are compressed and stored on a
server. A client downloads the files through the Internet. This is sometimes referred to as
on-demand audio/video.
Streaming of videos involve, storing of pre-recorded videos on servers.

Page 8 of 142
  Users send request to those servers.

 Users may watch the video from the start till the end, and may pause it anytime, do
a forward or reverse skip, or stop the video whenever they want to do so.
2.7 Real-time video conference
Video conferencing is a visual communication session between two or more users
(participants) regardless of their location, featuring audio and video content transmission in
real time.

Figure: Participants are using video conference

Examples of applications used in video conferencing:
Zoom, Google Hangouts, Google Meet, GoToMeeting, Skype for Business, Cisco WebEx, etc
2.8 Social networking

Social networking is the use of Internet-based social media sites to stay connected with
friends, family, colleagues, customers, or clients. Social networking can have a social
purpose, a business purpose, or both, through sites such as Facebook, Twitter, LinkedIn, and
Instagram, among others.

Figure: Social networking application

Page 9 of 142
2.9 Massive parallel computing

Massively parallel is the term for using a large number of computer processors (or
separate computers) to simultaneously perform a set of coordinated computations
in parallel.
2.10 Internet telephone
Internet Telephony refers to all types of telephony services (including phone calls, fax,
voicemail, video calls and other forms of communication) where calls and data are sent
digitally over the Internet using the Internet Protocol (IP), rather than being transmitted
over traditional analogue landlines

● Content /Topic3: Description of network protocols

3.Network protocols
Network protocols are formal standards and policies made up of rules, procedures and
formats that define communication between two or more devices over a network.
3.1 Bluetooth protocol
Is a standardized protocol for sending and receiving data via a 2.4GHz wireless link. It's a
secure protocol, and it's perfect for short-range, low-power, low-cost, wireless
transmissions between electronic devices.
List of commonly used Bluetooth protocols
Protocol Abbreviation Benefit
Advanced Audio Distribution A2DP Audio streaming
Protocol
Audio/Video Remote Control AVRCP Control over music playback directly
Protocol from the stereo
Hands-free Profile HFP Hands-free calling through the stereo
Object Push Profile OPP Uploading of contact info to the
stereo
Phone Book Access Profile PBAP Access to contact list from the stereo

3.2 Fibre Channel Protocol (FCP)

The Fibre Channel Protocol (FCP) is one of the communication protocols designed to carry
serial SCSI-3 data over an optical fiber network. The throughput of a Fibre Channel
network can provide from 100 MB/s to 1.6 GB/s and the distance can be extended from 500
meters to 10 kilometers.
3.3 Internet Protocol Suite or TCP/IP model
The TCP/IP suite is a set of protocols used on computer networks today (most notably on
the Internet). It provides an end-to-end connectivity by specifying how data should be

Page 10 of 142
packetized, addressed, transmitted, routed and received on a TCP/IP network. This
functionality is organized into four abstraction layers and each protocol in the suite resides
in a particular layer.
The TCP/IP suite is named after its most important protocols, the Transmission Control
Protocol (TCP) and the Internet Protocol (IP). Some of the protocols included in the TCP/IP
suite are:
ARP (Address Resolution Protocol) – used to associate an IP address with a MAC
address.
IP (Internet Protocol) – used to deliver packets from the source host to the
destination host based on the IP addresses.
ICMP (Internet Control Message Protocol) – used to detects and reports network
error conditions. Used in ping.
TCP (Transmission Control Protocol) – a connection-oriented protocol that enables
reliable data transfer between two computers.
UDP (User Datagram Protocol) – a connectionless protocol for data transfer. Since a
session is not created before the data transfer, there is no guarantee of data
delivery.
FTP (File Transfer Protocol) – used for file transfers from one host to another.
Telnet (Telecommunications Network) – used to connect and issue commands on a
remote computer.
DNS (Domain Name System) – used for host names to the IP address resolution.
HTTP (Hypertext Transfer Protocol) – used to transfer files (text, graphic images,
sound, video, and other multimedia files) on the World Wide Web.
3.4 OSI Model

3.4.1 The Application Layer (Layer 7)

As mentioned above, the Application layer is the one that the user actually interacts with.
Whenever you’re interacting with an application on your computer you’re active on the
Application layer. For example, if you use Google Chrome or Skype then you’re interacting
with an application at Layer 7. This layer utilizes protocols like HTTP, Telnet, and FTP. In a
nutshell, this layer is focused on end-user processes and delivering of any application the
user wants to access.
3.4.2 The Presentation Layer (Layer 6)
The Presentation Layer or Layer 6 of the OSI model is designed to prepare and translate
data from the network format to the application format or vice versa. This layer determines
how data is presented for each of these entities in terms of syntax and structure. In many
cases, the Presentation Layer can be seen through the encryption and decryption of data.
Other examples include ASCII, TIFF, JPEG, GIF, ESBCDIC, PICT, JPEG, MPEG, and MIDI.

Page 11 of 142
3.4.3 The Session Layer (Layer 5)
Layer 5 of the OSI model is referred to as the Session Layer. The Session Layer is the layer
responsible for establishing, maintaining and ending connections between different
applications. This layer controls the terms on which applications interact with each other. A
key part of this is simple coordination, as the Session Layer will dictate how long a system
will wait for a response from another application. Typically you’ll see protocols such
as NetBIOS, NFS, RPC, and SQL operating on this layer.

3.4.4 The Transport Layer (Layer 4)

The Transport Layer is one of the most well-known OSI layers of the OSI model as it is the
layer responsible for transferring data between end systems and hosts. It dictates what gets
sent where, and how much of it gets sent. At this level, you see protocols
like TCP, UDP, and SPX. In the event that something goes wrong, the Transport Layer also
has the responsibility of end-to-end error recovery.

3.4.5 The Network Layer (Layer 3)

The Network Layer of the OSI model has the job of dealing with most of the routing within a
network. This layer deals with packet forwarding and sets the route that packets travel
through a network. In simpler terms, the Network Layer determines how a packet travels to
its destination. Protocols like TCP/IP, AppleTalk, and IPX operate at this layer.

3.4.5 The Data Link Layer (Layer 2)

At Layer 2 of the OSI model, you have the Data Link Layer. The Data Link Layer handles
node-to-node data transfers and can be divided into sub layers; The Media Access
Control (MAC) Layer and Logical Link Control (LLC) Layer. The MAC Layer determines how a
connected computer accesses data in terms of permissions. On the other hand, the LLC
layer controls elements like flow control, frame synchronization, and scans for errors.
Switches work at this layer.

3.4.6 The Physical Layer (Layer 1)

At Layer 1 we have the Physical Layer. The Physical Layer is the hardware layer of the OSI
model which includes network elements such as hubs, cables, ethernet, and repeaters. For
example, this layer is responsible for executing electrical signal changes like making lights

Page 12 of 142
light up. At this layer, you will encounter Ethernet, RS232, ATM, and FDDI. Most of the time
administrators use the Physical Layer to check that cables and devices are connected
correctly.
4. Routing protocols
The purpose of routing protocols is to learn of available routes that exist on the enterprise
network, build routing tables and make routing decisions. Some of the most common
routing protocols include RIP, IGRP, EIGRP, OSPF, IS-IS and BGP.
4.1 Three (3) mainly x different classes of routing protocols:
4.1.1 Distance Vector Routing Protocol – These protocols selects best path in the basis of
hop counts to reach a destination network in the particular direction. Dynamic protocol like
RIP is an example of distance vector routing protocol. Hop count is each router which occurs
in between the source and the destination network. The path with the least hop count will
be chosen as the best path.

Features –
 Updates of network are exchanged periodically.
 Updates (routing information) is always broadcast.
 Full routing tables are sent in updates.
 Routers always trust on routing information received from neighbor routers. This is
also known as routing on rumors.
Disadvantages –
 As the routing information are exchanged periodically, unnecessary traffic is

generated which consumes available bandwidth.

 As full routing tables are exchanged, therefore it has security issues. If an authorized
person enters the network, then the whole topology will be very easy to understand.
 Also broadcasting of network periodically creates unnecessary traffic.
4.1.2 Link State Routing Protocol – These protocols know more about the Internetwork
than any other distance vector routing protocol. These are also known as SPF (Shortest Path
First) protocol. OSPF is an example of link state routing protocol.
Features –
 Hello messages, also known as keep-alive messages are used for neighbor discovery
and recovery.

Page 13 of 142
  Concept of triggered updates is used i.e updates are triggered only when there is a
topology change.
 Only that much updates are exchanged which is requested by the neighbor router.

Link state routing protocol maintains three tables namely:

1) Neighbor table - the table which contains information about the neighbors of the
router only, i.e., to which adjacency has been formed.
2) Topology table- This table contains information about the whole topology i.e.
contains both best and backup routes to particular advertised network.
3) Routing table- This table contains all the best routes to the advertised network.
Advantages:
 As it maintains separate tables for both best route and the backup routes ( whole
topology) therefore it has more knowledge of the inter network than any other
distance vector routing protocol.
 Concept of triggered updates are used therefore no more unnecessary bandwidth
consumption is seen like in distance vector routing protocol.
 Partial updates are triggered when there is a topology change, not a full update like
distance vector routing protocol where whole routing table is exchanged.
4) Advanced Distance vector routing protocol
It is also known as hybrid routing protocol which uses the concept of both distance
vector and link state routing protocol. Enhanced Interior Gateway Routing Protocol
(EIGRP) is an example of this class if routing protocol. EIGRP acts as a link state routing
protocol as it uses the concept of Hello protocol for neighbor discovery and forming
adjacency. Also, partial updates are triggered when a change occurs. EIGRP acts as distance
vector routing protocol as it learned routes from directly connected neighbors.
5 Virtual Private Network (VPN)
VPN stands for Virtual Private Network (VPN) that allows a user to connect to a private
network over the Internet securely and privately. VPN creates an encrypted connection that
is called VPN tunnel and all Internet traffic and communication is passed through this secure
tunnel.

Page 14 of 142
5.1 Virtual Private Network (VPN) is basically of 2 types:

5.1.1 Remote Access VPN:

Remote Access VPN permits a user to connect to a private network and access all its services
and resources remotely. The connection between the user and the private network occurs
through the Internet and the connection is secure and private. Remote Access VPN is useful
for home users and business users both.
An employee of a company, while he/she is out of station, uses a VPN to connect to his/her
company’s private network and remotely access files and resources on the private network. Private
users or home users of VPN, primarily use VPN services to bypass regional restrictions on the
Internet and access blocked websites. Users aware of Internet security also use VPN services to
enhance their Internet security and privacy.

5.1.2 Site to Site VPN:

A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large
companies. Companies or organizations, with branch offices in different locations, use Site-to-site
VPN to connect the network of one office location to the network at another office location.
 Intranet based VPN: When several offices of the same company are connected using Site-to-
Site VPN type, it is called as Intranet based VPN.
 Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of
another company, it is called as Extranet based VPN.
Basically, Site-to-site VPN create a imaginary bridge between the networks at geographically distant
offices and connect them through the Internet and sustain a secure and private communication
between the networks. In Site-to-site VPN one router acts as a VPN Client and another router as a
VPN Server as it is based on Router-to-Router communication. When the authentication is validated
between the two routers only then the communication starts.

5.2 Types of Virtual Private Network (VPN) Protocols:

 Internet Protocol Security (IPSec):
Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP
network. IPSec secures Internet Protocol communication by verifying the session and encrypts
each data packet during the connection.
IPSec runs in 2 modes:
(i) Transport mode
(ii) Tunneling mode
The work of transport mode is to encrypt the message in the data packet and the tunneling
mode encrypts the whole data packet. IPSec can also be used with other security protocols
to improve the security system.
 Layer 2 Tunneling Protocol (L2TP):
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with
another VPN security protocol like IPSec to establish a highly secure VPN connection. L2TP

Page 15 of 142
 generates a tunnel between two L2TP connection points and IPSec protocol encrypts the
data and maintains secure communication between the tunnel.
 Point–to–Point Tunneling Protocol (PPTP):
PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet.
Point-to-Point Protocol (PPP) is used to encrypt the data between the connection. PPTP is
one of the most widely used VPN protocol and has been in use since the early release of
Windows. PPTP is also used on Mac and Linux apart from Windows.
 SSL and TLS:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection
where the web browser acts as the client and user access is prohibited to specific
applications instead of entire network. Online shopping websites commonly uses SSL and
TLS protocol. It is easy to switch to SSL by web browsers and with almost no action
required from the user as web browsers come integrated with SSL and TLS. SSL connections
have “https” in the initial of the URL instead of “http”.
 OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and
Site-to-Site connections. It uses a traditional security protocol based on SSL and TLS
protocol.
 Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and
also ensures that the tunnel is encrypted. SSH connections are generated by a SSH client
and data is transferred from a local port on to the remote server through the encrypted
tunnel.

6. DSL (Digital Subscriber Line) technology

DSL simply means “Digital Subscriber Line”, these are types of technology that run on
existing copper telephone wires. There are 6 main types of DSL, these include, HDSL, ADSL,
ADSL2, SDSL, VDSL, and VDSL2.
The types of DSL technologies
 HDSL
HDSL stands for “high-bit-rate digital subscriber line”, it used copper pairs and is a
symmetrical line. It’s one of the most popular and earliest forms of DSL. It can carry upload
speeds of up to 2.048mbps in Europe and up to 1.544mpbs in America.
 ADSL
ADSL stands for “Asymmetric digital subscriber line”, as the name suggests, it’s an
Asymmetrical line and uses existing coppers telephone wires. Asymmetrical means that the
download speed is faster than the download speed. Maximum upload speed for ADSL is
1.5Mbps and max download speed is 20Mbps.
ADSL (Asymmetric Digital Subscriber Line ) is a form of DSL, a data communications
technology that enables faster data transmission over copper telephone lines.
ADSL is capable of providing up to 50 Mbps, and supports voice, video and data.
What does ADSL mean
Asymmetric: The data can flow faster in one direction than the other. Data
transmission has faster downstream to the subscriber than upstream.

Page 16 of 142
 Digital: No type of communication is transferred in an analog method. All data is
purely digital, and only at the end, modulated to be carried over the line.
Subscriber Line: The data is carried over a single twisted pair copper loop to the
subscriber premises.
How Does ADSL Work?
Functional Elements
Use of Bandwidth
Channel Separation & POTS Splitter
Transmission Methods:
-Discrete Multi-tone Modulation (DMT)
-Quadrate Amplitude Modulation (QAM)
-Carrier less Amplitude/phase Modulation (CAP)
 ADSL2
ADSL2 stands for “Asymmetric digital subscriber line 2”, it is essentially the same as ADSL,
but can offer higher speeds. It consists of download speeds of 24Mbps and upload speeds of
8Mbps, this is depended on the provider, peak times, and contention ratio.
 SDSL
SDSL stands for “Symmetric Digital Subscriber Line”, again, like all DSL technologies, it uses
copper wires to delivers a symmetrical internet connection. Symmetrical meaning the
upload speed is the same as the download speed. The max speed you can achieve on this
line is 3Mbps up and down.
 VDSL
VDSL stands for “very-high-bit-rate digital subscriber line”, along with the HDSL, its one of
the most popular form of DSL due to the higher speed it can deliver. VSDL can reach speeds
of 52Mbps download and 16Mbps upload. It, again, uses copper telephone wires.
 VDSL2
VDSL2 stands for “very-high-bit-rate digital subscriber line 2″, it’s essentially the same as a
VDSL but can deliver higher speeds and like VDSL it also uses existing copper telephone
lines. VDSL2 allows speeds of up to 80Mbps, which is considerably more than it’s inferior
VDSL.

LO 1.2 –Analyze Enterprise facilities, existing WIFI &WIRED networks and

sites
● Content/Topic 1 Description of physical and logical network design:
1. Network design and analysis
Network design refers to the implementation of a computer network infrastructure. It is
done before the implementation of a network infrastructure.
Why do we need modern network design?
 Rise of new technologies

Page 17 of 142
  Traditional network boundaries have been removed
 Complexities of networks
 Reduce the time to develop and market products
What affect Network Design?

 Business drivers Return on investment, Regulation, Competitiveness

 Technology drivers Removal of borders, Virtualization, Growth of applications

1.1 Network Design Methodology

Step 1. Analyze Customer Requirements
Step 2. Characterize the Existing Network and Sites
Step 3. Design the Network Topology and Solutions
1.2 Analyze the Customer Requirements

Step 1. Identify network applications and services.

Step 2. Define the organizational goals.
Step 3. Define the possible organizational constraints.
Step 4. Define the technical goals
Step 5. Define the possible technical constraints.

Figure: steps of analyzing the Customer Requirements

Page 18 of 142
 1.3 Characterize the Existing Network and Sites

Step 1. Gather existing documentation and query the organization

Step 2. Perform a network audit
Step 3. Use traffic analysis
 Identifying Major Traffic Sources and Stores
 Characterizing Types of Traffic Flow for New Network Applications
 Characterizing Traffic Behavior
 Characterizing Quality of Service Requirements

1.4 Design the Network Topology and Solutions

Top-Down Network Design Steps

Network Design Steps

Phase 1&2 – Analyze Requirements

 Analyze business goals and constraints

-Revenue, profit, policy, politics, corporate structure
 Analyze users need

Page 19 of 142
  Analyze technical goals and tradeoffs
- No downtime, access data anywhere
 Characterize the existing network
 Characterize network traffic
Phase 2 – Logical Network Design
• Design a network topology
• Design models for addressing and naming
• Select switching and routing protocols
o Selecting Switching Protocols

 Selecting Switching Protocols VLANING, VLAN Trunking Protocols (ISL, Dot1q), inter-
VLAN Routing, VTP, STP, RSTP, PVST+, CEF
o Selecting Routing Protocols
 Characterizing Routing Protocols Distance-vector, link-state, or hybrid, Interior or
exterior, Classless or classful, Fixed-length or variable-length subnet masks (VLSM),
Flat or hierarchical, IPv4 or IPv6

• Develop network security strategies

• Develop network management strategies

Phase 3 – Physical Network Design

• Select technologies and devices for campus or enterprise network.
 Cabling Topologies and Types of Cable for Campus Networks
o Campus- and building-cabling topologies
o Cables between buildings
o Location of telecommunications closets
o Vertical cabling between floors
o Horizontal cabling within floors
o Criteria for Selecting Internetworking Devices
o Number of ports, Processing speed, Amount of memory, Throughput in
packets per second, LAN and WAN technologies supported, Media (cabling)
supported, Support for redundant power supplies, Support for QoS
features,…
 Selecting Technologies for Enterprise Networks
Remote-access technologies:

Page 20 of 142
  Point-to-Point Protocol (PPP)
 Cable modems
 Digital subscriber line (DSL)
Phase 4 – Testing, Optimizing, and Documenting the Network Design
• Test the network design
• Optimize the network design
• Document the network design
2. Wired and Wireless network technologies
In computing terminology, the term "wired" is used to differentiate between wireless connections
and those that involve cables, While wireless devices communicate over the air, a wired setup uses
physical cables to transfer data between different devices and computer systems.
2.1 Wired Technology
Wired technology is more associated with wired communication Wired communication refers to the
transmission of data over a wire based communication technology.
Examples include telephone networks, cable television or internet access, and fiber-optic
communication. Anything and everything you see around yourself having wires and uses electricity
to operate belongs to wired technology.

2.2 Wireless Technology

The term wireless refers to the communication of information over a distance, without requiring
wires, cables or electrical conductors.
Information is transmitted through air , without requiring any cables by using electro magnetic
waves like radio frequencies, infrared, satellite etc.

Page 21 of 142
2.2.1 Types of Wireless Communication
The different types of wireless communication mainly include, IR wireless communication,
satellite communication, broadcast radio, Microwave radio, Bluetooth, etc.
 Satellite Communication
A communications satellite is an artificial satellite that relays and amplifies radio
telecommunications signals via a transponder; it creates a communication channel between a source
transmitter and a receiver(s) at different locations on Earth.

 Infrared Communication
IR, or infrared, communication is a common, inexpensive, and easy to use
wireless communication technology. IR light is very similar to visible light, except that it has
a slightly longer wavelength. This means IR is undetectable to the human eye - perfect for
wireless communication.
 Broadcast Radio
Broadcast Radio is the distribution of audio content to a dispersed audience via any
electronic mass communications medium, but typically one using the electromagnetic
spectrum (radio waves), in a one-to-many model.

Page 22 of 142
  Microwave Communication
Microwave transmission is the transmission of information or energy by electromagnetic
waves whose wavelengths are measured in small numbers of centimeter; these are called
microwaves.
(low frequency ).

 Wi-Fi(Wireless Fidelity)

Wi-Fi is a low power wireless communication , that is used by various electronic devices like
smart phones, laptops, etc. In this setup, a router works as a communication hub wirelessly.

 Mobile Communication Systems

The advancement of mobile networks is enumerated by generations. Many users
communicate across a single frequency band through mobile phones. Cellular and cordless
phones are two examples of devices which make use of wireless signals.

 Content/Topic1: Identification of Networks devices and nodes

1. Networks devices
Network devices, or networking hardware, are physical devices that are required for communication
and interaction between hardware on a computer network.

 Routers
A network router is one kind of network device in a computer network and it is used for
routing traffic from one network to another. These two networks could be private to a
public company network.
 Bridge
A Bridge in the computer network is used to unite two or more network segments. The main
function of a bridge in network architecture is to store as well as transmit frames among the
various segments. Bridges use MAC (Media Access Control) hardware for transferring
frames.

 Repeater
The operating of a repeater can be done at the physical layer. The main function of this
device is to reproduce the signal on a similar network before the signal gets weak otherwise

Page 23 of 142
damaged. The significant point to be noted regarding these devices is that they do not
strengthen the signal. Whenever the signal gets weak, then they reproduce it at the actual
strength. A repeater is a two-port device.

 Gateway
Generally, a gateway performs at the session & transport layers in the OSI model. Gateways
offer conversion between networking technologies like OSI (Open System Interconnection)
& TCP/IP. Because of this, these are connected to two or many autonomous networks,
where each network has its own domain name service, routing algorithm, topology,
protocols, and procedures of network administration & policies.

Gateways execute all the functions of routers. Actually, a router with additional conversion
functionality is a gateway, so the conversion between various network technologies is
known as a protocol converter.

 Modem
A modem is the most important network device and it is used daily in our life. If we notice
the internet connection to homes was given with the help of a wire. then wire carries
internet data from one place to another. But, every computer gives digital or binary data in
the form of zeros & ones.

 Network Switch
Similar to a hub, this is also working at the layer in the LAN and a switch is more clever
compare with a hub. As the hub is used for data transferring, whereas a switch is used for

Page 24 of 142
filtering & forwarding the data. So this is the more clever technique to deal with the data
packets.

2. Network nodes
A node is any physical device within a network of other tools that’s able to send, receive, or
forward information. A personal computer is the most common node. It's called
the computer node or internet node.
Modems, switches, hubs, bridges, servers, and printers are also nodes, as are other devices
that connect over Wi-Fi or Ethernet.

LO 1.3 –: Identify Security requirements

● Content/Topic1: Identification of security Requirements for Remote Access
1. Requirements for Secure Remote Access
 Give users easy access to business resources from any location or device
 Find a solution to minimize your cost of ownership:
 Find a solution offering comprehensive and extensible endpoint analysis checks
 Find a vendor that can provide an integrated application delivery infrastructure
 Find a solution that supports granular authorization policies and true application-level
control
 Find a solution that overcomes the limitations of network access control
 Find a vendor with a staying power, a global reach and a strong vision

Page 25 of 142
LO 1.4 –Selection of WAN technology, hardware and software components
● Content/Topic 1 : Selection of WAN Technology
1. Selecting a WAN Technology
1.1 WAN Services
ISPs can use are several WAN access connection options to connect the local loop to the
enterprise edge. These WAN access options differ in technology, speed, and cost. Each has
distinct advantages and disadvantages. Familiarity with these technologies is an important
part of network design.
As shown in Figure below and described in the list that follows, an enterprise can get WAN
access in two ways.

Figure: WAN Access Options

 Private WAN infrastructure: Service providers may offer dedicated point-to-point

leased lines, circuit-switched links, such as PSTN or ISDN, and packet-switched links, such as
Ethernet WAN, ATM, or Frame Relay.
 Public WAN infrastructure: Service providers provide Internet access using
broadband services such as DSL, cable, and satellite access. Broadband connections are
typically used to connect small offices and telecommuting employees to a corporate site
over the Internet. Data traveling between corporate sites over the public WAN
infrastructure should be protected using VPNs.
Frame Relay systems are commonly being replaced by Ethernet WANs.

The topology in the figure below, illustrates some of these WAN access technologies.

Page 26 of 142
 Figure: WAN Access Technologies

When a WAN service provider receives data from a client at a site, it must forward the data
to the remote site for final delivery to the recipient. In some cases, the remote site may be
connected to the same service provider as the originating site. In other cases, the remote
site may be connected to a different ISP, and the originating ISP must pass the data to the
connecting ISP.
Long-range communications are usually those connections between ISPs, or between
branch offices in very large companies.
Service provider networks are complex. They consist mostly of high-bandwidth fiber-optic
media, using either the Synchronous Optical Networking (SONET) or Synchronous Digital
Hierarchy (SDH) standard. These standards define how to transfer multiple data, voice, and
video traffic over optical fiber using lasers or light-emitting diodes (LEDs) over great
distances.

SONET is an American-based ANSI standard, while SDH is a European-based ETSI and ITU
standard.

Both are essentially the same and, therefore, often listed as SONET/SDH.
A newer fiber-optic media development for long-range communications is called dense
wavelength division multiplexing (DWDM). DWDM multiplies the amount of bandwidth
that a single strand of fiber can support, as illustrated in the figure below.

Page 27 of 142
 Figure: DWDM

DWDM enables long-range communication in several ways:

 DWDM enables bidirectional (for example, two-way) communications over one

strand of fiber.
 It can multiplex more than 80 different channels of data (that is, wavelengths) onto a
single fiber.
 Each channel is capable of carrying a 10 Gb/s multiplexed signal.
 It assigns incoming optical signals to specific wavelengths of light (that is,
frequencies).
 It can amplify these wavelengths to boost the signal strength.
 It supports SONET and SDH standards.

DWDM circuits are used in all modern submarine communications cable systems and other
long-haul circuits, as illustrated in Figure below.

Figure: Service Provider Networks Use DWDM

Page 28 of 142
1.2 Private WAN Infrastructures

1.2.1 Leased Lines

When permanent dedicated connections are required, a point-to-point link is used to
provide a pre-established WAN communications path from the customer premises to the
provider network. Point-to-point lines are usually leased from a service provider and are
called leased lines.
Leased lines have existed since the early 1950s; for this reason, they are referred to by
different names such as leased circuits, serial link, serial line, point-to-point link, and T1/E1
or T3/E3 lines.
The term leased line refers to the fact that the organization pays a monthly lease fee to a
service provider to use the line. Leased lines are available in different capacities and are
generally priced based on the bandwidth required and the distance between the two
connected points.
In North America, service providers use the T-carrier system to define the digital
transmission capability of a serial copper media link, while Europe uses the E-carrier system,
For instance, a T1 link supports 1.544 Mb/s, an E1 supports 2.048 Mb/s, a T3 supports 43.7
Mb/s, and an E3 connection supports 34.368 Mb/s. Optical carrier (OC) transmission rates
are used to define the digital transmitting capacity of a fiber-optic network.

Figure: Sample Leased-Line Topology

Advantages/Disadvantages of Leased Lines

Advantages Disadvantages
Simplicity: Point-to-point communication Cost: Point-to-point links are generally the
links require minimal expertise to install most expensive type of WAN access. The cost
and maintain. of leased-line solutions can become significant
when they are used to connect many sites over

Page 29 of 142
 increasing distances. In addition, each endpoint
requires an interface on the router, which
increases equipment costs.
Quality: Point-to-point communication Limited flexibility: WAN traffic is often
links usually offer high service quality, if variable, and leased lines have a fixed capacity,
they have adequate bandwidth. The so the bandwidth of the line seldom matches
dedicated capacity removes latency or the need exactly. Any change to the leased line
jitter between the endpoints. generally requires a site visit by ISP personnel
to adjust capacity.
Availability: Constant availability is
essential for some applications, such as e-
commerce. Point-to-point communication
links provide permanent, dedicated
capacity, which is required for VoIP or
Video over IP.

1.2. 2 Dialup

Dialup WAN access may be required when no other WAN technology is available. For
example, a remote location could use modems and analog dialed telephone lines to provide
low capacity and dedicated switched connections. Dialup access is suitable when
intermittent, low-volume data transfers are needed.

Figure: Sample Dialup Topology

Traditional telephony uses a copper cable, called the local loop, to connect the telephone
handset in the subscriber premises to the CO. The signal on the local loop during a call is a

Page 30 of 142
continuously varying electronic signal that is a translation of the subscriber voice into an
analog signal.
Traditional local loops can transport binary computer data through the voice telephone
network using a dialup modem. The modem modulates the binary data into an analog signal
at the source and demodulates the analog signal to binary data at the destination. The
physical characteristics of the local loop and its connection to the PSTN limit the rate of the
signal to less than 56 kb/s.
For small businesses, these relatively low-speed dialup connections are adequate for the
exchange of sales figures, prices, routine reports, and email. Using automatic dialup at night
or on weekends for large file transfers and data backup can take advantage of lower off-
peak rates. These rates, often referred to as tariffs or toll charges, are based on the distance
between the endpoints, time of day, and the duration of the call.
The advantages of modem and analog lines are simplicity, availability, and low
implementation cost. The disadvantages are the low data rates and a relatively long
connection time. The dedicated circuit has little delay or jitter for point-to-point traffic, but
voice or video traffic does not operate adequately at these low bit rates.
Although very few enterprises support dialup access, it is still a viable solution for remote
areas with limited WAN access options.

1.2.3 ISDN
Integrated Services Digital Network (ISDN) is a circuit-switching technology that enables the
local loop of a PSTN to carry digital signals, resulting in higher capacity switched
connections.
ISDN changes the internal connections of the PSTN from carrying analog signals to time-
division multiplexed (TDM) digital signals. TDM allows two or more signals, or bit streams,
to be transferred as sub channels in one communication channel. The signals appear to
transfer simultaneously; but physically, the signals are taking turns on the channel.
The following figure displays a sample ISDN topology. The ISDN connection may require a
terminal adapter (TA), which is a device used to connect ISDN Basic Rate Interface
(BRI) connections to a router.

Figure: Sample ISDN Topology

The two types of ISDN interfaces are as follows:

Page 31 of 142
  Basic Rate Interface (BRI): ISDN BRI is intended for the home and small enterprise
and provides two 64 kb/s bearer channels (B) for carrying voice and data and a 16 kb/s
delta channel (D) for signaling, call setup, and other purposes. The BRI D channel is often
underused because it has only two B channels to control.

Figure: ISDN BRI

 Primary Rate Interface (PRI): ISDN is also available for larger installations. In North
America, PRI delivers 23 B channels with 64 kb/s and one D channel with 64 kb/s for a total
bit rate of up to 1.544 Mb/s. This includes some additional overhead for synchronization. In
Europe, Australia, and other parts of the world, ISDN PRI provides 30 B channels and one D
channel, for a total bit rate of up to 2.048 Mb/s, including synchronization overhead .

Figure: ISDN PRI

BRI has a call setup time that is less than a second, and the 64 kb/s B channel provides
greater capacity than an analog modem link. In comparison, the call setup time of a dialup
modem is approximately 30 or more seconds with a theoretical maximum of 56 kb/s. With
ISDN, if greater capacity is required, a second B channel can be activated to provide a total
of 128 kb/s. This permits several simultaneous voice conversations, a voice conversation
and data transfer, or a video conference using one channel for voice and the other for video.

Another common application of ISDN is to provide additional capacity as needed on a

leased-line connection. The leased line is sized to carry average traffic loads while ISDN is
added during peak demand periods. ISDN is also used as a backup if the leased line fails.
ISDN tariffs are based on a per-B channel basis and are similar to those of analog voice
connections.
With PRI ISDN, multiple B channels can be connected between two endpoints. This allows
for videoconferencing and high-bandwidth data connections with no latency or jitter.
However, multiple connections can be very expensive over long distances.

Page 32 of 142
Although ISDN is still an important technology for telephone service provider networks, it has
declined in popularity as an Internet connection option with the introduction of high-speed DSL and
other broadband services.

1.2.4 Frame Relay

Frame Relay is a simple Layer 2 non broadcast multi-access (NBMA) WAN technology used
to interconnect enterprise LANs. A single router interface can be used to connect to multiple
sites using permanent virtual circuits (PVCs). PVCs are used to carry both voice and data
traffic between a source and destination, and support data rates up to 4 Mb/s, with some
providers offering even higher rates.
An edge router requires only a single interface, even when multiple VCs are used. The
leased line to the Frame Relay network edge allows cost-effective connections between
widely scattered LANs.
Frame Relay creates PVCs, which are uniquely identified by a data-link connection identifier
(DLCI). The PVCs and DLCIs ensure bidirectional communication from one DTE device to
another.
For instance, in Figure below, R1 will use DLCI 102 to reach R2 while R2 will use DLCI 201 to
reach R1.

Figure: Sample Frame Relay Topology

1.2.5 ATM
Asynchronous Transfer Mode (ATM) technology is capable of transferring voice, video, and
data through private and public networks. It is built on a cell-based architecture rather than
on a frame-based architecture. ATM cells are always a fixed length of 53 bytes. The ATM cell
contains a 5-byte ATM header followed by 48 bytes of ATM payload. Small, fixed-length cells
are well suited for carrying voice and video traffic because this traffic is intolerant of delay.
Video and voice traffic do not have to wait for larger data packets to be transmitted, as
shown in the following figure.

Page 33 of 142
The 53-byte ATM cell is less efficient than the bigger frames and packets of Frame Relay.
Furthermore, the ATM cell has at least 5 bytes of overhead for each 48-byte payload. When
the cell is carrying segmented network layer packets, the overhead is higher because the
ATM switch must be able to reassemble the packets at the destination. A typical ATM line
needs almost 20 percent greater bandwidth than Frame Relay to carry the same volume of
network layer data.

Figure: Sample ATM Topology

ATM was designed to be extremely scalable and to support link speeds of T1/E1 to OC-12
(622 Mb/s) and faster.
As with other shared technologies, ATM allows multiple VCs on a single leased-line
connection to the network edge. ATM networks are now considered to be a legacy
technology.

1.2.6 Ethernet WAN

Ethernet was originally developed to be a LAN access technology. Originally, Ethernet was not
suitable as a WAN access technology because at that time, the maximum cable length was one
kilometer. However, newer Ethernet standards using fiber-optic cables have made Ethernet a
reasonable WAN access option. For instance, the IEEE 1000BASE-LX standard supports fiber-optic
cable lengths of 5 km, while the IEEE 1000BASE-ZX standard supports cable lengths up to 70 km.
Service providers now offer Ethernet WAN service using fiber-optic cabling. The Ethernet WAN
service can go by many names, including Metropolitan Ethernet (MetroE), Ethernet over MPLS
(EoMPLS), and Virtual Private LAN Service (VPLS). A sample Ethernet WAN topology is shown in the
following figure.

Page 34 of 142
 Figure: Sample Ethernet WAN Topology

An Ethernet WAN offers several benefits:

 Reduced expenses and administration: Ethernet WAN provides a switched, high-
bandwidth Layer 2 network capable of managing data, voice, and video all on the same
infrastructure. This characteristic increases bandwidth and eliminates expensive
conversions to other WAN technologies. The technology enables businesses to
inexpensively connect numerous sites in a metropolitan area, to each other, and to the
Internet.
 Easy integration with existing networks: Ethernet WAN connects easily to existing
Ethernet LANs, reducing installation costs and time.
 Enhanced business productivity: Ethernet WAN enables businesses to take
advantage of productivity-enhancing IP applications that are difficult to implement on TDM
or Frame Relay networks, such as hosted IP communications, VoIP, and streaming and
broadcast video.

Ethernet WANs have gained in popularity and are now commonly being used to replace the
traditional Frame Relay and ATM WAN links.
1.2.7 MPLS
Multiprotocol Label Switching (MPLS) is a multiprotocol high-performance WAN technology
that directs data from one router to the next. MPLS is based on short path labels rather than
IP network addresses.
MPLS has several defining characteristics. It is multiprotocol, meaning it has the ability to
carry any payload including IPv4, IPv6, Ethernet, ATM, DSL, and Frame Relay traffic. It uses
labels that tell a router what to do with a packet. The labels identify paths between distant
routers rather than endpoints, and while MPLS actually routes IPv4 and IPv6 packets,
everything else is switched.

Page 35 of 142
MPLS is a service provider technology. Leased lines deliver bits between sites, and Frame
Relay and Ethernet WAN deliver frames between sites. However, MPLS can deliver any type
of packet between sites. MPLS can encapsulate packets of various network protocols. It
supports a wide range of WAN technologies including T-carrier/E-carrier links, Carrier
Ethernet, ATM, Frame Relay, and DSL.
The sample topology in figure below , illustrates how MPLS is used. Notice that the different
sites can connect to the MPLS cloud using different access technologies.

Figure: Sample MPLS Topology

In the above figure, CE refers to the customer edge; PE is the provider edge router, which
adds and removes labels; and P is an internal provider router, which switches MPLS labeled
packets.

1.2.8 VSAT
All private WAN technologies discussed so far used either copper or fiber-optic media. What
if an organization needed connectivity in a remote location where no service providers offer
WAN service?
Very small aperture terminal (VSAT) is a solution that creates a private WAN using satellite
communications. A VSAT is a small satellite dish similar to those used for home Internet and
TV. VSATs create a private WAN while providing connectivity to remote locations.
Specifically, a router connects to a satellite dish that is pointed to a service provider’s
satellite. This satellite is in geosynchronous orbit in space. The signals must travel
approximately 35,786 kilometers (22,236 miles) to the satellite and back.

The example in the figure below, displays a VSAT dish on the roofs of the buildings
communicating with a satellite thousands of kilometers away in space.

Page 36 of 142
 Figure: Sample VSAT Topology

1.3 Public WAN Infrastructure

1.3.1 DSL

DSL technology is an always-on connection technology that uses existing twisted-pair

telephone lines to transport high-bandwidth data, and provides IP services to subscribers.
A DSL modem converts an Ethernet signal from the user device to a DSL signal, which is
transmitted to the central office.
Multiple DSL subscriber lines are multiplexed into a single, high-capacity link using a DSL
access multiplexer (DSLAM) at the provider location referred to as the point of presence
(POP). DSLAMs incorporate TDM technology to aggregate many subscriber lines into a single
medium, generally a T3 connection. Current DSL technologies use sophisticated coding and
modulation techniques to achieve fast data rates.
There is a wide variety of DSL types, standards, and emerging standards. DSL is now a
popular choice for enterprise IT departments to support home workers. Generally, a
subscriber cannot choose to connect to an enterprise network directly but must first
connect to an ISP, and then an IP connection is made through the Internet to the enterprise.
Security risks are incurred in this process but can be mediated with security measures.

Page 37 of 142
The topology in Figure below, displays a sample DSL WAN connection.

Figure: Sample DSL Topology

1.3.2 Cable
Coaxial cable is widely used in urban areas to distribute television signals. Network access is
available from many cable television providers. This access allows for greater bandwidth
than the conventional telephone local loop.
Cable modems (CMs): provide an always-on connection and a simple installation. A
subscriber connects a computer or LAN router to the cable modem, which translates the
digital signals into the broadband frequencies used for transmitting on a cable television
network. The local cable TV office, which is called the cable headend, contains the computer
system and databases needed to provide Internet access. The most important component
located at the headend is the cable modem termination system (CMTS), which sends and
receives digital cable modem signals on a cable network and is necessary for providing
Internet services to cable subscribers.
Cable modem subscribers must use the ISP associated with the service provider. All the local
subscribers share the same cable bandwidth. As more users join the service, available
bandwidth may drop below the expected rate.

Page 38 of 142
The topology in the figure below, displays a sample cable WAN connection.

Figure: Sample Cable Topology

1.3.3 Wireless
Wireless technology uses the unlicensed radio spectrum to send and receive data. The
unlicensed spectrum is accessible to anyone who has a wireless router and wireless
technology in the device he or she is using.
Until recently, one limitation of wireless access has been the need to be within the local
transmission range (typically less than 100 feet) of a wireless router or a wireless modem
that has a wired connection to the Internet. The following new developments in broadband
wireless technology are changing this situation:
 Municipal Wi-Fi: Many cities have begun setting up municipal wireless networks.
Some of these networks provide high-speed Internet access for free or for substantially less
than the price of other broadband services. Others are for city use only, allowing police and
fire departments and other city employees to do certain aspects of their jobs remotely. To
connect to a municipal Wi-Fi, a subscriber typically needs a wireless modem, which
provides a stronger radio and directional antenna than conventional wireless adapters.
Most service providers provide the necessary equipment for free or for a fee, much like
they do with DSL or cable modems.
 WiMAX: Worldwide Interoperability for Microwave Access (WiMAX) is a new
technology that is just beginning to come into use. It is described in the IEEE standard

Page 39 of 142
802.16. WiMAX provides high-speed broadband service with wireless access and provides
broad coverage like a cell phone network rather than through small Wi-Fi hotspots. WiMAX
operates in a similar way to Wi-Fi, but at higher speeds, over greater distances, and for a
greater number of users. It uses a network of WiMAX towers that are similar to cell phone
towers. To access a WiMAX network, subscribers must subscribe to an ISP with a WiMAX
tower within 30 miles of their location. They also need some type of WiMAX receiver and a
special encryption code to get access to the base station.
 Satellite Internet: Typically, rural users use this type of technology where cable and
DSL are not available. A VSAT provides two-way (upload and download) data
communications. The upload speed is about one-tenth of the 500 kb/s download speed.
Cable and DSL have higher download speeds, but satellite systems are about 10 times
faster than an analog modem. To access satellite Internet services, subscribers need a
satellite dish, two modems (uplink and downlink), and coaxial cables between the dish and
the modem.

Figure: Sample Wireless Topology

1.3.4 3G/4G Cellular

Increasingly, cellular service is another wireless WAN technology being used to connect
users and remote locations where no other WAN access technology is available, as shown in
the figure below. Many users with smart phones and tablets can use cellular data to email,
surf the web, download apps, and watch videos.

Page 40 of 142
 Figure: Sample Cellular Topology
Phones, tablet computers, laptops, and even some routers can communicate through to the
Internet using cellular technology. These devices use radio waves to communicate through a
nearby mobile phone tower. The device has a small radio antenna, and the provider has a
much larger antenna sitting at the top of a tower somewhere within miles of the phone.

These are two common cellular industry terms:

 3G/4G Wireless: Abbreviation for third-generation and fourth-generation cellular
access. These technologies support wireless Internet access.
 Long-Term Evolution (LTE): Refers to a newer and faster technology and is considered to
be part of fourth-generation (4G) technology.

1.3.5 VPN Technology

Security risks are incurred when a teleworker or a remote office worker uses a broadband
service to access the corporate WAN over the Internet. To address security concerns,
broadband services provide capabilities for using VPN connections to a network device that
accepts VPN connections, which are typically located at the corporate site.
A VPN is an encrypted connection between private networks over a public network, such as
the Internet. Instead of using a dedicated Layer 2 connection, such as a leased line, a VPN
uses virtual connections called VPN tunnels, which are routed through the Internet from the
private network of the company to the remote site or employee host.

Using VPN offers several benefits:

 Cost savings: VPNs enable organizations to use the global Internet to connect
remote offices, and to connect remote users to the main corporate site. This eliminates
expensive, dedicated WAN links and modem banks.

 Security: VPNs provide the highest level of security by using advanced encryption
and authentication protocols that protect data from unauthorized access.

 Scalability: Because VPNs use the Internet infrastructure within ISPs and devices, it is
easy to add new users. Corporations are able to add large amounts of capacity without
adding significant infrastructure.

 Compatibility with broadband technology: VPN technology is supported by

broadband service providers such as DSL and cable. VPNs allow mobile workers and
Page 41 of 142
telecommuters to take advantage of their home high-speed Internet service to access their
corporate networks. Business-grade, high-speed broadband connections can also provide a
cost-effective solution for connecting remote offices.

There are two types of VPN access:

 Site-to-site VPNs: Site-to-site VPNs connect entire networks to each other; for
example, they can connect a branch office network to a company headquarters network, as
shown in the below figure, Each site is equipped with a VPN gateway, such as a router,
firewall, VPN concentrator, or security appliance. In the below figure, a remote branch
office uses a site-to-site-VPN to connect with the corporate head office.

Figure: Sample Site-to-Site VPN Topology

 Remote-access VPNs: Remote-access VPNs enable individual hosts, such as

telecommuters, mobile users, and extranet consumers, to access a company network
securely over the Internet. Each host (Teleworker 1 and Teleworker 2) typically has VPN
client software loaded or uses a web-based client, as shown in figure below.

Page 42 of 142
 Figure: Sample Remote-Access VPN Topology

1.4 Selecting WAN Services

1.4.1 Choosing a WAN Link Connection

There are many important factors to consider when choosing an appropriate WAN
connection. For a network administrator to decide which WAN technology best meets the
requirements of a specific business, he or she must answer the following questions:
What is the purpose of the WAN?
There are a few issues to consider:
 Will the enterprise connect local branches in the same city area, connect remote branches,
or connect to a single branch?
 Will the WAN be used to connect internal employees, or external business partners and
customers, or all three?
 Will the enterprise connect to customers, connect to business partners, connect to
employees, or some combination of these?
 Will the WAN provide authorized users limited or full access to the company intranet?
What is the geographic scope?
There are a few issues to consider:

 Is the WAN local, regional, or global?

 Is the WAN one-to-one (single branch), one-to-many branches, or many-to-many
(distributed)?

What are the traffic requirements?

There are a few issues to consider:

 What type of traffic must be supported (data only, VoIP, video, large files, streaming
files)? This determines the quality and performance requirements.
 What volume of traffic type (voice, video, or data) must be supported for each
destination? This determines the bandwidth capacity required for the WAN connection to
the ISP.

Page 43 of 142
  What Quality of Service is required? This may limit the choices. If the traffic is highly
sensitive to latency and jitter, eliminate any WAN connection options that cannot provide
the required quality.
 What are the security requirements (data integrity, confidentiality, and security)?
These are important factors if the traffic is of a highly confidential nature, or if it provides
essential services, such as emergency response.

1.4.2 Choosing a WAN Link Connection

In addition to gathering information about the scope of the WAN, the administrator must
also determine the following:
 Should the WAN use a private or public infrastructure? A private infrastructure
offers the best security and confidentiality, whereas the public Internet infrastructure
offers the most flexibility and lowest ongoing expense. The choice depends on the purpose
of the WAN, the types of traffic it carries, and available operating budget. For example, if
the purpose is to provide a nearby branch with high-speed secure services, a private
dedicated or switched connection may be best. If the purpose is to connect many remote
offices, a public WAN using the Internet may be the best choice. For distributed operations,
a combination of options may be the solution.
 For a private WAN, should it be dedicated or switched? Real-time, high-volume
transactions have special requirements that could favor a dedicated line, such as traffic
flowing between the data center and the corporate head office. If the enterprise is
connecting to a local single branch, a dedicated leased line could be used. However, that
option would become very expensive for a WAN connecting multiple offices. In that case, a
switched connection might be better.
 For a public WAN, what type of VPN access is required? If the purpose of the WAN
is to connect a remote office, a site-to-site VPN may be the best choice. To connect
teleworkers or customers, remote-access VPNs are a better option. If the WAN is serving a
mixture of remote offices, teleworkers, and authorized customers, such as a global
company with distributed operations, a combination of VPN options may be required.

 Which connection options are available locally? In some areas, not all WAN
connection options are available. In this case, the selection process is simplified, although
the resulting WAN may provide less than optimal performance. For example, in a rural or
remote area, the only option may be VSAT or cellular access.

What is the cost of the available connection options? Depending on the option chosen, the
WAN can be a significant ongoing expense. The cost of a particular option must be weighed
against how well it meets the other requirements. For example, a dedicated leased line is
the most expensive option, but the expense may be justified if it is critical to ensure secure
transmission of high volumes of real-time data. For less demanding applications, a less
expensive switched or Internet connection option may be more suitable.

Page 44 of 142
Using the preceding guidelines, as well as those described by the Cisco Enterprise
Architecture, a network administrator should be able to choose an appropriate WAN
connection to meet the requirements of different business scenarios.

● Content/Topic 2 : Selection of WAN hardware components and communication tools

1. WAN hardware components

 Dialup modem: Voice band modems are considered to be a legacy WAN technology.
A voice band modem modulates (that is, converts) the digital signals produced by a
computer into voice frequencies. These frequencies are then transmitted over the analog
lines of the public telephone network. On the other side of the connection, another
modem demodulates the sounds back into a digital signal for input to a computer or
network connection.
 Access server: This server controls and coordinates dialup modem, dial-in, and dial-
out user communications. Considered to be a legacy technology, an access server may have
a mixture of analog and digital interfaces and support hundreds of simultaneous users.

 Broadband modem: This type of digital modem is used with high-speed DSL or cable
Internet service. Both operate in a similar manner to the voiceband modem but use higher
broadband frequencies to achieve higher transmission speeds.

 Channel service unit/data service unit (CSU/DSU): Digital leased lines require a CSU
and a DSU. A CSU/DSU can be a separate device like a modem, or it can be an interface on
a router. The CSU provides termination for the digital signal and ensures connection
integrity through error correction and line monitoring. The DSU converts the line frames
into frames that the LAN can interpret and vice versa.

 WAN switch: This multiport internetworking device is used in service provider

networks. These devices typically switch traffic, such as Frame Relay or ATM, and
operate at Layer 2.

 Router: This device provides internetworking and WAN access interface ports that
are used to connect to the service provider network. These interfaces may be serial
connections, Ethernet, or other WAN interfaces. With some types of WAN interfaces,
an external device, such as a DSU/CSU or modem (analog, cable, or DSL), is required
to connect the router to the local service provider.

 Core router/Multilayer switch: This router or multilayer switch resides within the
middle or backbone of the WAN, rather than at its periphery. To fulfill this role, a
router or multilayer switch must be able to support multiple telecommunications
interfaces of the highest speed used in the WAN core. It must also be able to forward
IP packets at full speed on all of those interfaces. The router or multilayer switch
must also support the routing protocols being used in the core.

Page 45 of 142
 Figure: Common WAN Devices
The preceding list is not exhaustive, and other devices may be required, depending on the
WAN access technology chosen.

2. Intranet and Extranet

VPNs maintain the same security and management policies as a private network. They are
the most cost effective method of establishing a virtual point-to-point connection between
remote users and an enterprise customer's network. There are three main types of VPNs.
 Access VPNs—Provide remote access to an enterprise customer's intranet or
extranet over a shared infrastructure. Access VPNs use analog, dial, ISDN, digital subscriber
line (DSL), mobile IP, and cable technologies to securely connect mobile users,
telecommuters, and branch offices.
 Intranet VPNs—Link enterprise customer headquarters, remote offices, and
branch offices to an internal network over a shared infrastructure using dedicated
connections. Intranet VPNs differ from extranet VPNs in that they allow access only to the
enterprise customer's employees.
 Extranet VPNs—Link outside customers, suppliers, partners, or communities
of interest to an enterprise customer's network over a shared infrastructure using
dedicated connections. Extranet VPNs differ from intranet VPNs in that they allow access to
users outside the enterprise.
3. Communication tools can include:
 Smart phones: These communication devices boast cutting-edge features, such as
GPS navigation, voice-activated virtual assistants, predictive typing and video calling.
Users can download apps that further enhance their mobile experience. They can scan

Page 46 of 142
QR codes with their smartphones, pay their bills on the go and check the stock market in
real time.

 Laptops: Today, these communication tools are used mostly for work.However,
laptops have some advantages over smart phones and tablets. Let's take software
development. Even though you can design an app or a website on your tablet, it's easier
to do in on a laptop or desktop computer.
If you're a blogger or copywriter, doing your work on a tablet can be difficult. The small
screen may cause eyestrain and affect your productivity. Additionally, laptops have a
larger storage capacity compared to smart phones and tablets, letting you save large files
and access them with ease.

 Tablets: They're portable and have all the functionalities of a smartphone and
more.If you're a business owner, it's important to target customers across all devices and
channels. Your website needs to be responsive and provide a seamless mobile
experience. The same goes for your advertising campaigns, which need to be customized
for each device so you can target the right audience in the right context.
 VOIP/Internet telephony: Nowadays, more and more organizations are carrying
voice communications over the internet. They use Skype and other platforms to interview
potential employees, hold video conferences and make international calls. These
communication modes are cheaper and more convenient than traditional phone services.
VoIP (Voice over Internet Protocol), has emerged as one of the most popular
communication tools worldwide. Small businesses can save as much as 75 percent on local
calls by switching to VoIP. Higher productivity, greater flexibility and more efficient
message management are just a few of the benefits linked to this service.
 Intranet: An intranet is a private network that can be accessed by authorized users
within an organization. Companies use an intranet to streamline communication between
employees, share documents and keep them up-to-date with the latest industry news.
This technology ensures everyone is on the same page, allowing for more efficient
collaboration.
 Social networks and forums: Social media is widely used by individuals and
corporations worldwide. It has the power to drive business decisions, increase brand
awareness and connect customers with their favourite brands. It's also one of the most
important communication tools, making it easier for brands to reach their target
audience and get their message across.

Companies can harness the power of social media to strengthen their online presence and
improve customer experience. For example, customers leave valuable feedback on your
Facebook business page. Here you can address their concerns and get better insights into
your audience.

Page 47 of 142
Forums can be a valuable communication tool. As a business owner, you can use these
platforms to learn more about your customers' needs and wants. You can also reply to
their questions, recommend products and find ideas for your marketing campaigns.

These are just a few of many communication tools available today. Messenger apps, chat
bots, email, internal blogs and tracking software are also useful and often essential
communication tools. Businesses can leverage modern technology to attract and engage
customers, address their inquiries and deliver a superior experience across all devices.

LO 1.5– Appropriate identification of tools, equipment and materials used in

Remote connection
● Content/Topic 1 : identification of Remote connection tools
1. Remote connection tools
1.1 Telnet
Telnet is a network protocol that allows a user to communicate with a remote device.
protocol used mostly by network administrators to remotely access and manage devices.
Administrator can access the device by telnetting to the IP address or hostname of a remote
device.
To use telnet, you must have a software (Telnet client) installed. On a remote device, a
Telnet server must be installed and running. Telnet uses the TCP port 23 by default.
On Windows, you can start a Telnet session by typing the telnet IP_ADDRESS or
HOSTNAME command:

Steps

1.2 SSH (Secure Shell)

Like Telnet, a user accessing a remote device must have an SSH client installed. On a remote
device, an SSH server must be installed and running. SSH uses the TCP port 22 by default.
Here is an example of creating an SSH session using Putty, a free SSH client:

Page 48 of 142
1.3 Remote desktop tools

Remote Desktop Software is a tool that uses Virtual Network Computing (VNC) to allow one
computer to remotely access and control another computer over an internet/network connection.

1.3.1 TeamViewer

Available in premium and free versions, TeamViewer is quite an impressive online collaboration tool
used for virtual meetings and sharing presentations. It brings features like full-time access to the
remote computers and servers, plus online meetings with support for up to 25 participants, and
many other useful features. Also, the setup is incredibly easy and user friendly. If you’re a
businessperson planning to conduct online meetings or training sessions, TeamViewer can be a good
option.

1.3.2 Splashtop

Page 49 of 142
With more than 15 million users across the globe, Splashtop is another one of our best
remote desktop tools. What makes this remote tool different from the rest is its amazing
screen refresh rate and audio/video streaming capabilities. If you’re associated with the
education industry, there is a special version that can bring your classroom alive, and there
are other separate options for personal, business and enterprise use.
1.3.3. Chrome Remote Desktop

Chrome Remote Desktop is a cloud-based solution that offers all the essential features
required to control a desktop remotely. On top of that, you can use this free remote
desktop solution from either desktop or mobile devices.

1.3.4 TightVNC

Page 50 of 142
VNC, or Virtual Network Computing, is a graphical desktop sharing system that utilizes the
remote frame buffer protocol to control another computer remotely. TightVNC utilizes this
system to provide a high-caliber, remote desktop monitoring service. Its ample support for
multiple operating systems make this remote desktop tool quite popular among business
users and IT managers. If you are looking for free remote control software package, this is
one of the best options.
● Content/Topic 2 : Identification of Equipment and materials in remote connection
 Equipments and materials used in remote access connection

 Router : Is a networking device that forwards data packets between computer networks.
Routers perform the traffic directing functions on the Internet.

 Switch : A network switch is networking hardware that connects devices on

a computer network by using packet switching to receive and forward data to the
destination device.

 Cables : To connect two or more computers or networking devices in a network,

network cables are used. There are three types of network cables; coaxial, twisted-pair, and
fiber-optic.

-Coaxial cable
This cable contains a conductor, insulator, braiding, and sheath. The sheath covers the
braiding, braiding covers the insulation, and the insulation covers the conductor.
The following image shows these components.

Page 51 of 142
Sheath
This is the outer layer of the coaxial cable. It protects the cable from physical damage.
Braided shield
This shield protects signals from external interference and noise. This shield is built from the
same metal that is used to build the core.
Insulation
Insulation protects the core. It also keeps the core separate from the braided-shield. Since
both the core and the braided-shield use the same metal, without this layer, they will touch
each other and create a short-circuit in the wire.
Conductor
The conductor carries electromagnetic signals. Based on conductor a coaxial cable can be
categorized into two types; single-core coaxial cable and multi-core coaxial cable.
A single-core coaxial cable uses a single central metal (usually copper) conductor, while
a multi-core coaxial cable uses multiple thin strands of metal wires. The following image
shows both types of cable.

-Twisted-pair cables
The twisted-pair cable was primarily developed for computer networks. This cable is also
known as Ethernet cable. Almost all modern LAN computer networks use this cable.
Based on how pairs are stripped in the plastic sheath, there are two types of twisted-pair
cable; UTP and STP.
In the UTP (Unshielded twisted-pair) cable, all pairs are wrapped in a single plastic sheath.
In the STP (Shielded twisted-pair) cable, each pair is wrapped with an additional metal
shield, then all pairs are wrapped in a single outer plastic sheath.

Page 52 of 142
 PC : A personal computer (PC) is a multi-purpose computer whose size, capabilities, and
price make it feasible for individual use. Personal computers are intended to be operated directly
by an end user, rather than by a computer expert or technician.

 Server: A server is a computer that serves information to other computers.

These computers, called clients, can connect to a server through either a local area
network or a wide area network, such as the internet. A server is a vital piece of your IT
infrastructure.

Page 53 of 142
LO 1.6– Systematic design and interpretation of network blueprint.
● Content/Topic 1: description of Network design principles
4. Network design principles
 Functionality : Your all network applications and devices should be performing all the
functions properly. You have to make sure, does your network infrastructure suppose
the all the services running in your network? For example you are using the Microsoft
dot net then you have the enough bandwidth and hardware to work your applications
to work efficiently.

 Scalability: Is the ability to add additional resources, for example, routers, switches,
servers, memory, disks, and CPUs to an architecture without redesigning it

 Adaptability: For any architecture, change during a life cycle is inevitable. An

architecture must be adaptable enough to accommodate growth and changes in
technology, business, and user needs. Within the customer's financial constraints and
growth plans, design an architecture that allows for adaptability.

 Manageability: You can manage your network using different tools like Cisco works or
tools that can improve control over the network like capacity management, monitoring
performance and detecting fault. You also need to manage the network security.

 Cost effectiveness:

 Efficiency: You can provide the efficiency with placing the best hardware and software
in the network. Also make sure that your network equipment is cost effective, you can
also build the most efficient network with choosing the most suitable and cost
effective hardware and software. You can provide the efficiency with QoS, AAA and
filtering.

 Performance: You also need to focus of network performance during designing the
network, make sure that all your applications and devices have bandwidth they need.

Page 54 of 142
● Content/Topic 2 : Description of network design tools
5. Network design Tools

a) eDraw:

eDraw Max is another network mapping tool with a Microsoft-inspired user interface. Over
200 map template designs can be exported into PNG, JPEG and PDF formats. eDraw is more
of a generalist diagram tool rather than a specific network mapper. However, its capacity to
map out flow charts and complex layouts makes it a solid choice for drawing up a network
plan.
b)CONCEPTDRAW PRO

For medium size enterprises, ConceptDraw Pro stands its ground against every other
network-mapping program on this list. The user interface (clearly inspired by Microsoft
Visio) allows you to create a variety of visual displays of your network environment as well
as export Visio files.

Page 55 of 142
c) LUCIDCHART

Lucidchart is one of the less known network mapping platforms that packs a tremendous
punch. If you’re looking to fast track your map production, then look no further. From the
outset you can launch straight into a template and start building your IT environment.
d) INTERMAPPER

Intermapper is one of the pricier network mapping tools on this list. This program is
available for users on Windows, Linux, and Mac, making it a flexible platform in terms of
deployment. Intermapper was built with auto discovery in mind and will automatically
locate devices throughout your network and record them on a map.

Page 56 of 142
e) CADE (FREE)

In terms of network diagramming solutions, CADE takes a back-to-basics approach. While

there is no fancy GUI, you’ll find that there is an extensive 2D vector editor. CADE is a free
application that can be downloaded online. This makes CADE a good choice for teams
looking for a suitable remote deployment platform. As a welcome addition, remote users
can contribute in real time to a drawing on the web.
Once you’ve finished creating your drawings, you can also export them in EMF, JPG, XAML
or PDF format.
F) LANFLOW

As the name suggests, LanFlow is tailor made for mapping out networks. As a result, it is a
great choice for network administrators looking for a topology tool with a simple user

Page 57 of 142
interface. Everything in LanFlow is drag and drop, so if you want to add a new element to
your diagram, all you need to do is click and move it.
G) NETWORK NOTEPAD (FREE)

Network Notepad is a freeware application available for Windows made specifically for
mapping out network elements. While Network Notepad doesn’t have an extensive auto-
discovery feature, it does have the Cisco Discovery Protocol Neighbor Tool (CPD), which can
speed up the discovery process. The CPD tool allows the user to search through their
network devices and pull information from elements with CDP information.

Page 58 of 142
Learning Unit 2 – Install, Configure and Troubleshoot WAN and VPN

LO 2.1 – Configure and verify a serial WAN configuration

● Content/Topic 1: Differentiate WAN connections types
1. Types of WAN Connections

There are two main types of WAN connections.

 Dedicated Connection
 Switched Connection

1.1 Dedicated Connections

In computer networks and telecommunications, a dedicated line is a communications
medium or other facility dedicated to a specific application, in contrast with a shared
resource such as the telephone network or the Internet is called dedicated connection.

1. 1.1 Leased Lines:

Page 59 of 142
  It is a dedicated point to point connection which provides pre-establish WAN
communication path through ISP to remote destination is called as leased line.
 It provide very high speed data transmission up to 64Gbps.
 It is very expensive.
1.1 2 Digital Subscriber Line (DSL):

 It is a provide connection between ISP to a customer through telephone line.

 It is a broadband technique which provides same upstream and downstream .
1.1.3 Asymmetric Digital Subscriber Line (ADSL):
 Asymmetric digital subscriber line is type of digital subscriber line technology a data
communication technology that enables faster data transmission over the copper
telephone line rather than conventional voice modem used.
 It is some like as digital subscriber line but only difference is that upstream and
downstream are different.
1.2 Switched Connections
There are three types of switched connection are as follows.

1. Circuit Switched Network.

2. Packet Switched Network.
3. Cell Switched Network.
4. Point to point network

1.2.1 Circuit Switched Network:

 In circuit switches network every time before transferring data over the WAN, new
connection get establish after data transfer over the connection get closed.
 In this technique generally data is transferred through single connection or single
route.
 Integrated Service Digital Network (ISDN), shown in picture below, is an example of a
circuit-switched network.

Page 60 of 142
 Circuit switching requires a dedicated physical connection between the sending and
receiving devices. For example, parties involved in a phone call have a dedicated link
between them for the duration of the conversation. When either party disconnects,
the circuit is broken, and the data path is lost. This is an accurate representation of
how circuit switching works with network and data transmissions. The sending
system establishes a physical connection, and the data is transmitted between the
two. When the transmission is complete, the channel is closed.

1.2.2 Packet Switched Network:

 In packet switched network uses virtual connection for transferring data, it for
transferring data create connection on first data transmission and used it as
a permanent connection.
 It is faster than circuit switched network.
 It is used for multi path communication.
 A Frame Relay network, shown in figure below, is an example of a packet-switched
network.

Page 61 of 142
In packet switching, messages are broken into smaller pieces called packets. Each packet is
assigned source and destination addresses. Packets are required to have this information
because they do not always use the same path or route to get to their intended destination.
Packets can take an alternative route if a particular route is unavailable for some reason.

1.2.3 Cell Switched Network:

 In this type of network data transfer in fixed size cell that is 53 bytes.
 Its example as ATM.

1.2.4 Point to point network

In telecommunications, a point-to-point connection refers to a communications connection
between two communication endpoints or nodes. An example is a telephone call, in which
one telephone is connected with one other, and what is said by one caller can only be heard
by the other. This is contrasted with a point-to-multipoint or broadcast connection, in which
many nodes can receive information transmitted by one node. Other examples of point-to-
point communications links are leased lines and microwave radio relay.

 Content/Topic 2 : identification of Physical Parameters for WAN Connections

2. Physical Parameters for WAN Connections
Customer Premises Equipment (CPE): The devices and inside wiring located at the
premises of the subscriber, connected with a telecommunication channel of a
carrier. The subscriber either owns or leases the CPE. A subscriber, in this context, is
a company that arranges for WAN services from a service provider or carrier.
Data Communications Equipment (DCE): Also called data circuit-terminating
equipment, the DCE consists of devices that put data on the local loop. The DCE
primarily provides an interface to connect subscribers to a communication link on
the WAN cloud.
Data Terminal Equipment (DTE): The customer devices that pass the data from a
customer network or host computer for transmission over the WAN. The DTE
connects to the local loop through the DCE.
Local loop: The copper or fiber cable that connects the CPE at the subscriber site to
the central office (CO) of the service provider. The local loop is sometimes called the
“last mile.”

Page 62 of 142
Demarcation point: A point established in a building or complex to separate
customer equipment from service provider equipment. Physically, the demarcation
point is the cabling junction box, located on the customer premises, that connects
the CPE wiring to the local loop. It is usually placed for easy access by a technician.
The demarcation point is the place where the responsibility for the connection
changes from the user to the service provider. This is very important, because when
problems arise, it is necessary to determine whether the user or the service provider
is responsible for troubleshooting or repair.
Central office (CO): A local service provider facility or building where local cables link
to long-haul, all-digital, fiber-optic communications lines through a system of
switches and other equipment.

Figure: WAN Physical Layer Terminology

Page 63 of 142
● Content/Topic 2: identification of WAN Devices

1 . WAN Devices

WANs use numerous types of devices that are specific to WAN environments:

a) Modem: Modulates an analog carrier signal to encode digital information, and also
demodulates the carrier signal to decode the transmitted information. A voice band modem
converts the digital signals produced by a computer into voice frequencies that can be
transmitted over the analog lines of the public telephone network. On the other side of the
connection, another modem converts the sounds back into a digital signal for input to a
computer or network connection. Faster modems, such as cable modem sand DSL modems,
transmit using higher broadband frequencies.

b) CSU/DSU: Digital lines, such as T1and T3 carrier lines, require a channel service unit (CSU)
and a data service unit (DSU). The two are often combined into a single piece of equipment,
called the CSU/DSU. The CSU provides termination for the digital signal and ensures
connection integrity through error correction and line monitoring. The DSU converts the T-
carrier line frames into frames that the LAN can interpret and vice versa.

c)Access server: Concentrates dial-in and dial-out user communications. An access server
may have a mixture of analog and digital interfaces and support hundreds of simultaneous
users.

d) WAN switch: A multiport internetworking device used in carrier networks. These devices
typically switch traffic such as Frame Relay, ATM, or X.25 and operate at the data link layer
of the OSI reference model. Public switched telephone network (PSTN) switches may also
be used within the cloud for circuit-switched connections such as Integrated Services
Digital Network (ISDN)or analog dialup

e) Router: Provides internetworking and WAN access interface ports that are used to
connect to the service provider network. These interfaces may be serial connections or
other WAN interfaces. With some types of WAN interfaces, an external device such as a
DSU/CSU or modem (analog, cable, or DSL) is required to connect the router to the service
provider’s local point of presence (POP).

Page 64 of 142
f) Core router: A router that resides within the middle or backbone of the WAN rather than
at its periphery. To fulfil this role, a router must be able to support multiple
telecommunications interfaces of the highest speed in use in the WAN core, and it must be
able to forward IP packets at full speed on all those interfaces. The router must also support
the routing protocols being used in the core.

Figure shows WAN Devices:

LO 2.2 – Configure and verify WAN Protocols

● Content/Topic 1 : Configuration of IP parameters
1. Configuration of IP parameters
1.1 Dynamic IP Configurations
A dynamic IP address is an IP address that an ISP lets you use temporarily. If a dynamic
address is not in use, it can be automatically assigned to a different device. Dynamic IP
addresses are assigned using either DHCP

Step 1: Preparation
Note: Make certain you do have internet access directly via your modem or community
network.
Step 2: Connect your Network
Take C8 as an example. If there is no modem, regard your internet source as a modem, like
an ethernet cable through a wall.
(1) Turn off your Cable modem, C8 and computer.
(2) Connect the WAN port of C8 to the Cable modem with Ethernet cable.
(3) Connect your computer to any of the LAN ports (yellow one) of C8

Page 65 of 142
(4) Power on C8 and computer. Don’t power on the modem before logging into the router.

Step 3: Log in to the C8’s web management page

Step 4: Power on the cable modem.
Step 5:After logging into the router, you will see Quick Setup→choose the Region and Time
Zone→Next.

Step 6 :Wan Connection Type choose＂Dynamic IP＂→Next.

Page 66 of 142
Click Clone MAC Address to clone your PC’s MAC address to WAN MAC Address of the
router→Next.

Note:If your ISP provides Static IP,the WAN Connection Type you may choose Static IP and
put in the specific IP information from your ISP→Next.

Page 67 of 142
Step 7: Customize your own wireless network names and passwords for wireless 2.4GHz and
5GHz→Next.

Step 8: Click Save to save the settings.

Step 9: Click Test Internet Connection.If it is configured successfully, you will see the
message Success,then click Finish to close the Quick Setup.

Page 68 of 142
If the test is failed,please go Back to confirm the settings and try again.
Moreover, connect your computer directly to your modem and see whether you have internet access.

Step 10
Power cycle the cable modem and router
After the configurations, powering cycle your network can make your network work more
stable.
(1)Turn the cable modem off firstly, then turn your router and computer off, and leave them
off for about 2 minutes;
(2)Turn the router on firstly and wait about 1 minute, and then power on your computer.
(3)Turn the cable modem on, and wait till the modem works stable (All LED lights work
normally).
(4)Repeat the steps 1-3 above until you connect to the Internet.

Page 69 of 142
 1.2 Static IP Configurations
A static IP address is an IP address that was manually configured for a device instead of one
that was assigned by a DHCP server.

Step 1. Log into the firewall. The default access to LAN is via https://192.168.10.1. Default username
is “admin” and password is “admin”.

Step 2.Go to Network > Ethernet > WAN1 and make sure that “DHCP Client” option is not enabled.

Step 3. Go to Objects > Address Book > Interface Addresses.

Page 70 of 142
Assign the required IP addresses to “wan_ip”, “wannet” and “wan_gw”.

If “wan_gw” is not present - add new “IP4 Address” object.

Step 4.Go to Network > Ethernet > WAN.

Verify that WAN has IP Address, Network and Default Gateway assigned to it. Go to
Advanced and make sure the “Add default route if default gateway is specified” is enabled.
Go to Policies > Main IP Rules > LAN_to_WAN. You should see the default “Allow_Standard”
rule that performs Network Address Translation (NAT) for all outgoing traffic. If required,
create additional rules to block or allow desired traffic. Choose the necessary Action,
Service, Interface and Network for the rules.

Page 71 of 142
Step 5.After the configuration is done, click “Configuration” in main bar and select “Save and
Activate”. Then click OK to confirm. Wait for 15 sec. You will be automatically redirected to
the firewall’s LAN IP address. NOTE: If you do not re-login into the firewall within 30 sec, the
configuration is reverted to its previous state. The validation timeout can be adjusted under
System > Remote Management > Advanced Settings.

Page 72 of 142
Page 73 of 142
● Content/Topic 2 : Configuration of WAN protocols and technologies
1.1 Configuration of HDLC

HDLC is a layer two protocol that provides encapsulation method for serial link. Serial link
and Ethernet link both use different encapsulation methods for data transmission. Serial link
cannot carry the frame formatted with Ethernet encapsulation and vice versa Ethernet link
cannot carry the frame formatted through the Serial encapsulation. Ethernet encapsulation
method and protocols are basically specified in LAN technology. Serial protocols and
encapsulation methods are primary described in WAN technology. Router is used to connect
two different technologies. HDLC is an encapsulation method for serial link.
1.1 .1 How HDLC Protocol works

Suppose PC0 has some data for PC1. So it generated a data packet.
Since PC1 is not connected with LAN segment, network layer of PC0 will encapsulate
data packet with default gateway’s IP address.
Data link layer of PC0 will warp this IP packet in 802.3 header and trailer. Once
wrapped, it becomes frame.
Physical layer of PC0 will put this frame in wire.
Through switch this frame will be received in Router R0.
Router will de-encapsulate the frame in packet to find out the Layer 3 destination
address.

Page 74 of 142
 Since destination address is connected with serial link, router will forward this frame
in serial interface.
Serial interface will re–encapsulate the frame with serial encapsulation protocol. In
our example it is HDLC.
After re-encapsulation this frame will be forwarded from serial interface.
This frame will be received in serial interface of Router R1.
R1 will de-encapsulate the frame in packet to find the Layer 3 destination address.
Since destination address is connected via FastEthernet, it will forward this packet in
FastEthernet interface.
FastEthernet Interface will re-encapsulate the packet in Ethernet frame.
After re-encapsulation this frame will be forwarded from FastEthernet interface
Through switch this frame will be received at PC1.
PC1 will receive this frame in exactly same format as it was packed by PC0 without
knowing how it makes it way to him.
1.1.2 Configure HDLC in Cisco Router

HDLC is the default encapsulation method on Cisco routers. Unless we have changed it with
other encapsulation method, there is no need to configure it. It’s already configured.
Suppose we have changed default encapsulation method with other methods such as PPP.
Now we are looking for a way to use HDLC again then we have to go through the following
two steps.
1.1.2.1Access serial interface

Protocols and encapsulation methods are Interface specific. We can use different protocol
and encapsulation method in different interfaces. For example if we have two serial
interfaces, we can use HDLC in one and PPP in another. So our first logical step is to access
the correct serial interface.

Suppose we want to change the encapsulation method of serial interface Serial 0/0/0 then
we will use following commands to access the serial interface.

Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Page 75 of 142
Router(config)#interface serial 0/0/0
Router(config-if)#

Set encapsulation

Now we are in serial interface mode, use following command to configure encapsulation
method to HDLC:
Router(config-if)#encapsulation hdlc
Router(config-if)#exit
Router(config)#
That’s all we need to do. Now HDLC encapsulation is enabled in serial interface Serial 0/0/0.
Verifying HDLC encapsulation

Since HDLC is the default encapsulation method for serial interfaces in Cisco Router, it will
not be listed in running configuration. It means we cannot use show running-
config command to verify the HDLC encapsulation. We have to use show interfaces
[Interface] command to view encapsulation type in interface.
Router#show interfaces serial 0/0/0
Serial0/0/0 is administratively down, line protocol is down (disabled)
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
As output indicates encapsulation type is HDLC.
Troubleshooting HDLC encapsulation

We can use show ip interface brief and show interfaces [interface] commands to view the
status of serial interface.

Page 76 of 142
If there is some issue with HDLC implementation, protocol status will be down. There are
three possible reasons:
1. Remote side router is a Non-Cisco router.
2. Remote side is using other protocol such as PPP.
3. DCE device is not providing clock rate to DTE device.
1.2 PPP Protocol and Encapsulation method
1.2.1 Basic concepts of PPP Protocol

PPP is built from three components: Framing, LCP and NCP.

1.2.1.1 PPP Framing (Encapsulation)
PPP Framing defines how network layer packets are encapsulated in PPP frame. As we know
PPP can carry multiple Layer 3 protocols over a single link. To support multiple network
layer protocols PPP uses Protocol Type filed in header. Following figure illustrates PPP
framing

Flag Address Control Protocol Data FCS Flag

1.2.1.2 LCP (Link Control Protocol)

This is the second component of PPP. PPP uses it to build and maintain data-link
connections. It provides following options:
 Authentication: - LCP provides two types of authentication; PAP (Password
Authentication Protocol) and CHAP(Challenge Handshake Authentication Protocol).

Page 77 of 142
  Compression: - Through compression LCP increases overall data transmission speed
while saving bandwidth at the same time. It compression data at sending end and
decompress data at receiving end.

 Error Detection: - LCP uses LQM (Link Quality Monitoring) tool to detect the
interface that is exceeding threshold error percentage. Once faulty interface is
identified, LCP will disable that interface and reroute the traffic from better route.

 Looped Link Detection: - LCP uses magic number to detect looped link. Once looped
link is detected LCP will disable that interface and reroute the traffic over the
working link.

 Multilink: - In this option multiple physical links are combined in a single logical
connection at layer three. For example if we have two 64Kbps lines then this option
can combine them in such a way that they appear as a single 128Kbps connection at
layer 3.

 Call Back: - In this option remote side router will call back to calling router. For
example we have two routers; R1 and R2 with callback enabled. In this case, R1 will
connect with R2 and authenticate itself. Once authentication process is completed,
R2 will terminate the connection and then re-initiate the connection from its side.
This way R1 will be charged only for the data that is used during the authentication
process while R2 will be charged for remaining data transmission.

1.2.1.3 NCP (Network Control Protocol)

This is the third component of PPP. PPP uses NCP (Network Control Protocol) to allow
multiple Network layer protocols (such as IPv4, IPv6, IPX) to be used in a single point to
point connection.
PPP is specified at the physical and Data Link layers only. Don’t confuse with NCP
component. NCP component is only used to carry multiple Network Layer protocols
simultaneously across the single point to point link. PPP is neither specified as layer 3
protocol nor it works as layer 3 (network layer) protocol.
PPP Authentication
PPP Authentication is the method of identifying remote device. Through authentication we
can find out whether remote party is genuine or imposter. For example there are two
routers (R1 and R2) communicating over a serial link. Now R1 has some data for R2. But
before sending this data, R1 want to be sure that remote device which is claiming itself as
R2, is real R2. In this case R1 will initiate authentication process. In authentication process
R2 will prove its identity. PPP supports two authentication protocols; PAP and CHAP.
PAP (Password Authentication Protocol)
In this protocol, password is sent in clear text format that makes it less secure in comparison
with CHAP. PAP authentication is a two steps process. In step one, Router that want to be
authenticate will send its user name and password to the Router that will authenticate it. In

Page 78 of 142
second step, if user name and password match, remote router will authenticate originating
router otherwise authentication process will be failed. Following figure illustrate this
process in detail

In step one, R1 sends user name and password in clear text format to R2 which will
authenticate R1.
In step two, R2 will match received username and password with locally stored username
and password. If both credential match, R2 will assume that R1 is real R1. R2 will send back
an acknowledgment to R1 stating that it has passed authentication process and R2 is ready
for data transmission.
PAP authentication is only performed upon the initial link establishment. Once link is
established, no more sequential authentication are done for that particular session. PAP
sends user name and password in clear text format. Username and password are case
sensitive.
CHAP (Challenge Handshake Authentication Protocol)
CHAPS are used at initial start up and once link is established, sequential authentication are
performed to make sure that router is still communicating with same host. If any sequential
authentication is failed, connection will be terminated immediately.
CHAP authentication is a three steps process.

Page 79 of 142
Step1

 In first step R1 (Source) sends its username (without password) to the R2

(Destination).

Step2
 Routers running CHAP need to maintain a local authentication database. This
database contains a list of all allowed hosts with their login credential.

 R2 will scan this database to find out whether R1 is allowed to connect with it or not.

 If no entry for a particular host is found in database then that specific host is not
allowed to connect with it. In such a case connection will be terminated at this point.

 A database entry for R1 (with password) will confirm that R1 is allowed to connect
with it. R1’s password would be picked up for next process.

 At this moment a random key will be generated.

 This random key with password will be passed in MD5 hashing function.

 MD5 hashing function will produce a hashed value from given input (Random Key +
Password).

 This hashed value is known as Challenge.

 R2 will send this Challenge with random key back to R1.

Step3
 R1 will receive hashed value (Challenge) and a random key.

Page 80 of 142
  R1 will pass received random key and locally stored password in MD5 hashing
function.

 MD5 hashing function will produce a hashed value from given input (Random Key +
Password).

 Now R1 will compare this hashed value (generated from MD5 hashed function) with
received hashed value from R2.

 If both hashed value do not match, process will be terminated and connection will
be rejected.

 If both hashed values (locally generated and received) match, R1 will assume that
password used by remote router (R2) must have been same as password used by
itself. Thus R2 is real R2 and permission for this connection can be granted.

 R1 will update R2 about authentication result with Accepted or Rejected

acknowledgement signal.

CHAP uses one way hash algorithm (MD5) to generate a hashed value. This hashed value is
valid only for one time. So you need not to worry about those users who intentionally make
a copy of this hashed value for later use. In CHAP authentication actual password is never
sent across the link. So anybody tapping the wire will never be able to reverse the hash to
know the original password.
CHAP uses three way handshake process to perform the authentication. In CHAP protocol
actual password is never sent across the link. CHAP uses a hashed value for authentication
that is generated from MD5 hashed function. MD5 uses locally store password and a
random key to generate hashed value. This hashed value is valid only for one time.
Differences between PAP and CHAP authentication protocol

PAP CHAP

Perform authentication in two Perform authentication in three steps.

steps.

Username and password are sent Only username is sent across the link.
across the link.

Actual password is sent across the Actual password is never sent across the link.
link.

Password is sent in clear text Password is hashed with a random key through the
format. MD5 hashed function.

Page 81 of 142
 It is a less secure authentication It is a secure authentication protocol. Since actual
protocol. Anyone tapping the wire password is never sent across the wire, no one can
can learn password. learn password from wire-tapping.

PAP authentication is performed CHAP authentication is performed at initial startup

only at initial link establishment. and if required, any time during the session.

1.2.2 Configure PPP Protocol on Cisco Router

Configuration of PPP encapsulation is simple and straightforward. Following command is
used to configure the PPP encapsulation.
router(config-if)# encapsulation ppp

In above network two routers(R1 and R2) are connected with each other via serial link.
Serial interfaces are essentially configured with following configuration on both routers.

R1
Router>enable
Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#bandwidth 64
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#

R2

Router>enable
Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 192.168.1.2 255.255.255.252

Page 82 of 142
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#
At this time both routers are running default encapsulation in serial interface. HDLC is the
default encapsulation protocol in Cisco routers. Okay lets change default encapsulation to
PPP with following command.

R1
Router(config)#interface serial 0/0/0
Router(config-if)# encapsulation ppp
Router(config-if)#exit
Router(config)#

R2
Router(config)#interface serial 0/0/0
Router(config-if)# encapsulation ppp
Router(config-if)#exit
Router(config)#
Router(config)#interface serial 0/0/0 :- This command is used to enter in serial interface.
Encapsulation is interface specific. We can use different encapsulation protocols in different
interfaces. For example we can use PPP in serial 0/0/0 and HDLC in serial 0/0/1.
Router(config-if)# encapsulation ppp :- This command would set encapsulation protocol to
PPP.
Router(config-if)#exit :- This command is used to return back in global configuration mode.
Router(config)# :- This command prompt indicates that we are in global configuration
mode.
1.2.2.1 Configure PPP Authentication
PPP authentication requires two essential parameters:

 Unique hostname of local router

 Username and password of remote router

Hostname of local router

To set hostname we can use hostname global configuration command. Let’s assign unique
hostname to our routers
R1

Page 83 of 142
Router(config)#hostname R1
R1(config)#
R2
Router(config)#hostname R2
R2(config)#

Username and password of remote router

To set username and password for remote router following global configuration mode
command is used
Router(config)# username remote hostname password matching password
Username is the hostname of remote router that will connect with this router. Hostname
and password is case sensitive. Router stores password in clear text format that can be
viewed with show running-config command.

R1
R1(config)#username R2 password test
R1(config)#
R2
R2(config)#username R1 password test
R2(config)#
Passwords assigned through the username [hostname of remote device] password
[password] command would be save in running configuration as clear text format and could
be viewed via show run command. To encrypt it use service password-encryption command
from global configuration mode. Username and password is case sensitive. Username is the
hostname of remote router that will connect with this router. Remote routers must also be
configured with username and password. Password must be same on both routers.
Configure PPP Protocol PAP Authentication

Page 84 of 142
To configure PAP authentication use following commands on both routers

R1
R1(config)#interface serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication pap
R1(config-if)#exit
R1(config)#
R2
R2(config)#interface serial 0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication pap
R2(config-if)#exit
R2(config)#
Configure PPP Protocol CHAP Authentication
To configure CHAP authentication use following commands on both routers
R1
R1(config)#interface serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#
R2
R2(config)#interface serial 0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#exit
R2(config)#
Configure Both CHAP and PAP in same link
To configure both CHAP and PAP in same link use following commands on both routers

R1
Page 85 of 142
R1(config)#interface serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap ppp
R1(config-if)#exit
R1(config)#

R2
R2(config)#interface serial 0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap ppp
R2(config-if)#exit
R2(config)#
If we use both methods on the same link as shown above then only the first method will be
used in authentication process. Second method will be used only if first method fails. Thus
second method will work as backup method.
Verifying PPP Protocol implementation
We can use show interface [interface] command to verify the PPP implementation.
R1#show interface serial 0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.1/30
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set
[Output omitted]
As output indicates encapsulation is set to PPP in this interface.

Troubleshooting / Debugging PPP Authentication

When something went wrong, we should start debugging from the output of show
interface [interface] command.
First line from output provides some clues about possible issue.

Page 86 of 142
In above example its “Serial 0/0/0 is up, line protocol is down” which indicates that physical
layer is working properly but there is some issue in data link layer configuration.
Next, notice the states of LCP, IPCP and CDPCP. A Closed state for these indicates that
something is wrong with LCP setup process, causing data link layer to fail. In rest of this
tutorial I will explain some common causes for data link failure.

 Mismatched WAN Encapsulation

In point to point link, encapsulation method at both ends must be same otherwise link will
never come up. This problem is easy to find and fix. The show interfaces
[interface] command will the list the encapsulation type.

Once you identify the problem, it can be fixed easily. Simply reconfigure the one end’s
interface to match with other end’s encapsulation method.
Once you identify the problem, it can be fixed easily. Simply reconfigure the one end’s
interface to match with other end’s encapsulation method.
 Mismatched IP configuration
This problem is not directly associated with PPP configuration but can be tricky one question
in exam. This problem cannot be spotted from show interface [interface] command as the
output of this command will show “Serial 0/0/0 is up, line protocol is up” that makes you
assume that everything is fine and operational at interface level. But when you try to ping
remote router it gets fail. This is because PPP, HDLC and Frame Relay are layer 2 protocols

Page 87 of 142
and they don’t care about layer 3 configuration (IP Configuration). So even link is up, you
cannot transfer the IP packets.

To fix this problem configure IP addresses in both ends from same subnet.

 Debug PPP Authentication

To determine whether issue is related with PPP authentication or not, we can use debug
ppp authentication command. If PPP encapsulation and authentication are setup correctly
then this command will display output like this :
R1# debug ppp authentication
PPP authentication debugging is on
R1#
R1: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to up
R1: Se0/0/0 PPP: Using default call direction
R1: Se0/0/0 PPP: Treating connection as a dedicated line
R1: Se0/0/0 PPP: Session handle[45004] Session id[12]
R1: Se0/0/0 CHAP: O CHALLENGE id 5 len 23 from "R1"
R1: Se0/0/0 CHAP: I CHALLENGE id 5 len 23 from "R2"
R1: Se0/0/0 PPP: Sent CHAP SENDAUTH Request
R1: Se0/0/0 CHAP: I RESPONSE id 5 len 23 from "R2"
R1: Se0/0/0 PPP: Received SENDAUTH Response PASS

Page 88 of 142
R1: Se0/0/0 CHAP: Using hostname from configured hostname
R1: Se0/0/0 CHAP: Using password from AAA
R1: Se0/0/0 CHAP: O RESPONSE id 5 len 23 from "R1"
R1: Se0/0/0 PPP: Sent CHAP LOGIN Request
R1: Se0/0/0 PPP: Received LOGIN Response PASS
R1: Se0/0/0 CHAP: O SUCCESS id 5 len 4
R1: Se0/0/0 CHAP: I SUCCESS id 5 len 4
But if something wrong during authentication process output would look like this:

R1# debug ppp authentication

PPP authentication debugging is on
! Lines omitted for brevity
R1: Se0/0/0 CHAP: O CHALLENGE id 1 len 23 from "R1"
R1: Se0/0/0 CHAP: I RESPONSE id 1 len 23 from "R2"
R1: Se0/0/0 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
If username and password are not configure exactly as they should be then authentication
will be failed.

To fix this problem configure username and password in proper way. Remember that
username and password are case sensitive.

Page 89 of 142
Another thing that you should notice is authentication type that must be same in both ends.
If you configure one end to use PAP while another end to use CHAP then that link would
never work.

To fix this problem change authentication type in one end to match with other end.
That’s all for this part. In next part I will explain basic concepts of frame really in detail with
examples.
1.3 Frame Relay protocol
1.3.1 Basic concept of Frame Relay
basic concepts of Frame Relay step by step in detail with examples including Frame Relay
fundamental, Frame Relay Congestion Control method and Frame Relay Terminology (VC,
PVC, SVC, DTE, DCE, DE, Access link, LMI types, LMI status enquiry, DLCI numbers, FECN,
BECN, Access rate and CIR).

Frame Relay is one of the most popular WAN service deployed over the past decade. Even
though several advanced technologies (such as VPN, ATM) are available today, Frame Relay
still rocks and will be in near future due to its features, benefits and lower cost in
comparison with other point to point wan services. For example have look on following
figure that illustrates a network with simple point to point leased line connection.

Page 90 of 142
There are four routers in this network. To connect these routers with each other, total six
leased lines and three serial interfaces on each router are used. We can use following
formula to figure out how many connections are required:-

(N × (N – 1)) / 2 [Here N is the number of routers]

In our example we have four routers so we need (4 x (4-1)) /2 = 6 leased lines.
If we have 100 routers then we need (100 x (100-1)) /2 = 4950 lease lines and 99 serial
interfaces on each router. Forget about low end routers, even a 7700 series router does not
have sufficient physical interfaces to handle this requirement.
With Frame Relay implementation, we still need 6 connections to connect all these routers
with each other. But instead of physical lines, Frame Relay uses virtual lines to connect all
these locations. The biggest benefit of these virtual lines is that we do not need equal
physical interfaces on router to connect them. We can connect multiple virtual lines with
single interface.

Page 91 of 142
Frame Relay VC, PVC and SVC
In Frame Relay terminology virtual connection lines are known as Virtual Circuits (VCs).
There are two types of VCs; PVCs and SVCs.
Differences between Frame Relay PVCs and Frame Relay SVCs

Frame Relay PVCs (Permanent Frame Relay SVCs (Switched Virtual Circuits)
Virtual Circuits)

PVC is just like a leased line that is SVC is just like a telephone connection that is
once configured will stay there until dynamically built whenever we have data to
we manually reconfigure it. transmit and once transmission is over it will be
terminated.

If we have regular data for If we have periodical data for transmission then SVC
transmission then PVC is the best is the right choice.
choice.

PVCs need a lot of manual SVCs need less configuration in comparison with
configuration. PVCs.

Once PVC is built there is no delay Since SVC is built each time whenever we send data,
before data transmission. therefore a small delay before data transmission is
expected.

Whether we use it or not, we have to We need to pay only when we actually use it.
pay for entire billing cycle.

SVC is not tested in any CCNA level exam. So I am not going to include it in rest of the article.
After this wherever VC or PVC is referred please take that for PVC only.
Frame Relay Network Type

Page 92 of 142
A frame relay network is considered fully meshed when all sites (routers) are connected
with each other via direct link. When all sites do not have direct link with each other then it
would be considered as partially meshed frame relay network.

List Frame Relay configuration command

Command Description

Router(config- Enable Frame Relay encapsulation in interface

if)#encapsulation frame-relay

Router(config- Enable Frame Relay ietf encapsulation in interface. Used if

if)#encapsulation frame-relay connecting with Non-Cisco router.
ietf

Router(config-if)#frame-relay Used to set LMI type. If router is running Cisco ISO 11.2 or
lmitype {ansi | cisco | q933a} higher, this command is optional. As router will
automatically detect the correct LMI type.

Router(config-if)#frame-relay Assign DLCI number 100 in interface.

interface-dlci 100

Router(config-if)#frame-relay Used to map remote IP with local DLCI statically. Mapping

map ip 192.168.100.1 110 is automatically done by inverse ARP protocol.
broadcast By default Frame Relay does not forward any broadcast
packet in VC. Due to this reason any routing protocol that
depends on broadcast will not work with Frame Relay.
Use broadcast keyword to enable broadcast forwarding
on this VC.

Page 93 of 142
Router(config-if)#no frame- Used to Turn off inverse ARP. If we turn off the inverse
relay inverse arp ARP, we have to map remote IP and local DLCI statically.

Router(config-if)#interface Creates a point-to-point sub-interface numbered 1

serial 0/0/0.1 point-to-point

Router#show frame-relay map Used to view IP/DLCI map entries

Router#show frame-relay pvc Used to view the status of all PVCs configured

Router#show frame-relay lmi Displays LMI statistics including types and exchanged
messages

Router#clear frame-relay Clears all Frame Relay counters

counters

Router#clear frame-relay inarp Reset map table and Clears all Inverse ARP entries

Router#debug frame-relay lmi Enable debug process on LMI.

Router#no debug frame-relay Disable debug process on LMI.

lmi

3.3 configuration of Frame Relay Step by Step

R1
Router>enable
Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#frame-relay interface-dlci 100
Router(config-if)#frame-relay lmi-type ansi
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#

R2
Router>enable
Router#configure terminal
Router(config)#interface serial 0/0/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#ip address 192.168.1.2 255.255.255.0
Router(config-if)#frame-relay interface-dlci 101
Router(config-if)#no shutdown
Router(config-if)#exit

Page 94 of 142
Router(config)#exit
Router#
Let’s understand above configuration step by step. As we know, routers allow us to run
different WAN services on different interfaces. So our first logical objective is to identify the
correct interface. As figure shows interface serial 0/0/0 is assigned for frame relay on both
routers. To configure Frame Relay on this interface we need to enter in interface mode. First
three commands in above configuration are used for this purpose.
enable :- This command is used to enter in privileged exec mode.
configure terminal :- This command is used to enter in global configuration mode.
interface serial 0/0/0 :- This command is used to enter in interface mode.
In Cisco routers default encapsulation is set to HDLC. We cannot use Frame Relay with
default encapsulation. Next command changes this encapsulation.
Router(config-if)#encapsulation frame-relay :- This command will change default
encapsulation method to Frame Relay.
Next command assigns IP address in interface.
Router(config-if)#ip address 192.168.1.1 255.255.255.0:- This command assign IP address in
Serial 0/0/0 of R1.
Router(config-if)#ip address 192.168.1.2 255.255.255.0 :- This command assign IP address
in Serial 0/0/0 of R2.
Next command assigns DLCI value in interface.
Router(config-if)#frame-relay interface-dlci 100 :- This command assigns DLCI value 100 in
Serial interface of R1.
Router(config-if)#frame-relay interface-dlci 101 :- This command assigns DLCI value 101 in
Serial interface of R2.
Next command sets LMI option in interface. Until we change LMI option with next command
default LMI option is set to Cisco (in Cisco routers).
Router(config-if)#frame-relay lmi-type ansi :- This command will change default LMI option
to ANSI.
Have you notice ? we did not run this command in R2. Since LMI option [Cisco] that we got
from provider matches with the default (Cisco) setting, so there is no need to run this
command in R2.

Page 95 of 142
By default all interfaces on router are disabled. We need to enable them before they can
communicate with other.
Router(config-if)#no shutdown :- This command will enable the Serial interface

1.4 Configuration of DSL

You configure DSL connections in much the same way you configure ISDN or modem
connections. DSL connections can be configured as switched or nailed PPP, MP, or MPP, or
as Frame Relay-encapsulated connections. You can also use your existing authentication
methods, such as RADIUS, to authenticate DSL users, by using PPP protocols in conjunction
with PAP or CHAP. You can do this either when the units are first turned on or by setting an
inactivity timer.

Any ISDN TA or router (such as an Ascend Pipeline) that supports ISDN BRI (2B1Q) signaling
can be connected over an IDSL connection. ADSL and SDSL connections require Ascend DSL
Pipe units on the remote end.

DSL connections require the following general configuration on the MAX TNT:

 The DSL port in the line profile

 A Connection profile for the remote device
 For Frame Relay connections, a Frame Relay profile

In addition to standard routing connections, you can configure the following DSL-specific
capabilities:

 DSLPipe plug and play

 IDSL voice support

A DSL physical link is always up, but a PPP session can be established and terminated based
on data activity, just as it is for ISDN or PSTN calls. Each PPP session initiates negotiations,
followed by authentication and accounting. Switched connections can provide per session
authentication as well as accounting information typically used for client billing.

Page 96 of 142
From the service provider perspective, a DSL connection is handled exactly like an ISDN or
PSTN call. The MAX TNT checks the Answer-Defaults profile, applies authentication
methods, and establishes the PPP session. After some inactivity PPP session is dropped,
again generating accounting information. DSL Pipe units initiate all switched ADSL and SDSL
connections and the MAX TNT handles them as regular incoming PPP calls. Note that Frame
Relay connections must be nailed.
You configure the DSL Pipe for a switched connection in a similar way to other Pipeline
switched connections, with the following important differences:
Set the Chan Usage parameter in the Configure profile to Switch/Unused (for ADSL or SDSL
connections) or Switch/Switch (for IDSL connections)
Set the Dial # parameter in the Configure profile to the DSL port number, which in the case
of a single DSL Pipe is always 1.
To configure a switched connection on the MAX TNT for an incoming connection from a DSL
Pipe, you must set the Call-Type parameter to Off in the Connection profile for the DSL Pipe.
For example:
admin> read connection dslpipe-1
CONNECTION/dslpipe-1 read
admin> set telco call-type = off
admin> write
CONNECTION/dslpipe-1 read
For more information about configuring switched connections on the MAX TNT, see
the MAX TNT Network Configuration Guide.
Configuring nailed connections
In a nailed connection, the MAX TNT and the remote unit always assume the connection is
up and do not attempt to verify the line is operational.
A nailed connection does not record accounting or authentication information after the
session is established and therefore cannot be used to bill for DSL service as if it were a call
on an ISDN network or the PSTN.
Nailed connections are typically used for Frame Relay connections, but PPP can also be
used. Voice calls are not supported over a nailed connection.
You specify whether a ADSL or SDSL connection is nailed by:
 Specifying a nailed group number in the ADSL or SDSL profile

Page 97 of 142
  Setting Call-Type to FT1 in the Connection profile for the nailed connection
You specify whether an IDSL connection is nailed by:
 Specifying a nailed group number in the IDSL profile
 Setting Channel-Usage to Nailed-64-Channel in the IDSL profile
 Setting Call-Type to FT1 in the Connection profile for the nailed connection
You configure the DSL Pipe for a nailed connection in a similar way to other Pipeline nailed
connections:
 In the Configure profile, set Chan Usage to Leased/Unused
 In the Connection profile for the MAX TNT, set Call Type to Nailed in the Telco
Options submenu
 In the Connection profile for the MAX TNT, specify a Group number in the Telco
Options submenu
DSL configurations, includes:

 An IDSL Frame Relay connection

 An ADSL nailed PPP connection
 An SDSL Frame Relay configuration using interface-based routing
 An SDSL Frame Relay configuration using system-based routing

Frame Relay IDSL configuration

In the figure below, a Pipeline connects, over a 128Kbps nailed Frame Relay connection, a
single user to a MAX TNT. It uses system-based routing. This example uses an Ascend
Pipeline, but you can configure any ISDN U-interface device, such as a terminal adapter (TA),
similarly. You must also assign that channel a group number using the Nailed-Group
parameter. The Connection profile for the remote device then references the assigned
group number in its Nailed-Group setting, to direct the connection to use the IDSL nailed
channel.

Page 98 of 142
Figure : IDSL connection with a Pipeline

Configuring the MAX TNT

This example assumes the MAX TNT has already been configured with the following
information:
 IP address of 192.1.1 4/24
 System name of idsltnt
To configure the MAX TNT for this example you must configure the following:
 A Connection profile for the remote device
 An IDSL profile
 A Frame Relay profile
 A static route to the gateway
Configuring a Connection profile for the remote device
To configure a Connection profile for the remote device:

1. Create a Connection profile for the Pipeline:

admin> new connection pipeline

1. Activate the profile:

admin> set active=yes

2. Set the encapsulation:

admin> set encapsulation-protocol=frame-relay

3. List the IP-Options profile:

admin> list ip-options

Page 99 of 142
 4. Enable IP routing for this Connection profile:

admin> set ip-routing-enabled=yes

5. Specify the Pipeline IP address:

admin> set remote-address=192.1.2.1/24

6. List the FR-Options profile:

admin> list .. fr-options

7. Specify the name of the Frame Relay profile:

admin> set frame-relay-profile=idsltnt-fr

8. Specify the Frame Relay DLCI:

admin> set dlci=16

9. List the Telco options profile:

admin> list .. telco-options

10. Set the data service:

admin> set data-service=64K-clear

11. Specify that the connection uses nailed channels:

admin> set call-type=ft1

12. Write the Connection profile:

admin> write

Configuring the IDSL profile

To configure the MAX TNT IDSL profile, proceed as in the following example:

1. Read the IDSL profile the remote user is connected to. For example:
admin> read idsl {1 7 18}
IDSL/{ shelf-1 slot-7 18 } read

1. Enable the line:

admin> set line enabled = yes

Page 100 of 142

 2. List the configuration for the first channel:
admin> list line channel 1
[in IDSL/{ shelf-1 slot-7 18 }:line-interface:channel-con +
channel-usage = switched-channel
nailed-group = 0

3. Specify that the connection is nailed:

admin> set channel-usage = nailed-64-channel

4. Specify the nailed group. This group is referenced in the Connection profile for the
remote device so the MAX TNT knows which interface to use for the connection:
admin> set nailed-group = 10

5. Configure the second channel as nailed and assign it the same group number. For
example:
admin> list .. 2
[in IDSL/{ shelf-1 slot-7 18 }:line-interface:channel-con +
channel-usage = switched-channel
nailed-group = 0
admin> set channel-usage = nailed-64-channel
admin> set nailed-group = 10

6. Write the profile to save your changes:

admin> write
IDSL/{ shelf-1 slot-7 18 } written

Configuring the Frame Relay profile

To configure the Frame Relay profile:

1. Create a new Frame Relay profile:

admin> new frame-relay idsltnt-fr

1. Enable the profile:

admin> set active=yes

Page 101 of 142

 2. Assign the Frame Relay profile to a nailed-up group:
admin> set line nailed-up-group=10
This must be the same as the IDSL nailed group number you configured in the IDSL profile.
The nailed group must be unique for each active WAN interface.

1. Write the profile:

admin> write

Configuring a static route to the gateway

To configure a static route to the gateway:

1. Read in the IP-Route Default profile:

admin> read ip-route default

1. Enter the address of the Gateway on the local LAN to the remote network.
set gateway-address = 192.1.1.2

1. Write the profile:

admin> write
Configuring the Pipeline
Note: When configuring a remote ISDN device to attach to the IDSL line card, always select
ATT 5ESS Point-to-Point as the switch type. The IDSL line card can only emulate the ATT 5ESS
Point-to-Point switch. (On a Pipeline, you can specify an IDSL switch type. This selection
emulates an ATT 5ESS Point-to-Point switch with En-Bloc dialing support, which can be used
for IDSL voice calls.)
Before you configure the Pipeline, make sure the PC connected to the Pipeline has an IP
address on the same subnet as the Pipeline, and that the IP address of the Pipeline is
configured as the default gateway for the PC.
Configuring the Configure profile
The Pipeline Configure profile allows you to set up the basic parameters for a
connection. To configure the Pipeline Configure profile:
1. From the Main Edit menu, select Configure.
1. Specify the following values:
o Switch Type=IDSL
o Chan Usage=Leased/Unused
o My Name=pipeline

Page 102 of 142

 o My Addr=192.1.2.1/24
o Rem Name=idsltnt
o Rem Addr=192.1.1.1/24
o Route=IP
2. Exit and save the Configure profile.
Configuring the Frame Relay profile
The Frame Relay profile defines the physical link used by the Connection profile to
connect to the MAX TNT. To configure the Frame Relay profile:
1. Open the Ethernet > Frame Relay > any profile
1. Specify the following values:
o Name=idsl-fr
o Active=Yes
o Call Type=Nailed
o Nailed Grp=1
2. Exit the Frame Relay profile and save your changes.
Note that the Pipeline uses the following nailed group numbers:
 1 is the first B channe l
 2 is the second B channel
Configuring the Connection profile
You must configure other, specialized options in the Connection profile for the
IDSLTNT, including the name of the Frame Relay profile and the nailed group
assigned to it. To do this, proceed as in the following example:
1. Open Ethernet > Connections > idsltnt
1. Specify Frame Relay encapsulation:
Encaps=FR
2. Open the Encaps Options submenu.
3. Specify name of the Frame Relay profile used by this connection and a
DLCI.
o FR Prof=idsl-fr
o DLCI=16
4. Exit and save the Connection profile.
Sample ADSL nailed PPP connection
In figure below a DSL Pipe connects to a MAX TNT ADSL card over a nailed PPP
connection. The ADSL card is in slot 7, and the DSL Pipe is connected to port 3 of
the ADSL card. The DSL Pipe IP address is 10.10.73.1/24. The MAX TNT IP address
is 104.178.115.163/24. This example uses ADSL, but you can configure an SDSL
connection similarly.

Page 103 of 142

Figure 16-4. Sample ADSL PPP connection

Configuring the ADSL profile

To configure the ADSL profile in this example:

1. Read in the ADSL profile:

admin> read adsl-cap {1 7 3}

1. Enable the port:

admin> set enabled=yes

2. List the contents of the Line-Config profile:

admin> list line-config
[in ADSL-CAP/{ shelf-1 slot-7 3 }:line-config]
trunk-group = 0
nailed-group = 0
activation = static
call-route-info = { any-shelf any-slot 0 }
max-down-stream-rate = 7168000

3. Assign this port to a nailed group:

admin> set nailed-group=73
This nailed group points to the Connection profile you will create later. The nailed
group must be unique for each active WAN interface.

1. Specify the maximum downstream rate:

admin> set max-down-stream-rate=7168000

2. Write the profile:

admin> write

Page 104 of 142

Configuring the Connection profile
To configure the Connection profile in this example:

1. Create a new Connection profile:

admin> new connection dslpipe

1. Enable the profile:

admin> set active=yes

2. Set the encapsulation type to PPP:

admin> set encapsulation-protocol=ppp

3. List the IP-Options submenu:

admin> list ip-options
[in CONNECTION/dslpipe:ip-options]
ip-routing-enabled = yes
vj-header-prediction = yes
remote-address = 0.0.0.0/0
local-address = 0.0.0.0/0
..
..

4. Set the IP address of the DSLPipe connecting to the MAX TNT:

admin> set remote-address=10.10.73.1/24

5. Verify that IP routing is enabled (the default) for this Connection profile:
admin> set ip-routing-enabled = yes

6. Verify that VJ header prediction is not enabled for this Connection profile:
admin> set vj-header-prediction = no

7. List the PPP-Options submenu:

admin> list .. ppp-options
[in CONNECTION/dslpipe:ppp-options]
send-auth-mode = no-ppp-auth
send-password = ""
recv-password = ""
link-compression = stac
mru = 1524
lqm = no
lqm-minimum-period = 600
lqm-maximum-period = 600
split-code-dot-user-enabled = no

Page 105 of 142

 8. Specify the authentication mode the MAX TNT requests for the outgoing
call:
admin> set send-auth-mode = pap-ppp-auth

9. Specify the password the MAX TNT sends to the DSLPipe:

admin> set send-password = pap

10. Specify the password the MAX TNT expects to receive from the DSLPipe:
admin> set recv-password = pap

11. List the Telco-Options submenu:

admin> list .. telco-options
[in CONNECTION/dslpipe:telco-options]
answer-originate = ans-and-orig
callback = no
call-type = off
nailed-groups = 1
ft1-caller = no
force-56kbps = no
data-service = 56k-clear
..
..

12. Specify the call type:

admin> set call-type= ft1

13. Specify the nailed group to use for this Connection profile:
admin> set nailed-groups = 73

14. Write the profile:

admin> write

Configuring the DSLPipe

To configure the DSLPipe in this example:

1. From the Main Edit menu, select Configure.

1. Specify the following values:

o Chan Usage=Leased/Unused
o My Name=dslpipe
o My Addr=10.10.73.1/24
o Rem Name=max-tnt
o Rem Addr=104.178.115.163/24
o Route=IP
o Bridge=No

Page 106 of 142

 2. From the Main Edit menu, select Ethernet > Connections > max-tnt.
3. Specify the following values:
o Active=Yes
o Encaps=PPP
o Bridge=No
o Route IP=Yes
4. Open the Encaps Options submenu.
5. Specify the following values:
o Send Auth=PAP
o Send PW=PAP
o Recv PW=PAP
o Link Comp=None
o VJ Comp=No
6. Open the Telco Options submenu.
7. Specify the following values:
o Call Type=Nailed
o Group=1
8. Exit the Connection profile and save your changes.

1.4Configuration of FTTH

Fiber to the Home or simply FTTH is a technology that uses optical fiber directly from the
central point to the residential premises (as shown in the following image). It provides
uninterrupted high-speed internet service. Here, “H” includes both home and small
business.

Page 107 of 142

FTTH is the ultimate fiber access solution where each subscriber is connected to an optical
fiber. The deployment options discussed in this tutorial are based on a complete optical
fiber path from the Optical Line Termination (OLT) right to the subscriber premises.
This choice facilitates high bandwidth services and content to each customer and ensures
maximum bandwidth for future demands of new services. Therefore, Hybrid options
involving ‘part’ fiber and ‘part’ copper infrastructure networks are not included.
As an access to the home over fiber, Fiber to The Home (FTTH) scenario is mainly for the
single family unit (SFU), providing a comparatively small number of ports, including the
following types — POTS, 10/100/1000 BASE-T, and RF (18dBmV).
Optical Fiber Method can be deployed in two ways: Active Method and Passive Method. The
current mass FTTH deployment is based on the passive method. Hence, let’s discuss the
Passive Method in detail.
Passive Method − The two typical technologies used in this method are Ethernet Passive
Optical Network (EPON) & Gigabit-capable Passive Optical Networks (GPON). Refer the
following image.

 Very high bit rate digital subscriber loop (VDSL) supports a maximum bit rate of 55
bps. VDSL2 has better QoS and better SNR.
 ADSL (asymmetric digital subscriber line) supports a maximum bit rate of 8Mbps,
however ADSL2 can go up to 12Mbps.
 SHDSL stands for symmetric high bit rate digital subscriber line. The larger the
diameter of the telephone, the longer the distance it could reach. The transmission
rate depends on the diameter of the telephone wire.

Page 108 of 142

  Integrated service digital network (ISDN) is based on circuit-switched network.
Why FTTH?
Fiber offers a number of advantages over the previous technologies (Copper). The most
important ones are as follows −
 Enormous information carrying capacity
 Easily upgradeable
 Easy to install
 Allows fully symmetric services
 Reduces operations and maintenance costs
 Covers very long distances
 Strong, flexible, and reliable
 Allows small diameter and lightweight cables
 Safe and secure
 Immune to electromagnetic interference (EMI)
 Lower cost
The following table lists the advanced services that can be provided through FTTH along
with their bandwidth.

1.5 Configuration of FTTP

Fibre to the Premises (FTTP, or FTTH - Fibre to the Home) is a broadband technology which
can provide very fast internet speeds.
Fibre to the Premises means that the fibre broadband internet connection from the local
exchange is connected to the router in your home, which is much faster than the old copper
telephone line used by many other broadband services.
The result is you can enjoy very high speeds of 1Gbps (gigabits per second) or more. Though
FTTP can also deliver lower speeds, which is useful if very fast fibre is beyond your budget,
or not required, but might be something you'll use later.

Page 109 of 142

Setting Up Fibre to the Premises (FTTP)

Step 1:
locate the nbn™ FTTP Network Termination Device (NTD)
Find the indoor nbn™ FTTP Network Termination Device (NTD) in your home. This will
usually be installed in a garage but may be located in an odd location such as a wardrobe,
cupboard or underneath a staircase. Ensure you check your entire home for the NTD
including any unusual places that you may not expect.

The nbn™ Network Termination Device (NTD) may be installed without a battery backup
unit (as shown above) or with an optional battery backup unit. The image below shows the
nbn™ Network Termination Device (NTD) installed alongside a battery backup unit. Please
note that the battery backup adds little value to an nbn™ FTTP service. If your power is cut,
your nbn™ NTD unit will continue to run for a limited time on the battery backup, but your
wireless modem/router will not be powered, and any associated services such as a VoIP
phone service will also stop working.

Page 110 of 142

Step2:
plug in your BYO modem/router to the nbn™ FTTP Network Termination Device (NTD)
You will need to plug your modem/router into your nbn™ FTTP Network Termination Device
(NTD) to connect your Internet service. First, remove the cover on the NTD to access the
ports on the bottom. Press the two clips on either side and lift the cover at an angle (as
shown below) to remove it.

Ensure that the included power cable from the power port on the back of the FTTP Network
Termination Device (NTD) is plugged in and secure. Plug the other end of the power cable
into a power wall outlet in your home and switch the powerpoint on.
After a few minutes, you should notice the POWER and OPTICAL lights on the front of the
NTD turn solid green. If you have a battery backup unit installed, the ALARM button may
also be green. If the optical light on your nbn™ FTTP NTD remains red or is off,
please contact our support team for further troubleshooting.

Page 111 of 142

Now, take your modem/router’s power supply cable and use it to connect your
modem/router’s power port to an electrical outlet. Switch the powerpoint on.
Take your Ethernet cable (this is typically blue, yellow, grey or white) and plug one end into
the required yellow port marked UNI-D on the back of the nbn™ FTTP Network Termination
Device (NTD). The active UNI-D port would have been sent to you via email and SMS – in
many cases, this is usually UNI-D 1 but may be another number such as UNI-D 2, UNI-D 3 or
UNI-D 4.

Plug the other end of this Ethernet cable into the WAN port on your modem/router. This
may also be labelled as INTERNET, WAN/LAN or FIBRE. The Ethernet cable is larger than a
telephone cable. DO NOT use the telephone cable to plug in your modem/router to the
nbn™ FTTP Network Termination Device (NTD).
Step 4:

Connect and configure your BYO modem/router

Your BYO modem/router will need to be configured with your new MATE nbn™ details to
work.
1. First, ensure the supplied yellow Ethernet cable with your modem/router (this is usually
yellow, blue, grey or white) is plugged from the required yellow UNI-D port on your nbn™
FTTP Network Termination Device (NTD), into the WAN port on the back of your
modem/router. This WAN port may also be labelled as INTERNET, LAN/WAN or FIBRE
depending on the make and model of your modem.
2. You will now need to connect your BYO modem/router to your device. You’ll need a
computer, laptop, tablet or smartphone that is connected to your BYO modem/router via
Ethernet or Wi-Fi.

Page 112 of 142

3. Once you have connected your device to your BYO modem/router, open the web browser
on your connected device and type in your modem/router’s default gateway/admin IP
address in the address bar. This will be printed on the bottom or back of your
modem/router depending on the make and model. Some of the most common addresses
are 192.168.1.1, 192.168.20.1, 10.1.1.1 and 10.0.0.138. The IP gateway address for your
modem/router will typically be printed on the bottom or back of your device.
4. Once you have accessed the gateway of your modem/router, you may see a login page. If
there’s a username or login field, the default username will almost always be admin (it may
even already be filled in). The default password is typically admin or password.
If you can’t log in with these settings, please check the manufacturer’s website for your BYO
modem/router’s default login settings. If your BYO modem/router is secondhand or you
have used it previously, it may have custom login details set. If you need to, you can factory
reset the modem/router to return it to the default settings.
5. From here, it gets a little tricky to offer general advice for all BYO modem/routers. The
layout of modem/router settings pages can vary greatly for each different device depending
on the make and model. If you get stuck or it is not clear where you should change your
internet settings, you need to check the manufacturer’s website for support information.
Ideally, your modem/router will have a Setup Wizard or Quick Setup section that will run
automatically the first time you log in to the settings, or there’ll be a fairly obvious button to
launch it.
6. The Setup Wizard or Internet Settings section should run you through entering the
required connection settings, step by step. The most important settings are the following:
Encapsulation or Connection Type – MUST BE SET TO PPPOE
Connection Mode/Access Type/Service Type – ETHERNET WAN/RESIDENTIAL
GATEWAY/WIRELESS ROUTER MODE
This will then allow you to enter your username (sometimes called Login) and password
which are supplied in your MATE welcome email, titled “You’re nearly there mate!”
7. After completing the Setup Wizard or Internet Settings section and saving your settings,
give the modem/router some time. Some modem/routers reboot automatically after every
new configuration, while others simply need a few minutes to apply the settings.
Take a look at the lights on your modem router. Most should now be green, blue, purple or
another “positive” colour. Many modem routers have lights that flash to indicate

Page 113 of 142

connection activity, so you shouldn’t be concerned if any lights are flashing unless the
manufacturer’s support information specifically advises that flashing lights indicate a
problem.
8. Hop on one of your computers or Wi-Fi devices and try to visit a website. If it works, your
MATE nbn™ internet is up and running! If you have issues connecting, please contact our
support team for further troubleshooting.

1.6 Configuration of L2TP

Configuring L2TP Connection Settings

Use the following procedure to configure Layer 2 Tunneling Protocol settings.

You can implement transparent bridging by using L2TP (Layer 2 Tunneling Protocol)
tunneling. By tunneling traffic from an AP to a centralized data center, access controllers
with policy enforcement software can apply rules and services. In a typical WLAN
implementation, these rules include a captive portal to authenticate users' credentials.
In the case of L2TP, the Ruckus AP functions as a remote bridge, forwarding traffic on to PPP
sessions over the L2TP tunnel. This implementation ensures that you have complete
visibility into MAC addresses of users, as individual Wi-Fi clients are essentially placed
(bridged) onto the ISP's core network.
1. Go to Configuration > Internet.
2. Under L2TP Connection, click Enable.

Page 114 of 142

 1. In L2TP Network Server IP Address, type the IP address of the L2TP network server (LNS) to
which the device connects.
2. In L2TP Network Server Password, type the L2TP server password.
3. If your network requires PPP authentication, configure the following fields under L2TP/PPP
Authentication:
o Username: Type your PPP user name.
o Password: Type the password for the account.
o L2TP Tunnel Untag VLAN ID: Enter the Untag VLAN ID for the L2TP tunnel.
4. In Close WLAN When Tunnel Fail, select Enable if you want to disable the WLAN when the
tunnel connection is lost. This prevents clients from remaining connected to the WLAN but without
Internet connectivity.
5. Click Update Settings to save your settings.
6. ATM and LAPB configuration

6. Testing WAN connection and speed

 Content/Topic 2 : Testing WAN connection and speed

Page 115 of 142

3.1 Using network benchmarking tools

Here are free network benchmarking tools that can be used to test your network speed
between computers to make sure the network is running at the speeds you expect.

 LAN Speed Test (Lite).

LAN Speed Test was designed from the ground up to be a simple but powerful tool for
measuring file transfer, hard drive, USB Drive, and Local Area Network (LAN) speeds (wired
& wireless). First, you pick a folder to test to. This folder can be on a local drive or USB drive,
etc. to test the drive speed, or a shared folder on your network to test your network speed.
 LANBench

LANBench is a simple LAN / TCP Network benchmark utility. It is designed for testing
network performance between two computers and is based on Winsock 2.2. LANBench

Page 116 of 142

tests TCP performance only and is designed for minimal CPU usage so that the pure
performance of your network could be fully tested.

 NetIO-GUI

NetIO-GUI is a Windows frontend for the multiplatform command line utility ‘netio’. It
measures ICMP respond times and network transfer rates for different packet sizes and
protocols. All results are stored in a SQLite database file and can easily be compared. NetIO-
GUI is preferred to rate the quality of peer-to-peer connections like VPN.
LO 2.3 – Configure and verify a site to site VPN
● Content/Topic 1 : Description of VPN(Virtual Private Network)
1. Introduction to VPN (Virtual Private Network)
1. 1 Definition of VPN (Virtual Private Network)
VPN is a Virtual Private Network that allows a user to connect to a private network over the
Internet securely and privately.
VPN creates an encrypted connection, known as VPN tunnel, and all Internet traffic and
communication is passed through this secure tunnel. Thus, keeping the user data secure and
private.
1.2 Types of VPN
There are two basic VPN types which are: .

Page 117 of 142

 Remote Access VPN
Site – to – Site VPN
1.2.1 Remote Access VPN

 Remote access VPN allows a user to connect to a private network and access its
services and resources remotely. The connection between the user and the private
network happens through the Internet and the connection is secure and private.

 Remote Access VPN is useful for business users as well as home users.

 A corporate employee, while traveling, uses a VPN to connect to his/her company’s

private network and remotely access files and resources on the private network.

 Home users, or private users of VPN, primarily use VPN services to bypass regional
restrictions on the Internet and access blocked websites. Users conscious of Internet
security also use VPN services to enhance their Internet security and privacy.

1.2.2 Site – to – Site VPN

 A Site-to-Site VPN is also called as Router-to-Router VPN and is mostly used in the
corporates.

 Companies, with offices in different geographical locations, use Site-to-site VPN to

connect the network of one office location to the network at another office location.

 When multiple offices of the same company are connected using Site-to-Site VPN
type, it is called as Intranet based VPN.

 When companies use Site-to-site VPN type to connect to the office of another
company, it is called as Extranet based VPN.

 Basically, Site-to-site VPN create a virtual bridge between the networks at

geographically distant offices and connect them through the Internet and maintain a
secure and private communication between the networks.

1.3Types of VPN protocols

Internet Protocol Security or IPsec
Layer 2 Tunneling Protocol (L2TP)
Point – to – Point Tunneling Protocol (PPTP)
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Open VPN
Secure Shell (SSH)
1.3.1 Internet Protocol Security or IPsec

Page 118 of 142

Internet Protocol Security or IPsec is used to secure Internet communication across an IP
network. IPsec secures Internet Protocol communication by authenticating the session and
encrypts each data packet during the connection. IPsec operates in two modes, Transport
mode and Tunneling mode, to protect data transfer between two different networks. The
transport mode encrypts the message in the data packet and the tunneling mode encrypts
the entire data packet. IPsec can also be used with other security protocols to enhance the
security system.
1.3.2 Layer 2 Tunneling Protocol (L2TP)
Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another
VPN security protocol like IPsec to create a highly secure VPN connection.
L2TP creates a tunnel between two L2TP connection points and IPsec protocol encrypts the
data and handles secure communication between the tunnel
1.3.3 Point – to – Point Tunneling Protocol (PPTP)
PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data
packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection.
PPTP is one of the most widely used VPN protocol and has been in use since the time of
Windows 95. Apart from Windows, PPTP is also supported on Mac and Linux.

1.3.4 Open VPN

Open VPN is an open source VPN that is useful for creating Point to-Point and Site-to-Site
connections. It uses a custom security protocol based on SSL and TLS protocol.

1.3.5 Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection
where the web browser acts as the client and user access is restricted to specific
applications instead of entire network.
SSL and TLS protocol is most commonly used by online shopping websites and service
providers. Web browsers switch to SSL with ease and with almost no action required from
the user, since web browsers come integrated with SSL and TLS. SSL connections have https
in the beginning of the URL instead of http.
1.3.6 Secure Shell (SSH)
Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and
also ensures that the tunnel is encrypted. SSH connections are created by a SSH client and
data is transferred from a local port on to the remote server through the encrypted tunnel.

Page 119 of 142

1.4 Classification based on OSI layers
According to the OSI model, the VPN can be established at the data link layer, or at the network
layer, or even at a higher layer. There are several types of VPNs which are widely used, they can be
divided based on the OSI layer.

(1) Layer 2 tunneling protocol (data link layer): Includes Point-to-Point Tunneling Protocol (PPTP),
Layer 2 Forwarding Protocol (L2F), Layer 2 Tunneling Protocol (L2TP), and Multi-Protocol Label
Switching (MPLS). ), and so on.
(2) Layer 3 tunneling protocol (network layer): includes Generic Routing Encapsulation Protocol
(GRE) and IP Security (IPSec), which are the two most popular Layer 3 VPNs.
(3) Session layer tunneling protocol: Socks are in the session layer of the OSI model. The Secks4
protocol, which provides a firewall that does not require authentication for client-server programs
based on TCP (not including UDP) such as TELNET, FTP, HTTP, WAIS, and GOPHER. A VPN tunnel
without encryption authentication is established. The Socks5 protocol extends Socks4 to support
IPv4, domain name resolution, and IPv6 as defined in the secure authentication scheme specified by
the UDP and TCP frameworks, and in the address resolution scheme.
(4) Application layer tunneling protocol: Secure Socket Layer (SSL) belongs to the application layer
tunneling protocol. It is widely used in web browsers and web server programs. Provide peer-to-peer
authentication and encryption of application data.
1.5 Classification based on trust level
 Intranet based VPN: When several offices of the same company are connected using
Site-to-Site VPN type, it is called as Intranet based VPN.
 Extranet based VPN: When companies use Site-to-site VPN type to connect to the
office of another company, it is called as Extranet based VPN.
 A remote access virtual private network (VPN) enables users who are
working remotely to securely access and use applications and data that reside in
the corporate data center and headquarters, encrypting all traffic the users send and
receive.

1.6 Provider Provisioned VPN

BGP/MPLS (L2/L3 VPN): MPLS-Based Layer 2 VPNs
In an MPLS-based Layer 2 VPN, traffic is forwarded by the customer’s customer edge (CE)
switch (or router) to the service provider’s provider edge (PE) switch in a Layer 2 format. It is

Page 120 of 142

carried by MPLS over the service provider’s network and then converted back to Layer 2
format at the receiving site.
On a Layer 2 VPN, routing occurs on the customer’s switches, typically on the CE switch. The
CE switch connected to a service provider on a Layer 2 VPN must select the appropriate
circuit on which to send traffic. The PE switch receiving the traffic sends it across the service
provider’s network to the PE switch connected to the receiving site. The PE switches do not
store or process the customer’s routes; the switches must be configured to send data to the
appropriate tunnel.
For a Layer 2 VPN, customers must configure their own switches to carry all Layer 3 traffic.
The service provider must detect only how much traffic the Layer 2 VPN will need to carry.
The service provider’s switches carry traffic between the customer’s sites using Layer 2 VPN
interfaces. The VPN topology is determined by policies configured on the PE switches.
Customers must know only which VPN interfaces connect to which of their own sites. The
figure below, illustrates a full-mesh Layer 2 VPN in which each site has a VPN interface
linked to each of the other customer sites. In a full-mesh topology between all three sites,
each site requires two logical interfaces (one for each of the other CE routers or switches),
although only one physical link is needed to connect each PE switch to each CE router or
switch.
Figure : Layer 2 VPN Connecting CE Switches

MPLS-Based Layer 3 VPNs

In a Layer 3 VPN, the routing occurs on the service provider’s routers. Therefore, Layer 3
VPNs require more configuration on the part of the service provider, because the service
provider’s PE routers must store and process the customer’s routes.

Page 121 of 142

In the Junos OS, Layer 3 VPNs are based on RFC 4364, BGP/MPLS IP Virtual Private
Networks. This RFC defines a mechanism by which service providers can use their IP
backbones to provide Layer 3 VPN services to their customers. The sites that make up a
Layer 3 VPN are connected over a provider’s existing public Internet backbone.
VPNs based on RFC 4364 are also known as BGP/MPLS VPNs because BGP is used to
distribute VPN routing information across the provider’s backbone, and MPLS is used to
forward VPN traffic across the backbone to remote VPN sites.
Customer networks, because they are private, can use either public addresses or private
addresses, as defined in RFC 1918, Address Allocation for Private Internets. When customer
networks that use private addresses connect to the public Internet infrastructure, the
private addresses might overlap with the private addresses used by other network users.
BGP/MPLS VPNs solve this problem by prefixing a VPN identifier to each address from a
particular VPN site, thereby creating an address that is unique both within the VPN and
within the public Internet.
In addition, each VPN has its own VPN-specific routing table that contains the routing
information for that VPN only. Two different VPNs can use overlapping addresses. Each
route within a VPN is assigned an MPLS label (for example, MPLS-ARCH, MPLS-BGP, or
MPLS-ENCAPS). When BGP distributes a VPN route, it also distributes an MPLS label for that
route. Before a customer data packet travels across the service provider’s backbone, it is
encapsulated along with the MPLS label that corresponds to the route within the customer’s
VPN that is the best match based on the packet’s destination address. This MPLS packet is
further encapsulated with another MPLS label or with an IP, so that it gets tunneled across
the backbone to the egress provider edge (PE) switch. Thus, the backbone core switches do
not need to know the VPN routes.
● Content/Topic 2 : :Configure and verify a site to site VPN
2. Configuration of VPN
2.1 Configure Site to Site IPSec VPN Tunnel between Cisco Routers

Page 122 of 142

This practical will show how to setup and configure two Cisco routers to create a permanent
secure site-to-site VPN tunnel over the Internet, using the IP Security (IPSec) protocol. In this
practice we assume both Cisco routers have a static public IP address. The next practical
exercises will be based on Configuring Site to Site IPSec VPN with Dynamic IP Endpoint Cisco
Routers.
 ISAKMP( Internet Security Association and Key Management Protocol)
ISAKMP (Internet Security Association and Key Management Protocol) and IPSec are
essential to building and encrypting the VPN tunnel. ISAKMP, also called IKE (Internet Key
Exchange), is the negotiation protocol that allows two hosts to agree on how to build an
IPSec security association. ISAKMP negotiation consists of two phases: Phase 1 and Phase 2.

Phase 1 Phase creates the first tunnel, which protects later ISAKMP negotiation messages.
Phase 2 creates the tunnel that protects data. IPSec then comes into play to encrypt the
data using encryption algorithms and provides authentication, encryption and anti-replay
services.
 IPSec VPN Requirements

To help make this an easy-to-follow exercise, we have split it into two steps that are
required to get the Site-to-Site IPSec VPN Tunnel to work.
These steps are:
1) Configure ISAKMP (ISAKMP Phase 1)
2) Configure IPSec (ISAKMP Phase 2, ACLs, Crypto MAP)
Practical example:

Page 123 of 142

The following network topology is showing us, the two branches of a small company, these
are SITE 1 and SITE 2. Both the branch routers connect to the Internet and have a static IP
Address assigned by their ISP as shown on the diagram:

SITE 1 is configured with an internal network of 10.10.10.0/24, while SITE2 is configured

with network 20.20.20.0/24. The goal is to securely connect both LAN networks and allow
full communication between them, without any restrictions.
To begin, we’ll start working on the SITE 1 router (R1).
First step is to configure an ISAKMP Phase 1 policy:
R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encryption 3des
R1(config-isakmp)# hash md5
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# lifetime 86400
The above commands define the following (in listed order):
3DES - The encryption method to be used for Phase 1.
MD5 - The hashing algorithm
Pre-share - Use Pre-shared key as the authentication method
Group 2 - Differ-Hellman group to be used
86400 – Session key lifetime. Expressed in either kilobytes (after x-amount of traffic, change
the key) or seconds. Value set is the default value.
We should note that ISAKMP Phase 1 policy is defined globally. This means that if we have
five different remote sites and configured five different ISAKMP Phase 1 policies (one for

Page 124 of 142

each remote router), when our router tries to negotiate a VPN tunnel with each site it will
send all five policies and use the first match that is accepted by both ends.
Next we are going to define a pre shared key for authentication with our peer (R2 router) by
using the following command:
R1(config)# crypto isakmp key firewallcx address 1.1.1.2
The peer’s pre shared key is set to firewallcx and its public IP Address is 1.1.1.2. Every time
R1 tries to establish a VPN tunnel with R2 (1.1.1.2), this pre shared key will be used.
Configure IPSec -
To configure IPSec we need to setup the following 4 Simple Steps in order:
Create extended ACL
Create IPSec Transform
Create Crypto Map
Apply crypto map to the public interface
Step 1: Creating Extended ACL
Next step is to create an access-list and define the traffic we would like the router to pass
through the VPN tunnel. In this example, it would be traffic from one network to the other,
10.10.10.0/24 to 20.20.20.0/24. Access-lists that define VPN traffic are sometimes called
crypto access-list or interesting traffic access-list.
R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
Step 2: Create IPSec Transform (ISAKMP Phase 2 policy)
Next step is to create the transform set used to protect our data. We’ve named this TS:
R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac
The above command defines the following:
- ESP-3DES - Encryption method
- MD5 - Hashing algorithm
Step 3: Create Crypto Map for IPsec
The Crypto map is the last step of our setup and connects the previously defined ISAKMP
and IPSec configuration together:
R1(config)# crypto map CMAP 10 ipsec-isakmp
R1(config-crypto-map)# set peer 1.1.1.2
R1(config-crypto-map)# set transform-set TS

Page 125 of 142

R1(config-crypto-map)# match address VPN-TRAFFIC
We’ve named our crypto map CMAP. The ipsec-isakmp tag tells the router that this crypto
map is an IPsec crypto map. Although there is only one peer declared in this crypto map
(1.1.1.2), it is possible to have multiple peers within a given crypto map.
Step 4: Apply Crypto Map to the Public Interface

The final step is to apply the crypto map to the outgoing interface of the router. Here, the
outgoing interface is FastEthernet 0/1.
R1(config)# interface FastEthernet0/1
R1(config- if)# crypto map CMAP
Note that you can assign only one crypto map to an interface.
As soon as we apply crypto map on the interface, we receive a message from the router
that confirms isakmp is on: “ISAKMP is ON”.
At this point, we have completed the IPSec VPN configuration on the Site 1 router.
We now move to the Site 2 router to complete the VPN configuration. The settings for
Router 2 are identical, with the only difference being the peer IP Addresses and access lists:
R2(config)# crypto isakmp policy 1
R2(config-isakmp)# encr 3des
R2(config-isakmp)# hash md5
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 2
R2(config-isakmp)# lifetime 86400
R2(config)# crypto isakmp key firewallcx address 1.1.1.1
R2(config)# ip access-list extended VPN-TRAFFIC
R2(config-ext-nacl)# permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
R2(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac
R2(config)# crypto map CMAP 10 ipsec-isakmp
R2(config-crypto-map)# set peer 1.1.1.1
R2(config-crypto-map)# set transform-set TS
R2(config-crypto-map)# match address VPN-TRAFFIC
R2(config)# interface FastEthernet0/1
R2(config- if)# crypto map CMAP
2.2 Establishing and Verifying the IPSec VPN Tunnel
Page 126 of 142
To verify the VPN Tunnel, use the show crypto session command:
R1# show crypto isakmp sa
Crypto session current status
Interface: FastEthernet0/1
Session status: UP-ACTIVE
Peer: 1.1.1.2 port 500
IKE SA: local 1.1.1.1/500 remote 1.1.1.2/500 Active
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 20.20.20.0/255.255.255.0
Other commands used to verify IPSec VPN Tunnel
R1#show crypto isakmp sa
R1#show crypto isakmp policy
R1#show crypto map
R1=show crypto ipsec sa
LO 2.4 – Troubleshoot WAN Network
● Content/Topic 1: Troubleshoot WAN network
Network troubleshooting is the collective measures and processes used to identify, diagnose
and resolve problems and issues within a computer network. It is a systematic process that
aims to resolve problems and restore normal network.
 Tools to troubleshoot WAN connectivity issues
a)Ping
The most commonly used network tool is the ping utility. This utility is used to provide a
basic connectivity test between the request host and destination host.
b)Tracert/traceroute
Typically, once the ping utility has been used to determine basic connectivity can be used to
determine more specific information about the path to the destination host including the
route the packet takes and response time of these intermediate hosts.

 Tools to Troubleshoot of IP configurations issues

a)Ipconfig/ifconfig
One of the most important things that must be completed when troubleshooting a
networking issue is to find out the specific IP configuration of the variously affected hosts.
b)Nslookup
The nslookup utility can be used to lookup the specific IP address(es) associated with
domain name.

 VPN Verification

Page 127 of 142

Test the VPN tunnel
To verify that your VPN tunnel is working properly, it is necessary to ping the IP address of a
computer on the remote network. By pinging the remote network, you send data packets to
the remote network and the remote network replies that it has received the data packets. Your
administrator supplies the remote IP address that you can use for testing. The following steps
explain how to ping a remote IP address.
1. Locate the Windows Start button in the lower left hand corner of the desktop
operating system. Click Start, then Run, and then type Command in the Open file path box.
A DOS window opens to the C:> prompt.
2. Type ping, then the IP address of the host computer. Press Enter to begin the data
communication.
3. A successful ping communication returns data packet information to you. An
unsuccessful ping returns a message of Request Timed Out.

Test network connectivity

To test connectivity with a host on a network or internetwork, use the PING utility.

1. Open a command prompt

o For Windows XP: Click Start, select Run, type cmd and press Enter or
select OK button

o For Windows Vista and Windows 7: type cmd into the Start menu search
box and select it from the Programs list that appears OR if you have the Run
option enabled on your Start Menu, then click Start, select Run,
type cmd and press Enter or select OK button.

2. From the command prompt, type

PING servername
or
PING serverIP
where servername is the name of the server or serverIP is the IP address of the
server with which you want to communicate.

 A response of four lines, each with a time (TTL=) response indicates the server is
reachable.

 A response of Bad IP address indicates the name or IP address is incorrect or

unknown.

Page 128 of 142

  A response of Request timed out indicates the server is known but is not able to
respond within a reasonable time.

A second connectivity test is TRACERT which traces the route to the target computer
and returns a list of routers through which your request travels to reach the
destination.
To use TRACERT:
1. Open a command prompt

o For Windows XP: Click Start, select Run, type cmd and press Enter or
select OK button

o For Windows Vista and Windows 7: type cmd into the Start menu search
box and select it from the Programs list that appears OR if you have the Run
option enabled on your Start Menu, then click Start, select Run,
type cmd and press Enter or select OK button.

2. From the command prompt, type

TRACERT servername
or
TRACERT serverIP
where servername is the name of the server or serverIP is the IP address of the
server with which you want to communicate.

 The default settings for TRACERT will test over a maximum of 30 hops.

 If your TRACERT uses all 30 hops and receives many responses of * rather than a
time in ms (milliseconds) at each hop, you can expect communication with the
target computer to be inefficient.

To pipe the TraceRT to a log file, from the command prompt, type
TRACERT servername > C:\log.txt
or
TRACERT serverIP
where servername is the name of the server or serverIP is the IP address of the
server with which you want to communicate.

Page 129 of 142

 You should wait until the command prompt reappears at the bottom of the screen
before closing the screen. This indicates the entire log has been written.

Test application connectivity

Before sending requests to Universal API, a ping request is recommended to ensure that
there is proper network connectivity and application operability.
The ping request has a single payload of a string and can be used to make sure the method
you have chosen for generating SOAP requests is fully compatible with our system. This
request is more than a network ping in that it is handled by the application to ensure that it
is running and responding properly. The ping request can also be used to test infrastructure
and network components because the length of the request and response message can be
easily controlled. Upon approval, it can also be used to perform load testing of these
components.
 Test and Verify IKE Configuration
Test and verify IKE configuration on the PIX Firewall with the commands in Table below:

 Test and Verify IPSec Configuration

Test and verify IPSec configuration on the PIX Firewall with the commands in the table below:

Page 130 of 142

  Monitor and Manage IKE and IPSec Communications
Monitor and manage IKE and IPSec communications between the PIX Firewall and IPSec peers with
the commands in the table below:

Page 131 of 142

Learning Outcome 2.4: Troubleshoot WAN Network

● Content/Topic 1: Troubleshooting WAN Networks

1. Steps for troubleshooting WAN Networks

Network monitoring systems include software and hardware tools that can track various
aspects of a network and its operation, such as traffic, bandwidth utilization, and uptime.
These systems can detect devices and other elements that comprise or touch the network,
as well as provide status updates.
 WAN Monitoring Tools & Software
There are a number of simple, easy-to-use tools for monitoring WAN links. As most network
managers know, the ping command on a Windows or UNIX computer measures the “round
trip” latency across a WAN link by “pinging” a device or computer at the far end of the link
 Monitoring WAN latency
In a network, latency measures the time it takes for some data to get to its destination
across the network. It is usually measured as a round trip delay - the time taken for
information to get to its destination and back again.
Testing network latency can be done by using ping, traceroute, or My TraceRoute (MTR)
tool. More comprehensive network performance managers can test and check
latency alongside their other features.
 Restore the configuration of WAN devices to its factory default settings
If the router freezes, or if the router does not function well, then a restart option should be
considered. A restart clears the processes of the device, but does not delete the settings. In
the case of a device malfunction, or if you forget the login credentials of the device, then
you may want to reset the system to its factory default settings. When the device is reset to
factory defaults, settings on the device are erased and the router is configured to its default
configurations. You can reset to factory defaults or restart the device through a physical
button on the device, or through the web configuration utility.
 Troubleshooting of IP configurations issues
The first step in the troubleshooting process is to check the TCP/IP configuration. The
easiest way to do this is to open a Command Prompt window and enter the IPCONFIG /ALL
command. Windows will then display the configuration results.

 Troubleshooting of WAN connectivity issues

 Troubleshooting of WAN performance issues

Page 132 of 142

 Check the settings and configurations of the WAN

LO 2.5 – Configure and verify an ADSL connection

● Content/Topic 1 : Hardware Installation for external DSL modem
1. Hardware Installation for external DSL modem

Your new DSL modem package should contain the following:

 One ADSL modem.
 One AC/DC power adapter for ADSL modem.
 One RJ45 to RJ45 Ethernet network cable.
 One RJ11 to RJ11 telephone cable.
 Up to four in-line micro-filters. (One per phone).

 Installing the Inline-Filters

As DSL internet uses the lines your existing phone service uses, from existing phone
provider, it is important that we filter this signal out from your home phone service, while
leaving the phone jack you are using for your DSL modem unfiltered.
1.1 Setting up your DSL Modem
Step 1:
Connect the DSL port of the DSL Modem with a telephone cable (RJ11 Cable), and then
connect the other end to the wall phone jack.
Step 2:

Page 133 of 142

 Connect the LAN port of the DSL Modem to the network card of the PC via an Ethernet
cable (RJ45). If you are using a router connect the Ethernet cable to the WAN port (Typically
marked WAN or Internet port) and the other end to a LAN port on the DSL Modem
Step3:
Plug one end of the power adapter to the wall outlet and then connect the other end to the
Power port of the DSL Modem. The following figure displays the connection of the DSL
Modem, PC, and telephones

1.1.1 Connecting to the internet

In order to get started and begin browsing the internet you will need to configure your
computer for a PPPoE internet connection. Please follow the steps below for setting up your
connection based on your Operating System.
Windows Operating System
The Connect to the Internet wizard will guide you through the steps of setting up a Point-to-
Point Protocol over Ethernet (PPPoE) Internet connection.
1. Open the Conn ect to the Internet wizard by clicking the Start button, clicking Control
Panel, clicking Network and Internet, clicking Network and Sharing Center, clicking Set up a
conne5B0 ction or network, and then clicking Connect to the Internet.
2. On the How do you want to connect? page, select Broadband (PPPoE).
3. Continue to follow the steps in the wizard.
You can install the PPPoE client just like you install any other dial-up networking connection.
To create a PPPoE client connection, follow these steps:
1. Click Start, click Control Panel, and then double-click Network and Internet Connections.

Page 134 of 142

 2. Click Network Connections, and then click Create a new connection in the Network Tasks
pane.
3. After the Network Connection Wizard starts, click Next.
4. Click Connect to the Internet, and then click Next.
5. Click Set up my connection manually, and then click Next.
6. Click either Connect using a broadband connection that requires a user name and
password or Connect using a broadband connection that is always on.
7. Type the Internet service provider (ISP) name that your ISP provided, and then click Next.
8. Type the user name that the ISP provided.
9. Type the password that the ISP provided.
10. Type the password one more time to confirm it, and then click Next.
11. Click Add a shortcut to this connection to my desktop.
12. Click Finish to complete the wizard.
2. Verification and troubleshooting
Troubleshooting and resolving DSL connection problems

Unable to browse the Web or use email? Here are a few tips to help you find the root of the
problem.

First, let’s look at the basic tests and checks to perform. Then, we will look at the most
frequent problems Finally, we will look at the error codes that Windows generates when
your modem is connected directly to your computer, as well as how to resolve them.
Base test
Restart your computer and the DSL modem. Then, try to go to some websites or use your
email account. If both web browsing and email are still not working, follow these steps. If
your computer is giving you an error code, go directly to the solution section for that error
code.
Tests to perform on the modem and the information it provides

1. Make sure that every device that is connected to a phone line, for example, a cordless or
corded telephone, an answering machine, a fax machine or a satellite receiver, has its
own filter. Filters direct the device’s signal to the correct frequency on the land line, thus
eliminating interference with the modem.

Page 135 of 142

  GVC filters : Must be plugged into THE WALL JACK. Then insert the telephone line that
goes to the phone (phone-cable-filter-wall jack).
 Daewoo filters : Must be plugged directly into the TELEPHONE. Then insert the
telephone line and plug it into the wall jack (phone-filter-cable-wall jack).
Very important : the DSL modem MUST NOT be connected to a filter at any time.

2. Check your modem’s connections.

There are three connectors on the DSL modem. Make sure they are properly plugged in
and there is no gap between the outlet and the connector. Check these three
connectors:

 Electrical connector for plugging in the cable from the adapter.

 Network port (RJ45) for plugging in a network cable to the computer or router.

 Telephone jack (RJ11) to connect a telephone line.

3. The modem’s indicator lights help you make an initial diagnosis. This is what the lights
mean:

 POWER — On when the modem is plugged into an electrical outlet using the power
adapter.
 ETHERNET — On when a device such as a computer or router is connected to the
network port (ETH) on the modem, and the device is operating properly.
 DSL — On when the modem is connected to the network. This light flashes when the
modem turns on, then stops flashing and stays on when the modem is connected to
the network.
 INTERNET — On when username and password have been authenticated.
 ACTIVITY — Lights up intermittently, when the modem is transferring data.
5. First, make sure that the « DSL » light is on and is not flashing.
6. If the « DSL» light is on:
1. Make sure that the network cable (RJ-45) is properly connected from the modem’s
« Ethernet » port to the « blue Internet » port on the gateway.
2. Also make sure that the network cable (RJ-45) is properly connected from the
« yellow Ethernet » port on the gateway to your computer’s network card.

Page 136 of 142

 3. Try to restart the telephone gateway by unplugging the power cord and plugging it
back in.

7. If the « DSL» light is off or flashing:

1. Make sure that the DSL modem’s phone line is properly connected to a wall
telephone jack.

2. Also make sure that the telephone line connected to the modem is not plugged
into an extension. It should be no more than six feet (approximately three metres)
long.

3. Make sure that there are no splitters (Y connectors) between the DSL modem and
the telephone jack.

4. Make sure that the modem does not have a filter on it.

5. Try plugging the modem into another telephone jack. The DSL modem can get a
signal even if no computer is connected to it. So, you can test the modem in
various jacks without moving your computer. Does the DSL light stay on in other
jacks or outlets? If so, there may be a problem with the building’s wiring. Contact
technical support for more information.

6. Test it with all of your phones, fax machines, satellite receivers and answering
machines unplugged. A defective device or filter can interfere with the signal.
Unplugging everything except the modem is an easy way of checking this! If you
unplug all of your devices and the DSL light remains on and is not flashing, plug the
devices in one at a time to determine which one is defective.

7. If the « DSL » light is off or flashing after several tries with all other devices
unplugged, contact ORICOM INTERNET technical support.

Page 137 of 142

Learning Unit 3 – Document of the Work Done
LO 3.1 – Accurate documentation and submission of review process
● Content/Topic 1 Producing netwok documentation
1. Network configuration table

Contains accurate, up-to-date records of the hardware and software used in a network. The
network configuration table should provide the network engineer with all the information
necessary to identify and correct the network fault.

The table should be included for all components:

Type of device, model designation

IOS image name
Device network hostname
Location of the device (building, floor, room, rack, panel)
If it is a modular device, include all module types and in which module slot they are
located
Data Link layer addresses
Network layer addresses
Any additional important information about physical aspects of the device
2. End-system configuration table
Contains baseline records of the hardware and software used in end-system devices such as
servers, network management consoles, and desktop workstations.
An incorrectly configured end system can have a negative impact on the overall
performance of a network.
Troubleshooting purposes, the following information should be documented:

Device name (purpose)

Operating system and version
IP address
Subnet mask
Default gateway, DNS server, and WINS server addresses
Any high-bandwidth network applications that the end-system runs
 Network topology diagram

Page 138 of 142

Graphical representation of a network, which illustrates how each device in a network is
connected and its logical architecture. A topology diagram shares many of the same
components as the network configuration table.
At a minimum, the topology diagram should include:
Symbols for all devices and how they are connected
Interface types and numbers
IP addresses
Subnet masks
 Configuration backup table

Regular network configuration backup is one of the compulsory measures to lessen time of
net standstill. Network config backup will help you recover the net quickly in case of physical
failure of the device and in case of errors, caused by system administrators' mistakes.
LO 3.2 – Documentation of all logs issues and action taken for future reference

 Content/Topic 2: Producing report

1. Report
This report will maintain records about IMPLEMENTING CONNECTIONS TO REMOTE SITE. And
this documentation is used to give administrators information about how
the IMPLEMENTING CONNECTIONS TO REMOTE SITE should look, perform and where to
troubleshoot problems as they occur.
 Three (3) components of reports
1.1 Logs issues:
Issue Log, keeps a record of all issues within implementation of connections to remote site. It
will help you to monitor the status of your issues and track the actions taken to resolve
them. By using an issue log effectively, you can minimize the impact that issues have on
implementing connections to remote site, thereby increasing your chances of success.
1.2 Solution implementation:
This part of report, involves the identification, adaptation, and implementation of new and
enhanced future-proof in implementing connections to remote site.
1.3 Description of materials used:
In this part of report, there is a list of the Equipments, materials and tools.
This part also, it contains the details or description of each material used during
implementing connections to remote site.

Page 139 of 142

2. Report format
o WORK REPORT OF A NETWORK TECHNICIAN

Company/Technician Address

Company /Technician Name:

Website /Email address:

PO BOX :

Office /Mobile Phone Contact :

Company/Technician office
Location:

Customer Address

Customer Name:

Website /Email address

PO BOX :

Office /Mobile Phone Contact :

Customer office Location:

Status Before Work:

User manual and previous report:

Logs issues :

Solution and Implementation:

Procedures of the task accomplished:

Page 140 of 142

Network Devices, equipment and materials used:

Status After Work:

Observations /Recommendations:

Customer Verification

Names:

Signature /stamp

Date:

Company /Technician Verification

Name:

Signature/stamp

Date:

Page 141 of 142

Reference(s):
Cisco Systems, I. (2000, January 10). Cisco Systems, Inc. Retrieved July 5, 18, from
https://www.cisco.com/:
https://www.cisco.com/c/en/us/td/docs/routers/access/800M/software/800MSCG/serconf.html

Cisco Systems, I. (2000, January 01). Cisco Systems, Inc. Retrieved July 18, 2020, from
https://www.cisco.com/: https://www.cisco.com/c/en/us/support/docs/cloud-systems-
management/configuration-

Cisco Systems, I. (2001, January 1). https://www.cisco.com/c/en/us/about/legal/privacy-full.html.

Retrieved July 15, 2020, from Cisco Systems, Inc.:
https://www.cisco.com/c/en/us/td/docs/routers/access/800M/software/800MSCG/routconf.html

https://www.computernetworkingnotes.com/. (2010, December 17). Retrieved September 20, 2020,

from https://www.computernetworkingnotes.com/:
https://www.computernetworkingnotes.com/ccna-study-guide/cabling-cisco-devices-guide.html

https://www.ictshore.com/. (2010, January 3). Retrieved August 10, 2020, from

https://www.ictshore.com/: https://www.ictshore.com/free-ccna-course/wan-connections/

Page 142 of 142