5259ix.fm.1 page 834 friday, october 11, 2002 11:07 am€¦ · heartbeats, 745 two-way internet...

5259IX.fm.1 Page 834 Friday, October 11, 2002 11:07 AM

I

N

D

E

X

Numerics

108 Bert Test, 13211-bit chipping, 5022 second issue (ISDN), resolving, 387–3962B+D, 2382B1Q (two binary one quaternary) signaling, 55,

58–593G wireless, 91–9256-kbps flex modems, 145ess switch types (ISDN), 259–2605-GHz UNII band, 51–5277x routers, accessing IOS routers, 366–367, 369800 toll-free numbers, dialup, 13802.11a specification, 51–52802.11e specification, 53802.11g specification, 52804 routers, calling from 77x routers, 366–369

A

access servers, 13activating Layer 2 in ISDN routers, 320–321active periods (snapshot routing), 291adaptive shaping, 487–488ADCs (analog-to-digital converters), 39Address field

Frame Relay frames, 421–423LAPD frames, 244PPP frames, 134

addressing, Frame RelayARP, 453Inverse ARP, 454RARP, 454

adjustable CIRs, 437administratively down interfaces on Frame Relay

new installs, troubleshooting, 548–549

ADSL (asymmetric DSL) , 24, 732PPoE, 733

discovery stage, 735negotiations, 736–739session stage, 736

advanced Frame Relay configurationsbridging, 474–476compression, 476–477

payload compression, 480–481Van Jacobson header compression,

477–480frame switching, 469–470generic traffic shaping, 484–486IP multicast, 482–483IP unnumbered, 469ISDN backup, 471–473traffic shaping, 483–484

ELMI, 487–488map classes, 486–487

AES (Advanced Encryption Standard), 618aggregate CIR, 436–437agile time division multiple access (A-TDMA), 742AH (Authentication Header) format, 614

ICV calculation, 615alarms states of T1 circuits, 184, 186alternate mark inversion.

See

AMIAMI (alternate mark inversion), 61, 130

ones density, 131amplitude, 40amplitude-shift keying (ASK), 40analog dialup services, 12

limitations of, 14VPNs, 13

analog modems, 126signal loss, 127

analog pads, echo removal, 129–130analog-to-digital converters (ADCs), 39Annex A LMI type, 453Annex D LMI, 516–520Annex D LMI type, 451ANSI (American National Standards Institute)

standards, Frame Relay, 415


836

ANSI T1.617 Annex D LMI, 516–520application layer (OSI model), 99Application Service Providers (ASPs), 85–86applications, accessing remotely, 8applying timestamps, 313–314approaches to troubleshooting, models, 101–102AR (access rate), Frame Relay, 434architecture

ISDNC-plane, 236Layer 1, 237–241Layer 2, 242–247Layer 3, 248–252

ARP (Address Resolution Protocol), 453AS5x00 routers, 205–207

AS5200 router commands, 207, 209AS5300 router commands, 209–214AS5400 router commands, 215

ASK (amplitude-shift keying), 40ASPs (Application Service Providers), 85–86asymmetrical CIR, 437A-TDMA (agile time division multiple access), 742authentication

OTPs, 228PAP, 133PPP, 340, 396–398remote access VPN users, 637servers, 133timeouts (dialup), 219–221VPNs

client authentication, 619DH algorithm, 624–627HMAC, 627–628key management, 624–627RADIUS, 621–623user/identity authentication, 620

Authentication phase (PPP), 136, 197authenticator GINAs, 705Auto-RP, 483availability

of remote access services, 7of phone services for ISDN, 309–310

B

B (Bearer) channels (ISDN), 234Layer 1, 237–241

devices, 238interfaces, 239–241

Layer 2, 242LAPD frame format, 242–247logical link establishment (LAPD),

246–247Layer 3, 248

Q.931, 248–252NFAS, out-of-order detection, 227

B8ZS (bipolar 8-zero substitution), 131–132backup interfaces, DDR configuration, 147

BACP (Bandwidth Allocation Control Protocol), 16bandwidth

of modems, 126on demand, ISDN BRI configuration, 376

Bandwidth Allocation Control Protocol (BACP), 16bandwidth interval, Frame Relay, 434Barker sequence, 50baseline behavior

network topology, discovering, 103–105performance, establishing, 105–109

basic-5ess switch types (ISDN), 259–260SPIDs, configuring, 260–262

BBFW (Broadband Fixed Wireless) P2MP solutions, 53

Bc (committed burst rate), 434Be (excess burst rate), 434bearer services, Frame Relay, 438BECNs (backward explicit congestion

notifications), 441–443, 536 Frame Relay Address field bit, 421

BERTs (bit error rate testers), testing T1 circuits, 183–184

bidirectional procedures, 439billing expenses, 7binary phase-shift keying (BPSK), 50BISDN (Broadband ISDN), 235bit errors, checking on T1 circuits, 183–184bit-robbing signaling, 65

ANSI T1.617 Annex D LMI


837

blue alarms, 185Boosted Session Transport, 29, 750BPSK (binary phase-shift keying), 50BRI (Basic Rate Interface), 57, 237–241

D channel, testing, 327developing troubleshooting process in remote

services environments, 359accessing remote user’s router, 365–369preconfiguring routers on both ends,

364–365end-to-end communications, 386

routing issues, resolving, 399troubleshooting LEC switch settings, 387

initializing, 241keepalive mechanism, 323performance issues

LEC switch problems, 382–386line problems, 377–382routing, 377settings, 382

service layers, viewing, 360–363SPIDs, 253

bridging Frame Relay, 474, 476broadband wireless services, 25

limitations of, 27LMDS, 26–27MMDS, 25–26unlicensed frequencies, 27

broadcast queues, Frame Relay configuration, 468BST (Boosted Session Transport), 29, 750budgeting remote access costs, 6bursty traffic, 414

C

C/R (Command/Response) bit, Frame Relay Address field, 421

cable modems, 740services, 20

limitations of, 22standards, 21

cablinglong versus short lengths, 183shorts, detecting, 223

calculatingCIR, 435ISDN BRI load at full utilization, 376maximum DLCIs per interface, 467RER, 444

call clearing messages, 251Call Reference field (Q.931 messages), 249callback function, PPP, 344–347

ISDN configuration, 303–305called-party number verification, 306caller ID screening, 306calling IOS routers from IOS 77x routers, 366–369CAP (carrierless amplitude/phase modulation), 44Capacity Theorem, 38captured Log Viewer results, viewing, 688–699carrierless amplitude/phase modulation (CAP), 44carriers, 69

CO, 81first-tier exchange carriers, 80IXCs, 81switching systems, 70–71tandem office, 83T-carriers, 75

E1, 77T1, 76–77

categories of ISDN network designs, 258–259CATV (cable TV)

cable modems, 20–22, 740data transmission, 740

standards, 741–744heartbeats, 745two-way Internet connections, 744

Cause messages (ISDN BRI), 331–334CCITT (Comité Consultatif International

Téléphonique et Télégraphique), 12CCP (Compression Control Protocol), 352CCS (common channel signaling), 78CDMA2000 1xEV, 91CDP (Cisco Discovery Protocol), discovering

network topology, 103

CDP (Cisco Discovery Protocol), discovering network topology


838

CDSL (consumer DSL), 24cell switching, 70CERT (Computer Emergency Response Team), 77Challenge Handshake Authentication Protocol

(CHAP), 340change management of remote access VPNs, 636channel banks, 73channels, ISDN, 234CHAP (Challenge Handshake Authentication

Protocol), 340charge backs, 7Chinese Remainder Theorem, 625CIR (committed information rate), 435

adjustable CIRs, 437aggregate CIR, 436–437asymmetrical CIR, 437flexible CIR, 437zero CIR, 436

circuit switching, 70Cisco Discovery Protocol, 103Cisco Easy VPN client, 713

client status, displaying, 716debugging IPSec key events, 717–719initial troubleshooting checklist, 714, 716monitoring, 720–721resetting connection, 717restrictions, 713–714

Cisco IOS77x routers, accessing ISDN routers, 366–369commands, 102ISDN

available phone services, 309–310voice privacy, configuring, 308–309

NFAS groups, 393Cisco Mobile Office initiative, 8–9Cisco PIX VPN clients

501 VPN Client, configuring, 669–670506 VPN Client, configuring, 669–671connectivity, verifying, 722–732restrictions, 722

Cisco UBR7200 Series routers, 21Cisco UBR7246 Universal Broadband Router, 26Cisco VPN 3000 Concentrator, IPSec over UDP, 639

Cisco VPN 3002 routerconnection establishment, 795–796

verifying group name/password, 800verifying interface status, 797–799

HW Client, 706configuring, 665–666Event Log, 708–712initial troubleshooting checklist, 707

Cisco VPN IOS Client, configuring, 666–668Cisco VPN Unity client, 663–664

Concentrator Event Log, 699–701event classes, 702–704event security levels, 704–705

Event Log Viewer, 685Client Log Viewer, starting, 686ISAKMP, 688reviewing captured data, 688–699

incompatible GINAs, 705–706restrictions, 676–679troubleshooting checklist, 682–685

classifyingenterprise VPNs, 593–595

data link layer VPNs, 599–603firewall-based VPNs, 597–598network VPNs, 604–607remote access VPNs, 595site-to-site VPNs, 596

troubleshooting tools, 110clear interface bri0 command, 318CLECs (competitive LECs), 80, 732client authentication, 619Client mode configuration, Cisco VPN 3002

routers, 706CLLM (consolidated link-layer management),

442–443clocking issues, 55

Frame Relayisolating, 499–500troubleshooting, 493–498

SCTE, 499CO (central office), 81code values for LMIs, 520–521codecs, 73

CDSL (consumer DSL)


839

coded orthogonal FDM (COFDM), 52coding schemes

2B1Q, 55–59AMI, 61, 130B8ZS, 131–132COFDM, 52DSL, 41–42HDB3, 132pseudo-ternary signaling, 55–57WLANs, 48zero-suppression, 61–62

COFDM (coded orthogonal FDM), 52Comité Consultatif International Téléphonique et

Télégraphique (CCITT), 12commands

AS5200 series routers, 207–209AS5300 series routers, 209–214AS5400 series routers, 215clear interface bri0, 318debug bri, 316–317debug interface serial, 523–524debug isdn q931, 325, 328debug ppp negotiation, 220–221deub ppp authentication, 340extended ping, 111isdn autodetect, 262isdn timeout signaling, 318logging console, 548loopback, troubleshooting T1 circuits, 183mtrace, 578ping, 110–114

replies, 112syntax, 110

service timestamps, 313short format, 102show cdp neighbors, 103show controllers bri0, 316show dialer, 373–374show interface serial 0, 502–505show isdn active, 372show isdn status, 315, 320, 360–363show modem operational status, 224tracert, 114–115

committed burst rate (Bc), 434committed interval (Tc), 434comparing

remote access and site-to-site VPNs, 633–634X.25 and Frame Relay features, 414–415

components of Frame Relay networks, 419compression, Frame Relay, 476–477, 538, 540–543

hardware compression, 537payload compression, 480–481software compression, 542–543Van Jacobson header compression, 477–480

Concentrator Event Log, 699–701event classes, 702–704event security levels, 704–705

configuration management of remote access VPNs, 635

configuration negotiation phase (LCP), 335–336configuring

DDRbackup, 173–176with backup interfaces, 147with dialer watch, 148with floating static routes, 148

dialer profiles, 297, 299–303dial-in

large-scale, 160–164PPP dial-in, 151–159text dial-in, 150–151

dial-outlarge-scale, 171–173PPP dial-out, 168–171text dial-out, 164–168

Frame Relaybridging, 474–476broadcast queues, 468compression, 476–477frame switching, 469–470generic traffic shaping, 484–486IP multicast, 482–483IP unnumbered, 469ISDN backup, 471–473payload compression, 480–481point-to-multipoint connections, 458–461

configuring


840

point-to-point connections, 461–466routing protocol overhead estimates,

467–468traffic shaping, 483–488Van Jacobson header compression,

477–480ISDN

BRI, bandwidth on demand, 376DDR, 294–303IP pools, 262–265MMP, 278–284NAT, 267–271PAT, 266–267per-user configuration, 272–273POTS interfaces, 306–308PPP callback, 303–305snapshot routing, 290–292SPIDs, 260–262spoofing, 290switch type, 259–260voice privacy, 308–309

PPP callback, 304–305remote access VPNs

Cisco PIX 501 VPN Client, 669–670Cisco PIX 506 VPN Client, 669, 671Cisco VPN 3002 HW Client, 665–666Cisco VPN IOSClient, 666–668Cisco VPN Unity Client, 663–664

VPN 3000 Concentrator, 648–649filters and rules, 650–651Group Lock, 662IKE peer identity validation, 662IKE proposals, 656, 658–659IPSec SAs, 661load balancing, 654–655redundancy, 653reverse route injection, 655SAs, 659–660

congestion control mechanisms, Frame Relay, 441BECNs, 536CLLM, 443FECNs, 535rate adoption algorithm, 442

windowing, 443connection speeds

increasing, 226limitations of, 128of modems, 126–127

connection termination phase (PPP), 352–353connectionless data integrity, 608, 614connectivity

of Cisco PIX VPN client, verifying, 722–732testing, 110–117

console logging, 548Consortium LMI, 513–515

Status Enquiry message format, 514–515Status message format, 515

constellations, 40contention resolution, 57Control field

LAPD frames, 244–245LAPF control protocol, 424–425PPP frames, 135

control LAPF, 419Control plane.

See

C-planecore aspects of Frame Relay, 413core LAPF, 419core routers, 257

DLCI settings, verifying, 560–562Frame Relay point-to-multipoint configuration,

458–460IP pool assignment, 262, 264–265NFAS groups, 393point-to-point Frame Relay configuration,

462–465corporate managed services, 8cost-effective ISDN solutions

DDR, 294–295dialer profiles, 296–303

PPP callback, 303–305snapshot routing, 290–292spoofing, 290

costs of remote access, budgeting, 6counter parameters for LMIs, 521, 523CPE (customer premises equipment), 5C-plane, 236, 417–418

configuring


841

creatingdial peers, 307–308VPN client profiles, 772

CSU/DSU (channel service unit/data service unit) pinouts, 499

custom design ISDN switches, 260customer premises equipment (CPE), 5

D

D (Delta) channel, 234Layer 1, 237–241


Layer 2, 242LAPD frame format, 242–247logical link establishment, 246–247

Layer 3, 248Q.931 message format, 248–252

TDM, 393testing, 327

D/C (data/control) bit (Frame Relay Address field), 421

DACs (digital-to-analog converters), 39DARPA (Defense Advanced Research Projects

Agency), 97data centers, 87–89Data Encryption Standard, 617Data field (LAPD frames), 246Data field (PPP frames), 135data link connection identifiers.

See

DLCIsdata link layer (OSI model), 98

Frame Relay, 506LMI issues, 513–526misconfigured PVCs, 507–513

ISDN BRI, 319–324data link layer protocols, 599–601

L2TP, 602–603PPTP, 600–601PPP, 134

Authentication phase, 136, 396–398frame fields, 134–135LCP, troubleshooting, 387–396

Link Dead phase, 135Link Establishment phase, 135–136Link Termination phase, 137Network Layer Protocol phase, 137troubleshooting, 138

data transmission over CATV, standards, 740–744dB (decibel), 128DBS (Direct Broadband Satellite) systems, 28

BST, 29, 750FITFEEL protocol, 751IPA, 28IPSec, 752–753LEO satellites, 30manipulating TCP stack, 749–750performance, 749VPNs, 745–746

bandwidth, 747–748error control coding, 746

DDR (dial-on-demand routing), 294–295configuring, 173–176

with backup interfaces, 147with dialer watch, 148with floating static routes, 148

dialer profiles, 296configuring, 297–303

Windows 2000, 399–408DDS (Dataphone Digital Service), 495DE (discard eligible) bit, Frame Relay Address field,

421, 434debug bri command, 316–317debug information, timestamping, 313–314debug interface serial command, 523–524debug isdn q931 command, 325, 328debug ppp authentication command, 340debug ppp negotiation command, 220–221debugging

Cisco Easy VPN client connection, IPSec key events, 717–719

Frame Relay LMI, 552Defense Advanced Research Projects Agency

(DARPA), 97defining service levels, 9delivered erroneous frames, 445demand circuits (OSPF), 293

demand circuits (OSPF)

5259IX.fm.1 41 Friday, October 11, 2002 11:07 AM

842

demodulation, 39dense mode (PIM), Frame Relay multicast

configuration, 482–483design objectives of remote access VPNs, 634–635designing

enterprise services, 30–34Frame Relay network parameters, 434

CIR, 435–437ISDN networks

hub and spoke, 257IP pools, 262–265MLP, 273–277MMP, 278–285NAT, 267–271PAT, 266–267per-user configuration, 272–273

Destination Unreachable messages (ICMP), 113–114

detectingdirty phone lines, 223–224shorts in modem cables, 223source of frequent disconnections, 226

devicesAS5200 routers, commands, 207, 209AS5300 routers, commands, 209–214AS5400 routers, commands, 215AS5x00 routers, 205–207cable modems, 740codecs, 73Frame Relay, 419ISDN, 238

switch types, 252–253modems, 125

56-k flex modems, 14analog, 126analog dialup services, 12–13bandwidth, 126cable modem services, 20connection speeds, 126–127digital, 126malfunctioning, 225PCM, 13Shannon’s Capacity Theorem, 12

repeaters, 126DH (Diffie-Hellman) algorithm, 624–627DHCP (Dynamic Host Configuration Protocol)

servers, verifying reachability, 227dial peers, creating, 307–308dial-back authentication, 134dialer maps, 294dialer profiles, 294–296

configuring, 297–303dialer watch, DDR configuration, 148dial-in

large-scale dial-in, configuring, 160–164PPP dial-in

configuring, 151–159network design, 143–144

text dial-inconfiguring, 150–151network design, 143

troubleshooting procedureverifying incoming connection type,

192–194verifying modem operability, 191–192verifying PPP negotiation, 194–200

dial-on demand backup routing, configuringwith backup interfaces, 147with dialer watch, 148with floating static routes, 148

dial-outISDN, 372–374, 376large-scalet, 146

configuring, 171–173PPP dial-out

configuring, 168–171network design, 145

text dial-outconfiguring, 164–168network design, 144

troubleshooting procedure, 200–205dial up

800 toll-free numbers, 13analog, 12–14authentication

PAP, 133

demodulation


843

servers, 133time outs, 219–221

disconnections, isolating source of, 221–223Frame Relay, 17

benefits of, 18limitations of, 18standards, 17–18

ISDN, 14benefits of, 15–16limitations of, 16

PPP, 134Authentication phase, 136frame fields, 134–135Link Dead phase, 135Link Establishment phase, 135–136Link Termination phase, 137Network Layer Protocol phase, 137troubleshooting, 138

retrains, 221–223diffused-beam WLANs, 45digital modems, 126digital pads, echo cancellation, 129–130digital sampling, Nyquist’s sampling theorem, 39digital transmissions, clocking, 55digitalization of voice, 73digital-to-analog converters (DACs), 39Direct Broadband Satellite.

See

DBS systemsdirect-beam WLANs, 45direct sequence spread spectrum (DSSS), 49dirty phone lines, as source of slow line speeds,

223–224discard eligible (DE), 434disconnections, troubleshooting, 221–223Discrete Multi-Tone.

See

DMTdisplaying

Cisco Easy VPN client status, 716ISDN BRI service layers, 360–363

distance vector routing protocols, size estimation, 467

DLCIs (data link connection identifiers), 421channel assignments, 422–423CIR, 435

aggregate CIR, 436–437asymmetrical CIR, 437flexible CIR, 437zero CIR, 436

mismatched settings, troubleshooting, 556–562per interface limitations, 466–467

DMT (Discrete Multi-Tone), 42–44CAP, 44SF structure, 43

DOCSIS (Data-Over-Cable Service Interface Specifications), 741–744

satellite communications, 54DoD (Department of Defense) interconnection

model, 97down interfaces, troubleshooting Frame Relay new

installs, 548–552DPD (Dead Peer Detection), 803–804dropped calls (ISDN), resolving 22 second

issue, 387–396DS0, 77DSL (digital subscriber line)

coding schemes, 41–42PPoE, 733

discovery stage, 735negotiations, 736–737, 739session stage, 736

xDSL services, 22ADSL, 24CDSL, 24FDIs, 22–23HDSL, 24IDSL, 24RADSL, 24SDSL, 24TDRs, 23VDSL, 25

DSLAMs (digital subscriber line access multplexers), 733

DSSS (direct sequence spread spectrum), 49

DSSS (direct sequence spread spectrum)


844

E

E1, 77EA (extended address) bit (Frame Relay Address

field), 421echo, removing, 129–130Effective Isotropic Radiated Power (EIRP), 50EFM (Ethernet to the First Mile), 596ELMI (Enhanced Local Management Interface), 567

Foresight adaptive shaping, 487–488enabling ForceKeepAlive, 787encapsulation

DDR backup solutions, 148over Frame Relay, 447

encoding schemes2B1Q, 55, 58–59AMI, 61COFDM, 52zero-suppression, 61–62

encryptionAES, 618DES, 617remote access VPNs, 638

endpoint migration, Frame Relay, 584–585end-to-end communications

Frame Relay, 528–533ISDN BRI, 386

22 second issue, 387–396LEC switch settings, 387PPP authentication,

396–398routing issues, 399

end-user routers (ISDN), 257configuring, 262

enterprise ISDN networks, 258–259enterprise remote access services, provisioning,

30–34Frame Relay, 31–33ISDN, 31, 33xDSL, 33–34

enterprise VPNs, 593–594categories of, 595data link layer, 599–601

L2TP, 602–603PPTP, 600–601

firewall-based, 597–598network layer layer, 604

Layer 3 tunneling, 605SAs, 605–607

remote access, 595site-to-site, 596

errors on T1 circuits, 187E-Series protocols, 14, 233ESF (Extended Super Frame) signal format, 63ESP header format, 616–618establishing baseline behavior

network topology, 103–105performance characteristics, 105–109

estimating transit delay, 444ET (Exchange Termination), 238Ethernet to the First Mile (EFM), 596Event Log, Cisco VPN 3002 HW client, 708–712excess burst rate (Be), 434expenses, billing, 7extended bus architecture (ISDN), 237extended ping command, 111

F

far end, 96far-end crosstalk (FEXT), 23fast busy signals, debugging, 226fast-dial, 15Fast Information Transfer For Extremely Errored

Links (FITFEEL) protocol, 751FCS (frame check sequence) field

Frame Relay frames, 420LAPD frames, 246PPP frames, 135

FDIs (Feeder Distribution Interfaces), 22FDM (frequency-division multiplexing), 71–72, 414

DMT, 42FECNs (forward explicit congestion

notifications), 421, 441–443, 535

E1


845

Feeder Distribution Interfaces (FDIs), 22Fermat/Euler Theorem, 625FEXT (far-end crosstalk), 23FHSS (frequency hopping spread spectrum), 48fiber-optic networks, SONET, 80fields

of ICV, 608–610of LAPD frames

Address field, 244Control field, 244–245Data field, 246FCS field, 246Flag field, 243

of PPP frames, 134–135filter GINAs, 705firewall-based VPNs, 597–598firewalls, implementing in remote access VPNs,

640–641first-tier exchange carriers, 80FITFEEL (Fast Information Transfer For Extremely

Errored Links) protocol, 751Flag field

Frame Relay frames, 420LAPD frames, 243PPP frames, 134

flapping lines, 562–566flapping links, 526–528flapping routes, 572floating static routes, DDR configuration, 148ForceKeepAlive, enabling, 787Foresight adaptive shaping ELMI, 487–488fragmentation process, 610

Frame Relay, 448Frame Relay, 17

addressingARP, 453Inverse ARP, 454RARP, 454

ANSI standards, 415benefits of, 18bidrectional procedures, 439bridging, 474, 476broadcast queues, 468

CIR, 435aggregate CIR, 436–437asymmetrical CIR, 437flexible CIR, 437zero CIR, 436

compression, 538, 540–543configuring, 476–477hardware compression, 537software compression, 542–543

congestion control mechanisms, 441CLLM, 443rate adoption algorithm, 442windowing, 443

core aspects, 413C-plane, 417–418CSU/DSU pinouts, 499data link layer troubleshooting, 506

LMI issues, 513–526misconfigured PVCs, 507–513

design parameters, 434DLCIs

mismatched settings, troubleshooting, 556–562

per interface limitations, 466–467ELMI, 487–488end-to-end connectivity, 528–533flapping lines, 563–566flapping links, 526–528frame switching configuration, 469–470full-mesh topology, 441generic traffic shaping, 484–486host migration, 580–585IAs, 415–416initial troubleshooting steps, 492–493IP multicast, 440

checking IGMP group members, 576–577checking upstream neighbor availability,

574–576configuring, 471–473group flags, 573multicast trace reporting, 577–580testing remote user’s router, 577

Frame Relay


846

IP unnumbered configuration, 469ISDN backup configuration, 471–473LAPF

control protocol, 424Control field, 424–425Information field, 426–429

logical frame processing, 422T1.618 frame format, 419–423

limitations of, 18LMIs, 449

Annex D, 451Cisco-Consortium, 451code values, 520–521counter parameters, 521, 523ITU-T Q.933 Annex A, 453timers, 522

multiplexing, 414network components, 419new install issues, 548–556NNI, 439partial-mesh topology, 441payload compression, configuring, 480–481performance parameters, 562

RER, 444throughput, 444transit delay, 444

physical layer clocking problems, 493–498DSU/CSU, testing, 501loopback testing, 500performance issues, 501–505

point-to-point connectionsconfiguring, 461hub configuration, 462, 464spoke configuration, 465–466

provisioning enterprise remote access services, 31–33

pseudo-ternary signaling, 55–57QoS parameters, 445remote user router, verifying status, 553serial interface configuration, verifying, 551service architecture, VCs, 418service functioning, checking, 553–555

standards, 17–18traffic shaping, 483–484, 534

BECNs, 536FECNs, 535flapping routes, investigating, 572high RTT numbers, investigating,

567–569map classes, 486–487slow performance, investigating, 569–572verifying settings, 566

UNI, 438upper-layer protocol interoperability, 445

encapsulation, 447fragmentation, 448multiprotocol support, 445–447

Van Jacobson header compression. configuring, 477–480

variable length framing, 415VCs, 415versus X.25, 414–415VoFR, 440

framing techniquesESF, 63T1, 62

ESF signal format, 63SF signal format, 62–63

T3, M23 signal format, 63–64frequency, 40frequency-division multiplexing.

See

FDMfrequency-shift keying (FSK), 40frequent disconnections, detecting source of, 226FRF (Frame Relay Forum) IAs, 415–416FSK (frequency shift-keying), 40full-mesh topology, Frame Relay, 441funding remote access, 6

G

Gang of Four, 449generic traffic shaping, 484–486

IP unnumbered configuration


847

geographic requirements for remote access deployment, 7

GINA, 705global dialer software, 13group flags, 573Group Lock parameter, configuring on VPN 3000

Concentrators, 662group members, 573GSM/GPRS (Global System of Mobility/General

Packet Radio Service), 91

H

H (Hybrid) channel, ISDN, 234hardware compression, 537hardware simulators, 110Hash-based Message Authentication Code (HMAC),

627–628HDB3 (high density binary 3), 132HDSL (high-data rate DSL), 24heartbeats, 745helpdesks, supporting remote access users, 7HFC (hybrid fiber-coaxial) networks, 20HMAC (Hash-based Message Authentication Code),

627–628host migration, Frame Relay, 580–585Host Page Accelerator (HPA), 28hosting services, 87–89HPA (Host Page Accelerator), 28hub and spoke network design, 142

ISDN, 257hub configuration

Frame Relay point-to-multipoint configuration, 458–460

point-to-point Frame Relay connections, 462, 464–465

hybrid systems, 20line-coding techniques, 53–54modulation, 53–54

I

IAs (Implementation Agreements), 415–416ICMP (Internet Control Message Protocol), message

types, 112–113Destination Unreachable, 113–114

IDBs (interface descriptor blocks), 273IDSL, 24IE (information element) fields, LAPF control

protocol, 426–429IEEE 802.11a specification, 51–52IEEE 802.11e specification, 53IEEE 802.11g specification, 52IGMP (Internet Group Message Protocol)

group members, verifying on Frame Relay networks, 576–577

IKE (Internet Key Exchange)key management, 624–627peer identity validation, configuring on VPN

3000 Concentrators, 662proposals, configuring on VPN 3000

Concentrators, 656–659remote access VPN authentication, 638

ILECs (incumbent LECs), 80, 732illegal serial line type xx messages, 524immutable ICV fields, 608–610incompatible GINAs, 705–706increasing slow connection speeds, 226Information Elements field (Q.931 messages),

251–252Information field

Frame Relay frames, 420LAPF control frames, 426–429

information transfer messages, 245initial troubleshooting steps, Frame Relay, 492–493in-sourcing remote access support, 7installation issues, Frame Relay, 548–556interconnection models

DoD, 97OSI, 98–100

interfaces, 469Frame Relay, broadcast queues, 468ISDN, 239–241

interfaces


848

internal standard PCI modems, 21International Telecommunication Union

Telecommunication Standardization Sector.

See

ITU-TInternet hosting services, 87–89Internet Page Accelerator (IPA), 28interoperability of Frame Relay and upper-layer

protocols, 445encapsulation, 447fragmentation, 448multiprotocol support, 445–447

Inverse ARP (Address Resolution Protocol), 454IOS-based troubleshooting methods, 102IP addressing, ISDN configuration

NAT, 267–271PAT, 266–267

IP datagrams, fragmentation, 610IP multicast

Frame Relay networks, 482–483multicast trace reporting, 577–580remote user’s router, testing, 577verifying IGMP group members, 576–577verifying upstream PIM neighbor

availability, 574–576group flags, 573

IP pools, defining, 262, 264–265IP unnumbered Frame Relay configuration, 469IPA (Internet Page Accelerator), 28ipconfig command (Windows NT/2000), verifying

IP addressing configuration, 769–770IPSec

AH, 614–615authenticating remote access VPNs, 638connectionless data integrity, 608ESP header, 616–618ICMP processing, 611–612ICV calculation, 615ICV fields, 608–610IP fragmentation, 610modes, 612over satellite systems, 752–753over TCP, 640PMTU discovery, 610–611

SAs, configuring on VPN 3000 Concentrators, 661

selecting mode for remote access VPNs, 637IR (infrared) radio-channel, 45ISAKMP (Internet Security Association and Key

Management Protocol), 688ISDN (Integrated Services Digital Network), 14

accessing routers from IOS 77x routers, 366–369

B channel, 234benefits of, 15–16channels, 234C-plane, 236custom design switches, 260D channel, 234

TDM, 393data link layer, activation procedure, 320–321DDR, 294–295

dialer profiles, 296–303design solutions

NAT, 267–271PAT, 266–267

dial-out, 372–374, 376H channel, 234hub and spoke design, 257IP pools, configuring, 262, 264–265Layer 1, 237–238, 241


Layer 2, 242LAPD frame format, 242–247logical link establishment, 246–247

Layer 3, 248Q.931 messages, 248–252

limitations of, 16load interval, 376local loop, 234MLP, 273–277MMP, 278, 280

configuring, 281–282sample implementation, 282–284verifying, 284–285

internal standard PCI modems


849

network design, categories of, 258–259new install issues, 369, 371NISDN, 235per-user configuration, 272

virtual interface templates, 272virtual profiles, 273

POTS interfaces, configuring, 306–308PPP

callback, 303–305LCP, 387–396

PRI1.544-Mbps interface, 64–652.048-Mbps interface, 65

PRI circuits, 188Layer 1 status, verifying, 188Layer 2 status, verifying, 188–190

provisioning enterprise remote access services, 31–33

pseudo-ternary signaling, 55–57security, 305snapshot routing, 290–292SPIDs, 253spoofing, 290supplementary phone services, 309–310switch types, 252–253, 259–260voice privacy, configuring, 308–309

isdn autodetect command, 262ISDN BRI

bandwidth on demand, configuring, 376developing troubleshooting process in remote

services environment, 359accessing remote user’s router, 365–369preconfiguring routers on both ends,

364–365viewing service layers, 360–363

end-to-end communications, 386resolving routing issues, 399troubleshooting LEC switch settings, 387

keepalive mechanism, 323performance issues

LEC switch problems, 382–386lines, 377–382routing, 377settings, 382

isdn timeout-signaling command, 318I-series protocols, 234isolating Frame Relay clocking problems, 499–500ISPs, 85–86

ISDN networks, 258–259ITFS (Instructional Television Fixed Service), 25ITU-T (International Telecommunication Union

Telecommunication Standardization Sector), 12E-series protocols, 233I-series protocols, 234Frame Relay standards, 415Q.933 Annex A, 453Q-series protocols, 234

IXCs, 81

J-L

keepalive mechanismISDN BRI, 323spoofing, 290

key management, 624–627

L2TP (Layer 2 Tunneling Protocol0, 602–603LAN-specific VPN issues

inability to log in, 760MTU settings, 754–756, 758NAT, multiple client handling, 753packet size, 758, 760

LAN-to-LAN VPNs, 596LAPD (Link Access Procedure on the D channel),

242, 248Address field, 244Control field, 244–245Data field, 246FCS field, 246Flag field, 243frame format, 242–247logical link establishment, 246–247

LAPFcontrol protocol, 424

Control field, 424–425Information field, 426–429

LAPF


850

T1.618 frame format, 419Address field, 421–423fields, 420Flag field, 420logical frame processing, 422

large-scale dial-in, configuring, 160–164large-scale dial-out


last mile, 90–91LATAs (local access and transport areas), 80layer 1/2 status of PRI circuits, verifying, 188–190Layer 3 tunneling, 605layered architecture

DoD model, 97ISDN

BRI, 237–241C-plane, 236LAPD, 242–244, 246–248Q.931, 248–249, 251–252

OSI Reference Model, 98–100layered approach to troubleshooting, 96LCP (link control protocol) phase of PPP, 194–196

configuration negotiation phase, 335–336magic numbers, 339troubleshooting, 335–339

LDN (local directory number), 308LDNs (Local Directory Numbers), 252LE (Local Exchange), 238LEC (local exchange carrier) switch problems,

ISDNend-to-end communications, 387performance issues, 382–386

legacy DDR, 294–295limitations

of analog dialup services, 14of analog modem connection speeds, 128of cable modems services, 22of Cisco Easy VPN client, 713–714of Cisco PIX VPN client, 722of Cisco Unity client, 676–679of ISDN services, 16of wireless broadband services, 27

line coding techniquesB8ZS, 131–132errors, 130HDB3, 132in hybrid networks, 53–54in wireless LANs, 44–45

line problemsFrame Relay, investigating, 493–498ISDN performance issues, 377–382

line provision, verifying, 354linecode violations of T1 circuits, 186link compression, 477Link Dead phase (PPP), 135Link Establishment phase (PPP), 135–136, 335–339link speeds, 434Link Termination phase (PPP), 137link-state protocols

OSPF, demand circuits, 293size estimation, 467–468

listen option (Netcat utility), 117LMDS (Local Multipoint Distribution Service),

25–27LMIs (Local Manaagement Interfaces), 449

ANSI T1.617 Annex D, 516, 518–520Annex D, 451Cisco-Consortium, 451code values, 520–521Consortium LMI, 513–515

Status Enquiry message format, 514–515Status message format, 515

counter parameters, 521, 523debugging, 552ITU-T Q.933 Annex A, 453timers, 522

load balancing, configuring on VPN 3000 Concentrators, 654–655

load interval, 376local loop, 234Local Multipoint Distribution Service, 25–27log files, timestamping, 313–314logging console command, 548logical frame processing, LAPF, 422logical link establishment (LAPD), 246–247

LAPF


851

long cable lengths, 183loopback command, troubleshooting T1

circuits, 183loopback testing, Frame Relay, 500

magic numbers, 339lost frames, 445LT (Local Termination), 238LTI (linear time-invariant) systems, 47

M

magic numbers, 339malfunctioning modems, detecting, 225managing Frame Relay host migration, 580–585

endpoint migration, 583–585host preparation, 581–583routing options, 583

mandatory user participation, troubleshooting ring options, 354–355

map classes, defining, 486–487marking malfunctioning modems, 225MDF (main distribution frame), 81message switching, 70Message Type field (Q.931 messages), 249–250messages

CLLM, 442ICMP, 112–113

Destination Unreachable, 113–114illegal serial line type xxx, 524ISDN BRI Cause Messages, 331–332, 334SABME, 322

M-frames, 63Microsoft Windows 2000, DDR troubleshooting

procedures, 399–408migration strategies, Frame Relay, 580–585

endpoint migration, 583–585host preparation, 581–583routing options, 583

minimum acceptable throughput, 435misconfigured PVCs, troubleshooting, 507–513misdelivered frames, 445

mismatched DLCI settings, investigating, 556–562MLP (multilink PPP), 273–277, 343–344MMDS (Multichannel Multipoint Distribution

System), 25–26, 53MMP (Multichassis Multilink PPP), 278–280,

347–351configuring, 281–282sample implementation, 282–284verifying configuration, 284–285

mobile solutions, 8–9modems, 125

56-kbps flex, 14analog, 126

signal loss, 127analog dialup services, 12–13

limitations of, 14VPNs, 13

authentication timeouts, 219–221bandwidth, 126cable modem services, 20

limitations of, 22standards, 21

cablesdirty phone lines as source of slow

connection speeds, 223–224shorts, detecting, 223

connection speeds, 126–127increasing, 226limitations of, 128

digital, 126disconnections, 221–223fast busy signals, debugging, 226internal standard PCI modems, 21malfunctioning, 225PCM, 13Shannon’s Capacity Theorem, 12, 38slow busy signals, debugging, 227

modes of IPSec operation, 612modulation, 39

in hybrid networks, 53–54in wireless LANs, 44–45WLANs

DSSS, 49FHSS, 48

modulation


852

modulator-demodulators.

See

modemsmonitoring

Cisco Easy VPN client environment, 720–721network performance, SAA, 117–119

M-plane (ISDN), 236MPLS VPN, 90MPOE (minimum point of entry), 129mtrace command, 578multicast

Frame Relay, 440, 482–483group flags, 573

Multichannel Multipoint Distribution System.

See

MMDSmultiple frequency operation (UHF), 47multiplexing, 414

FDM, 71–72, 414statistical multiplexing, 414TDM, 74, 414

mutable ICV fields, 608–610

N

nailed-up, 81NAPs (network access points), 86narrowband, 46narrowband ISDN (NISDN), 235NASs (Network Access Servers)

dial-in, 191–200dial-out, 200–205T1 circuits, 181–187

NAT (Network Address Translation)implementing in remote access VPNs, 639–640ISDN configuration, 267–271multiple client handling, 753

NBMA (nonbroadcast multi-access) modelpoint-to-point Frame Relay, 461

NCPs (network control protocols), 197–200, 341–352

CCP, 352MLP, 343–344MMP, 347–351

near end, 96near-end crosstalk (NEXT), 23negotiating upper-layer protocols, NCPs, 341–352

CCP, 352MLP, 344MMP, 347–351

Netcat utility, 115–117network design

DDR, configuringwith backup interfaces, 147with dialer watch, 148with floating static routes, 148

dial-inPPP dial-in, 143–144text dial-in, 143

dial-outlarge-scale, 146PPP dial-out, 145text dial-out, 144

hub and spoke, 142ISDN

categories of, 258–259configuring switch type, 259–260hub and spoke, 257MLP, 273–277MMP, 278, 280–285per-user configuration, 272–273SPIDs, configuring, 260–262

Network Extension mode, Cisco 3002 HW client, 706

network layer (OSI model), 98troubleshooting ISDN BRI, 324–334VPNs, 604

Layer 3 tunneling, 605SAs, 605–607

Network Layer Protocol phase (PPP), 137network monitoring tools, 109new install issues

ISDN, 369–371Frame Relay, 548–556

NEXT (near-end crosstalk), 23NFAS (Non-Facility-Associated Signaling), 16

modulator-demodulators


853

D channel, verifying correct circuit locations, 227

groups, 393NI (National ISDN) standards, 233NNI (network node interface), 439Non-Facility-Associated Signaling.

See

NFASNT1 (network termination type 1), 58, 238NT2 (network termination type 2) devices, 238N-way multicast service, Frame Relay, 440Nyquist sampling theorem, 72Nyquist's Theorem, 39

O

off net dial-out, 146ones density, 131, 499one-way service, Frame Relay multicast, 440on-net dial-out, 145operating systems, Windows 2000

DDR issues, resolving, 399–408well-known ports, 403–405

operations management of remote access VPNs, 636optical networks, SONET, 80OSI model, 98–100

data link layercorrelated Frame Relay protocol

functions, 419–420troubleshooting ISDN BRI, 319–324

network layer, 324–334physical layer, 314–319

OSPF (Open Shortest Path First) demand circuits, 293

OTPs (one-time passwords), 228outgoing calls, ISDN, 372–376out-of-band signaling, 78outsourcing remote acces support, 7overload.

See

PAToversubscription, 436

P

packet switching, 70PAP (Password Authentication Protocol), 133partial-mesh topologies, Frame Relay, 441passive bus point-to-multipoint architecture

(ISDN), 237passwords

authentication, PPP, 340OTPs, 228

PAT (Port Address Translation)in remote access environments, 639–640ISDN configuration, 266–267

PathChar utility.

See

Pcharpathcode violations of T1 circuits, 186payload compression, 477

configuring, 480–481Pchar

establishing baseline performance, 105–109options, 105–106

PCM (pulse code modulation), 13, 39, 73PDUs (protocol data units), 99per interface limitations of DLCIs, 466–467perfect scheduling, 57performance

discovering baseline behavior, 105–109Frame Relay, physical layer, 501–505, 562

compression, 537–543end-to-end connectivity, 528–533flapping lines, 563–566flapping links, 526–528RER, 444throughput, 444traffic shaping, 534–536, 566–572transit delay, 444

monitoring with SAA, 117–119selection criteria for VPN termination

equipment, 646–648per-interface compression, 477periodic retransmissions, packets sent from W2K

systems, 401permanent virtual circuits.

See

PVCs

permanent virtual circuits


854

per-virtual circuit compression, 477PFS (perfect forward secrecy), 627phase modulations, 40phase-shift keying, 40photonic WLANs, 45physical layer

Frame Relayclocking problems, 493–498CSU/DSU, testing, 501loopback testing, 500performance issues, 501–505

ISDN BRI, 314–319T1 circuits

alarm states, 184, 186checking bit errors, 183–184errors, 187identifying loopback features, 183linecode violations, 186pathcode violations, 186slip seconds, 186verifying controller status, 181–183

PIM SM (Protocol Independent Multicast Sparse Mode), Frame Relay multicast configuration, 482–483

ping command, 110–114PMTU (Path MTU) discovery, 610–612point-to-multipoint Frame Relay

hub side configuration, 458, 460spoke side configuration, 460–461

point-to-point Frame Relay configurationhub configuration, 462, 464NBMA model, 461spoke configuration, 465–466

ports, 403POTS (plain old telephone service) interfaces, ISDN

configuration, 306–308PPPoE, 733

discovery stage, 735negotiations, 736–739session stage, 736

PPP (Point-to-Point Protocol), 134.

See also

MLPauthentication

servers, 133

timeouts, troubleshooting, 220–221troubleshooting, 340

Authentication phase, 136, 396–398callback, 303–305, 344–347connection termination, 352–353dial-in network design, 143–144, 151–159dial-out


frame fields, 134–135LCP, 335–339

22 second issue, 387–396Link Dead phase, 135Link Establishment phase, 135–136Link Termination phase, 137NCPs, 341–352negotiation

authentication phase, 197LCP phase, 194–196NCP phase, 197–200

Network Layer Protocol phase, 137protocol field, 335troubleshooting, 138

PPTP (Point-to-Point Tunneling Protocol), 600–601Predictor data compression, 477premature disconnect, 445presentation layer (OSI model), 99PRI (Primary Rate Interface) circuits, 188

1.544-Mbps interface, 64–652.048-Mbps interface, 65Layer 1 status, verifying, 188Layer 2 status, verifying, 188–190

profiles (VPN client), creating, 772projecting PPP link to call master, 278protected band (RF), 46Protocol Discriminator field (Q.931 messages), 248Protocol field (PPP frames), 135, 335protocol layer (Frame Relay), 506

LMI issues, 513–526misconfigured PVCs, 507–513new installs, 549–552

provisioning process, enterprise remote access services, 30–31, 33–34

per-virtual circuit compression


855

Frame Relay, 31–33ISDN, 31, 33, 369xDSL, 33–34

pseudo-ternary signaling, 55, 57PSK (phase-shift keying), 40PSTN (Public Switched Telephone Network), 37pulse code modulation.

See

PCMpulse density, 131PVCs (permanent virtual circuits), 17, 418

DLCIs, per interface limitations, 466–467end-to-end connectivity, 528–533flapping lines, 563–566misconfiguration issues, 507–513premature disconnect, 445

Q

Q.921, 242.

See also

LAPDLAPD frame format, 242–247

Address field, 244Control field, 244–245Data field, 246FCS field, 246Flag field, 243

logical link establishment, 246–247Q.922 protocol, 424

Control field, 424–425Information field, 426–429

Q.931 message format, 248, 331–332, 334Call Reference field, 249Information Elements field, 251–252Message Type field, 249–250Protocol Discriminator field, 248

QoS (quality of service) parameters, Frame Relay, 445

QPSK (quaternary phase-shift keying), 44Q-series protocols, 234quiet periods (snapshot routing), 291

R

RA to MPLS VPN (Remote Access to Multiprotocol Label Switching Virtual Private Network), 90, 592–593

RADIUS, 621–623RARP (Reverse Address Resolution Protocol), 454rate adoption algorithm, 442RBS (robbed bit signaling), 78red alarms, 185redundancy

configuring on VPN 3000 Concentrators, 653ISDN backup for Frame Relay, configuring,

471–473reimbursements, 7remote access VPNs, 595

change management, 636Cisco PIX 501 VPN Client, configuring,

669–670Cisco PIX 506 VPN Client, configuring,

669–671Cisco VPN 3002 HW Client, configuring,

665–666Cisco VPN IOS Client, configuring, 666–668Cisco VPN Unity Client, configuring, 663–664configuration management, 635design objectives, 634–635operations management, 636security issues, 636

firewalls, 640–641IPSec, 637–638NAT/PAT, 639–640split tunneling, 640user authentication infrastructure, 637

termination equipment, 641–642performance criteria, 646–648selecting core devices, 643–646

versus site-to-site, 633–634remote control software, 109Remote Page Accelerator, 28remote users of Frame Relay, troubleshooting

nonpassing traffic in up, up state, 555–556

remote users of Frame Relay, troubleshooting nonpassing traffic in up, up state


856

removing echo with digital pads, 129–130repeaters, 126RER (residual error rate), 444resetting Cisco Easy VPN client connections, 717restrictions

of Cisco Easy VPN client, 713–714of Cisco PIX VPN client, 722of Cisco Unity client, 676–679

retrains, 221–223reverse route injection, configuring on VPN 3000

Concentrators, 655RF (radio frequency), 44

narrowband, 46SS RF transmissions, 48

DHSS, 49FHSS, 48

Rijndael algorithm, 618ring options, troubleshooting mandatory user

participation, 354–355router commands

AS5200, 207, 209AS5300, 209–214AS5400, 215

routing ISDN BRI, 399performance issues, 377

routing protocols, discovering network topology information, 104–105

RPA (Remote Page Accelerator), 28RPC (remote procedure call), 402–403RTT (round-trip time), 745

verifying Frame Relay service, 567–569

S

SAA (Service Assurance Agent), 117–119SABME (Set Asynchronous Balanced Mode

Extended) messages, 190, 322sampling, Nyquist’s sampling theorem, 39SAPI (service access point identifier) data types, 189

SAs (security associations), 605–607configuring on VPN 3000 Concentrators,

659–660satellite systems, 28

BST protocol, 29, 750DOCSIS 1.1 standard, 54FITFEEL protocol, 751IPA, 28IPSec, 752–753LEO satellites, 30manipulating TCP stack, 749–750performance, 749VPNs, 745–746

bandwidth, 747error control coding, 746TCP efficiency, 747–748

S-CDMA (synchronous code division multiple access), 742

SCTE (serial clock transmit external) timing, 499SDSL (single-line DSL), 24security

authenticationDH algorithm, 624–627HMAC, 627–628key management, 624–627OTPs, 228PAP, 133RADIUS, 621–623resolving issues, 396–398servers, 133timeouts, 219–221VPN client authentication, 619VPN user/identity authentication, 620

IPSecAH header format, 614–615connectionless data integrity, 608ESP header format, 616–618ICMP processing, 611–612ICV calculation, 615ICV fields, 608–610IP fragmentation, 610modes, 612PMTU discovery, 610–611

removing echo with digital pads


857

ISDN, 305policies, 8remote access VPNs, 636

encryption, 638firewalls, 640–641IPSec authentication, 638IPSec mode, selecting, 637NAT/PAT, 639–640split tunneling, 640user authentication infrastructure, 637

selectingCIR

aggregate CIR, 436–437asymmetrical CIR, 437flexible CIR, 437zero CIR, 436

compression type for Frame Relay, 538core devices in remote access VPNs, 643–646IPSec mode for remote access VPNs, 637VPN model, 19

serial interfacesdebugging, 552SCTE timing, 499

service architecture (Frame Relay), C-plane, 417–418

Service Assurance Agent, 117–119service levels, defining, 7–9service providers

future of, 89last mile, 90–91options, 9service offering, 90

service timestamps command, 313service-provider dependant VPNs, 19service-provider independent VPNs, 19services

Frame Relay, 17benefits of, 18limitations of, 18standards, 17–18


technology offerings, 10–11user- versus corporate-managed, 8VPNs, 18–19

cable modem services, 22cable modems, 20limitations of, 19satellite services, 28–30standards, 21wireless broadband services, 25–27xDSL services, 22–25

Windows 2000, RPC, 402–403session layer (OSI model), 99SF (Super Frame), 43SGBP (Stack Group Bidding Protocol), 278

queries, debugging, 351Shannon, Claude, 12Shannon’s Capacity Theorem, 38shared secrets, PFS, 627short cable lengths, 183short command format (Cisco IOS), 102show cdp neighbors command, 103show controllers bri0 command, 316show dialer command, 373–374show interface serial 0 command, 502–505show isdn active command, 372show isdn status command, 315, 320, 360–363show modem operational status command, 224signaling (ISDN), D channel, 234signals

amplitude, 40analog, 37frequency, 40

site-to-site VPNs, 596versus remote access VPNs, 633–634

size estimatesof distance vector routing protocols, 467of link-state routing protocols, 467–468

sliding windows, 443slip seconds on T1 circuits, 186slow busy signals, debugging, 227slow connection speeds

increasing, 226sources of, 223–224

slow connection speeds


858

snapshot routing, 290, 292sniffing W2K traffic, 402–403SNR (signal-to-noise ratio), affecting factors,

128–129soft skills versus technical skills, 95software

global dialer, 13compression, 542–543

SONET (Synchronous Optical Network), 80sparse mode (PIM), Frame Relay multicast

configuration, 482–483specifying loopback format of T1 circuits, 183SPID (service profile identifier), 253, 308

configuring, 260–262split tunneling, implementing in remote access

VPNs, 640spoke configuration

Frame Relay point-to-multipoint connection, 460–461

point-to-point Frame Relay connections, 465–466

spoofing, 290SS (spread spectrum) RF transmissions

DSSS, 49FHSS, 48

SS7 (Signaling System 7), 78–79STAC data compression, 477Stack Group Bidding Protocol.

See

SGBPstandards

CATV data transmission, 741–744Frame Relay, 415

IAs, 415–416service architecture planes, 417–418

starting Cisco VPN Client Log Viewer, 686Static RP, 483statistical multiplexing, 414, 437Status Enquiry message format, Consortium LMIs,

514–515Status message format, Consortium LMIs, 515STS (Station-to-Station protocol), 626STS-1, 80subchannels, 42supervisory messages, 245

supporting remote access services, 7defining service levels, 9in-sourcing versus outsourcing, 7

SVCs (switched virtual circuits), 17, 418switched virtual circuits.

See

SVCsswitches, 82

ISDN, 252–253, 259–260symbols, 50synchronization, clocking, 55synchronous data transmission, 71syntax, IOS-based ping command, 110synthesized radio technology, 46

T

T1 circuits, 76–77bit errors, checking, 183–184controller status, verifying, 181–183errors, 187framing

ESF signal format, 63SF signal format, 62–63

linecode violations, 186loopback features, identifying, 183ones density, 131pathcode violations, 186physical layer alarms, 184, 186slip seconds, 186

T3 framing, M23 signal format, 63–64tandems, 82–83TAs (terminal adapters), 238Tc (committed interval), 434T-carriers, 75

E1, 77T1, 76–77

TCP boomerangs, 751TDM (time-division multiplexing), 74, 414

D channels, 393TDRs (time domain reflectometers), 23TE1 devices, 238TE2 devices, 238

snapshot routing


859

technology offerings, 10–11Frame Relay, 17

benefits of, 18limitations of, 18standards, 17–18


VPNs, 18–19cable modem services, 20–22limitations of, 19satellite services, 28–30wireless broadband services, 25–27xDSL services, 22–25

TEIs (terminal endpoint identifiers), 190Telnet sessions, logging to console, 548terminal servers, 86termination equipment, remote access VPNs,

641–642performance criteria, 646–648selecting core devices, 643, 645–646

termination sequence (PPP), 352–353testing

D channel, 327remote user’s router on Frame Relay multicast

network, 577testing network connectivity

extended ping command, 111Netcat utility, 115–117ping command, 110–114tracert command, 114–115

text dial-inconfiguring, 150–151network design, 143

text dial-outconfiguring, 164–168network design, 144

throughput, Frame Relay, 444time domain reflectometers, 23time-division multiplexing.

See

TDMtimeouts, modem authentication, 219–221timeslots, line code errors, 130timestamps, applying, 313–314

timing, SCTE, 499token bucket filters, 483topologies

discovering baseline behavior, 103–105Frame Relay, 441

T-plane (ISDN), 236tracert command, 114–115tracing Frame Relay multicast networks, 577–580traffic shaping, 483–484

ELMI, 487–488Frame Relay, 441–443, 534

BECNs, 536FECNs, 535flapping routes, investigating, 572high RTT numbers, investigating,

567–569slow performance, investigating, 569–572verifying settings, 566

generic, 484–486map classes, 486–487

transit delay, Frame Relay, 444transmission rates, Shannon’s Capacity Theorem, 38transport layer (OSI model), 98Transport mode (IPSec), implementing in remote

access VPNs, 637transport mode (IPSec), 612troubleshooting methodologies, 101–102

ISDN BRI recommendations, 359accessing remote user’s router, 365–369preconfiguring routers on both ends,

364–365viewing service layers, 360–363

layered approach, 96troubleshooting tools

classifying, 110extended ping command, 111Netcat utility, 115–117ping command, 110–114

replies, 112SAA, 117–119tracert command, 114–115

Tunnel mode (IPSec), 613implementing in remote access VPNs, 637

Tunnel mode (IPSec)


860

tunneling, DPD, 803–804two-way Internet connections, 744two-way multicast service, Frame Relay, 440type codes (ICMP messages), 112–113

U

UHF (ultra-high frequency)multiple frequency operation, 47narrowband, 46synthesized radio technology, 46

UNI (user node interface)bearer services, 438LMI, 449

Annex D, 451Cisco-Consortium, 451ITU-T Q.933 Annex A, 453

Unity clientConcentrator Event Log, 699–701

event classes, 702–704event security levels, 704–705

data not passing, causes of, 784bad ISP connections, 786–787default MTU size, 786dropped connections, 786inaccessible internal domain, 787–790NAT, 785

Event Log Viewer, 685Client Log Viewer, starting, 686ISAKMP, 688reviewing captured data, 688–699

extranet issues, 801dead peer detection, 803–804ESP 50, 801tunnel keepalives, 802UDP 500 ISAKMP, 801

failed authentication, causes ofbad group name, 774–775DNE Miniport, 776–777misconfigured firewalls, 777–778MTU setting too high, 779–784

MTU setting too low, 784RADIUS, 775–776

inaccessible internal domain, WINS, 788incompatible GINAs, 705–706PPPoE problems, causes of

IOS configuration, 793–795software, 791–793

preliminary troubleshooting stepscreating profiles, 772verifying client installation, 771verifying Internet connection, 767–770

restrictions, 676–679troubleshooting checklist, 682–685

unnumbered messages, 245unprotected band (RF), 46U-plane

Frame Relay service architecture, 417ISDN, 236

upper-layer protocolsFrame Relay interoperability, 445

encapsulation, 447fragmentation, 448multiprotocol support, 445–447

NCPs, 341–352upstream PIM neighbor availability, verifying on

Frame Relay networks, 574–576user authentication, remote access VPNs, 637user participation, troubleshooting ring options,

354–355user/identity authentication, 620user-managed services, 8UWB (ultra wideband) technology, 47

V

V.21 standard, 12V.32 standard, 12V.32b standard, 12V.90 calls, limitations of, 129Van Jacobson header compression, 477–480

path characterization model, 105

tunneling, DPD


861

variable length framing, Frame Relay, 415VCs (virtual circuits), 415VDSL (Very-high rate DSL), 25verifying

Cisco PIX VPN connectivity, 722–732DHCP server reachability, 227Frame Relay configuration

DLCI settings, 556–562remote user router status, 553serial interface, 551service operation, 553–555traffic shaping, 566

incoming connection type, dial-in troubleshooting procedure, 192–194

ISDN configurationD channel functionality, 327Layer 1 status of PRI circuits, 188Layer 2 status of PRI circuits, 188–190

IP address configuration on Windows operating systems, 769–770

line provision, 354MMP configuration, 284–285modem operability, dial-in troubleshooting

procedure, 191–192out of order B channels (NFAS), 227PPP negotiation, dial-in troubleshooting

procedure, 194–200VPN client installation, 771

viewingcaptured Log Viewer results, 688–699ISDN BRI service layers, 360–363

virtual circuits, compression, 477virtual connections, MLP, 343–344virtual interface templates, 272virtual ports, 474virtual profiles, 273VoFR (Voice over Frame Relay), 440voice

digitalization, 73priority over data, 353–354

voice privacy, ISDN configuration, 308–309VPN 3000 Concentrator, configuring, 648–649

filters and rules, 650–651Group Lock, 662

IKE peer identity validation, 662proposals, 656, 658–659

IPSec SAs, 661load balancing, 654–655redundancy, 653reverse route injection, 655SAs, 659–660

VPNs (Virtual Private Networks), 10, 13, 18–19ADSL, 732

PPoE, 733–739authentication

client authentication, 619DH algorithm, 624–627HMAC, 627–628key management, 624–627RADIUS, 621–623user/identity authentication, 620

cable modem services, 20limitations of, 22standards, 21

CATV infrastructuredata transmission, 740–744heartbeats, 745two-way Internet connections, 744

Cisco 3002 HW client, 706Event Log, 708–710, 712initial troubleshooting checklist, 707

Cisco Easy VPN Client, 713client status, displaying, 716debugging IPSec key events, 717–719initial troubleshooting checklist, 714–716monitoring, 720–721resetting connection, 717restrictions, 713–714

Cisco PIX VPNconnectivity, verifying, 722–732restrictions, 722

Cisco Unity clientConcentrator Event Log, 699–705Event Log Viewer, 685–699incompatible GINAs, 705–706restrictions, 676–679troubleshooting checklist, 682–685

VPNs (Virtual Private Networks)


862

Cisco VPN 3002, connection establishment, 795–800

data not passing, causes of, 784bad ISP connections, 786–787default MTU size, 786dropped connections, 786inaccessible internal domain, 787–790NAT, 785

enterprise VPNs, 593–594categories of, 595data link layer, 599–603firewall-based VPNs, 597–598network layer, 604–607remote access VPNs, 595site-to-site VPNs, 596

extranet issues, 801dead peer detection, 803–804ESP 50, 801tunnel keepalives, 802UDP 500 ISAKMP, 801

failed authentication, causes ofbad group name, 774–775DNE Miniport, 776–777misconfigured firewalls, 777–778MTU setting too high, 779, 781–784MTU setting too low, 784RADIUS, 775–776

inaccessible internal domain, causes of, 788LAN-specific issues

inability to log in, 760MTU settings, 754–758NAT, multiple client handling, 753packet size, 758–760

latency, 228limitations of, 19PPPoE problems, causes of

IOS configuration, 793–795software, 791–793

preliminary troubleshooting stepscreating profiles, 772verifying client installation, 771verifying Internet connection, 767–770

remote access

change management, 636configuration management, 635design objectives, 634–635operations management, 636security issues, 636–641termination equipment, 641–648

satellite services, 28BST, 29IPA, 28LEO satellites, 30

satellite systems, 745–746bandwidth, 747BST protocol, 750error control coding, 746FITFEEL protocol, 751IPSec, 752–753manipulating TCP stack, 749–750performance, 749TCP efficiency, 747–748

site-to-site versus remote access VPNs, 633–634

wireless systems, 25, 745–746bandwidth, 747error control coding, 746limitations of, 27LMDS, 26–27MMDS, 25–26TCP efficiency, 747–748unlicensed frequencies, 27

xDSL services, 22ADSL, 24CDSL, 24FDIs, 22–23HDSL, 24IDSL, 24RADSL, 24SDSL, 24TDRs, 23VDSL, 25

Cisco VPN 3002, connection establishment


863

W

WAN linksPRI circuits

Layer 1 status, verifying, 188Layer 2 status, verifying, 188–190troubleshooting, 188

T1 circuitsalarm states, 184, 186BERT testing, 183–184line code violations, 186loopback features, 183pathcode violations, 186slip seconds, 186T1 errors, 187troubleshooting, 181–86verifying controller status, 182

well-known ports, 403–405Whitecamp network protocol, 53WIC T1 pinouts, 499wi-fi, 44windowing, 443Windows operating systems

verifyingIP address configuration, 769–770Windows 2000

DDR, 399–408ports, 403RPC, 402–403well-known ports, 403–405

wireless broadband services, 253G, 91–92limitations of, 27LMDS, 26–27MMDS, 25–26unlicensed frequencies, 27

wireless cable, 26wireless VPNs, 745–746

bandwidth, 747error control coding, 746TCP efficiency, 747–748

WISP (wireless ISP), 54

WLANs802.11a, 51–52802.11e, 53802.11g, 52barker sequence, 50IR radio-channel, 45line-coding techniques, 44–48LTI systems, 47modulation, 44–45, 48narrowband technologies, 46photonic, 45SS RF transmissions

DSSS, 49FHSS, 48

UHF, multiple frequency operation, 46UWB technology, 47

X

X.25 protocol, 17versus Frame Relay, 414–415

XAUTH, 623xDSL services, 22

2B1Q coding, 55, 58–59ADSL, 24CDSL, 24coding schemes, 41–42FDIs, 22–23HDSL, 24IDSL, 24provisioning enterprise remote access services,

33–34RADSL, 24SDSL, 24TDRs, 23VDSL, 25

xDSL services


864

Y-Z

yellow alarms, 185zero CIR, 436zero-suppression schemes, 61–62

yellow alarms


5259ix.fm.1 page 834 friday, october 11, 2002 11:07 am€¦ · heartbeats, 745 two-way internet...

Documents