1419 fmilXi.fm Page 976 Friday, November 7, 2003 7:09 AMptgmedia.pearsoncmg.com/images/1587051419/index/... · IGRP (Interior Gateway Routing Protocol), 23 ... bandwidth metric, 382-383

1419_fmilXi.fm Page 976 Friday, November 7, 2003 7:09 AM

I

N

D

E

X

Symbols

<backspace> command, 774<down arrow> command, 774<Enter> command, 774<Return> command, 774<Tab> command, 774<up arrow> command, 774? command, 773

Numerics

3DES (triple data encryption standard), 57220/80 rule, 20980/20 rule, 209802.11b, 588802.11i, 590802.1X, 589

A

AAA, 705accounting management, 644overview, 151

AAL1, 504AAL2, 503AAL5, 503access-class command, 746, 780access control, 563access layer (network hierarchy model), 120, 684

designing Enterprise Campus networks, 216–217

L2 and L3 switching, 121role of, 120route redistribution, 413routing protocols, 409

access-list command, 780-782access lists, 726

configuring, 746–747creating, 730

ensuring results, 732extended, 735

backwards compatibility, 726configuring, 735–739example, 742–743placement, 744

implicit deny any entries, 728IP, 725, 728standard, 727, 733vty, 744wildcard masks, 729-731

access servers, 8accounting management tools, 642-643

AAA framework, 644IP accounting, 643NetFlow, 645

ACD (automatic call distribution) systems, 459ACF/VTAM (Advanced Communication Facility/

Virtual Telecommunication Access Method), 26

acknowledgment, 272activation and data collection, 627Active Network Monitor, 79active time, 410adaptation (ATM), 503Address mapping group (RMON2), 622Address Resolution Protocol (ARP), 17, 157address signaling, 450addresses, 329

host, 322IP

assigning, 343–345converting between decimal and binary,

718IPv4, 319-320

addressingAppleTalk, 25classful, 720discovery

ARP, 157explicit configuration, 157


978

HSRP, 158routing protocols, 157VRRP, 158

encapsulation, 4IP, 21, 691

ANDing, 21–22classes, 692default gateway, 157job aids, 715octets, 18, 321prefixes, 323, 692private addresses, 329-331, 334, 692route summarization, 334–335subnets, 21

IPv4, 18classes, 19, 323subnets, 19

IPX, 25MAC, 9network layer, 9

address-violation command, 789ADPCM (Adaptive Differential Pulse Code

Modulation) algorithm, 485ADSL (Asymmetric DSL), 258, 291

architecture, 292point-to-point protocol networks, 293PPPoA implementation, 294PPPoE implementation, 294

advanced distance vector routing protocols, 406Advanced Encryption Standard (AES), 590Advanced Peer-to-Peer Networking (APPN), 26Advanced Program-to-Program Computing

(APPC), 26advanced routing protocols, 16AES (Advanced Encryption Standard), 590aggregation, 162.

See

also

channel aggregationAlarm group (RMON1), 619A-law companding, 443–444algorithms, 15

compression, 270routing,15security, 546

Spanning-Tree Protocol, 161voice coding and compression, 485

always-on connectionsFR vs. X.25, 281TDM vs. packet switching, 280

analog signaling, 442, 451–452companding, 443converting to digital, 442–443

and, 11, 362ANDing (IP addresses), 21–22anycast addresses (IPv6), 354APPC (Advanced Program-to-Program

Computing), 26AppleTalk, 25

addressing, 25configuration commands, 783general commands, 783phases, 25

appletalk cable-range command, 783AppleTalk commands (table), 783AppleTalk configuration commands (table), 783appletalk discovery command, 783appletalk protocol command, 783appletalk routing command, 783appletalk zone command, 783application characterization, 185

application requirements, 189client-client, 185client-distributed server, 186client-Enterprise Edge, 188client-server farms, 187

application layer (OSI model), 768application layer attacks, 152–153Application layer host group (RMON2), 622Application layer matrix group (RMON2), 622application maps, 67application requirements of WAN design, 262-

263applications, 670–671, 674

analyzing in existing networksexample, 78tools, 79

addressing


979

communication, 185cost consideration, 191high availability, 191IP telephony, 471Network Organizational Model, 36security, 557-558throughput, 190

APPN (Advanced Peer-to-Peer Networking), 26architectures

distributed, 631fault management, 633IP telephony, 471modern organizational model, 33network management, 607-609Network Organizational, 681

example, 35layers, 682

OSI model, 3voice networks, 460

ARP (Address Resolution Protocol), 17, 157AS (autonomous systems)

connectivity, 695IGRP (Interior Gateway Routing Protocol),

23multi-homing, 405routing protocols, 22

AS-path attribute, 385assessing, 101

existing networks, 64, 67customer input, 65draft design documents, 85–86examples, 66

network audits, 70–75summary reports, 84traffic analysis, 77–82

network health, 76assigned TCP port numbers, 740assigned UDP port numbers, 741assigning

IP addresses, 343DHCP servers, 346

guidelines for assignment, 345IPv6, 358static vs. dynamic, 344–345

private addresses, 329-331, 334, 692Asymmetric DSL.

See

ADSLATM (Asynchronous Transfer Mode), 255, 258

adaptation types, 503characteristics, 502

audit trails, 575auditing existing networks, 70.

See

also

assessingmanual commands, 72–75third-part tools (Web sites), 72tools, 70–71

audits (network assessment), 70authentication, 563–564

EAP, 589guidelines, 566how to use, 565IEEE 802.1X standard, 565two-factor/strong, 564

authorization, 567guidelines, 569least privilege concept, 567

Auto Update Serversecurity, 599–600Web site, 600

automatic call distribution (ACD) systems, 459autonomous system connectivity.

See

AS AutoQoS (Cisco), 497-498availability threats, 548AVVID (Cisco Architecture for Voice, Video and

Integrated Data), 88

B

backbone, routing protocols, 408BackboneFast, 197<backspace> command, 774Backup, 162backup links, 268backup serial lines, 7

backup serial lines


980

backwards compatibility, IP access list extensions, 726

bandwidthcable networks, 297data compression, 269DWDM, 289E3, 143EIGRP, 397increasing with secondary links, 285IP telephony systems, 489

reducing traffic, 490requirements, 490–491

LANs, 265optimizing, 268shared vs. switched LAN technology, 193T3, 143WANs, 264

bandwidth command, 778, 785bandwidth domains, 191bandwidth metric, 382-383bandwidth reduction QoS mechanism, 493bandwidth reservation QoS mechanism, 493banner command, 777baselining, 649Bellman-Ford algorithms, 16BER (bit error rate), 263best effort connections, 259best-effort traffic, 24BGP (Border Gateway Protocol), 23, 404

AS-path attribute, 385external, 406implementation example, 405integrating interior routing protocols, 416–

417internal, 406neighbors, 406next-hop attribute, 418

BGP4+, 367BHT (busy hour traffic), 510BIAs (burned-in addresses), 9binary numbers

decimal-to-binary conversion chart, 716-717

logically ANDing, 22bit error rate (BER), 263bits (IP addressing), 323, 692blocking probability, 511boot system command, 777Border Gateway Protocol.

See

BGPbottlenecks

content caching, 169traffic shaping, 276

bottom-up design approach vs. top-down, 89BPDU (Bridge Protocol Data Unit), 196BPDU skew detection, 197BRI (Basic Rate Interface), 8, 452Bridge Protocol Data Unit (BPDU), 196bridges, 10-12bridging protocols, 11broadband

3G, 298fixed wireless network example, 298-299

broadcast domains, 191broadcast storms, 12broadcast transmission, 6budgets, consideration in network design, 55building access module, 226Building Access submodule, 166Building Distribution submodule, 166building distribution module, 226busy hour traffic (BHT), 510

C

c, 24Cable Modem Termination System (CMTS), 295cable networks, 258–259, 295

CATV transmission, 297CM-to-CMTS interface, 297components, 295data flow, 296topology, 296

cabling, 182copper vs. fiber, 203–204MM, 202

backwards compatibility, IP access list extensions


981

SM, 202network installation example, 205unshielded twisted-pair, 201

CAC (Call Admission Control), 512, 518caches, 171calculating networks for subnet masks, 723calculating subnet masks, 721–722call centers, 459call control functions, 489call legs, 477call progress signaling, 450CallManager, 471, 522campus backbone design, 221

auxiliary VLAN feature, 226dual-path, 225Layer 3 switching, 223–224network management module integration,

226Server Farms, 227servers directly attached, 227split Layer 2 design, 222

Campus Backbone module, 155Campus Backbone submodule, 166Campus Infrastructure, route redundancy, 160Campus Infrastructure module, 132

building blocks, 133Campus Backbone, 134guidelines, 136

campus networks, 181, 687redesign case study, 710

capacity areas, 651capacity planning, 505

Campus IP telephony, 519–521DSP resources, 514GoS, 508

BHT, 510blocking probability, 511CSS, 509Erlang, 508Erlang tables, 509overview, 508trunk capacity calculation, 512

network migration, 507on-net/off-net calling, 505–506trunking, 521WANs, 515

CAC, 518call routing alternatives, 518capacity calculations, 516combining capacity calculations with

GoS, 517carrier sense multiple access collision detect.

See

CSMA/CD

CAS (channel associated signaling), 452CAs (Certificate Authorities), 310case studies

MCMB network redesign, 706–707, 710network design, analyzing existing networks,

101network upgrades, 105

Catalyst 1900 Switch, 786Catalyst switches, 13, 789

configuration commands, 789interface configuration commands, 790

CatOS, network auditing, 73CATV transmission, 297CBWFQ (Class-Based Weighted Fair Queuing),

85 , 495CCM, clustering, 165CCS (centum call second), 509CDN (Content Delivery Network), 168CDP (Cisco Discovery Protocol), 393, 623

functionality, 624information, 623Web site, 625when not to run, 625

cdp enable command, 778, 790cdp run command, 777cells, 769cell-switched networks, 258CELP (Code Excited Linear Prediction

Compression) algorithm, 486Centrex, 457, 698centum call second (CSS), 509

centum call second (CSS)


982

CES (circuit emulation service), 504CGMP (Cisco Group Management Protocol), 212channel aggregation, 162channel associated signaling (CAS), 452characteristics (OSI model), 760characterizing.

See

assessingCIDR (Classless Inter-Domain Routing), 334ciphertext, 571circuit emulation service (CES), 504circuit switched calls, 522circuit switching, 7circuit-switched networks, 257Cisco

CDP, 623functionality, 624information, 623

NetFlow, 625activation and data collection, 627vs. RMON, 629

SAA (service assurance agents), 653SAFE (Security Architecture for Enterprise)

Blueprint.

See

SAFE BlueprintCisco Architecture for Voice, Video and

Integrated Data.

See

AVVIDCisco AutoQoS, 497–498Cisco CallManager, 522Cisco Converged Network Investment Calculator.

See

CNICCisco Discovery Protocol (CDP), 393Cisco Group Management Protocol (CGMP), 212Cisco IOS, 268, 309, 777

compression services, 270configuration file commands, 776configuring IP extended access lists, 737data software compression types supported,

269EXEC commands, 779, 783Express RTP Header Compression feature,

488interface configuration commands, 778IP access list extensions, backwards

compatibility, 726

IP configuration commands, 780ip tcp selective-ack global configuration

command, 272IPX commands, 782network auditing, 73queuing mechanisms, 495

custom queuing, 274show interface command, 384syslog accounting, 629TCP intercept feature, 556traffic shaping, 276

Cisco MIB, 616Cisco NetFlow, 79Cisco SAFE Blueprint, 702Cisco Secure PIX firewalls, network auditing, 73Cisco Secure Scanner, 72CiscoWorks 2000, 642class of service (CoS), 81Class-Based Weighted Fair Queuing (CBWFQ),

85, 495classes

IP addresses, 719–720prefix length, 323, 692subnetting, 21

IPv4 addresses, subnetting, 19classful addresses, 720-721classful distance vector protocols, 388classful routing, 341Classless Inter-Domain Routing (CIDR), 334classless routing, 342clear counters command, 774clear frame-relay-inarp command, 783clear ip nat translation command, 779clear line command, 774clearing NAT entries, 811client-client applications, 185, 190client-distributed server applications, 186client-Enterprise Edge applications, 188client-server farm applications, 187clock rate command, 778clock set command, 774clustering, 165

CES (circuit emulation service)


983

CMTS (Cable Modem Termination System), 295-296

CN (Content Networking), 168content delivery functions, 169

content caching, 169–170content routing, 171content switching, 172

example, 173CNIC (Cisco Converged Network Investment

Calculator), 63CO trunks, 448Code Excited Linear Prediction Compression

(CELP) algorithm, 486codecs, 466

G.729, 489mean opinion score, 486voice coding and compression, 486-487

collision domains, 191commands, 810

access-class, 746AppleTalk (table), 783AppleTalk configuration (table), 783Catalyst 1900/Catalyst 2950 Switch IOS, 786Catalyst switch configuration, 789configuration

Catalyst switch interface, 790WAN interfaces, 785

ICND router, 773–774interface configuration (table), 778–779IP (table), 779–780ip access group, 731IPX, 782IPX configuration, 782line vty, 745response time, 262WAN configuration (table), 785–786

common channel signaling (CSS), 452common Server Farms, 187communication (applications), 185communication protocols, 761companding, 443–444comparing configuration file commands, 776–777

compressed Real-Time Transport Protocol (cRTP), 490

compression, 269–270, 699affect on performance, 271dictionary, 270disabling, 271hardware-assisted, 271RTP, 271statistical, 270

compulsory tunnels (VPDN), 307concatenation.

See

ANDingconfidentiality threats, 547config-register command, 777configuration commands, 789

Catalyst switch interface, 790IP, 780WAN interfaces, 785

configuration file commands, 776–777configuration management, 635

configuration standards, 636configuration tools

CiscoWorks 2000, 642protocols, 641

functions and importance of, 635inventory, 637naming conventions, 638software, 637standard configuration and descriptors, 639upgrade procedures, 639

configure network command, 776configure overwrite-network command, 777configure terminal command, 774, 787configuring

access lists, 746–747extended IP access lists, 735–739IP access lists

ensuring results, 732standard, 730

NATbasic local IP address translation, 806inside global address overloading, 807

configuring


984

TCP load distribution, 809-810translating overlapping addresses, 808

queuing, 273congestion

dejitter buffers, 481queuing, 272-274traffic shaping, 276

congestion avoidance QoS mechanism, 494congestion management QoS mechanism, 495Conjugate Structure-Algebraic Code Excited

Linear Prediction Compression (CS-ACELP) algorithm, 485

connect command, 774connecting Enterprise Edge modules with outside

world, 260connection-oriented protocols, 25connections

best efforts, 259dark fiber, 290remote access, 277

always-on connections, 280–281backup solutions, 283–285design as process, 283dispersed Enterprise sites, 288, 290evaluating parameters, 278–279IP connectivity, 291–298, 300–302on-demand connections, 280packet switched topologies, 281–282VPNs, 304–308

WANs, 259connectivity

AS, 695bridges, 10hubs, 9links, 161media access, 6multi-homing, 405switches, 10WANs, 7

consistency, 639constituencies.

See

stakeholdersconstraint assessment, 55-57

constraints (technical), 62content caching (CN), 169-170Content Delivery Network (CDN), 168Content Networking.

See

CNcontent routing (CN), 169-171content switching (CN), 169, 172contention access, 6control information (OSI model), 763control plane, 647controller command, 785controlling vty access, 744converged networks, 463convergence, 201

IS-IS, 402OSPF, 399RIPv2, 386routing protocols, 385-387STP, 196

convertingdecimal-to-binary (chart), 716–717IP addresses between decimal and binary,

718copper cable

deployment area, 204uses and limitations, 204vs. fiber cables, 203

copy flash tftp command, 774copy ftp: nvram:startup-config command, 777copy ftp: system:running-config command, 776copy nvram tftp://{host}/{file} command, 787copy rcp running-config command, 776copy rcp startup-config command, 777copy rcp: nvram:startup-config command, 777copy rcp: system:running-config command, 776copy running-config rcp command, 777copy running-config startup-config command,

774, 777copy running-config tftp command, 774, 777copy startup-config running config command, 774copy startup-config tftp command, 774copy startup-config tftp://{host}/{file} command,

787

configuring


985

copy system:running-config ftp: command, 777copy system:running-config nvram:startup-config

command, 777copy system:running-config rcp: command, 777copy system:running-config tftp: command, 777copy tftp flash command, 774copy tftp running-config command, 775–776copy tftp startup-config command, 775, 777copy tftp: nvram:startup-config command, 777copy tftp: system:running-config command, 776copy tftp://{host}/{file} nvram command, 787core layer (network hierarchy model), 125, 684

L2 vs. L3 switching, 126role of, 125route redistribution, 413routing protocols, 408–409

CoS (cost of service), 441CoS (class of service), 81cost

applications, 191cabling, 205Centrex service (PSTN telephony), 457hierarchical network design models, 118off-net calculation, 512ROI, 63secondary links, 285shared vs. switched LAN technology, 194WANs, 265

CQ (custom queuing), 273, 495creating

access lists, 730design decision tables, 91

cRTP (compressed Real-Time Transport Protocol), 490

cryptography, 558, 571–573, 701CS-ACELP (Conjugate Structure-Algebraic Code

Excited Linear Prediction Compression) algorithm, 485

CSMA/CD (carrier sense multiple access collision detect), 6

CSS (common channel signaling), 452

CSU/DSU (channel service unit/digital service unit), 8

Ctrl+a command, 773Ctrl+b command, 773Ctrl+c command, 773Ctrl+e command, 773Ctrl+f command, 774Ctrl+n command, 774Ctrl+p command, 774Ctrl+r command, 774Ctrl+Shift+6 x command, 774Ctrl+u command, 774Ctrl+w command, 774Ctrl+z command, 774, 777cumulative delay metric, 382current window, 271–272custom queuing (CQ), 273-274, 495cut-through switches, 12

D

dark fiber, 290data

compression, 269–270, 699disabling, 271encoding techniques, 270hardware assisted, 271performance, affect on, 271supported by Cisco IOS software, 269

decapsulated/un-encapsulated, 5encapsulation, 4integrity, 572–574security, 310throughput, 262transmission confidentiality, 570

encryption, 571guidelines, 572

voice transport, 697data flows, 23-24, 296data gathering (design process)

initial requirements, 51network requirements, 52

data gathering (design process)


986

organizational constraints, 55-57organizational goals, 53–55planned applications and network services,

57-60technical constraint identification, 62–63technical goals, 60–62

data link layer (OSI model), 256, 765frames, 768OSI model, 5

Data Link Switching Plus (DLSw+), 27data networks, migrating to an integrated

network, 507data plane, 647data terminating equipment (DTE), 8data transmission, 6

acknowledgment, 272packet loss, 263WANs, 7window size, 271–272

data units, 769–770datagrams, 352, 769data-link layer technologies, 191-193data-link switching (DLSw), 26DDoS attacks, 556DDR (dial-on-demand routing), 7, 280debug appletalk routing command, 783debug command, 775debug dialer command, 783debug eigrp neighbors command, 779debug frame-relay lmi command, 784debug ip eigrp command, 779debug ip igrp command, 779debug ip nat command, 779, 812debug ip ospf events command, 779debug ip ospf packet command, 779debug ip rip command, 779debug ipx routing activity command, 782debug ipx sap activity command, 782debug isdn q921 command, 784debug isdn q931 command, 784debug ppp authentication command, 784debug ppp error command, 784

debug ppp negotiation command, 784decapsulated data, 5decimal-to-binary conversion chart, 716–717decision tables, 91

guidelines, 92template, 93

dedicated-connection cell switching technologies, 258

default gateways, 157defining organizational policies, 37–38dejitter buffers, 481delay metric, 382delay-sensitive traffic, 24delete nvram command, 787delete vtp command, 787delta frames, 24demilitarized zone (DMZ) network, 581Denial of Service attacks.

See

DoS attacksDense Wavelength Division Multiplexing.

See

DWDM

deny conditions, 725deploying SAA, 668deployment area, copper vs. fiber cable, 204description command, 778descriptors, 639design implementation, 95–96design methodology, 268, 683(Design phase (PDIOO), 682designing

ADSL point-to-point protocol networks, 293Enterprise Campus networks, 181, 206

application characterization, 185–188data-link layer technologies, 191-193design considerations, 182Layer 2/Layer 3 switching, 194–195,

198–199module requirements, 207network geography, 182-184transmission media, 201–202

IP addressing, 319, 322assigning addresses, 343–345case study, 370

data gathering (design process)


987

determining network size, 325dynamic IPv6 renumbering, 359evaluating location size, 327–328hierarchy criteria, 336implementing hierarchy, 334IPv4 compatible IPv6 addresses, 357IPv6 address assignment, 358IPv6 name resolution, 360IPv6 overview, 355–356IPv6 routing protocols, 366name resolution, 347–349network size, 328–329network topology, 326–327pitfalls, 338public vs. private addresses, 331route aggregation, 339routing protocols, 341subnet masking choice, 339summarization groups, 336transitioning between IPv4 and IPv6,

362-364link redundancy, 161networks, 117.

See

also

Enterprise Composite Network Model

applications and network services, 57–60

assessing existing networks, 64–67, 70–84

assessing organizational constraints, 55-57

campus, 687customer requirements, 49decision tables, 91–93documentation, 97draft design documents, 85–86Enterprise Campus,

208–217, 219–226, 231Enterprise Campus (case study), 234Enterprise Campus/Enterprise Network

connectivity, 230Enterprise Composite Network Model,

128, 684

Hierarchicical Network model, 118, 684high availability, 155implementation and verification, 98importance of effective design, 33IP telephony, 63, 472methodology, 47–48monitoring and redesigning, 99network requirements, 52network solutions, 163OSI model, 49PDIOO, 44–45planning design implementation, 95–96prototypes and pilots, 97redesign case study, 706–707, 710RFPs/RFIs, 50scope, 49security.

See

securitystructured approach, 87technical constraint identification,

62–63technical goals, 60–62telephony.

See

telephony systemstools, 94top-down approach, 87, 90top-down approach vs. bottom-up, 89understanding organizational goals, 53understanding organizations’

procedures, 29VoFR, 500voice transport, 441, 697WANs, 688

route redundancy, 159-160WANs, 256

analyzing customer requirements, 261application requirements, 262–263characterizing the existing network, 261cost effectiveness, 265methodology, 260remote access, 277–280response time, 264selecting technologies, 276technical requirements, 263–264

designing


988

topology and network solutions, 261trade-offs, 261

determining, 719devices, 18

bridges, 10-12IP addressing, 21IPX addressing, 25LANs, 9media access, 6port numbers, 17routers, 13–14security

guidelines, 551risks, 550

standard configuration, 639switches, 10-12WANs, 8

DHCP servers, assigning IP addresses, 346dial backup, 7dial backup routing, 284dial peers, 476-477dialer idle-timeout command, 785dialer load-threshold command, 785dialer map command, 785dialer pool command, 785dialer pool-member command, 785dialer string command, 785dialer-group command, 785dialer-list list command, 785dialer-list protocol command, 785dial-on-demand routing (DDR), 7, 280dialup services, 7dictionary compression, 270Diffusing Update Algorithm (DUAL), 23digital certificates, 310digital devices (CSU/DSU), 8Digital Private Network Signaling System

(DPNSS), 445digital signal processors (DSPs), 470, 700

digital signaling, 442, 452ISDN, 452SS7, 453

digital signatures, 572–573, 701Digital Subscriber Line.

See

DSLdirected broadcasts, 192disable command, 775, 787disabling STP, 217disconnect command, 775discovery (address)

ARP, 157explicit configuration, 157HSRP (Hot Standby Router Protocol), 158routing protocols, 157VRRP, 158

dispersed sites, 691distance vector protocols, 376

BGP, 404example, 377–378selection guidelines, 380

distance-vector routing algorithms, 16distant remote building network structure, 184Distribution layer (Hierarchical Network model),

684controlling traffic, 124designing Enterprise Campus networks, 216,

219–220features, 125role of, 123routing protocols, 409

distribution switches, 219DLS (data-link switching), 258DLSw, 26DLSw+ (Data Link Switching Plus), 27DMZ (demilitarized zone) network, 581DNS servers, IP address name resolution, 349documentation

audit trails, 575design implementation, 95draft design documents, 85network design, 97security policies, 560

designing


989

domainsfailure, 200policy, 200routing, intradomain vs. interdomain, 16

don’t care bits, 729DoS (Denial of Service) attacks, 152-153, 548–

549, 553–554application targets, 557–558distributed DoS (DDOS) attacks, 554-556protection guidelines, 555TCP SYN-flooding, 556

dotted decimal notation, 18, 321<down arrow> command, 774downstream, 291DPNSS (Digital Private Network Signaling

System), 445draft design documents, 85–86DSL (Digital Subscriber Line), 255, 258

asymmetric, 291-293Cisco’s FAQs web site, 259remote access implications, 291symmetric, 291xDSL, 292

DSPs (digital signal processors), 470, 700DSTM translation mechanism, 366DTE (data terminating equipment), 8DTMF (dual tone multifrequency), 460DUAL (Diffusing Update Algorithm), 23dual-path Layer 3 campus backbone design, 225dual-stack transition mechanism, 362duplex command, 790DWDM (Dense Wavelength Division

Multiplexing), 289dynamic IP address assignment, 344–345dynamic name resolution, 348, 360dynamic routing, 375–376dynamic routing algorithms, 15dynamic switched VoFR calls, 499

E

E&M (ear and mouth) signaling, 451E3, 143EAP (Extensible Authentication Protocol), 589EBGP (external BGP), 406, 417, 422, 696echo, 483E-commerce module, 139, 583ecosystems, 31–32Edge Distribution module (Enterprise Campus

networks), 132, 135-136, 230-231edge routing protocols, 409EGPs (exterior gateway protocols), 380, 406egress edge LSRs, 302EIGRP (Enhanced Internet Gateway Routing

Protocol), 23characteristics, 397convergence, 388features, 395–396metric calculation, 383–384terminology, 396when to use, 391

emerging WAN technologiescable, 259comparing, 267DSL, 258LRE, 259MPLS, 259wireless, 259

enable command, 775, 787enable password command, 777enable secret command, 777encapsulation, 763

bridging, 11OSI model, 4

encapsulation command, 785encapsulation dot1q command, 778encapsulation isl command, 779encoding techniques (data compression), 270encryption, 571, 701

3DES, 572802.11i, 590

encryption


990

end command, 777end system (ES), 400Enhanced Internet Gateway Routing Protocol.

See

EIGRP

<Enter> command, 774Enterprise Campus networks, 130, 685

building internal security, 150connectivity to rest of Enterprise Network,

230designing, 181, 206-208

access and distribution layers, 216–220application characterization, 185–188campus backbone, 221–226case study, 234data-link layer technologies, 191-193design considerations, 182Layer 2/Layer 3 switching, 194–195,

198–199Edge Distribution module, 230-231modules, 132, 686

Campus Infrastructure, 133Edge Distribution, 135, 230-231example, 135guidelines, 136Network Management, 134requirements, 207Server Farm, 134

multicast traffic considerations, 211–212network geography, 182-184network traffic patterns, 209–210QoS considerations, 213–214security threats, 149Server Farm module

design guidelines, 228server connectivity, 229switches, 227

server placement, 226transmission media, 201–202

Enterprise Composite Network Model, 117, 163, 684

benefits, 129E-commerce module, 583

Enterprise Campus, 132–134example, 135guidelines, 136

Enterprise Edge, 137–141, 255–256evolution of enterprise networks, 128functional areas, 130goals of, 129intelligent network services, 145

example, 147overview, 146security, 149–151

Internet Connectivity module, 580layers, 685modules, 127, 130network hierarchy, 117

access layer, 120–121core layer, 125–126design layers, 118distribution layer, 123–125vs. OSI model, 120

Network Management module, 593–594network solutions, 145, 163.

See

also

network solutions

overview, 128Remote Access and VPN module, 585–591SAFE Blueprint, 579security

E-commerce module, 583Internet Connectivity module, 580Network Management module, 593–594Remote Access and VPN module,

585–591Server Farm module, 595WAN module, 591–592

Server Farm module, 595Service Provider Edge

guidelines, 144modules, 141-143

WAN module, 591–592 Enterprise Edge functional area, 230Enterprise Edge module, 166

end command


991

Enterprise Edge networks, 255–256, 685connecting

dispersed sites, 288-290with outside world, 260

link redundancy, 162modules, 137, 686

E-commerce, 139guidelines, 141Internet Connectivity, 139VPN/Remote Access, 140WAN, 140–141

redundant links, 268remote access connections, 277WAN design methodology, 255

Enterprise NetworksCN (Content Networking), 168

content caching, 169–170content delivery functions, 169content routing, 171content switching, 172example, 173

connectivity with Enterprise Campus, 230redundancy, 156voice transport, 164

evaluating existing data infrastructure, 167–168

IP telephony, 164–165modules, 166network solution example, 166

erase nvram: command, 777erase startup-config command, 775, 787Erlangs, 508, 511errors

checking, 4, 766encapsulation, 4recovery, 766reporting, 629

ES (end system), 400Esc+b command, 774Esc+f command, 774established keyword (IP extended access lists),

739

Ethernet, 5, 191EtherPeek, 79EUI-64 format interface ID, 358evaluating

technical constraints of network design, 63technical goals of proposed network, 62

events (fault management), 634Events group (RMON1), 619exception management, 649EXEC commands, 779exec-timeout 0 0 command, 777existing networks (case study), 101exit command, 775, 778explicit configuration, 157Express RTP Header Compression feature, 488extended access lists

configuring, 735–739example, 742–743placement, 744process flow, 735wildcard masks, 729

extending IP addressesclassful addresses, 721job aids, 716–718

Extensible Authentication Protocol (EAP), 589exterior gateway protocols (EGPs), 380, 406exterior routing protocols, 380external security threats, 152

application layer attacks, 153designing against, 154DoS attacks, 153

extranet VPN, 304

F

failure domain, 200FAQs (frequently asked questions), 259fast, 227Fast EtherChannel (FEC), 204Fast Ethernet, 5fast switching, 286fault

fault


992

fault management, 632architecture, 633event processing, 634isolation (hierarchical network models), 118tolerance, 125

FCAPS, 632, 704accounting management, 642–645configuration management, 635

configuration standards, 636configuration tools, 642functions and importance of, 635inventory, 637naming conventions, 638software, 637upgrade procedures, 639

fault management, 632architecture, 633event processing, 634

performance management, 646capacity areas, 651challenges, 651–652defining a process for, 650exceptions, 649goal of, 647performance data reporting, 650SLM, 648solutions, 652–653tools, 653what-if analysis, 648

security managementexamples, 656protocols, 655

FDDI, token passing media access, 6feasible successor, 397FEC (Fast EtherChannel), 204FEC (Fowarding Equivalence Class), 301FIB (Forwarding Information Base), 287fiber cable

deployment area, 204vs. copper cables, 203

FIFO (first-in, first-out), 273file-transfer activities, 262

filtering, 570packets, 725–726route, 414

Filters group (RMON1), 619firewalls, authentication, 565Fixed Length Subnet Masking (FLSM), 340flash updates, 378flat routing algorithms, 16flat routing protocols, 388floating static routes, 162flooding, 212flow control, 765–766Flow Label field (IPv6), 352flow specifications (RSVP), 23FLSM (Fixed Length Subnet Masking), 340Forward Delay timer (STP), 196Forwarding Information Base (FIB), 287forwarding unicast packets, 192FQDNs (Fully Qualified Domain Names), 349FR (Frame Relay), 255, 258

always-on connections, 281remote access connections, 279traffic shaping, 276

Frame Relay/ATM module, 143frame-relay interface dlci command, 785frame-relay inverse-arp command, 785frame-relay lmi-type command, 785frame-relay map command, 785frames, 11, 24, 768.

See

also

packetsframing command, 786full-mesh networks, 160, 281-282, 500Fully Qualified Domain Names (FQDNs), 349functional elements, 88FX (foreign exchange) trunks, 448

G

G.729 codec, 489GAAP (Generally Accepted Accounting

Principles), 36gatekeepers, 468gateways, 467

fault management


993

general configuration commands (table), 777–778general interface configuration commands (table),

778–779General Packet Radio Service (GPRS), 298Generally Accepted Accounting Principles

(GAAP), 36Generic Traffic Shaping (GTS), 494Get next request message, 610Get request message, 610Get response message, 610GetBulk messages, 611Gigabit Ether Channel, 204Gigabit Ethernet, 5global addresses, 803–804global aggregatable unicast addresses, 355Global Positioning Systems (GPS), 259Global System for Mobile (GSM), 298goals (organizational), 54GoS (Grade of Service), 505, 508

BHT, 510blocking probability, 511combining calculations with WAN capacity

calculations, 517CSS, 509Erlang tables, 508-509overview, 508trunk capacity calculation, 512

GPRS (General Packet Radio Service), 298GPS (Global Positioning Systems), 259GRE, 309ground start signaling method, 451groups (MIB), 615GSM (Global System for Mobile), 298GTS (Generic Traffic Shaping), 494guaranteed bit-rate service, 24guidelines for creating decision tables, 91

H

H.225 call signaling channel, 489H.323 standard, 466, 698

benefits, 466

components, 467example, 470

H245 control channel, 489hardware

DSPs, 700queuing, 273, 690selecting for WANs, 268switches, 12WANs, 8

HDSL (High-data-rate DSL), 258headers, 763, 768health (networks), 76, 84HFC (Hybrid Fiber Coaxial) topology, 296HIDSs (Host Intrusion Detection Systems), 575hierarchical addresses, 320Hierarchical Network model, 118, 684

design layers, 118access layer, 120–121core layer, 125–126distribution layer, 123–125

vs. OSI model, 120hierarchical routing algorithms, 16hierarchical routing protocols, 389hierarchies

IP addressingcriteria, 336implementing, 334

MIB, 613networks, 117organizations, 39

high availability network services, 146, 191designing into networks, 155link redundancy, 161route redundancy, 159–160Server Farm module

physical redundancy, 159high availability services, 156–157

shared vs. switched LAN technology, 194high-data-rate DSL (HDSL), 258History group (RMON1), 619history size command, 778hold-down, 386

hold-down


994

hop counts, 379, 382horizontal integration, 31host addresses, 22, 322Host group (RMON1), 619host-intelligent routing algorithms, 16Host Intrusion Detection Systems (HIDSs), 575Host top N group (RMON1), 619hostname command, 778, 789hosts, security

concerns, 557guidelines, 558threats, 580

hosts per class (IP addresses), 719HP OpenView, IBM Tivoli, 72HSRP (Hot Standby Router Protocol), 158, 227HTTP (Hyper Text Transfer Protocol), 654hub and spoke topology (VoFR networks), 501hubs, 9, 26Hybrid Fiber Coaxial (HFC) topology, 296hybrid interior gateway protocol, 377hybrid routing algorithms, 16Hyper Text Transfer Protocol (HTTP), 654

I

IANA (Internet Assigned Number Authority) web site, 324

IBGP (internal BGP), 406, 422, 696IBM SNA (Systems Network Architecture), 26ICMP (Internet Control Message Protocol), 17

messages, 727ping, 652

ICMP group (MIB), 615ICND router commands, 773–774identifying devices, 9IDSs, 150, 575IETF standards, MPPP (Multilink Point-to-Point

Protocol), 162IGMP snooping, 212IGPs (Interior Gateway Protocols), 380

RIP (Routing Information Protocol), 22route filtering, 415

IGRP (Interior Gateway Routing Protocols)metric calculation, 383–384when to use, 391

IKE (Internet Key Exchange), 309Implement phase (PDIOO), 682implementing

campus backbone, 221IP addressing hierarchy, 334-336network design, 95WANs, 268

implicit deny any entries (access lists), 728implicit wildcard masks, 731information exchange process (OSI model),

763–764information flow (organizations), 40information formats, 768–769ingress edge LSRs, 302initiating RSVP multicast sessions, 24inside global IP addresses, 800, 803–804inside local IP addresses, 800-801integrated IS-IS, 696integrated networks

capacity planning, 505Campus IP telephony, 519–521DSP resources, 514GoS, 508–512network migration, 507on-net/off-net calling, 505–506trunking, 521WANs, 515–518

Integrated Services Digital Network (ISDN), 255integrity threats, 547intelligent network services, 59, 219

example, 147high availability

designing into networks, 155link redundancy, 161route redundancy, 159–160Server Farm module, 156–159

network design stage, 59overview, 146

hop counts


995

securityAAA, 151external threats, 152–154IDS, 150OTPs, 151understanding threats, 149

shared vs. switched LAN technology, 193interactive voice response (IVR) systems.

See

IVR systems, 460, 698inter-AS routing protocols, 380inter-building network structure, 183interdomain routing algorithms, 16interface command, 778–779, 789interface configuration commands (table),

778–779Interface group (MIB), 615interface serial numbers (devices), 9interface vlan 1 command, 789interior gateway protocols.

See

IGPsInterior Gateway Routing Protocol.

See

IGRPinterior routing protocols, 380

integrating with BGP, 416–417selecting, 403–404

International Organization for Standardization (ISO), 3

InternetQoS, 23route redistribution, 414TCP/IP

application layer, 18network layer, 16transport layer, 17

as a WAN backup technology, 308–309Internet Connectivity module, 139, 580, 702Internet Control Message Protocol.

See

ICMPInternet Key Exchange (IKE), 309Internet Performance Monitor (IPM), 671Internet Protocol.

See

IPInternet Service Provider module, 142Internet service providers (ISPs), 259, 324

internetworking, 31devices, 9-10LANs

characteristics, 5circuit switching, 7data transmission, 6Ethernet, 5MAC addressing, 9network layer addressing, 9

WANscharacteristics, 6devices, 8dialup services, 7packet switching, 7provisioning, 8virtual circuits, 7

internetworks, 3interswitch communications, 448intra-AS routing protocols, 380-381intradomain routing algorithms, 16intranet VPN, 304IP (Internet Protocol), 16, 259

access lists, 725backwards compatibility, 726configuring, 728-730creating, 730ensuring results, 732implicit deny any entries, 728implicit wildcard masks, 731standard, 727verifying configuration, 746–747

accounting, 643addresses, 691

classes, 692converting between decimal and binary,

718determining classes, 719private addresses, 692

configuration commands, 780extended access lists

configuring, 735–739example, 742–743placement, 744

IP (Internet Protocol)


996

H.323, 466job aids, 715precedence, 494remote access options, 291–294

cable networks, 295-297DSL, 291LRE technology, 294MPLS, 300–302wireless networks, 298-300

routing, 390, 696security, 545

algorithms, 546availability threats, 548confidentiality threats, 547devices as targets, 550-551DoS attacks, 554-556hosts and applications as targets, 557–

558integrity threats, 547reconnaissance attacks, 553requirements, 546risk assessment, 549

ip access-group command, 731, 780ip access-list command, 780IP access lists, 726

standardconfiguring, 730example, 733processing, 728

wildcard masks, 729ip address command, 780, 789IP addressing, 21

ANDing, 21–22classes, 323, 720configuration management, 638default gateway, 157depletion, 799designing, 319

assigning addresses, 343–345case study, 370determining network size, 325evaluating location size, 327–328

hierarchy criteria, 336implementing hierarchy, 334name resolution, 347–349network size, 328–329network topology, 326–327pitfalls, 338route aggregation, 339routing protocols, 341subnet masking choice, 339summarization groups, 336

dotted decimal notation, 18EXEC commands (table), 779–780extending, 716–718hierarchical, 320host addresses, 322IPv4.

See

IPv4IPv6, 350, 355.

See also

IPv6address assignment strategies, 358address scope types, 356dynamic renumbering, 359IPv4 compatible addresses, 357name resolution, 360routing protocols, 366

NATconfiguration, 806configuring, 807–810entries, clearing, 811inside global addresses, overloading,

804overloading inside global addresses, 803TCP load distribution, 805terminology, 800translating inside local addresses, 801troubleshooting, 812verifying operation, 810

octets, 18, 321overlapping networks, 804prefixes, 323, 692private addresses, 329-331, 334route summarization, 334–335

IP (Internet Protocol)


997

subnet maskscalculating, 721–722calculating networks for, 723prefixes, 724–725

transitioning between IPv4 and IPv6, 362-364

ip classless command, 781IP configuration commands (table), 780–781ip default-gateway command, 789ip domain-lookup command, 781IP extended access lists, 735IP group (MIB), 615ip host command, 781IP multicasting network services, 146ip name-server command, 781ip nat command, 781ip netmask-format command, 781IP Network Address Translator, 799IP networks, transporting SNA data, 26IP phones, 165ip route command, 781IP RTP Priority queuing, 495IP spoofing, 152ip subnet-zero global configuration command, 20ip summary-address rip command, 394ip tcp selective-ack global configuration

command, 272IP telephony systems, 164, 698

architecture, 471bandwidth, 489


capacity planning, 519–521centralized design, 473CNIC, 63components, 165design goals, 472implementation, 165Internet design, 474QoS and voice quality, 492

AutoQoS, 497design considerations, 492mechanisms available, 493

security, 597best practices, 598risks, 599

single site design, 472VoATM

adaptation types, 503classes of services, 502design guidelines, 504overview, 502

VoFR, 498design guidelines, 500implementations, 499

voice coding and compression, 485codec design considerations, 487codec mean opinion score, 486codecs, 486

voice quality, 477echo, 483packet delays, 478–479variable network delays, 480-482

VoIP control and transport protocols, 487call control functions, 489RTP, 488UDP, 487

vs. VoIP, 470IPM (Internet Performance Monitor), 671IPSec, 309-310, 589IPv4, 715.

See also

IPaddressing, 18, 319

classes, 19hierarchical, 320host addresses, 322subnets, 19, 325

IPv6 address backwards compatible, 357private/public addresses, 329-331, 334transitioning to IPv6, 362-364vs. IPv6, 361

IPv6, 693.

See also

IPaddresses

assignment strategies, 358format, 351scope types, 354–356

IPv6


998

datagram structure, 352dynamic renumbering, 359features, 351Flow Label field, 352IPv4 compatible addresses, 357name resolution, 360overview, 350routing protocols, 366transitioning from IPv4, 362-364vs. IPv4, 361

ipx access-group command, 782IPX addressing, 25IPX commands (table), 782IPX configuration commands (table), 782ipx delay command, 782ipx input-sap-filter command, 782ipx maximum-paths command, 782ipx network command, 782ipx output-sap-filter command, 782ipx routing command, 782irritation zones, 485ISDN (Integrated Services Digital Network), 255

digital signaling, 452remote access connections, 279TA (terminal adapter), 8

isdn spid1 command, 786isdn spid2 command, 786isdn switch-type command, 786IS-IS

characteristics, 402disadvantages, 403features, 400–401terminology, 400when to use, 392

IS-ISv6, 367ISO (International Organization for

Standardization), 3ISO network management model

functional areas, 632accounting management, 642–645configuration management,

635–639, 642

fault management, 632–634performance management, 646–653security management, 654–656

service levelschallenges, 659constituent SLAs, 658management applications, 670–671, 674reporting, 664requirements, 660SAA, 666–667SLAs, 657SLM, 663–664

ISPs (Internet service providers), 259, 324ITU, voice coding and compression standards,

486IVR (interactive voice response) systems, 460,

698

J

jitter, 482job aids, decimal-to-binary conversion chart,

716–717

K

key frames, 24

L

L2 switching, 121, 126L3 switching, 121, 126Label Distribution Protocol (LDP) , 301Label Switched Paths (LSPs), 301Label Switched Routers (LSRs), 301-302LANs, 3

authentication, 565bandwidth, 265bridges, 10

IPv6


999

campus, 181characteristics, 5CSMA/CD, 6data transmission, 6devices

routers, 13–14switches vs. bridges, 12

Ethernet, 5, 191hubs, 9MAC addressing, 9network layer addressing, 9protocols, 761RMON, 617shared vs. switched, 235switched LAN technology, 192switches, 10

considerations, 194QoS, 214

technologies, 5VLANs, 12–13wireless, 298, 589

802.11b, 588EAP, 589IPSec, 589security, 587

LAPB (Link Access Procedure Balanced) payload compression, 269

Layer 2 switching, 194, 221campus backbone design, 221load sharing, 198multicast aware, 209STP, 195vs. Layer 3 switching, 241

Layer 3 switching, 194–195campus backbone design, 223–224dual-path campus backbone design, 225load sharing, 198–199vs. Layer 2 switching, 241

Layer 3 tunnels, 308

layersEnterprise Composite Network model, 685Hierarchical Network model, 684Network Organizational architecture, 682OSI model, 4X, 25TCP/IP

application layer, 18network layer, 16transport layer, 17

upper layer protocols, 18.

See

also

application layer

LD-CELP (Low-Delay-Code Excited Linear Prediction Compression) algorithm, 485

LDP (Label Distribution Protocol), 301leased lines, 143, 257leased WANs, 7, 266least privilege concept, 567LEDs (light emitting diodes), 202legacy SNA (Systems Network Architecture), 26Lempel-Ziv algorithm, 270Lempel-Ziv Stack (LZS) algorithm, 269line command, 778line vty command, 745linecode command, 786Link Access Procedure Balanced (LAPB) payload

compression, 269link-local unicast addresses, 356link redundancy, 161links

backup, 268optimizing performance, 263point-to-point, 7queuing to improve performance, 272redundancy, 161, 268serial lines, 7WANs, 285window size, 271–272WWW, 751–752, 757

link-state protocols, 377example, 379OSPF, 23selection guidelines, 380

link-state protocols


1000

link-state routing algorithms, 16LLC (Logical Link Control), 765–766LLQ (Low Latency Queuing), 495load balancing, 159load sharing, 198-200local addresses, translating, 801local loops, 448logging synchronous command, 778logical addresses, 9logical ANDing, 21–22logical networks, 18login command, 778, 789logout command, 775Long Reach Ethernet (LRE), 258–259, 294loop start signaling method, 451Low-Delay-Code Excited Linear Prediction

Compression (LD-CELP) algorithm, 485Low Latency Queuing (LLQ), 495lower layers (OSI model), 760LRE (Long Reach Ethernet), 258–259, 294LSPs (Label Switched Paths), 301LSRs (Label Switched Routers), 301-302LZS (Lempel-Ziv Stack) algorithm, 269

M

MAC (Media Access Control) addressing, 9, 765–766

mac-address-table permanent command, 789mac-address-table restricted static command, 789mac-address-table static command, 789MAC-layer addresses, 320management, 118

CDP, 623functionality, 624information, 623

Cisco MIB, 616functional areas, 632

accounting management, 642–645configuration management, 635–639,

642fault management, 632–634

performance management, 646–653security management, 654–656

MIB, 613example, 617private managed objects, 615vendor-specific definitions, 615

MIB-II, 615NetFlow, 625

activation and data collection, 627functionality, 626vs. RMON, 629

network, 607-609protocols, 607RMON, 617

RMON1, 618–619RMON2, 620

service levelschallenges, 659constituent SLAs, 658management applications, 670–671, 674reporting, 664requirements, 660SAA, 666–667SLAs, 657SLM, 663–664

SNMP, 609message types, 610SNMPv2, 611SNMPv3, 612SNMPv3 security, 612

syslog accounting, 629distributed architecture, 631severity, 630

Management Information Base.

See

MIBmasks (subnets), 21Matrix group (RMON1), 619maximum Age timer (STP), 196MCU (multipoint control units), 470mean opinion score (MOS), 486mean time between failure (MTBF), 191media access (CSMA/CD), 6media-type command, 779

link-state routing algorithms


1001

memory, 9message waiting indicator (MWI) services, 459messages, 769

error, 630ICMP, 727syslog, 629, 704

methodologies campus design, 181Network Organizational Model, 683

metrics, 15BGP, 385EIGRP, 384hop count, 379IGRP, 384routing protocols, 382–383variance, 160vectors, 23

MIB (Management Information Base), 613-614, 704

Cisco MIB, 616example, 617MIB-II, 615private managed objects, 615RMON, 617vendor-specific definitions, 615Web site, 614

Microsoft Point-to-Point Compression (MPCC), 270

minimum bandwidth metric, 382mobile wireless networks, 298modems, 8

cable, 295TA (terminal adapter), 8

Modern Organizational Ecosystem Model, 32modern organizational model, 31modular networks, 145modularity, 69, 88, 118, 684modules

Enterprise Campus, 132–136, 207, 686Enterprise Composite Network Model,

127, 130

Enterprise Edge, 137, 141, 686E-commerce module, 139functional area, 230Internet Connectivity module, 139VPN/Remote Access module, 140WAN module, 140–141

Service Provider Edge, 141–144, 687voice, 475voice transport, 166

more nvram:startup-config command, 777more system: running-config command, 777MOS (mean opinion score), 486MPCC (Microsoft Point-to-Point Compression),

270MPLS (Multi-Protocol Label Switching), 258-

259, 300egress edge LSRs, 302FEC, 301ingress edge LSRs, 302labels, 301packet flow, 302services provided, 303VPNs, 307

MPPP (Multilink Point-to-Point Protocol), 162MRTG, 79MSTP (Multiple STP), 198MTBF (mean time between failure), 191multicast addresses (IPv6), 354multicast traffic, 211–212multicast transmission, 6, 24multihoming, 405multilayer switching, 225Multilink Point-to-Point Protocol (MPPP), 162multimode (MM) fiber, 202multipath routing algorithms, 15Multiple STP (MSTP), 198multiple-DMZ network example, 584multiplexing, 766multipoint control units (MCU), 470Multi-Protocol Label Switching.

See

MPLSMWI (message waiting indicator) services, 459

MWI (message waiting indicator) services


1002

N

n, 6name resolution

designing IP addressing, 347DNS servers, 349static vs. dynamic, 348

IPv6, 360NANP (North American Numbering Plan), 455NAT (Network Address Translation),

332, 692, 799configuring

for basic local IP address translation, 806

inside global address overloading, 807TCP load distribution, 809–810translating overlapping addresses, 808

debug ip nat command, 812entries, clearing, 811implementation considerations, 812inside global addresses, 803–804inside local addresses, 801overlapping networks, address translation,

804supported features, 801TCP load distribution, 805terminology, 800troubleshooting, 812uses for, 799verifying operation, 810

NAT-PT translation mechanism, 365NBAR (network-based application recognition),

79neighbor table, 396neighbors (BGP), 406NetFlow, 77-79, 625-627

accounting management, 645Data Export, 627FlowCollector, 627functionality, 626Network Data Analyzer, 628vs. RMON, 629

NetFlow Flow Collector application, 80Network Address Translation.

See

NATnetwork audits, 70

manual commands, 72–75tools, 71

network-based application recognition (NBAR), 79

network command, 781Network Data Analyzer, 80network geography, 182-184Network Health Checklist, 76Network Intrusion Detection Systems (NIDSs),

575network layer, 256

addressing, 9IP addressing, 329-331, 334, 692OSI model, 5, 766packets, 768

Network layer host group (RMON2), 622Network layer matrix group (RMON2), 622Network Management module, 132, 134

guidelines, 136integration, 226security

guidelines, 594risks, 593

network management network services, 146network management system (NMS), 608, 703network modeling tools (NMTs), 94network operating system (NOS), 24network organizational architecture, 34Network Organizational Model, 29, 84–86

accomplishing organizational goals, 42applications and network services, 57–58, 60architecture, 34, 681

example, 35layers, 682

assessing existing networks, 64, 67, 70–75customer input, 65examples, 66

assessing organizational constraints, 55-57benefits, 31

n


1003

core assumptions, 31design methodology, 44–48flexibility, 31, 43guidelines for implementation, 34identifying

customer requirements, 49network requirements, 52

methodology, 683organizational hierarchy, 39scope, 49technical constraint identification, 62–63technical goals, 60–62traffic analysis, 77

example, 78examples, 81–82tools, 79

understanding organizational goals, 53network protocols, 761network providers, tariffs, 256network security policies, 549network services, 687

intelligent, 59security, 545

network solutions, 163, 687CN (Content Networking), 168

content cachings, 169–170content delivery functions, 169content routing, 171content switching, 172example, 173

examples, 163intelligent network services, 145voice transport, 164


example, 166IP telephony, 164–165modules, 166

networks, 597, 599accomplishing organizational goals, 42application characterization, 185

application requirements, 189

client-client, 185client-distributed server, 186client-Enterprise Edge, 188client-server farm, 187

application maps, 67auditing, 71baselining, 649benefits, 32best practices, 598cable, 259, 295–297caches, 171campus, 181, 687CDN, 168cell-switched, 258converged, 463convergence, 385designing, 117.

See

also

Enterprise Composite Network Model

applications and network services, 57–58, 60

assessing existing networks, 64–67, 70–84

assessing organizational constraints, 55-57

customer requirements, 49decision tables, 91–93documentation, 97draft design documents, 85–86Enterprise Campus, 181, 208–214,

216-226, 230-231, 234hierarchical network model, 118implementation and verification, 98IP telephony, 63methodology, 47–48monitoring and redesigning, 99network requirements, 52OSI model, 49PDIOO, 44–45planning design implementation, 95–96prototypes and pilots, 97redesign case study, 706–707, 710RFPs/RFIs, 50

networks


1004

scope, 49structured approach, 87technical constraint identification, 62–

63technical goals, 60–62tools, 94top-down approach, 87-90understanding organizational goals, 53VoFR, 500voice transport, 441, 697WANs, 688

devices, 9bridges, 10bridges vs. switches, 12hubs, 9routers, 13–14switches, 10

dynamic routing, 375enterprise, evolution of, 128flexibility (example), 43health summary report, 84hierarchy, 117infrastructure, 88integrated IS-IS, 401integrating voice and data, 461internetworks, 3IP

addressing, 691-692security threats, 545telephony, 472transporting SNA data, 26

ISPs, 259LANs

characteristics, 5CSMA/CD, 6data transmission, 6Ethernet, 5MAC addressing, 9

life cycles, 682management, 607, 670, 703-705.

See

also

management

masks, 322

modularizing, 69, 684MPLS, 301network organizational architecture, 34OSI model, 3overlapping, IP address translation, 804packet switched, 258, 281–282, 464peer-based, 26performance, 60, 653pilots or prototypes, 49protocols (routing), 695provisioning, 8QoS (voice quality), 492–493, 497remote access, 278–279

always-on connections, 280–281backup solutions, 283–285design as process, 283dispersed Enterprise sites, 288-290IP connectivity, 291–302on-demand connections, 280packet switched topologies, 281–282VPNs, 304–305, 307–308WANs, 277

routingfast switching, 286filtering, 696process switching, 286protocols, 403–404, 423redistribution, 696

security, 545, 701.

See also

securityauthentication, 563–566authorization, 567-569availability threats, 548confidentiality threats, 547data integrity, 572–574device guidelines, 551devices as targets, 550DoS attacks, 554-556external threats, 152–154hosts and applications as targets,

557–558integrity threats, 547physical, 561–562

networks


1005

policies, 559–561reconnaissance attacks, 553requirements, 546restricting vty access, 744risk assessment, 549SAFE Blueprint, 578secure management and reporting,

575-577transmission confidentiality, 570–572understanding threats, 148

self-clocking, 272static routing, 374telephony. See telephony systemstraditional organizational, 42traffic, upper-layer protocol transparency, 11trending, 649upgrades (case study), 105VoFR, 498voice quality, 477voice transport, 441

PBXs, 444–447PSTNs, 444

WANs, 256characteristics, 6circuit switching, 7designing, 261devices, 8dialup services, 7packet switching, 7response time, 262virtual circuits, 7

wireless, 259, 300networks per class (IP addresses), 719NetZoom, 72NIDSs (Network Intrusion Detection Systems),

575NMS (network management system), 608, 703NMTs (network modeling tools), 94nodes, 6, 182North American Numbering Plan (NANP), 455NOS (network operating system), 24notation, dotted decimal, 321

Novel, Interware protocol suite, 24numbering plans

North American, 455PSTN, 454

Ooctets, 18, 321ODR (on-demand routing), 392-393, 695off-net calling, 505–506, 512on-demand connections, ISDN vs. analog

modem, 280One Time Passwords (OTPs), 151, 552One Time Passwords authentication (OTP

authentication), 134on-net calling, 505–506, 700Open Shortest Path First. See OSPF protocolOpen Systems Interconnection model. See OSI

modelOperate phase (PDIOO), 683Optimize phase (PDIOO), 683optimizing

link performance, 263WAN bandwidth, 268

organizations, 55, 57accomplishing goals with networks, 42architecture components, 33benefits of networking, 32ecosystems, 31–32flexible network infrastructures, 43goals

common examples, 53data to be gathered from, 54examples of, 54template for assessment, 55

hierarchy, 39information flow, 40modern model, 31networks

design methodology, 47–48flexibility (example), 43understanding goals, 53

organizations


1006

policies, 36defining, 37–38levels of policy makers, 38

relationships with stakeholders, 31structure, 39traditional model, 30

ork, 25OSI model (Open Systems Interconnection) , 3,

120, 256application layer, 768characteristics, 760communication between layers, 762control information, 763data link layer, 765information exchange process, 763–764LAN protocols, 5layer services, 762layers, 4lower layers, 760network layer, 766networks, 16physical layer, 765presentation layer, 767protocols, 16, 761relationship to IBM SNA, 26scope of project, 49transport layer, 23, 766upper layers, 760upper-layer protocols, 11vs. hierarchical network model, 120

OSPF (Open Shortest Path First) protocol, 23characteristics, 399features, 398hierarchical design, 398when to use, 391

OSPFv3, 367OTPs (One Time Passwords), 134, 151, 552OUI (Organizational Unique Identifier), 9out keyword (access-class command), 746outbound interfaces, queuing, 273outside global IP addresses, 800outside local IP, 800

overlapping networks, IP address translation, 804overlay VPNs, 304overloading inside global addresses, 803–804

PPacket captu730re group (RMON1), 619packet filtering, 725–727, packet loss, 263packet switched topologies, 258, 281, 464

fully meshed, 282partially meshed, 282star, 282

packets, 768data transmission, 6dejitter buffers, 481delay from variable packet size, 482delays and losses in voice networks, 477fast switching, 286jitter, 482MPLS, 302network flow, 625process switching, 286processing delays, 479propagation delays, 478queuing delays, 480serialization delays, 479switching, 7unicast, forwarding, 192

Partial Route Calculation (PRC), 402partially meshed topology, 281-282password command, 778, 789passwords

attacks, 152OTPs, 552

PBXs (Private Branch Exchanges), 294features, 446–447vs. PSTNs, 444

PCM (pulse code modulation), 442-443, 697PCM algorithm, 485PDIOO (Plan-Design-Implement-Operate-

Optimize), 44–45, 260, 682

organizations


1007

PDUs, 770peer-based networking, 26peers, 406. See also neighborspeer-to-peer VPNs, 307performance, 60, 520. See also capacity planning

assessing network health, 76bottlenecks, 276compression, affect on, 271distribution switches, 219evaluating for upgrade to voice network

solutions, 167management, 646

capacity areas, 651challenges, 651–652defining a process for, 650exceptions, 649goal of, 647performance data reporting, 650SLM, 648solutions, 652–653tools, 653

voice networks, 477what-if analysis, 648

permanent virtual circuits (PVCs), 7, 258permit conditions, 725personnel, considerations in network design, 56phantom routers, 158physical layer (OSI model), 5, 256, 765physical redundancy, 159physical security

guidelines, 562threats, 561

pilot networks, 97PIM (Protocol Independent Multicast), 211ping command, 652, 775, 787ping ipx command, 782PKI (Public Key Infrastructure), 309placement

extended access lists, 744standard access lists, 733

Plan phase (PDIOO), 682Plan-Design-Implement-Operate-Optimize

(PDIOO), 260planning design implementation, 95–96points of presence (POPs), 258point-to-point links, 7, 288poisonous data, 555policies

consideration in network design, 56network security, 549organizational, 36-38policy domain, 200security, 559

documentation, 560example, 561physical threats, 562

POPs (points of presence), 258port names

TCP, 740UDP, 741

port numbers, 17, 739port secure command, 790port secure max-mac-count command, 790port security action command, 790port security command, 790port security max-mac-count command, 790PortFast, 122, 196POTS, 8ppp authentication command, 786PPPoA implementation, 294PPPoE implementation, 294PQ (Priority Queuing), 273-274, 495PRC (Partial Route Calculation), 402precedence (IP), 494Predictor data compression algorithm, 270prefixes, 323, 692, 724–725presentation layer (OSI model), 767PRI (Primary Rate Interface), 452pri-group command, 786Priority Queuing (PQ), 273–274, 495private addresses, 329-331, 334, 692

connectivity with public addresses, 332guidelines for use, 334requirements, 332


1008

Private Branch Exchange. See PBXprivate WANs, 266privilege escalation, 557Probe configuration group (RMON2), 622process switching, 286processing, 352, 728processing delays, 479propagation delays, 478Protocol director group (RMON2), 622Protocol distribution group (RMON2), 622Protocol Independent Multicast (PIM), 211protocol stacks, 16protocols, 761

AppleTalk protocol suite, 25ARP, router discovery, 157bridging, 11configuration, 641H.323, 466

benefits, 466components, 467example, 470

IP address assignment, 344LANs, 5management, 623–624NetWare protocol suite, 24network management architecture, 609OSI model, 3port numbers, 17routing, 3, 15, 695

BGP, 23, 404-406case study, 423comparison of, 390convergence, 385-387distance vector, 376–380EIGRP, 23, 395–397features, 392flat, 388hierarchical, 389hierarchical network structure, 407hybrid interior gateway, 377IGRP, 391

integrating interior routing protocols with BGP, 416–417

IP addressing design, 341IPv6, 366IS-IS, 392, 400–401link-state, 377-379metrics, 382–383ODR, 392OSPF, 23, 391, 398RIPv1 or RIPv2, 390, 394route filtering, 414route redistribution, 411–413route summarization, 419–420selecting, 373, 389suites, 16TCP/IP, 22

security, 655stacks, 16standardized, 3STP, 12switch security management, 654TCP/IP

application layer, 18IP addressing, 21IPv4 addressing, 18–19network layer, 16transport layer, 17

VoIP control and transport, 487WAN, 6

prototype networks, 49, 97provisioning, 8proxy ARP

HSRP, 158router discovery, 157

PSTN module, 143PSTNs (Public Switched Telephone Network),

257features, 447numbering plans, 454services, 456

call centers, 459Centrex, 457

Private Branch Exchange


1009

interactive voice response (IVR), 460virtual private voice networks, 458voice mail, 459

switch trunks, 448TDM, 461vs. PBXs, 444

public addressesconnectivity with private addresses, 332guidelines for use, 334requirements, 332

Public Key Infrastructure (PKI), 309Public Switched Telephone Networks. See PSTNspulse code modulation (PCM), 442-443, 697PVCs (permanent virtual circuits), 7, 258

QQ Signaling (QSIG), 445QoS (Quality of Service), 23, 79, 272

categories, 214Cisco AutoQoS, 497data flows, 23design considerations (Enterprise Campus

networks), 213–214LAN switches, 214Layer 2 switching support, 209MPLS, 303network services, 146queuing strategies, 273voice quality, 492

AutoQoS, 497implementing, 492mechanisms available, 493

voice transport, 699VoIP example, 215

QoS classification mechanism, 493QPPB (QoS Policy Propagation on BGP), 407queuing, 272, 690

delays, 480PQ, 274types of, 273WFQ, 273

quiet period, 410

RR1/R2 signaling, 452RA

route redistribution, 414routing protocols, 410

RADIUS (Remote Authentication Dial-In User Service), 134

RAM, 9random early detection (RED), 494range, shared vs. switched LAN technology, 193Rapid STP (RSTP), 197RARP (Reverse Address Resolution Protocol), 17rate-sensitive traffic, 24Real-Time Transport Protocol (RTP), 271, 488Recall, 321receivers (RSVP sessions), 24reconnaissance attacks, 553, 580RED (random early detection), 494redundancy

cost concerns, 155Enterprise Networks, 156link, 161, 268physical, 159route, 159–160

registered IP addresses, 329-331, 334, 692. See also private addresses

reliability (WAN design), 263reload command, 775Remote Access and VPN module security

802.11b, 588guidelines, 586risks, 585, 591wireless LANs, 587, 590

remote access connections, 277, 303–309always-on connections, 280–281backup solutions, 283–285design as process, 283dispersed Enterprise sites, 288-290establishing parameters, 278–279IP connectivity, 291–302on-demand connections, 280packet switched topologies, 281–282


1010

remote access networks, 308–309remote monitoring. See RMONRemote Shell/Remote Shell Command Execution

(RSH/RCMD), 654Request for Information (RIFs), 50Request for Proposal (RFPs), 50requires, 24reserved TCP port numbers, 740reserved UPD port numbers, 741Response Time Reporter (RTR). See SAAresponse times, 262-263restricting vty access, 744resume command, 775retirement, 683<Return> command, 774Reverse Address Resolution Protocol (RARP), 17RFC 1631, 799RFC 1700, 739-741RFC 1918, Address Allocation for Private

Internets, 330RFC 2080, RIPng for IPv6, 367RFC 2283, Multiprotocol Extensions for BGP-4,

367RFC 2460, Internet Protocol, Version 6 (IPv6),

350RFCs (Requests for Comments), 793–797RFIs (Request for Information), 50RFPs (Request for Proposal), 50RIP (Routing Information Protocol), 22RIPng (RIP new generation), 366RIPv1, 390, 394RIPv2(RIP version 2), 22, 379, 390, 696

convergence, 386features, 394snapshot routing, 390

risk assessmentnetwork security, 549security wheel, 559

RMON (remote monitoring), 607, 617–618, 704MIB, 618RMON1, 618-619

RMON2, 620vs. NetFlow, 629

ROM, 9route aggregation, 334, 337-339, 419–420route filtering, 696route flaps, 419route redistribution, 696route redundancy, 159–160route summarization, 334–335routed networks, 286routed protocols, 3, 15router eigrp command, 781router igrp command, 781router ospf command, 781router rip command, 781routers, 13–14, 163

Cisco, 411compression and its affects on performance,

271DDR, 280LSRs, 301phantom, 158voice gateways, 165, 475voice-enabled. See voice gateways

routing, 15algorithms, 15classful, 341classless, 342DDR, 7dial backup, 284dynamic, 375–376floating static routes, 162IP, 696metrics, 15protocols. See routing protocolsroute filtering, 414, 696route redistribution, 412source routing, 16static, 374TCP/IP protocol

IP addressing, 21IPv4 addressing, 18–19IPv4 subnets, 19

remote access networks


1011

Routing Information Protocol (RIP), 22routing protocols, 15, 761

access layer, 409BGP, 23, 404

external/internal, 406implementation example, 405

case study, 423comparison of, 390convergence, 385-387core layer, 409deployment

hierarchical network structure, 407integrating interior routing protocols

with BGP, 416–417route filtering, 414route redistribution, 411–413route summarization, 419–420

distance vector, 376example, 377–378selection guidelines, 380

distribution layer, 409EIGRP, 23, 391features, 392

EIGRP, 395–397IS-IS, 400–401ODR, 392OSPF, 398RIPv1 vs. RIPv2, 394

flat, 388hierarchical, 389hybrid interior gateway, 377IGRP, 391interior, selecting, 403–404IPv6, 366IS-IS, 392, 403link-state, 377–380metrics, 160, 382–383OSPF, 391remote access, 410RIPv1 or RIPv2, 390router discovery, 157section criteria, 373

selecting, 389suites, 16TCP/IP, 22vectors, 23vs. routed protocols, 15

routing tables, 15, 397RSH/RCMD (Remote Shell/Remote Shell

Command Execution), 654RSTP (Rapid STP), 197RSVP (Resource Reservation Protocol), 23-24RTP (Real-Time Transport Protocol), 271, 488RTR (Response Time Reporter). See SAA

SSAA (service assurance agent), 653, 666, 706

deployment, 668management applications, 670

IPM, 670–671SMS, 674

monitoring metrics, 667SAFE (Security Architecture for Enterprise)

Blueprint, 545Enterprise Composite Network

E-commerce module, 583Internet Connectivity module, 580Network Management module, 593–594Remote Access and VPN module,

585–591Server Farm module, 595WAN module, 591–592

integrated functionality, 578scalability

EIGRP, 397IS-IS, 402OSPF, 399

S-CDMA mode, 297scope

IPv6 addresses, 354network device security breaches, 551organizational network design, 49

SDH (Synchronous Digital Hierarchy), 289

SDH (Synchronous Digital Hierarchy)


1012

SDSL (Symmetric DSL), 258, 291SDUs, 770secure fingerprints, 572–573, 701security, 545, 580, 583–595, 701

algorithms, 546authentication, 563–564

guidelines, 566how to use, 565

authorization, 567guidelines, 569least privilege concept, 567

Auto Update Server, 599–600Cisco Secure Scanner, 72data integrity, 572–574defense in depth concept, 578device guidelines, 551Edge Distribution module (Enterprise

Campus networks), 230filtering, 570IP networks, 545

availability threats, 548confidentiality threats, 547devices as targets, 550integrity threats, 547requirements, 546risk assessment, 549

IP telephony systems, 597–599IPSec, 310management, 654

examples, 656protocols, 655

physicalguidelines, 562threats, 561

policies, 559documentation, 560example, 561

restricting vty access, 744SAFE Blueprint, 578secure management and reporting

audit trails, 575guidelines, 577IDSs, 575

smurf attacks, 556SNMPv3, 612threats

DoS attacks, 554-556hosts and applications as targets,

557–558reconnaissance attacks, 553

transmission confidentiality, 570encryption, 571guidelines, 572

UTP concerns, 202wireless LANs, 587

Security Architecture for Enterprise Blueprint. See SAFE Blueprint

security network services, 146AAA, 151external threats, 152–153

designing against, 154overview, 152

IDSs, 150OTPs, 151understanding threats, 149

security wheel, 559segments, 12, 769selection guidelines, 380self-clocking, 272Sequenced Packet Exchange (SPX), 25serial lines, dial backup, 7serialization delays, 479Server Farm module, 132-134

guidelines, 136high availability, 155security, 595server connectivity, 229servers, 227voice network solutions, 166

Server Farms, 187, 227servers

access servers, 8Auto Update Server security, 599–600building distribution modules, 226common Server Farms, 187Enterprise Campus design, 226

SDSL (Symmetric DSL)


1013

service assurance agent. See SAAservice level contracts (SLCs), 657Service Management Solution (SMS), 674service password-encryption command, 778Service Provider Edge, 685

guidelines, 144modules, 141-143, 687

service providers (SPs), 259, 290service timestamps command, 778service-level contract (SLC), 657, 705service-level management. See SLMservices

MPLS, 303OSI model, 762queuing, 274RSVP, 24

sessionsRSVP, 24TCP, 739

Set request message, 610setup command, 775shadow PVCs, 287shared technology

bandwidth, 193cost, 194high availability, 194intelligent services, 193range, 193

shared technology topology, 192shared WANs, 266shortest-path first routing algorithms, 16show access-lists command, 775show appletalk globals command, 783show appletalk interface command, 783show appletalk route command, 783show appletalk zone command, 783show cdp entry command, 775show CDP interface command, 787show cdp interface command, 775show CDP neighbors command, 787show cdp neighbors command, 775show CDP neighbors detail command, 787

show cdp neighbors detail command, 775show cdp traffic command, 775show clock command, 775show commands, 725, 810show configuration command, 777show controller command, 775show dialer command, 784show flash command, 775show frame-relay lmi command, 784show frame-relay map command, 784show frame-relay pvc command, 784show frame-relay traffic command, 784show history command, 775, 787show hosts command, 779show interface command, 384show interface switchport command, 788show interface vlan 1 command, 788show interfaces command, 776, 788show ip access-list command, 779show ip cache flow command, 81–82show ip command, 787–788show ip eigrp neighbors command, 779show ip eigrp topology command, 779show ip eigrp traffic command, 780show ip interface command, 780show ip nat statistics command, 780, 810show ip nat translations command, 780show ip nbar protocol-discovery command, 81show ip ospf interface command, 780show ip ospf neighbor command, 780show ip protocols command, 780show ip route command, 780show ip route eigrp command, 780show ipx access-list command, 782show ipx interface command, 782show ipx route command, 782show ipx servers command, 782show ipx traffic command, 782show isdn active command, 784show isdn status command, 784show mac-address-table command, 788show mac-address-table secure command, 788

show mac-address-table secure command


1014

show port security command, 788show processes command, 776show processes cpu command, 73show processes memory command, 75show running-config command, 776–777, 788show sessions command, 776show spanning-tree vlan command, 788show spantree command, 788show startup-config command, 776–777show terminal command, 776show trunk command, 788show users command, 776show version command, 776, 788show versions command, 788show vlan brief command, 788show vlan command, 788show vlan-membership command, 788show vtp command, 788show vtp domain command, 788show vtp status command, 788shutdown command, 779, 790signaling, 697

analog, 442digital, 442telephony systems, 449–450

analog, 451–452digital, 452ISDN digital, 452PSTN numbering plans, 454PSTNs, 456–460SS7 digital, 453

signal-to-noise ratio (SNR), 443signature verification key, 701Simple Network Management Protocol. See

SNMPsimple translation entry, 800simulation tools, 94single-mode (SM) fiber, 202single-path routing algorithms, 15site local unicast addresses, 356

SLAschallenges of management, 659constituent, 658reports, 664requirements, 660SLM, 663–664

SLCs (service-level contracts), 657, 705SLM (service-level management) 648, 705

challenges, 663example, 664planning, 665

SMDS (Switched Multimegabit Data Services), 258

SMS (Service Management Solution), 674smurf attacks, 556SNA (Systems Network Architecture), 26snapshot routing, 390Sniffer, 79SNMP (Simple Network Management Protocol),

607-609message types, 610SNMPv2, 611SNMPv3, 612switch security management, 654

snmp-server command, 789SNR (signal-to-noise ratio), 443software

bridges, 12Cisco IOS

compression services, 270queuing services, 274traffic shaping, 276

configuration management, 637queuing, 273selecting for WANs, 268version control, 638

SONET (Synchronous Optical Network), 289source node, 6source routing, 16spanning-tree features of switches, 122Spanning-Tree Protocol, 161

show port security command


1015

speedtwisted-pair cable, 202WAN links, 268

split Layer 2 campus backbone design, 222spoofing, 591SPs (service providers), 259, 290SPX (Sequenced Packet Exchange), 25SR/TLB (source-route translational bridging), 11SRB (source-route bridging), 11SRT (source-route transparent bridging), 11SS7 digital signaling, 453SSH, 654STAC compression algorithm, 270stakeholders, 29-31standard IP access lists, 727

configuring, 730example, 733placement, 733processing, 728wildcard masks, 729

standards, 23network configuration, 636network management architecture, 609

star topologies, 281-282static FRF.11 trunks, 499static IP address assignment, 344–345static name resolution, 348, 360static routing, 162, 374static routing algorithms, 15statistical compression, 270Statistics group (RMON1), 619STP (Spanning-Tree Protocol), 12

convergence enhancements, 197disabling on a device, 217error-reducing features, 197Forward Delay timer, 196Layer 2 switches, 195recent enhancements, 196

STP Loop Guard, 197strategic analysis tools, 94strong authentication, 564structured approach to network design, 87

subnet masks, 19-21, 322calculating, 721–722calculating networks for, 723extending IP classful addresses, 721fixed vs. variable, 339prefixes, 724–725

subnets, 19, 325successor, 397suggested reading, 751–752, 757summarization (routes), 419–420, 334–335summary reports, 84supernetting, 334, 419–420supervision signaling, 450SVCs (switched virtual circuits), 7, 258switched LAN technology, 192

cost, 194high availability, 194intelligent services, 193range, 193

Switched Multimegabit Data Services (SMDS), 258

switched virtual circuits (SVCs), 7, 258switches, 8-11

Catalyst, 13cut-through, 12distribution, 219effects of applications on performance, 229interswitch communications, 448IP telephony, 165Layer 2/Layer 3 comparison, 194–195

cost, 201failure domain, 200load sharing, 198–199

oversubscription, 228PBX, 446PSTN, 447, 697security management, 654Server Farm module (Enterprise Campus

network), 227spanning-tree features, 122vs. bridges, 12

switches


1016

switching, 172L2, 121L3, 121modes, 286policy domains, 200vs. shared technology, 688

switchport access command, 790switchport mode command, 790Symmetric DSL (SDSL), 258, 291SYN code bit set, 739Synchronous Digital Hierarchy (SDH), 289SYN-flooding attacks, 556syslog accounting, 629

severity, 630syslog distributed architecture, 631

syslog messages, 704Systems Network Architecture (SNA), 26

TT1 trunks, 446T3, 143TA (ISDN terminal adapter), 8<Tab> command, 774TACACS+ (Terminal Access Controller Access

Control System Plus), 134tariffs, 256TCP (Transmission Control Protocol), 17, 666

assigned port numbers, 740load distribution, 805port names, 739-740selective acknowledgment, 272sessions, 739

TCP intercept feature (Cisco IOS), 556TCP/IP (Transmission Control Protocol/Internet

Protocol), 270application layer, 18applications, 768IP addressing, 21IPv4 addressing, 18-19network layer, 16RIP, 22

routing protocols, 23transport layer, 17

TDM (time-division multiplexing), 461always-on connections, 280remote access connections, 279

TDMA mode, 297technical requirements of WAN design

bandwidth, 264maximum offered traffic, 263

telephony systems, 448bandwidth, 489


call legs, 477integrating voice architectures, 460, 465

converged networks, 463VoIP, 461, 469

IP, 470architecture, 471centralized design, 473design goals, 472Internet design, 474single site design, 472

PBX/PSTN comparison, 445PCM, 443PSTNs

call centers, 459Centrex, 457features, 447interactive voice response (IVR), 460numbering plans, 454services, 456virtual private voice networks, 458voice mail, 459

QoS and voice quality, 492AutoQoS, 497design considerations, 492mechanisms available, 493

signaling, 449–450analog, 451–452digital, 452ISDN digital, 452

switching


1017

SS7 digital, 453VoATM

adaptation types, 503classes of services, 502design guidelines, 504overview, 502

VoFR, 498–500voice coding and compression, 485

codec design considerations, 487codec mean opinion score, 486codecs, 486

voice gateways, 476voice quality, 477

echo, 483packet delays, 478–479variable network delays, 480-482

voice routing, 454, 475VoIP control and transport protocols, 487

call control functions, 489RTP, 488UDP, 487

Telnet, 654telnet command, 776Temporal Key Integrity Protocol (TKIP), 590term ip netmask-format command, 780Terminal Access Controller Access Control

System Plus (TACACS+), 134terminal editing command, 776terminal history size command, 776terminal monitor command, 776terminal servers, 134terminals, 467terminology (NAT), 800testing

prototype/pilot networks, 97TCP and UDP services, 666

testing services, 666threats, 148. See also security

external, 152–154Internet Connectivity module, 580physical, 561

three-way handshake, 17

throughput, 190, 262tie-line emulation, 499tie trunks, 448time-division multiplexing. See TDMtiport, 8TKIP (Temporal Key Integrity Protocol), 590token passing media access, 6TokenRing group (RMON1), 619top-down design approach, 87

example, 90vs. bottom-up, 89

topologiesassessing existing networks in design

process, 66Ethernet, collision domains, 191Token Ring, token passing media access, 6WANs, 261

topology tables, 397traceroute command, 776traditional organizational model, 30traditional WAN technologies, 257traffic

analyzing in existing networks, 77examples, 78, 81–82tools, 79

attacks, 553best-effort, 24data flows, 23delay-sensitive, 24, 213–214downstream/upstream, 291flooding, 212flow specifications, 23interesting/uninteresting, 280IP extended access lists, 735monitoring, 617MPLS services, 303multicast, 211-212network patterns (Enterprise Campus

networks), 209–210queuing services, 274queuing to avoid congestion, 272rate-sensitive, 24

traffic


1018

reducing voice traffic, 490routing, 15shaping, 276upper-layer protocol transparency, 11voice, capacity planning, 505–518Web, 172

traffic-share command, 781trailers, 763, 768translating

inside local addresses, 801NAT, 332registered IP addresses to private addresses,

692translation transition mechanism, 365translational bridging, 11transmission confidentiality, 570

encryption, 571guidelines, 572

Transmission Control Protocol/Internet Protocol. See TCP/IP

transmission media, 201bandwidth and range characteristics, 204cabling, 182copper vs. fiber, 203network example, 205optical cables, 202UTP, 201

transparencynetwork interfaces (AppleTalk), 25upper-layer protocols, 11

transparent bridging, 11transport layer

OSI model, 4, 766RSVP (Resource Reservation Protocol), 23SPX, 25

Trap message, 610trending, 649triggered updates, 378triple data encryption standard (3DES), 572troubleshooting

backup remote access solutions, 283dial backup routing, 284secondary WAN links, 285

bottlenecks, 169echo, 484NAT, 812

trunk command, 790trunking capacity planning, 521trunks, 448tunneling transition mechanism, 363tunnels

GRE, 309layer 3, 308

two-factor authentication, 564

UuBR (Universal Broadband Routers), 295UDLD (Unidirectional Link Detection), 197UDP (User Datagram Protocol), 17, 271

assigned port numbers, 741IP telephony systems, 487port names, 741testing services, 666

udp protocol keyword, 740u-law companding, 443–444UMTS (Universal Mobile Telephone Service),

298undebug command, 776un-encapsulated data, 5unicast addresses, 354-356unicast packet forwarding, 192unicast transmission, 6, 24Unidirectional Link Detection (UDLD), 197Universal Broadband Routers (uBR), 295Universal Mobile Telephone Service (UMTS),

298unshielded twisted-pair cables (UTP), 201<up arrow> command, 774upgrading

configuration management, 639networks, 105

UplinkFast, 122, 197upper layers (OSI model), 760. See also

application layer

traffic


1019

upper-layer protocols, 11, 18NetWare Protocol suite, 24-25transparency, 11

upstream, 291User Datagram Protocol. See UDPUser history collection group (RMON2), 622username command, 786UTP (unshielded twisted-pair cables), 201

VVAD (voice activity detection), 490Variable Length Subnet Masking (VLSM), 21,

349, 693variance, 160variance command, 781VDSL (very-high-data-rate DSL), 258vectors, 23verification tools, 94verifying

access list configuration, 746–747NAT operation, 810pilot/prototype network implementation

steps, 97vertical integration, 31very-high-data-rate DSL (VDSL), 258virtual addresses, 9virtual circuit management, 766virtual circuits, 7Virtual Private Networks. See VPNsvirtual private voice networks, 458vlan command, 789vlan database command, 789vlan-membership command, 790VLANs, 12–13, 197VLSM (Variable Length Subnet Masking), 21,

340, 693VoATM

adaptation types, 503classes of services, 502design guidelines, 504dial peer, 476overview, 502

VoFR, 498design guidelines, 500dial peer, 476implementations, 499vs. VoIP over Frame Relay, 499

voice activity detection (VAD), 490voice data, integrating voice and data networks,

461voice-enabled routers, 165voice gateways, 165, 475

dial peers, 476echo, 484interfaces that support, 475jitter, 482VoATM networks, 504voice ports, 475

voice mail, 459voice networks

capacity planning, 505Campus IP telephony, 519–521DSP resources 514GoS, 508–512network migration, 507on-net/off-net calling, 505–506trunking, 521WANs, 515–518

voice over IP. See VoIPvoice ports, 475voice routing, 454voice transport, 164, 441, 697


IP telephony, 164-165modules, 166network solution example, 166PBXs, 444

features, 446–447vs.PSTNs, 444

PSTNs, 444features, 447vs. PBXs, 444

QoS mechanisms, 699

voice transport


1020

VoIP (voice over IP), 261AutoQoS, 497bandwidth requirements, 490case study, 526control and transport protocols, 487

call control functions, 489RTP, 488UDP, 487

dial peer, 476DSPs, 470echo, 484gatekeepers, 469H.323, 467overview, 461QoS, 215vs. IP telephony, 470

voluntary tunnels (VPDN), 307VPDNs, 306-307VPN/Remote Access module, 140VPNs (Virtual Private Networks), 255

applications, 303authentication, 565benefits of, 308connectivity options, 304–307overlay, 304remote access options

benefits of, 308connectivity, 304–307peer-to-peer, 307

VRRP, router discovery, 158vtp command, 789vty, denying access, 744

WWAN commands (table), 783, 786WAN configuration commands (table), 785–786WAN module, 140–141

securityguidelines, 592risks, 591

WAN protocols, 761WANs (wide-area networks), 3, 255-256

authentication, 565backup links, 268bandwidth

optimizing, 268ranges, 265

capacity calculations, 700characteristics, 6circuit switching, 7Cisco IOS EXEC commands, 783comparing technologies, 267data compression, 269–270designing, 256, 688

analyzing customer requirements, 261application requirements, 262–263characterizing the existing network, 261cost effectiveness, 265methodology, 260selecting technologies, 276technical requirements, 263–264topology and network solutions, 261trade-offs, 261

devices, 8, 13–14dialup services, 7emerging technologies, 258

cable, 259DSL, 258LRE, 259MPLS, 259vs. traditional technologies, 257wireless, 259

Enterprise Composite Network Model, 256Enterprise Edge, connecting with outside

world, 260G.729 codec, 489hardware, 268hubs, 9implementation, 268interconnections, 260

VoIP (voice over IP)


1021

ISPs, 259layers, 256leased, 266links

permanent secondary, 285queuing to improve performance, 272redundancy, 161

ownership, 266point-to-point links, 7private, 266provisioning, 8queuing

PQ, 274WFQ, 273

redundant links, 268remote access

always-on connections, 280–281backup solutions, 283–285design as process, 283dispersed Enterprise sites, 288-290establishing parameters, 278–279Internet as a backup, 308–309IP connectivity, 291–302on-demand connections, 280packet switched topologies, 281–282VPNs, 304–308

response time, 263self-clocking, 272service, 256shared, 266traditional technologies, 257upgrading and backing up (case study), 313virtual circuits, 7voice data capacity planning, 515

CAC, 518calculations, 516call routing alternatives, 518combining calculations with GoS, 517

window size, 271–272war dialing, 553war driving, 553Watsup Gold, Net Inspector Lite, 72

Web sites, 367, 751–752, 757Auto Update Server, 600CDP, 625Cisco NetFlow technology, 80Erlang tables, 509MIB, 614NBAR, 80RFC 1918, Address Allocation for Private

Internets, 330RFC 2080, RIPng for IPv6, 367RFC 2460, Internet Protocol, Version 6

(IPv6), 350third-party network auditing tools, 72third-party traffic analysis tools, 79

web switching, 172weighted random early detection (WRED), 494WFQ (Weighted Fair Queuing), 273, 495what-if analysis, 648what-if tools, 94wide-area networks. See WANswildcard masks, 729

examples, 729–730implicit, 731

wireless LANs802.11b, 588802.1X, 589EAP, 589security, 587-589

wireless networks, 258–259benefits, 300broadband fixed, 298–299LANs, 298mobile, 298

wireless packet sniffers, 591WLANs (wireless local area networks), 259WRED (weighted random early detection), 494write erase command, 777write memory command, 777write network command, 777write terminal command, 777

write terminal command


1022

XX.25, 258

always-on connections, 281remote access connections, 279

xDSL, 292

Y-Zyields, 22

X.25


Documents

1419 fmilXi.fm Page 976 Friday, November 7, 2003 7:09 AMptgmedia.pearsoncmg.com/images/1587051419/index/... · IGRP (Interior Gateway Routing Protocol), 23 ... bandwidth metric, 382-383