C H A P T E R 17 WAN Configuration This chapter examines the configuration details for how to configure a few of the types of wide-area networks (WANs) covered in Chapter 4, “Fundamentals of WANs,” and Chapter 16, “WAN Concepts.” The first section of this chapter examines leased-line configuration using both High-Level Data Link Control (HDLC) and Point-to-Point Protocol (PPP). The second section of the chapter shows how to configure the Layer 3 features required for an Internet access router to connect to the Internet, specifically Dynamic Host Configuration Protocol (DHCP) and Network Address Translation/Port Address Translation (NAT/PAT). However, the configuration in the second half of the chapter does not use the command-line interface (CLI), but instead focuses on using the web-based router Security Device Manager (SDM) interface. For those of you preparing specifically for the CCNA 640-802 exam by using the reading plan in the introduction to this book, note that you should move on to Part IV of the CCNA ICND2 Official Exam Certification Guide after completing this chapter. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz allows you to assess if you should read the entire chapter. If you miss no more than one of these seven self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks” section. Table 17-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those headings so you can assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A. Table 17-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping Foundation Topics Section Questions Configuring and Troubleshooting Point-to-Point WANs 1–3 Configuring and Troubleshooting Internet Access Routers 4–7 1828xbook.fm Page 539 Thursday, July 26, 2007 3:10 PM 540 Chapter 17: WAN Configuration 1. Routers R1 and R2 connect using a leased line, with both routers using their respective Serial 0/0 interfaces. The routers can currently route packets over the link, which uses HDLC. Which of the following commands would be required to migrate the configuration to use PPP? a. encapsulation ppp b. no encapsulation hdlc c. clock rate 128000 d. bandwidth 128000 2. Routers R1 and R2 have just been installed in a new lab. The routers will connect using a back-to-back serial link, using interface serial 0/0 on each router. Which of the following is true about how to install and configure this connection? a. If the DCE cable is installed in R1, the clock rate command must be configured on R2’s serial interface. b. If the DTE cable is installed in R1, the clock rate command must be configured on R2’s serial interface. c. If the clock rate 128000 command is configured on R1, the bandwidth 128 command must be configured on R2. d. None of the answers are correct. 3. Two brand new Cisco routers have been ordered and installed in two different sites, 100 miles apart. A 768-kbps leased line has been installed between the two routers. Which of the following commands is required on at least one of the routers in order to forward packets over the leased line, using PPP as the data link protocol? a. no encapsulation hdlc b. encapsulation ppp c. clock rate 768000 d. bandwidth 768 e. description this is the link 4. When configuring a DHCP server on an Internet access router using SDM, which of the following settings is typically configured on the Internet access router? a. The MAC addresses of the PCs on the local LAN b. The IP address of the ISP’s router on the common cable or DSL link 1828xbook.fm Page 540 Thursday, July 26, 2007 3:10 PM “Do I Know This Already?” Quiz 541 c. The range of IP addresses to be leased to hosts on the local LAN d. The DNS server IP address(es) learned via DHCP from the ISP 5. When configuring an access router with SDM, to use DHCP client services to learn an IP address from an ISP, and configure PAT at the same time, which of the following is true? a. The SDM configuration wizard requires PAT to be configured if the DHCP client function has been chosen to be configured. b. The SDM configuration wizard considers any interfaces that already have IP addresses configured as candidates to become inside interfaces for PAT. c. The SDM configuration wizard assumes the interface on which DHCP client services have been enabled should be an inside interface. d. None of the answers are correct. 6. Which of the following is true about the configuration process using SDM? a. SDM uses an SSH connection via the console or an IP network to configure a router. b. SDM uses a web interface from the IP network or from the console. c. SDM loads configuration commands into a router at the end of each wizard (after the user clicks the Finish button), saving the configuration in the running-config and startup-config files. d. None of these answers are correct. 7. Which of the following are common problems when configuring a new Internet access router’s Layer 3 features? a. Omitting commonly used but optional information from the DHCP server features—for example, the IP address(es) of the DNS server(s) b. Setting the wrong interfaces as the NAT inside and outside interfaces c. Forgetting to configure the same routing protocol that the ISP uses d. Forgetting to enable CDP on the Internet-facing interface 1828xbook.fm Page 541 Thursday, July 26, 2007 3:10 PM 542 Chapter 17: WAN Configuration Foundation Topics Configuring Point-to-Point WANs This brief section explains how to configure leased lines between two routers, using both HDLC and PPP. The required configuration is painfully simply—for HDLC, do nothing, and for PPP, add one interface subcommand on each router’s serial interface (encapsulation ppp). However, several optional configuration steps can be useful, so this section explains those optional steps and their impact on the links. Configuring HDLC Considering the lowest three layers of the OSI reference model on router Ethernet interfaces for a moment, there are no required configuration commands related to Layers 1 and 2 for the interface to be up and working, forwarding IP traffic. The Layer 1 details occur by default once the cabling has been installed correctly. Router IOS defaults to use Ethernet as the data link protocol on all types of Ethernet interfaces, so no Layer 2 commands are required. To make the interface operational for forwarding IP packets, the router needs one command to configure an IP address on the interface, and possibly a no shutdown command if the interface is in an “administratively down” state. Similarly, serial interfaces on Cisco routers that use HDLC typically need no specific Layer 1 or 2 configuration commands. The cabling needs to be completed as described in Chapters 4 and 16, but there are no required configuration commands related to Layer 1. IOS defaults to use HDLC as the data link protocol, so there are no required commands that relate to Layer 2. As on Ethernet interfaces, the only required command to get IP working on the interface is the ip address command and possibly the no shutdown command. However, many optional commands exist for serial links. The following list outlines some configuration steps, listing the conditions for which some commands are needed, plus commands that are purely optional: Step 1 Configure the interface IP address using the ip address interface subcommand. Step 2 The following tasks are required only when the specifically listed conditions are true: a. If an encapsulation protocol interface subcommand that lists a protocol besides HDLC already exists on the interface, use the encapsulation hdlc interface subcommand to enable HDLC. NOTE This chapter assumes all serial links use an external channel service unit/data service unit (CSU/DSU). The configuration details of the external CSU/DSU, or an internal CSU/DSU, are beyond the scope of the book. 1828xbook.fm Page 542 Thursday, July 26, 2007 3:10 PM Configuring Point-to-Point WANs 543 b. If the interface line status is administratively down, enable the interface using the no shutdown interface subcommand. c. If the serial link is a back-to-back serial link in a lab (or a simulator), config- ure the clocking rate using the clock rate speed interface subcommand, but only on the one router with the DCE cable (per the show controllers serial number command). Step 3 The following steps are always optional, and have no impact on whether the link works and passes IP traffic: a. Configure the link’s speed using the bandwidth speed-in-kbps interface subcommand. b. For documentation purposes, configure a description of the purpose of the interface using the description text interface subcommand. In practice, when you configure a Cisco router with no pre-existing interface configuration, and install a normal production serial link with CSU/DSUs, the ip address command is likely the one configuration command you would need. Figure 17-1 shows a sample internetwork, and Example 17-1 shows the configuration. In this case, the serial link was created with a back-to-back serial link in a lab, requiring Steps 1 (ip address) and 2c (clock rate) from the preceding list, plus optional Step 3b (description). Figure 17-1 Typical Serial Link Between Two Routers Example 17-1 HDLC Configuration R1#ss ss hh hh oo oo ww ww rr rr uu uu nn nn nn nn ii ii nn nn gg gg cc cc oo oo nn nn ff ff ii ii gg gg ! Note – only the related lines are shown interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ! interface Serial0/1/1 ip address 192.168.2.1 255.255.255.0 description link to R2 clockrate 1536000 continues 192.168.1.1 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 192.168.2.1 Fa0/0 S0/1/1 192.168.4.2 Fa0/1 192.168.2.2 S0/0/1 R1 R2 1828xbook.fm Page 543 Thursday, July 26, 2007 3:10 PM 544 Chapter 17: WAN Configuration ! router rip version 2 network 192.168.1.0 network 192.168.2.0 ! R1#ss ss hh hh oo oo ww ww cc cc oo oo nn nn tt tt rr rr oo oo ll ll ll ll ee ee rr rr ss ss ss ss ee ee rr rr ii ii aa aa ll ll 00 00 // // 11 11 // // 11 11 Interface Serial0/1/1 Hardware is GT96K DCE V.35, clock rate 1536000 ! lines omitted for brevity R1#ss ss hh hh oo oo ww ww ii ii nn nn tt tt ee ee rr rr ff ff aa aa cc cc ee ee ss ss ss ss 00 00 // // 11 11 // // 11 11 Serial0/1/1 is up, line protocol is up Hardware is GT96K Serial Description: link to R2 Internet address is 192.168.2.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:06, output 00:00:03, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 70 packets input, 4446 bytes, 0 no buffer Received 50 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 73 packets output, 5280 bytes, 0 underruns 0 output errors, 0 collisions, 5 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1#ss ss hh hh oo oo ww ww ii ii pp pp ii ii nn nn tt tt ee ee rr rr ff ff aa aa cc cc ee ee bb bb rr rr ii ii ee ee ff ff Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.1 YES manual up up FastEthernet0/1 unassigned YES NVRAM administratively down down Serial0/0/0 unassigned YES NVRAM administratively down down Serial0/0/1 unassigned YES manual administratively down down Serial0/1/0 unassigned YES manual administratively down down Serial0/1/1 192.168.2.1 YES manual up up Example 17-1 HDLC Configuration (Continued) 1828xbook.fm Page 544 Thursday, July 26, 2007 3:10 PM Configuring Point-to-Point WANs 545 The configuration on R1 is relatively simple. The matching configuration on R2’s S0/0/1 interface simply needs an ip address command, plus the default settings of encapsulation hdlc and no shutdown. The clock rate command would not be needed on R2, as R1 has the DCE cable, so R2 must be connected to a DTE cable. The rest of the example lists the output of a few show commands. First, the output from the show controllers command for S0/1/1 confirms that R1 indeed has a DCE cable installed. The show interfaces S0/1/1 command lists the various configuration settings near the top, including the default encapsulation value (HDLC) and default bandwidth setting on a serial interface (1544, meaning 1544 kbps or 1.544 Mbps). At the end of the example, the show ip interface brief and show interfaces description commands display a short status of the interfaces, with both listing the line status and protocol status codes. Configuring PPP Configuring the basics of PPP is just as simple as for HDLC, except that whereas HDLC is the default serial data-link protocol and requires no additional configuration, you must configure the encapsulation ppp command for PPP. Other than that, the list of possible and optional configuration steps is exactly the same as for HDLC. So, to migrate from a working HDLC link to a working PPP link, the only command needed is an encapsulation ppp command on each of the two routers’ serial interfaces. Example 17-2 shows the serial interface configuration on both R1 and R2 from Figure 17-1, this time using PPP. R1#ss ss hh hh oo oo ww ww ii ii nn nn tt tt ee ee rr rr ff ff aa aa cc cc ee ee ss ss dd dd ee ee ss ss cc cc rr rr ii ii pp pp tt tt ii ii oo oo nn nn Interface Status Protocol Description Fa0/0 up up Fa0/1 admin down down Se0/0/0 admin down down Se0/0/1 admin down down Se0/1/0 admin down down Se0/1/1 up up link to R2 Example 17-2 PPP Configuration R1#ss ss hh hh oo oo ww ww rr rr uu uu nn nn nn nn ii ii nn nn gg gg cc cc oo oo nn nn ff ff ii ii gg gg ii ii nn nn tt tt ee ee rr rr ff ff aa aa cc cc ee ee ss ss 00 00 // // 11 11 // // 11 11 Building configuration Current configuration : 129 bytes ! interface Serial0/1/1 description link to R2 ip address 192.168.2.1 255.255.255.0 encapsulation ppp continues Example 17-1 HDLC Configuration (Continued) 1828xbook.fm Page 545 Thursday, July 26, 2007 3:10 PM 546 Chapter 17: WAN Configuration The example lists a new variation on the show running-config command as well as the PPP-related configuration. The show running-config interface S0/1/1 command on R1 lists the interface configuration for interface S0/1/1, and none of the rest of the running- config. Note that on both routers, the encapsulation ppp command has been added; it is important that both routers use the same data link protocol, or the link will not work. Configuring and Troubleshooting Internet Access Routers As covered in Chapter 16, Internet access routers often connect to the Internet using one LAN interface, and to the local LAN using another interface. Routers that are built specifically for consumers as Internet access routers ship from the factory with DHCP client services enabled on the Internet-facing interface, DHCP server functions enabled on the local interface, and PAT functions enabled. Enterprise routers, which have many features and may not necessarily be used as Internet access routers, ship from the factory without these features enabled by default. This section shows how to configure these functions on a Cisco enterprise-class router. Cisco routers support another configuration method besides using the CLI. In keeping with the exam topics published by Cisco for the ICND1 exam, this chapter shows how to configure the rest of the features in this chapter using this alternative tool, called Cisco Router and Security Device Manager (SDM). Instead of using Telnet or SSH, the user connects to the router using a web browser. (To support the web browser, the router must first be configured from the CLI with at least one IP address, typically on the local LAN, so that the engineer’s computer can connect to the router.) From there, SDM allows the engineer to configure a wide variety of router features, including the DHCP client, DHCP server, and PAT. clockrate 1536000 end ! R2's configuration next R2#ss ss hh hh oo oo ww ww rr rr uu uu nn nn ii ii nn nn tt tt ee ee rr rr ff ff aa aa cc cc ee ee ss ss 00 00 // // 00 00 // // 11 11 Building configuration Current configuration : 86 bytes ! interface Serial0/0/1 ip address 192.168.2.2 255.255.255.0 encapsulation ppp end Example 17-2 PPP Configuration (Continued) 1828xbook.fm Page 546 Thursday, July 26, 2007 3:10 PM Configuring and Troubleshooting Internet Access Routers 547 Note that the features configured through SDM in the remainder of this chapter can also be done with the CLI. Internet Access Router: Configuration Steps You can configure the DHCP client, DHCP server, and PAT functions with SDM using the following five major steps: Step 1 Establish IP connectivity. Plan and configure (from the CLI) IP addresses on the local LAN so that a PC on the LAN can ping the router’s LAN interface. Step 2 Install and access SDM. Install SDM on the router and access the router SDM interface using a PC that can ping the router’s IP address (as implemented at Step 1). Step 3 Configure DHCP and PAT. Use SDM to configure both DHCP client services and the PAT service on the router. Step 4 Plan for DHCP services. Plan the IP addresses to be assigned by the router to the hosts on the local LAN, along with the DNS IP addresses, domain name, and default gateway settings that the router will advertise. Step 5 Configure the DHCP server. Use SDM to configure the DHCP server features on the router. The sections that follow examine each step in order in greater detail. The configuration will use the same internetwork topology that was used in the Chapter 16 discussion of Internet access routers, repeated here as Figure 17-2. Step 1: Establish IP Connectivity The Internet access router needs to use a private IP network on the local LAN, as mentioned in Chapter 16. For this step, you should choose the following details: Step a Choose any private IP network number. Step b Choose a mask that allows for enough hosts (typically the default mask is fine). Step c Choose a router IP address from that network. NOTE Cisco switches also allow web access for configuration, using a tool called Cisco Device Manager (CDM). The general concept of CDM matches the concepts of SDM. 1828xbook.fm Page 547 Thursday, July 26, 2007 3:10 PM 548 Chapter 17: WAN Configuration Figure 17-2 Internet Access Router: Sample Network It does not really matter which private network you use, as long as it is a private network. Many consumer access routers use Class C network 192.168.1.0, as will be used in this chapter, and the default mask. If you work at a small company with a few sites, all connecting to the Internet, you can use the same private network at each site, because NAT/ PAT will translate the addresses anyway. Step 2: Install and Access SDM To be able to install the SDM software on the router (if it is not already installed on the router), and to allow the engineer’s host to access the router using a web browser, the engineer needs to use a host with IP connectivity to reach the router. Typically, the engineer would use a host on the local LAN, configure the router’s local LAN interface with the IP address planned at Step 1, and configure the host with another IP address in that same network. Note that SDM does not use Telnet or SSH, and the PC must be connected via an IP network—the console can only be used to access the CLI. The network engineer must configure several additional commands on the router before a user can access and use it, the details of which are beyond the scope of this book. If you are curious, you can look for more details by searching www.cisco.com for “SDM installation.” This configuration step was listed just in case you try using SDM with your own lab gear, to make you aware that there is more work to do. By the end of the process, a web browser should be able to connect to the router and see the SDM Home page for that router, like the example shown in Figure 17-3. PC1 PC2 R1 ISP1 ISP/Internet Cable Modem CATV CableF0/1 IP Addresses are in same Subnet SOHO Fa0/0 FastEthernet Interfaces 1828xbook.fm Page 548 Thursday, July 26, 2007 3:10 PM [...]... provides a good opportunity to examine a few EXEC commands from the CLI Example 1 7-4 lists the output of several CLI commands related to the access router configuration in this chapter, with some comments following the example Example 1 7-4 Interesting EXEC Commands on the Access Router s R1#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/Hardware address/User name... Thursday, July 26, 2007 3:10 PM 560 Chapter 17: WAN Configuration Exam Preparation Tasks Review All the Key Topics Review the most important topics from inside the chapter, noted with the key topics icon in the outer margin of the page Table 1 7-2 lists a reference of these key topics and the page numbers on which each is found Table 1 7-2 Key Topic Element Key Topics for Chapter 17 Description Page Number List... Access Routers Figure 1 7-5 SDM Ethernet Wizard Welcome Page Figure 1 7-6 SDM Ethernet Wizard: Choice to Use Encapsulation with PPPoE 551 1828xbook.fm Page 552 Thursday, July 26, 2007 3:10 PM 552 Chapter 17: WAN Configuration As you can see near the top of Figure 1 7-6 , the wizard picked a Fast Ethernet interface, Fa0/1 in this case, as the interface to configure The router used in this example has two LAN... 0 0 0.0.0.0 DNS Domain: example.com 555 1828xbook.fm Page 556 Thursday, July 26, 2007 3:10 PM 556 Chapter 17: WAN Configuration Step 5: Configure the DHCP Server To configure the DHCP server with SDM, click Configure near the top of the SDM window and then click Additional Tasks at the bottom of the Tasks pane to open the Additional Tasks window, shown in Figure 1 7-1 0 Figure 1 7-1 0 SDM Additional Tasks... Thursday, July 26, 2007 3:10 PM 554 Chapter 17: WAN Configuration Figure 1 7-9 SDM Ethernet Wizard: Request that the Configuration Changes Be Made Click Finish SDM builds the configuration and loads it into the router’s running-config file If you want to save the configuration, click the save button near the top of the SDM home page to make the router do a copy running-config startup-config command to save the configuration... addresses and the domain name, Example 1 7-3 shows how to find those values using the show dhcp server command This command lists information on a router acting as a DHCP client, information learned from each DHCP server from which the router has learned an IP address The pieces of information needed for the DHCP server SDM configuration are highlighted in the example Example 1 7-3 Finding the DNS Server IP... section does include a reference for the configuration commands (Table 1 7-3 ) and EXEC commands (Table 1 7-4 ) covered in this chapter Practically speaking, you should memorize the commands as a side effect of reading the chapter and doing all the activities 1828xbook.fm Page 561 Thursday, July 26, 2007 3:10 PM Command References in this exam preparation section To check to see how well you have memorized... see if you remember the command Table 1 7-3 Chapter 17 Configuration Command Reference Command Description encapsulation {hdlc | ppp | frame-relay} Serial interface subcommand that defines the data-link protocol to use on the link clock rate speed Serial interface subcommand that, when used on an interface with a DCE cable, sets the clock speed in bps bandwidth speed-kbps Interface subcommand that sets... point out the items referenced in the text.) 549 1828xbook.fm Page 550 Thursday, July 26, 2007 3:10 PM 550 Chapter 17: WAN Configuration Figure 1 7-4 SDM Configure Interfaces and Connections Window The network topology on the right side of this tab should look familiar, as it basically matches Figure 1 7-2 , with a router connected to a cable or DSL modem On the Create Connection tab, do the following: 1 Choose... button 2 Click the Create New Connection button near the bottom of the tab These actions open the SDM Ethernet Wizard, shown in Figure 1 7-5 The page in Figure 1 7-5 has no options to choose, so just click Next to keep going The next page of the wizard, shown in Figure 1 7-6 , has only one option, a check box that, if checked, enables the protocol PPP over Ethernet (PPPoE) If the ISP asks that you use PPPoE, . first section of this chapter examines leased-line configuration using both High-Level Data Link Control (HDLC) and Point-to-Point Protocol (PPP). The second section of the chapter shows how to. ppp continues Example 1 7-1 HDLC Configuration (Continued) 1828xbook.fm Page 545 Thursday, July 26, 2007 3:10 PM 546 Chapter 17: WAN Configuration The example lists a new variation on the show running-config. in Appendix A. Table 1 7-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping Foundation Topics Section Questions Configuring and Troubleshooting Point-to-Point WANs 1–3 Configuring