Remote Access Network

7/27/2019 Remote Access Network

1/36

March 18, 2011 [REMOTE ACCESS NETWORK (CT043-3-2-RAN)]

Remote Access Network Page 1

ContentsIntroduction ..............................................................................................................................................................2

Type and Size of Data ................................................................................................................................................3

Primary Link ........................................................................................................................................................... 11

Secondary Link ....................................................................................................................................................... 15

Network Diagram ................................................................................................................................................... 21

Redundant LINK ..................................................................................................................................................... 22

Installation ............................................................................................................................................................. 24

Security .................................................................................................................................................................. 29

Conclusion .............................................................................................................................................................. 32

References ............................................................................................................................................................. 33

Appendices ............................................................................................................................................................ 35

Work Break Down .................................................................................................................................................. 36


2/36



Introduction

Network has been an essential element in any field. Network will be able to connect two users

that apart from each other. Banks, schools, offices, public services, and many more are all use networkeither local area network or wide area network. Local Area Network will mostly used for connecting

the device with limited space, such as LAN in the office. Wide Area Network (WAN) will connects

some LANs to join together in the one network.

Network can be used as for many purposes. For communication purpose, we can use Voice

Over Internet Protocol (VOIP) and video conferencing that is booming in the market. VOIP or video

conferencing will help the company or institution to save cost, because they are free of charge. All the

company need is just the high speed internet for having a smooth conversation. Another advantage is

that it can connect to many user instead of only having one on one conversation.

Another feature that a network has is file transfer. For example from main office needs to send a

important file and the recipient needs it immediately. It will consume a time if from the main office a

sender needs to travel all the way to branch office to pass the file. It will be such a big problem if the

distance between two offices is far away apart. File transferring can send the file through the internet

and the recipient can get the file immediately.


3/36



Type and Size of Data1. Voice Over Internet Protocol (VOIP)

Voice Over Internet Protocol (VOIP) is IP based network that transmit voice conversation, without

loss in functionality, quality and reliability. VOIP has been very famous because it save cost over thetraditional telephone, especially to make long distance or crossed nation calls.

Voice signal from VOIP phone or it can use traditional phone that is connected to an adapter will go

through a VOIP device that convert the normal telephone signal to the digital signal in order to use the

broadband internet connection. The digital signal then will be converted back to the normal signal

(original voice call). When the caller calls the recipient number, the VOIP adapter will log on to the

routing server. It will look to the destination IP number which is associated with the recipient number.

The call will be routed through PSTN if the dialed number is not using VOIP and there is no phone

number which tied to an IP number.

Figure 1-1 How the VOIP works


4/36



Types of VOIP calls:

VOIP which placed to other VOIP device or on the PSTN

PC to phone calls, calls from VOIP device to a PSTN device

PC to PC, call from a VOIP device to another VOIP device

Equipment Needed:

High speed internet is needed; it can be a connection through cable modem or high speed

service such as DSL. Other device needed are a PC, an adaptor, or a specialized phone. Some VOIP

service only works on the pc or on the specialized phone. Using pc, it will require a particular software

and a high quality of microphone. The service allows the user to use a traditional phone which must

have connected to a VOIP adapter. Using a traditional phone which have connected to an adapter is like

make a normal phone call which may have dial tone as well.

Advantage of Voice Over Internet Protocol (VOIP)

Save cost

It is a main advantage of VOIP. It is very effective to reduce a production cost for a company which

needs to make a lot of calls, especially for a company which have to make a international calls.

Manageability

Each employee has the ability to route the call by themselves. Each employee will have their

personal extensions number, so it is easy to reach a particular person.

Integration

It can better integrate the phones, voicemail, email, SMS, faxes and other communication.


5/36



2. File Sharing

File sharing can be public or private sharing of data or space in the network. A file transfer system

that commonly used it File Transfer Protocol (FTP). FTP can be a public access or a limited access

which require username and password to access it.

The objective of FTP:

To promote sharing of files

To encourage indirect or implicit use of the remote computer

To shield a user from variation in the file storage system among hosts

To transfer data efficient and reliably

Requirement of using FTP

An FTP client installed on the computer, for example Auto FTP Manager

Information about FTP server destination, including a username and password if needed

To transfer files, server address, username, and password have to be set in the client software. Once

it is connected to the server, the user can upload, download, or delete files.

FTP and Internet Connections

For sending and receiving data, FTP uses one connection and for commands FTP uses another

connection. FTP has a standard number port which is logical connection point that FTP server listens

for every connections. The standard [ort number for FTP is 21 and it is only for sending commands.


6/36



Figure 1-2 Transferring data in FTP

File Transfer Protocol supports active and passive connections. Active FTP means the client open

as a port and listen and the server actively connects to it. Passive FTP means the server open and listen

passively and the client connects to it.

3. SQL

SQL is a tool to organize, manage, and retrieve data that have been stored in a computer database.

SQL is more than just a query tool. Retrieving data is the most important feature in the SQL. Some

functions that SQL has are:

Data Definition

Structure and the organization of the stored data will be defined by the user.

Data retrieval

The user is able to retrieve stored data from database and make use of it.

Data Manipulation

The user is able to add data, remove data, or modify the data.

Access Control

The user can protect the database from unauthorized user.


7/36



Data Integrity

SQL defines integrity constraint in the database and protect it from corruption caused by system

failure.

Figure1-3 How Database is being stored

SQL is not a structure language compare to other programming languages such as C or Java.

SQL has few inconsistencies and some rules that looks perfectly legal but do not make sense. SQL has

been a standard language for using relational database. SQL is powerful languages that relative easy to

learn compare to the other programming language.


8/36



4. Closed Circuit TV (CCTV)

CCTV consists of some video cameras that transmit video images to a monitor. CCTV is

privately broadcast and not for public consumption. CCTV can use both wireless and wired

transmission to broadcast the video images from video camera to monitor. The common usage of

CCTV is for safety purposes.

Figure 1-4 Installation of CCTV

Wired cable connection

The video camera will be physically connected to the monitor via cable. The type of cable

that commonly used for CCTV is coaxial cable. This type of connection has a disadvantage which

is the longer cable connects from video camera to monitor the higher possibility to decrease the

quality of the video images.


9/36



Wireless connection

To transmit the video images to a monitor most of the CCTV cameras use 2.4 Gigahertz

frequencies. With that frequency CCTV cameras can easily transmit the video images to the

monitor trough any types of obstacle including walls. Wireless connection will enable the CCTV to

be placed at anywhere as the user want. As a result some of CCTV wireless connection are using

battery as a power supply.

5. Video conferencing

Video conferencing has become more and more popular. Video conferencing happens when

there are two or more parties communicate in the real time with audio and video signals. List of

technologies that use in the video conferencing, such as:

Video input

It can be a video camera or a webcam. It at least have to be two or more devices to be connected

each other. Video camera can be projected to larger display such as in the larger monitor or using

projector to get larger view of the video images.

Video Output

Standard video output will be a monitor or a digital tv set.

Audio Input

A microphone will be source for audio input in the video conferencing. It also can be a headset that

has microphone on it.


10/36



Audio Output

Speaker will be the device as an audio output device. A headphone can be a source for audio

output as well.

Figure 1-5 How Video Conferencing works

Video conferencing works on many kind of technology that is being used such as digital and

analog technology. ISDN line, normal broadband internet, radio frequencies, and satellite transmission

are eligible to provide video conferencing. The main advantage of video conferencing is to save time

and money. It also can involve multiple users to join the video conferencing.


11/36



Primary Link

Just about all office-based and modern retail businesses require some type of Internet access in

order to carry out their daily operations and countless have mission critical Internet requirements that

allow them to continue business operations at all times (Lemm, 2010). There are many choices to fulfill

this need for Internet access, including Dial-up connections, ISDN, DSL, Cable, Wireless applications,

a T1 Line, or something larger like a DS3 or OC-3 (Lemm, 2010). In selecting the appropriate choice

for the primary link of the remote network for Big Boss Public Limited, our team looked into a few

popular choices for primary links of similar circumstances. Among the factors looked at during

selection are mainly costing, practicality, speed of transmission, bandwidth and security. After careful

consideration, we have decided to use a T1 link to connect the main office to the branch office

compared to other solutions such as DSL, Frame Relay or ISDN. This is because T1 has numerous

advantages over the others.

A "Full T1 Line" is a term normally used to depict a circuit that provides 1.5 megabits per

second of high speed Internet access, which is the most general type of T1 (Lemm,2010). A Full T1 can

also be used to carry telephone lines, data, video and/or VoIP calls. A T1 Line is made up of 24

channels that transmit data at 64Kbps each, therefore giving a Full T1 Line the capacity to transmit

1.54Mbps of data synchronously (upstream and downstream). Using today's standard email

applications and common Internet searching, this amount of bandwidth could sustain anywhere from 1

to approximately 75 users depending on their requirements, preferences, and the company's budget

(Rucker, 2004). Most commonly Full T1 Lines are used in offices with 5 to 50 employees.

A T1 circuit provides the most consistent and reliable bandwidth available when leased from a

high quality T1 Provider, which is why businesses are willing to pay more for a T1 than for other

services like DSL or Cable. In some applications, a T1 can save money for a company who uses a less

reliable bandwidth connection. Since multiple services can be combined on a single T1, cost efficient

solutions are often available by the service providers.

A point to point T1, often referred to as a "P2P", provides a very secure and reliable connection, usually

from a corporate office to any number of satellite offices. Although a P2P does not actually offer


12/36



Internet access or phone lines, corporations use P2P T1s to share these services. For example, the

company's home office in Kuala Lumpur might have numerous telephone lines and huge Internet

access pipes installed at one location to get the best available rates. This company can then utilize P2P

T1 to transmit any combination of telephone lines, Internet access, and data between offices to share

software systems, and provide in-office dialling from locations across the country ( in this case the

branch office in Seremban). The possibilities are endless because there are no restrictions on how a

point to point T1 can be used, assuming you have the correct equipment and a source at one end of the

P2P. This can be a great way to save money, because a satellite or branch office might have to pay huge

prices to have telephone and bandwidth services installed directly, whereas the home office can get

better rates because of bulk buying and location.

The key advantage of a P2P line is that it is truly and strictly private, making it top choice for

those demanding a circuit with a dedicated connection to only their business, therefore offering the

highest security available (Lemm, 2010). Principally T1's are business connections. Cable/DSL services

are usually residential.

T1's normally have:

unlimited throughput

a guaranteed uptime per month

no port blocking, allowing servers

upload 2-5x as high as cable/DSL

faster repair times, as in the company will most likely take priority repairing them

a dedicated line

allows technologies such as video conferencing and VoIP

Cable/DSL typically has an AUP or TOS that disallows servers, and may have high downtimes.

Plus when there is no internet, there might be no business either. Cable/DSL have high download

speeds, but in a business setting, the employees might only be checking email/browsing the

web/updating database records, so there is less need for so much download. However the company may

be running a server that uploads a lot or might be updating a website and need to send files often. The


13/36



upload of a T1 helps in this setting. Raw peak speed is not the most vital to a connection. T1 is

marketed as a business class service. That means it is symmetrical, making it easy to run servers, and

comes with a service level agreement that guarantees minimal acceptable performance and mean time

to repair (MTTR). These are critical components in the marketing of different services. If you are a

business the cost of a network outage could be dramatic (Lemm, 2010). The widespread availability of

extremely low cost residential services is putting tremendous price pressure on traditional business

class services. With that, you see the cost of T1 lines (as well as DS3 even OC3) dropping steadily over

the last year.

Below are some comparisons between T1 Leased Line, Frame Relay, ISDN and DSL:

T1 Leased Line Frame Relay ISDN DSL

It is private,dedicated

connection which

not sharing the

bandwidth with

others

Bandwidth

implemented at

1.5Mbps to

45Mbps

It gives 24-hours

service of data,

voice and video

capabilities which

means it is always

active

Provides constant

and stable digital

connection

High security as

the line is not

shared

Suitable for the

An advanceversion of X.25

Operates at data-

link layer

Bandwidth

implemented at

56Kbps to 45Mbps

Provides the

Permanent Virtual

Circuit service,

which mean like

leased line giving

dedicated

connection but do

not need to pay

high cost as leased

line

Feasible and costeffective for the

organization which

needs flexible and

fast connectivity

Less secure than

T1

Integrated ServicesDigital Network

Provide digital datacommunication

over regulartelephone wire

Bandwidthcommonlyimplemented

between 64 Kbps

to 512Kbps

Provides twoflavour: BRI and

PRI

Available in themost geographicalareas

Allows multiple

devices share insingle line

Digital SubscriberLine

Using the regulartelephone lines to

transmit the data

Bandwidthimplemented

between 128Kbpsto 8Mbps

Able to do the dataand voicetransmissionsimultaneouslyover the same

phone line

Provides severaldifferent types ofservice to suit the

purpose of the

organization like

ADSL, SDSL andso on


14/36



business that needs

high bandwidth,

fast and stabile

transmission

Feature

Leased Line Frame Relay ISDN DSL

Bandwidth High Medium Low Low

Cost *High installationfee

*Varies withdistance

*Cost effective forP2P

*Mediuminstallation fee

*Varies withbandwidth used

*Cost does notincrease as the

distance betweenpoints increases

*Lowinstallation fee

*Monthly fee +per minute

charge

*Cost increases

as the distancebetween points

increases

*Low installationfee

*Monthly fee

*Cost increases asthe distancebetween points

increases

Uses Voice, Data, Video Voice, Data Voice, Data Voice, Data

Switching Dedicated Packet Circuit Circuit

Availability High High High Low

QoS and

Reliability

High Medium Medium Low

Security High Medium Medium Low


15/36



Secondary Link

For the secondary link, Digital Subscriber Line (DSL) connection seems to be a good choice.

DSL is a high-speed internet connection which is also known as broadband. It is much faster than a

typical 56K modem connection, and also exceeds speeds available from Integrated Services Digital

Network (ISDN) services. DSL uses copper wiring and a standard phone line to connect computers to

internet. To connect to a DSL, an Internet Services provider (ISP), Ethernet or wireless card or DSL

modem is required.

DSL is an innovative connection that allows users to transmit data and information through the

internet at a much higher frequency over existing phone line. Because it utilizes a higher frequency,

users will be able to use the phone line at the same time, without any interference. Telephone call will

remain clear and crisp, and the connection will seemed like lightning compared to a 56K modem

connection.

There are a few ISP that offer inexpensive DSL based internet connection. The most common

form of DSL connection will be Asymmetric Digital Subscriber Line (ADSL). ADSL download

information from the internet faster than it can upload. Its definitely suits the business requirement

nowadays as majority of internet browsing nowadays involve information downloading.

Regular telephone uses low frequency while DSL can be used at the same time and on the same

telephone line with regular telephone, as it uses high frequency bands. The download speed of DSL

mainly depends on DSL technology, line conditions and service-level implementation. It typically

ranges from 256Kbit/s to 24,000Kbit/s.
http://nethelper.com/article/Telephone_linehttp://nethelper.com/article/Plain_Old_Telephone_Servicehttp://nethelper.com/article/Plain_Old_Telephone_Servicehttp://nethelper.com/article/Telephone_line


16/36



Heres some comparison between DSL, Frame Relay and Leased Line:

DSL Frame Relay Leased Line

Digital Subscriber Line An advance version of

X.25

It is private, dedicated

connection which not

sharing the bandwidth

with others

Using the regular

telephone lines to

transmit the data

Operates at data-link

layer

Bandwidth

implemented at

1.5Mbps to 45Mbps

Bandwidth

implemented between

128Kbps to 8Mbps

Bandwidth

implemented at 56Kbps

to 45Mbps, and now

can be higher

It gives 24-hours

service, which means it

is always active

Able to do the data and

voice transmission

simultaneously over

the same phone line

Provides the

Permanent Virtual

Circuit service, which

mean like leased line

giving dedicated

connection but do not

need to pay high cost

as leased line

Provides constant and

stable digital

connection

Provides several

different types of

service to suit the

Feasible and cost

effective for the

organization which

High security as the line

is not shared


17/36



purpose of the

organization like ADSL,

SDSL and so on

needs flexible and fast

connectivity

It is always on Suitable for the

business that needs

high bandwidth, fast

and stabile

transmission

Among all these connection, DSL suits our scenario best. As we all know, a fast DSL access

allows us to download images, videos and other large files at a lightning fast speed. DSL connection is

always on, which means that there is no wait to get connected, no busy signals and no dialling needed

to get connected.

DSL also does not need an extra phone line. DSL uses any existing phone line which allows

users to utilise the phone and internet at the same time. Besides, other devices can also be used on the

telephone. DSL will not interfere with the devices installed.

DSL provides a lightning fast download speed, ranging up to 2.4 Mb/s. This means that users

will be able to download files faster than other connection available. This will contribute to a faster and

smoother run of operations as daily operations using internet can be carried out at a higher speed.

Another advantage of using DSL is that it is using a dedicated line. This means that the users

will be the only one using the line, instead of sharing it with other users. Normal connection using cable

and modems does have the problem of sharing the connection with others, making their connectivity a

lot slower. With DSL, the internet speed will be more private, stable and have fewer delays.


18/36



Technology

Feature

DSL Frame Relay Leased Line

Bandwidth Low Medium High

Cost Low

installation

fee

Monthly fee

Cost increases

as the

distance

between

points

increases

Medium

installation

fee

Varies with

bandwidth

used

Cost does not

increase as

the distance

between

points

increases

High

installation

fee

Varies with

distance

Cost increases

as the

distance

between

points

increases

Uses Voice, Data Voice, Data Voice, Data,

Video

Switching Circuit Packet Dedicated

Availability Low High High

QoS and Reliability

Low

Medium

High

Security Low Medium High


19/36



DSL is chosen over frame relay and leased line as it is only as a secondary link. In this case the

priority will be on the price. It is available at a much lower price, no matter installation or the monthly

price.

To improve the security features, we will implement a Virtual Private Network (VPN) through

the DSL. VPN utilizes public telecommunications networks to conduct private data communications.

Most VPN implementations use the Internet as the public infrastructure and a variety of specialized

protocols to support private communications through the Internet.

VPN follows a client and server approach. VPN clients authenticate users, encrypt data, and

otherwise manage sessions with VPN servers utilizing a technique called tunnelling. The main benefit

of a VPN is the lower cost needed to support this technology compared to alternatives like traditional

leased lines or remote access servers.

VPN users typically interact with simple graphical client programs. These applications support

creating tunnels, setting configuration parameters, and connecting to and disconnecting from the VPN

server. VPN solutions utilize several different network protocols including PPTP, L2TP, IPsec, and

SOCKS.

VPN servers can also be connected directly to other VPN servers. A VPN server-to-server

connection extends the intranet or extranet to span multiple networks.

At the head quarter a VPN secure tunnel will be needed to set up. This will need a VPN

capable device. This can be done on some internet gateway routers, some Internet firewalls, or a

separate VPN aggregation device. You also need a security server at your central site, to authenticate

incoming VPN users. At the headquarter we must make sure that the DSL is connected to the internet,

and we also need a VPN client software.

Basically the process is, the headquarters DSL user has an open internet connection. Then, they

must launch the VPN client software. The client software will set up a L2TP or PPTP tunnel to the

head sites internet gateway, which is encrypted with IPsec, 3DES, DES56, etc. The VPN Client then

asks for a unique user name and password, which must match that in your central sites security

database. When properly authenticated, the user then has a high speed secure encrypted tunnel into your

central site.
http://compnetworking.about.com/library/glossary/bldef-protocol.htmhttp://compnetworking.about.com/library/glossary/bldef-protocol.htm


20/36



The performance is dependent to the bandwidth on the DSL. Normally it depends on the ISP,

but in general, setting up a VPN tunnel and encrypting the data causes a little bit of a speed loss in

comparison to purely sending data into the internet. Even in consideration of this, the

price/performance ratio is much, much better than that of any dial-up modem service.


21/36



Network Diagram


22/36



Redundant LINK

The proposed solution is to use two different types of link via two ISPs. This is measured the

perfect setup for full redundancy. In a situation that we have one failed ISP; we still have one link as

backup. When we have both up links to both ISPs, we may possibly do load balance or load share

between the two links.

There are some considerations to follow:

We are required to run BGP with both ISP (BGP Multihoming)

Usually on each link, we are required to have at least full T1/E1 circuit

Each BGP relationship with each ISP should ride over dispersed POP circuit

We are required to have Public AS (Autonomous System) number

We are required to have Public Subnet within the Public AS number (Redundant link Juniper,

2009)

Remember that with multiple ISP scenario, we still need to consider the basic physical connection

redundancy as with a single ISP scenario. This basic contains connection to different CO or different

backbone network. When both ISP terminate to the same backbone network, then we have a single

point of failure on the backbone network.

BGP is used when one ISP needs to communicate with different ISP and to whole Internet users.When we are planning to have redundancy connection over multiple ISP, we are considered as ISP

even though our network is not like one. This is why we need to run BGP with both ISP.

We need to have at least full T1/E1 circuit to each ISP

Redundancy involving BGP needs the "real" data network that is originally designed to carry

and support Internet data. Broadband connection such as cable Internet and DSL is most likely

considered the "extension" of existing non-data network. Cable Internet network is formerly designed

to broadcast TV programs. DSL network is originally designed for voice communication (POTS).

Neither network is designed originally to carry and support Internet data.

Although some ISP might be able to support BGP over DSL, the DSL technology used is most

likely SDSL instead of ADSL. Still, BGP over DSL is uncommon.


23/36



On the other hand, T1/E1 circuit is originally designed to transmit and support Internet data;

including the BGP support. T1/E1 circuit falls under the similar "real" data network as other "larger

bandwidth" circuit technologies such as DS3, OC-x, ATM, and Gigabit Ethernet.

That is the reason why most ISP requires us to have T1/E1 circuit or larger to them to be able to

do BGP peering with them.

Each BGP relationship with each ISP run over different POP termination (Dispersed POP)

This is essentially following the same theory of dispersed POP for Multilink (bonded) circuit

concept. Note that BGP Multihoming is just a logical separation and redundancy, and does not

necessarily mean physical separation and redundancy. We can't really have a full redundancy without

having both physical and logical separation.

We need to have we own Public AS number

Once ISP runs BGP with different ISP, then each ISP needs its own Public AS number. This AS

number is used to distinguish between one ISP network and other ISP network.

Since we are considered as ISP when running BGP to multiple ISP, then we are also need to

have our own BGP AS number. When we don't have one yet, then one of the ISP can provide us one.

Keep in mind that we need to inform both ISP beforehand that we will run redundancy over

multiple ISP. This is to make sure that all parties involved understand what required setup to

implement. The key is to make sure that we would-be Public AS number will be recognized by all ISP

as valid Internet-routable Public AS number (or in other words, the Public AS number will be seen by

any ISP and the rest of the Internet users).

When we don't inform the ISP of we purpose and we are requesting AS number from one of the

ISP, the ISP might provide us Private AS number or AS number that is only seen by single ISP and

unknown to other ISP and the rest of the Internet users. (Thomas Akin, 2002)


24/36



Installation

This guide presents a general idea and explains how to install, connect, and perform initial

configuration for the Cisco 1900 series Integrated Services Routers (ISRs).

This model of Cisco Router is modular router with LAN and WAN connections that can be

configured by means of exchangeable interface cards and internal service modules. The series currently

consists of the 1905, 1921, 1941, and 1941W (wireless) models. The 1941W is Wi-Fi CERTIFIED

and 802.11a/b/g/n-compliant. The modular design of the routers provides flexibility, allowing us to

configure usr router according to usr needs.

Chassis Views

Figure 1-1 Front Panel of the Cisco 1905, and Cisco 1921 Router

1 SYS 2 ACT

3 PoE


25/36



Figure 1-2 Back Panel of the Cisco 1905 and Cisco 1921 Router (1921 shown)

1 EHWIC (HWIC, WIC, or VWIC) slots 0 and 1slot 0

(Right), slot 1 (Left), or double wide

2 EN (Enable RJ-45 console)

3 RJ-45 serial console port 4 AUX port

5 GE 0/1 6 GE 0/0

7 S (Speed) 8 L (Link)

9 USB portUSB 2.0 Type-A port 10 Kensington security slot

11 PoE 12 Ground connector

13 On/Off switch 14 Input power connection

15 Baud reset 16 USB serial portUSB 5-pin mini

USB Type-B

17 EN (Enable USB console) 18 Flash


26/36



Port number 5 and 6 will be used as our LAN interface which is connected to LAN switched.

On the slot 1, Cisco High-Speed WAN Interface Card Expansion Module - 2 Ports (HWIC-2FE) will

be installed as WAN ports which are connected to two different ISPs via T1 and DSL routers.

Figure 1-3 1-Port T1/E1 HWIC Front Panel

1 RJ-48C connector 2 Port number

3 CD/LP LED (bicolor LED) 4 AL LED

Figure 1-4 ADSL and G.SHDSL WIC Front Panels


27/36



There aresome basic

steps to get connectivity from routers as following:

Step 1: Enter the setup command facility

Router> enable

Password:

Router# setup

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]:

Step 2:Basic management setup configures only enough connectivity

Would you like to enter basic management setup? [yes/no]: yes

Step 3:Enter a hostname for the router (this example uses myrouter):

Configuring global parameters:

Enter host name [Router]: myrouter

Step 4:Enter an enable secret password. And Router Password

The enable secret is a password used to protect access to

privileged EXEC and configuration modes. This password, after

entered, becomes encrypted in the configuration.

Enter enable secret: cisco

Step 5: Select one of the available interfaces for connecting the router to the management network

Enter interface name used to connect to the

management network from the above interface summary: gigabitethernet0/1

Step 6: Respond to the following prompts as appropriate for your network(Cisco 1900 Series, 2011)Configuring interface GigabitEthernet0/1:

Configure IP on this interface? [yes]: yes

Table 1 ADSL WIC LEDs

LED Color Description

CD LED Green Lit when the unit is connected to the network and operating normally. On ADSL

interface cards only, this LED blinks while training with DSLAMs. Does not apply to

the WIC-1SHDSL-V2 or WIC-1SHDSL-V3 interface cards.

LP LED Yellow DSL interface is in loopback mode.

Off Normal operation.

OK LED Green Enabled when the card is detected by the router.

LINK

(CD)

LED

Green

and

Yellow

Green when cells or frames are passing between the host and the DSLAM. Yellow

when the T1E1 framer detects an alarm. Applies only to the WIC-1SHDSL-V2 and

WIC-1SHDSL-V3 interface cards.


28/36



IP address for this interface [10.10.10.12]:

Subnet mask for this interface [255.0.0.0] : 255.255.255.0

Class A network is 10.0.0.0, 24 subnet bits; mask is /24

In order to have link failover and load balancing we can use different method. If we want the backup link

to have no traffic over it unless the primary link is down we may setup what Cisco used to call "dialup backup

using object tracking". Dialup is a misnomer. The technique uses a ping of a known destination to verify the

primary link functions. If a few pings fail then the routing is switched to the backup. The backup can be any link.

Both primary and backup are ethernet ports at the site we have this configured.

When pings start working again traffic is switched back. (NAT must be configured for both links)

We may also use OER to load balance over the links if we wish to use both at the same time. There are many

different options for configuring OER. We can configure to load balance based on bandwidth at some sites and

to fill the primary to 80% before using the backup at other sites.


29/36



Security

The Cisco 1921 builds on the best-in-class offering of the Cisco 1841 Integrated Services Routers. All

Cisco 1900 Series Integrated Services Routers offer embedded hardware encryption acceleration, optional

firewall, intrusion prevention, and advanced security services. (Cisco 1921, 2011)

Figure 0-1 Embedded hardware Encryption

Embedded hardware encryption in comparing with software encryption is much faster and

reliable due to using encryption and decryption algorithm by using hardware resources directly.


30/36



Figure 0-2 Intrusion prevention system framework

Source:http://www.asia-net.com.hk/solutions/intrusion_prevention.htm

Intrusion Prevention Systems (IPS), also identified as Intrusion Detection and Prevention

Systems (IDPS), are network security services that monitor network and/or system activities for

malicious activity. The main job ofintrusion prevention systems is to identify malicious activity, log

information about said activity, attempt to block/stop activity, and report activity.

IPSs are considered extensions of intrusion detection systems because they both monitor

network traffic and/or system behaviord for malicious activity. The main differences are, unlike

intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively

prevent/block intrusions that are detected. More exclusively, IPS can take such actions as sending an
http://www.asia-net.com.hk/solutions/intrusion_prevention.htmhttp://www.asia-net.com.hk/solutions/intrusion_prevention.htmhttp://www.asia-net.com.hk/solutions/intrusion_prevention.htmhttp://www.asia-net.com.hk/solutions/intrusion_prevention.htm


31/36



alarm, resetting the connection, dropping the malicious packets, and/or blocking the traffic from the

attacker IP address. An IPS can also correct CRC, unfragment packet flow, prevent TCP sequencing

issues, and clean up unwanted transport and network layer options.


32/36



Conclusion

BigBoss Company needs to build a network that connects the main office and the branch office.

It will help the company to do day to day works. Some features that the company will be having are

VOIP, video conferencing, File transfer, Database, CCTV. The company can save cost by using VOIP

and video conferencing rather than use the traditional phone call. The company will make many calls

per day regards stockings and the cost of phone call can be very high. Furthermore it gives more

advantages that the company can make video conferencing that involves more users rather than one on

one conversation. The main idea of having all the features is to build a stable connection. The primary

link of the BigBoss network uses T1 that more stable and faster than the other options. The secondary

link uses IP sec. The implementation, maintenance and security are will be decisive to define the rate

of the network.


33/36



References

Cisco 1900 Series, 2011, Available on

http://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.html ,

Access on 12th March 2011

Cisco 1921, 2011, Available on

http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-

598389.html, Accessed on 13th March 2011

Thomas Akin, 2002, Hardening Cisco Routers, OReilly

Redundant link Juniper, 2009, Available on

http://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.html ,

Accessed on 15th March 2011

Ross, D, -, How Video Conferencing Security Works, Available on

http://communication.howstuffworks.com/how-video-conferencing-security-works.htm, Accessed on

12th

March 2011

Chiltern District Council, -, How Does CCTV Work, Available on

http://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3,

Accessed on 12th

March 2011

Red Hat Inc., -, How FTP works, Available on

http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.html, Accessed

on 13th

March 2011

Topbits, -, FTP, Available onhttp://www.tech-faq.com/ftp.html, Accessed on 13th

March 2011
http://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.htmlhttp://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.htmlhttp://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.htmlhttp://communication.howstuffworks.com/how-video-conferencing-security-works.htmhttp://communication.howstuffworks.com/how-video-conferencing-security-works.htmhttp://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3http://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.htmlhttp://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.tech-faq.com/ftp.htmlhttp://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.htmlhttp://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3http://communication.howstuffworks.com/how-video-conferencing-security-works.htmhttp://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78-598389.htmlhttp://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.html


34/36



Lemm, M, 2010, Available on : http://russbellew.com/broadband_t1_vs_dsl.aspx , Accessed on 12th

March 2011

Rucker, L, 2004, Available from:http://www.usavetelecom.com/who-benefits-t1-line.shtml, Accessed

on 13th

March 2011
http://www.usavetelecom.com/who-benefits-t1-line.shtmlhttp://www.usavetelecom.com/who-benefits-t1-line.shtmlhttp://www.usavetelecom.com/who-benefits-t1-line.shtmlhttp://www.usavetelecom.com/who-benefits-t1-line.shtml


35/36



Appendices

Gant Chart


36/36


Work Break Down

Part Name Student Full Name

User requirements Edwin Kusuma

Network design and configuration of primary link Shasi Rao

Network design and configuration of secondary link Ooi

Implementation Danial Doustarmoghaddam

Documentation All Members

Diagrams All Members

Documents

Remote Access Network