Cisco Press 800 East 96th Street, 3rd Floor Indianapolis, IN 46240 USA Cisco Press CCNP Self-Study CCNP BCRAN Exam Certification Guide Second Edition Brian Morgan, CCIE No. 4865 Craig Dennis 0848.book Page i Monday, October 13, 2003 1:12 PM ii CCNP BCRAN Exam Certification Guide Second Edition Brian Morgan Craig Dennis Copyright© 2004 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street, 3rd Floor Indianapolis, Indiana 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing November 2003 Library of Congress Cataloging-in-Publication Number: 2002116291 ISBN: 1-58720-084-8 Warning and Disclaimer This book is designed to provide information about selected topics for the Building Cisco Remote Access Networks (BCRAN) exam for the CCNP certification. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc., shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and preci- sion, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Corporate and Government Sales Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside of the U.S. please contact: International Sales 1-317-581-3793 international@pearsontechgroup.com 0848.book Page ii Monday, October 13, 2003 1:12 PM iii Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Publisher: John Wait Cisco Press Program Manager: Sonia Torres Chavez Editor-In-Chief: John Kane Cisco Representative: Anthony Wolfenden Executive Editor: Brett Bartow Cisco Marketing Communications Manager: Scott Miller Acquisitions Editor: Michelle Grandin Cisco Marketing Program Manager: Edie Quiroz Development Editor: Jill Batistick Technical Editor(s): Henry Benjamin, Howard Hecht, Charles Mann Production Manager: Patrick Kanouse Team Coordinator: Tammi Barnett Production Team: Argosy Publishing Copy Editor: Bill McManus Book and Cover Designer: Louisa Adair 0848.book Page iii Monday, October 13, 2003 1:12 PM iv About the Authors Brian Morgan , CCIE No. 4865, is a certified Cisco Systems instructor teaching ICND, BSCI, CVOICE, BCRAN, CBCR, CIT, and CATM courses. Brian has been instructing for more than five years. He is currently serving as a director for Paranet Solutions, a nationwide consulting firm. During his 12 years in the networking industry, Brian has developed and taught Cisco Dial Access Solutions boot camp classes for Cisco Systems internally (Tiger Team) as well as for various Training Partner sponsored courses. Prior to teaching, Brian spent a number of years with IBM in Network Services where he attained MCNE and MCSE certifications. He was involved with a number of larger LAN/WAN installations for many of IBM’s Fortune 500 clients. Brian is the proud father of fraternal twin girls (Emma and Amanda) and husband to Beth. His hobbies include spending time with family and friends, scuba diving, and writing the occasional book. Craig Dennis is a CCDA currently working as an independent consultant for LANS UnLimited specializing in small business solutions, primarily SDSL and ADSL installations, in the Northern Virginia area. Craig is a certified Cisco Systems instructor. During the past six years he has taught classes for PSC, GeoTrain, Global Knowledge, and Mentor Technologies. He is certified to teach ICND, BSCI, BCRAN, CID, and BCMSN. About the Contributing Authors Neil Lovering , CCIE No. 1772, is CEO of Neil Lovering Enterprises, Inc., a network consulting and training company. He has been a network consultant for more than eight years and has worked on various routing, switching, dialup, and security projects for many customers all over North America. Neil continues to teach advanced networking classes across the United States. When not at the keyboard or at a customer site, Neil enjoys spending time with his wife and two children in North Carolina. Shawn Boyd is a senior network consultant for ARP Technologies, Inc. Shawn is active in course development and is a certified Cisco Systems instructor with Global Knowledge, responsible for teaching most of the CCNP, CCDP, and Security courses. His background is in network security and design at a service provider level. He has worked for Canada’s largest telco providers performing network designs and implementations and was lead contact on many large government contracts. 0848.book Page iv Monday, October 13, 2003 1:12 PM v About the Technical Reviewers Henry Benjamin , CCIE No. 4695, is a triple CCIE, having certified Routing and Switching in May 1999, ISP Dial in June 2001, and Communications and Services in May 2002. He has more than 10 years of experience in Cisco networks, including planning, designing, and implementing large IP networks running IGRP, EIGRP, BGP, and OSPF. Recently Henry has worked for a large IT organization based in Sydney, Australia, as a key network designer, designing and implementing networks all over Australia and Asia. Henry is a formal CCIE lab proctor. Howard Hecht is a consultant for the Cisco Networking Academy® Program. He holds both the CCNA and CCNP certifications with a masters degree in media management. He has been an author, reviewer, and subject matter expert for several different networking titles. Charles Mann is a consultant with Chesapeake NetCraftsmen, LLC, based in the Washington, D.C. metro area (http://www.netcraftsmen.NET). He is a certified Cisco Systems instructor and holds the CCNP certification. Charles has over 10 years of experience in networking and telecommunications. Currently, Charles assists large government organizations with enterprise network design, implementation, and troubleshooting. Dedications Brian Morgan : This book is dedicated to my three giggling girls Beth, Amanda, and Emma. Thank you for making me complete, not to mention putting up with me while I got this book to production. Oh, pay no attention to our friends behind “The Curtain.” Craig Dennis : This book is dedicated to the memory of my parents, Pearl and Rally, who died last year leaving many friends and family. They will be sorely missed by all. Neil Lovering : This book is dedicated to my family: my wife Jody, my son Kevin, and my daughter Michelle. Thank you for understanding when dad is busy and glued to his computer. Shawn Boyd : This book is dedicated to my family and friends. 0848.book Page v Monday, October 13, 2003 1:12 PM vi Acknowledgments Brian Morgan : I’d like to thank my wife, Beth, and kids, Emma and Amanda, for putting up with me during the time this book was being produced. It has taken me away from them more than I’d like to admit. Their patience in temporarily setting some things aside so I could get the book done has been incredible, even when my patience wore a bit thin in trying to meet timelines. I’d like to give special recognition to Bill Wagner just for being Bill. I couldn’t wish for a better friend. A big “thank you” goes out to the production team for this book. John Kane, Michelle Grandin, and the crew have been incredibly professional and a pleasure to work with. Craig, thoughts are with you and your family. Thank you to Neil Lovering, Shawn Boyd, Howard Hecht, and Charles Mann for their part in this production. Their assistance and contributions have proved invaluable. Hi Mom and Dad! Craig Dennis : There are so many people who have helped me in one way or another during the rewrite of this book—I hope I can remember them all. First, I want to thank the entire Cisco Press team for gently guiding me through this and for their sympathy in the loss of my parents. Thank you, Chris Cleveland, Jill Batistick, Michelle Grandin, and all the others who worked behind the scenes to make this project another reality. Thanks to Brian and his usual Herculean efforts on his parts. A special thanks goes to my wife, Sharon, who always held the family together while we were going in ten different directions over the last year. Thanks also to Sandra, Jacob, Joseph, and David, my children, for just being there. Neil Lovering, Shawn Boyd, Henry Benjamin, Charles Mann, and Howard Hecht had to read the rough stuff, and their comments and suggestions were always succinct and furthered the project. Thanks. Neil Lovering : I’d like to start by thanking both Michelle Grandin and Chris Cleveland at Cisco Press. Without their patience, guidance, and understanding, this project could have never happened. I also must thank my wife, Jody, for tending to the house and kids while I studied and worked on this book. And of course I must thank my kids, Kevin and Michelle, for understanding that even when home, Daddy must work at times. Shawn Boyd : I would like to thank my friends and family for always supporting me in any endeavor I have tried, especially my parents, Pat and Dwaine. Without your unwavering love and support I could not have come this far. I am especially grateful for all the trust and guidance you have given me over the years. To Tammy Brown, thank you for giving me your love and support. You mean the world to me. A special thanks to the production team. Your professionalism and great organizational skills kept us on track. 0848.book Page vi Monday, October 13, 2003 1:12 PM vii Contents at a Glance PART I Identifying Remote Access Needs 3 Chapter 1 Remote Access Solutions 5 Chapter 2 Identifying Site Requirements 25 Chapter 3 Network Overview 51 PART II Enabling On-Demand Connections to the Central Site 81 Chapter 4 Configuring Asynchronous Connections with Modems 83 Chapter 5 Configuring PPP and Controlling Network Access 111 Chapter 6 PPP Link Control Protocol Options 127 PART III Using ISDN and DDR Technologies to Enhance Remote Connectivity 139 Chapter 7 Using ISDN and DDR Technologies 141 Chapter 8 Advanced DDR Options 175 Chapter 9 Using ISDN Primary Rate Interface 191 PART IV Broadband Access Methods to the Central Site 215 Chapter 10 Broadband Options to Access a Central Site 217 Chapter 11 Using DSL to Access a Central Site 241 PART V Establishing a Dedicated Frame Relay Connection and Controlling Traffic Flow 271 Chapter 12 Establishing a Frame Relay Connection 273 Chapter 13 Frame Relay Traffic Shaping 297 PART VI Backup and Network Management Methods 313 Chapter 14 Enabling a Backup to the Permanent Connection 315 Chapter 15 Managing Network Performance with Queuing and Compression 327 Part VII Scaling Remote Access Networks 359 Chapter 16 Scaling IP Addresses with NAT 361 Chapter 17 Using AAA to Scale Access Control in an Expanding Network 395 Part VIII Securing Remote Access Networks 423 Chapter 18 Securing Remote Access Network Connections 425 Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 451 Index 504 0848.book Page vii Monday, October 13, 2003 1:12 PM viii Table of Contents Part I Identifying Remote Access Needs 3 Chapter 1 Remote Access Solutions 5 “Do I Know This Already?” Quiz 5 Foundation Topics 10 Discussion of Remote Access Products 11 Cisco 700 Series 11 Cisco 800 Series 11 Cisco 1600 Series 12 Cisco 1700 Series 12 Cisco 2500 Series 13 Cisco 2600 Series 13 Cisco 3600 Series 13 Cisco 3700 Series 14 Cisco AS5000 Series 14 Cisco 7200 Series 15 PIX Firewall Series 15 VPN 3000 Concentrator Series 15 WAN Connections 16 Traditional WAN Technologies 16 Emerging WAN Technologies 17 Determining the Site Requirements 18 Central Site Installations 18 Branch-Office Installations 18 Remote Office or Home Office Installations 19 Introduction to QoS 19 Foundation Summary 22 Q&A 23 Chapter 2 Identifying Site Requirements 25 “Do I Know This Already?” Quiz 25 Foundation Topics 28 Determining Site Requirements 28 Determine the Goals of the Network 28 Central-Site Installations 29 Remote Office/Branch Office Installations 30 Small Office/Home Office Installations 31 Guidelines for Equipment Selection 32 WAN Access Methods for Remote Access 37 Technology Assessment 40 Foundation Summary 43 Q&A 45 Scenarios 46 Scenario 2-1 46 Scenario 2-2 46 0848.book Page viii Monday, October 13, 2003 1:12 PM ix Scenario Answers 47 Scenario 2-1 Answers 47 Scenario 2-2 Answers 48 Chapter 3 Network Overview 51 “Do I Know This Already?” Quiz 51 Foundation Topics 55 Choosing WAN Equipment 55 Central-Site Router Selection 56 Remote Office/Branch Office Router Selection 62 Small Office/Home Office Router Selection 65 Assembling and Cabling the Equipment 66 Verifying the Installation 68 LED Lights 69 Router Interface Verification 69 Foundation Summary 75 Q&A 77 Scenarios 78 Scenario 3-1 78 Scenario Answers 79 Scenario 3-1 Answers 79 Part II Enabling On-Demand Connections to the Central Site 81 Chapter 4 Configuring Asynchronous Connections with Modems 83 “Do I Know This Already?” Quiz 83 Foundation Topics 88 Modem Signaling 88 Data Transfer 89 Data Flow Control 89 Modem Control 89 DTE Call Termination 90 DCE Call Termination 90 Modem Configuration Using Reverse Telnet 90 Router Line Numbering 92 Basic Asynchronous Configuration 94 Logical Configurations on the Router 96 Physical Considerations on the Router 97 Configuration of the Attached Modem 98 Modem Autoconfiguration and the Modem Capabilities Database 99 Use of the Discovery Feature 100 Chat Scripts to Control Modem Connections 101 Reasons for Using a Chat Script 102 Reasons for a Chat Script Starting 102 Using a Chat Script 102 Foundation Summary 104 Q&A 107 Scenarios 108 0848.book Page ix Monday, October 13, 2003 1:12 PM x Chapter 5 Configuring PPP and Controlling Network Access 111 “Do I Know This Already?” Quiz 111 Foundation Topics 115 PPP Background 115 PPP Architecture 115 PPP Components 116 Dedicated and Interactive PPP Sessions 117 PPP Options 118 PPP Authentication 119 Password Authentication Protocol 119 Challenge Handshake Authentication Protocol 120 Foundation Summary 123 Q&A 124 Chapter 6 PPP Link Control Protocol Options 127 “Do I Know This Already?” Quiz 127 Foundation Topics 130 PPP LCP 130 PPP Options 130 PPP Callback 131 PPP Compression 133 Multilink PPP 134 PPP Troubleshooting 134 Foundation Summary 136 Q&A 137 Part III Using ISDN and DDR Technologies to Enhance Remote Connectivity 139 Chapter 7 Using ISDN and DDR Technologies 141 “Do I Know This Already?” Quiz 141 Foundation Topics 145 Basic Rate Interface 146 BRI Protocols 148 ISDN Call Setup 154 ISDN Call Release 156 Implementing Basic DDR 157 Step 1: Setting the ISDN Switch Type 158 Step 2: Specifying Interesting Traffic 159 Step 3: Specifying Static Routes 161 Step 4: Defining the Interface Encapsulation and ISDN Addressing Parameters 162 Step 5: Configuring Protocol Addressing 163 Step 6: Defining Additional Interface Information 164 Additional Options Beyond Basic DDR Configuration 165 Passive Interfaces 166 Static Route Redistribution 167 0848.book Page x Monday, October 13, 2003 1:12 PM [...]... against down time Exams Required for Certification As described earlier, you are required to pass a group of exams to achieve CCNP certification The exams generally match the same topics that are covered in one of the official Cisco courses Table I-1 outlines the exams and the courses with which they are most closely matched Table I-1 Exam- to-Course Mappings for CCNP Certification Certification Exam Number Name... information taken as a whole is what produces a CCNP The exam is a computer-based exam that has multiple choice, fill-in-the-blank, and list-in-order style questions The fill-in-the-blank questions are filled in using the complete syntax for the 0848.book Page xxiv Monday, October 13, 2003 1:12 PM xxiv command, including dashes and the like For the fill-in-the-blank questions, a tile button is given to list... Cisco The BCRAN Exam and the CCNP Certification Passing the BCRAN exam proves mastery of the features used in larger corporate dial-in facilities and ISP operations Skills required for CCNP and CCDP certifications include the ability to install, configure, operate, and troubleshoot remote-access devices in a complex WAN environment Specifically, the remote-access skills required demonstrate that the CCNP or... than multiple-choice questions This helps you exercise recall and avoids giving you a false sense of confidence, as an exercise with only multiple-choice questions might do For example, fill-in-the-blank questions require you to have better recall than multiple-choice questions Finally, accompanying this book is a CD-ROM that has exam- like, multiple-choice questions as well as simulation-based questions... the Exam s Requirements CCNA 64 0-8 01 CCNA Interconnecting Cisco Network Devices (ICND) CCNP 64 2-8 01 BSCI Building Scalable Cisco Internetworks (BSCI)* 64 2-8 11 BCMSN Building Cisco Multilayer Switched Networks (BCMSN) 64 2-8 21 BCRAN Building Cisco Remote Access Networks (BCRAN) 64 2-8 31 CIT Cisco Internetwork Troubleshooting (CIT) * Passing the Foundation exam 64 0-8 41, which is also a recertification exam. .. Do Not Have CCNA Certification Why don't you have the certification? The prerequisite for the CCNP certification is to be certified as a CCNA, so you really should pursue your CCNA certification before tackling the CCNP certification Beginning with the BCRAN exam gives you a skewed view of what is needed for the Cisco Professional certification track That being said, if you must pursue the certifications out... 64 0-8 41, which is also a recertification exam for CCNP, meets the same requirements as passing exams 64 2-8 01 and 64 2-8 11 What Is on the BCRAN Exam? The BCRAN exam evaluates the knowledge of network administrators and specialists who must configure and maintain a RAS and the associated peripheral components that accompany it Candidates attempting to pass the BCRAN exam must perform the following tasks: ■ Describe... network administrators who want to significantly increase their chances of passing the CCNP BCRAN exam (It is also a good general reference for networking topics, although that is not its intended purpose.) Passing the CCNP BCRAN exam is one of the milestones toward getting the CCNP certification The reasons for getting CCNP certification vary It could mean a raise, a promotion, professional recognition, or... the key concepts in the chapter, and it is an excellent tool for last-minute review ■ Q&A—These end-of-the-chapter questions focus on recall, covering topics in the “Foundation Topics” section by using several types of questions It is a tool for final review when your exam date is approaching ■ CD-ROM-based practice exam The companion CD-ROM contains a large number of questions that are not included in... is as simple as writing it down You Have Passed Other CCNP Exams and Are Preparing for the BCRAN Exam Consider the following scenarios as you plan your study time Scenario 1: You Have Taken the BCRAN Course Because you have taken other Cisco exams and have taken the BCRAN course, you know what you are up against in the test experience The BCRAN exam is like all the others The questions are “Sylvanish” . 2003 1:12 PM xviii Foreword CCNP BCRAN Exam Certification Guide, Second Edition, is a complete study tool for the CCNP BCRAN exam, allowing you to assess. Street, 3rd Floor Indianapolis, IN 46240 USA Cisco Press CCNP Self-Study CCNP BCRAN Exam Certification Guide Second Edition Brian Morgan, CCIE No. 4865 Craig