%Vision% Archives %%page%%

Tag Archive for 'Vision'

Open Shortest Path First – OSPF Fundamentals – Multiple Areas

Published

on March 3, 2009

in BDR, BSCI, BSCI Notes, Certification, Cisco Systems, Concepts and Constructs, DR and OSPF

. 0 Comments

An OSPF area is a logical grouping of routers that runs OSPF with identical topological databases. An area is a subdivision of the OSPF routing domain. Each area runs SPF separately and summaries are passed between each area.

Problems associated with OSPF in a Single Area

Consider a growing OSPF network with a single area. Several problems come out in relation to capacity capabilities:

The SPF algorithm runs more frequently the larger the network gets, the greater the probability of a network change and a recalculation of the entire area (iow the more resources OSPF chews up). Each of these recalculations in a large network takes longer and involves more “work” with each recalculation for a small area (the expenditure of scarce resources time, cpu, memory, etc).
The larger the OSPF area, the greater the size of the routing table (duh). The routing table is not sent out (like in Distance Vector Routing Protocols). In OSPF this means that the the greater the size of the table the longer the lookup becomes. The memory requirements on the router also increase as the size of the routing table increases.
In a large network, the routers topological database increases in size and eventually becomes unmanageable (the topological database is exchanged between adjacent routers at least every 30 minutes).

As the various databases (Routing Table, Topological Database, Neighbor Table) increase in size and the calculation increase in frequency the CPU utilization increases and memory availability decreases (inverse relationship). This can affect network latency or cause link congestion, resulting in various additional problems (convergence times, loss of connectivity, loss of packets, system hangs) which is bad for networks.

Area Structure

OSPF creates a two-level hierarchy of areas.

Area Zero (Naught) a.k.a the backbone are or transit area. This is always the central area; all the other areas (stub areas that move towards the edge) attach to Area Zero. Area Zero forms the top level in the hierarchy and remaining areas form the bottom level of the hierarchy. This hierarchical design supports summarization and minimizes routing table entries.

Routers within Area Zero are called backbone routers. Routers that link to Area Zero and another area are called Area Border Routers (ABR). OSPF routers that redistribute routing information from another protocol are called Autonomous System Boundary Routers (ASBR).

OSPF Type Packets

As OSPF link-state information is shared between areas, an intricate set of mechanisms is followed, relying on a number of different OSPF packet types. All OSPF traffic is transmitted inside IP Packets. Receivers recognize OSPF traffic because it is marked as IP Protocol (89).

OSPF includes five packet types:

Hello Packets – Establish communication with directly attached neighbors.
Database Descriptor (DBD) - Sends a list of router IDs from whom the router has an Link State Advertisements (LSA) and the current sequence number. This information is used to compare information about the network.
Link State Requests (LSR) – Follow the Database Descriptors (DBDs) to ask for any missing Link State Advertisements (LSAs)
Link State Update (LSU) – Replies to a link-state request with the requested data.
Link State acknowledgments (LSAck) - Confirm receipt of link-state information.

All OSPF packets have a common format that contains the following nine fields:

Version – All packets are assumed to be Version 2 (at least for this part of Cisco stuff)
Type - There are five packet types, numbered 1 to 5
Packet Length - The length in bytes
Router ID – 32-bit identifier for the router
Area ID – 32-bit identifier for the area
Checksum - Standard 16-bit check sum
Authentication Type - OSPFv2 supports three authentication methods:
1. no authentication
2. plain text passwords
3. MD5 hashes
Authentication Data – 64-bit data, either empty, with a plain-text word, or with a “message digest” of a shared secret
Data – Values being communicated

And this took me almost 2 weeks. Shame on me.

Notes and Notices: This is a part of my personal BSCI notes and research to assist myself in learning and understanding the concepts and theory for the BSCI exam. I learn by making notes reading and writing things down and wish to file them where I cannot lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BSCI Certification.

CCIE Command Memorizer

Published

Deon Botha

on September 12, 2008

in Asides, Off-Topic, Support and Vine

. 2 Comments

About a two weeks ago David Bombal from Configure Terminal contacted me about doing a write up for CCIE Command Memorizer. As a current CCNP student there is obviously some of the CCIE content that still goes over my head but most of the stuff I am fairly okay with. David didn’t seem to mind that I wasn’t a CCIE as yet and I sure didn’t mind giving CCIE Command Memorizer a spin so below are my thoughts and feelings.

During my initial research on the CCIE Command Memorizer I found that CCIE Command Memorizer was geared towards the CCIE Routing and Switching (R&S) Lab. When I received the application Monday two weeks ago my initial impression was that it covers without many frills and spills in an effective and efficient manner the commands in a Do-It-Yourself fill in the blanks task to objective orientated format. There is no round-about, search for things “what now” moments; everything is straight and to the point. Another bonus is that the download isn’t enormous either.

The CCIE Command Memorizer application itself is written in an e-book format, which works for the content and in that format. If like myself you like using the keyboard when you get going on command line (IOW dislike moving between the mouse+keyboard) some of the shortcuts might feel “off” and take a bit to get use to. Take heart that once you get going it all starts flowing like second nature.

My feelings on how the CCIE Command Memorizer would fit into my studies it that as a study tool / study aid as it helps you practice commands anywhere at any time as long as you have your notebook handy (face it as a CCNP I realize I am a Geeks and my notebook goes on holiday with me so this pretty much means anywhere). My current situation with a LAB is that I am busy getting racks, cabling, and other kit together to put a LAB up, the actual LAB is non-existent. In my situation the CCIE Command Memorizer is my stop-gap for actual “command” time practice as I don’t really have kit and at times no block time to zero in on a specific Technology Area and do some quick revision work with a specific focus only on that technology. This is different from the LAB where you need to setup and configure peripheral services and technologies to get to the meat close to the bone, CCIE Command Memorizer lets you focus ONLY on those parts to give you practice on those parts.

In my opinion students that would find the CCIE Command Memorizer useful would be individuals who have problems with instant recall of information when under stress or duress (people with classic test condition issues that forget as they walk through the door when in normal day-to-day they are Uber networkers) and students who need to drill things to remember (repetition, repetition, repetition) information to get it to pass from short term into long term memory (this one would be me). Most other students may also find it handy to bridge the book theory and lab practical (where you just went through the theory to quickly go over the practical again to cement the knowledge just a bit more).

From my perspective as a CCNP student the CCIE Command Memorizer shares most (if not all) of the content material with the CCNP that I cared to check up on. In the two weeks I have been working through EIGRP and OSPF (notes to follow shortly) for the BSCI. Everything I covered in theory the CCIE Command Memorizer covered + some more.

To close off for those who want a one-size-fits-all study solution don’t mistake the CCIE Command Memorizer for something it wasn’t built to be. The CCIE Command Memorizer is a STUDY TOOL / STUDY AID and not a “Complete Blended Solution” or All-In-One (aio) Product like the guys from IP Expert offer. This will mean that you will probably either attend classes from a Cisco Learning Partner and/or do labs at home or through a Rack Rental Company and/or also have Cisco Press books that will ADD TO THE VALUE the CCIE Command Memorizer.

In summation I suggest taking a serious look at the CCIE Command Memorizer and how to integrate it into your study plans. Taking all things into consideration I would seriously recommend the CCIE Command Memorizer even to current CCNP level students. The value add is easy to find and it helps to have something that you can take along as you travel that does command line study effectively without the need to spend hours on “setting up other things” before you get to play with advanced topics.

Linksys Brand to Disapear

Published

Deon Botha

on August 28, 2008

in Asides, Cisco Systems and Vine

. 1 Comment

Cisco acquired Linksys back in 2003 and the Linksys brand has been around in some way or form since then, kind of, I haven’t had problems with the product myself but have had logistics problems with the brand and this comes from up-channel from various distributors where they can’t promise due dates and shipping from Linksys.

This is a problem for the Linksys brand because although the brand as a whole has a great price point for Home, Home Office (SOHO) and Small, Medium Business (SMB) Market segments the availability sucks and not being able to promise delivery or give an indication of delivery makes using the brand as a plausible solution pointless. While an Enterprise customer might be willing to understand and “deal” that no stock is kept in a Emerging market of their class of products and that the lead time to delivery is longer that understanding is lacking with SMB customers where deals are lost on cents and the ability to start installation tomorrow.

There was talk about a year back from the channel and some of my networking buddies that the Linksys brand would be integrated into the Cisco “stable” for good, meaning that the Linksys brand would phase out totally and only one would emerge. There were obviously two views to this; while one said “Great Cisco all the way” and the other said “Linksys is a strong brand on its own, why kill it?”.

Be that as it may the first steps of the brand integration process has started. How this whole change management process will work is that soon the “Linksys a division of Cisco” will become “Linksys by Cisco” with Linksys and Cisco sharing as much product space and font size and finally only “Cisco” will be on the packaging and product. This process happens over years to get customers use to the idea and “new” packaging and branding and is the eventual process after the companies have assimilated into each other and adopted each others cultures and views.

Wasn’t around back in the day but I suppose the Catalyst Switching platform followed the same routine as this. I know that the IBM and Lexmark Printing and Imaging System did this back in the day.

BSCI Design Foundation – Network Models

Published

Deon Botha

on July 25, 2008

in BSCI, BSCI Notes, Certification, Cisco Systems, Concepts and Constructs, ECNM, Enterprise Architecture, IIN and SONA

. 0 Comments

Design – Hierarchical

Where networks once were non-hierarchical (layer-1 design, layer-2 design, layer-3 design) they are generally now three-layer hierarchical in design (above). Cisco has been using this model for years and it gave a high-level overview of how a reliable network could be conceived but was largely conceptual because it did not provide specific guidance on “how-to” implement certain things, like:

Implementing redundancy,
Adding Internet Access,
Accounting for remote users,
Locating workgroup and enterprise services

Design – Enterprise Composite Network Model (ECNM)

Revisions to the hierarchical design showed redundant distribution and core devices and connections to make the hierarchical model more fault tolerant. The switch block design (above) explained how redundancy fit into a network, but still did not really adequately specify other parts of the network design. This lead to the Enterprise Composite Network Model (ECNM) development to address the failures of both the hierarchical model and switch block model.

This ECNM is broken into three large pieces:

Enterprise Campus,
Enterprise Edge,
Service Provider Edge.

Enterprise Composite Network Model

ECNM – Campus

The enterprise campus looks very much like the above switch block design with some added details:

Campus Backbone (like the core layer of the hierarchical model),
Building Distribution,
Building Access,
Management,
Server Farm (Enterprise Services).

The ECNM Campus builds onto the Switch block design but gives specific guidance as to where to place servers and management equipment. Take note that the servers look like a switch block and are redundantly attached (dual-homed) to the switches (not really shown nicely in the diagram).

ECNM – Enterprise Edge

The Enterprise edge shows the connections that the enterprise has with the wide area (other networks) and include:

E-Commerce,
Remote Access,
Internet Connectivity,
WAN (Internal links to other branches).

ECNM – Service Provider Edge

The service provider edge includes the public networks that facilitate wide area (other networks) connectivity:

Internet Service Provider (ISP),
Public Switched Telephone Network (PSTN) for dialup,
Frame Relay, ATM, and PPP for private connections.

Multiplexing

Historically voice traffic used one set of circuits and data traffic another. Also if you wanted more than one “number” the telecommunications company installed another physical line to your premises. If you wanted access to a data network they installed a data line for that purpose.

With line technologies like the T-carrier system (USA, Japan, Korea) 24 pulse-code modulated (I don’t know need to ask one the engineers about this), time-division multiplexed speech signals are carried over 2 copper pairs. This type of technology saved the telecommunications companies a lot of money in building out subscriber lines. The problem with T1 as a technology is that it cannot adjust as the customer usage requirements changes (see E-carrier system for Europe and other countries).

As technology changes so does the requirements from that technology; Modern networks are designed to carry voice, video, enterprise applications, normal LAN traffic and management traffic all on the same single secure infrastructure (convergence). The traffic is forced (statistically multiplexed) to share access to the network.

Service-Orientated Network Architecture (SONA) and Intelligent Information Network (IIN)

As covered above “Multiplexing” described the idea of a converged network as a system that integrates what was previously disparate systems (voice, video, data). The traffic types usually found on a converged network would include, but may not be limited to:

voice signalling and bearer traffic,
Core application traffic (ERP and CRM),
Transactional traffic related to database interactions (SQL),
Network management traffic for monitoring and maintaining the network structure (including routing protocol traffic),
Multicast multimedia,
Other traffic (web, e-mail, file transfer).

Each of the above traffic types has its own requirements and expectations that govern its successful execution. These requirements include security, QoS, transmission capacity, and delay.

To support this kind of multiplexed traffic, Cisco routers are able to implement filtering, compression, prioritization, and policing (dedicating network capacity). Except for the filtering process these processes are collectively known as QoS.

As an alternative to QoS, Cisco has an ideal called the Intelligent Information Network (IIN). This vision describes a network that integrates network and application functionality cooperatively allowing the network to be “smart” about how it handles traffic to minimize the footprint of applications. The IIN evolution is described in three phases:

Phase 1: Integrated Transport, deals with a converged network, built along a similar fashion of the ECNM and based on open standards (cross-compatibility)
Phase 2: Integrated Services, posits virtualization of resources such as servers, storage and network access; to move to an “on-demand” model. Don’t think marketing/advertising “virtualization” think practical virtualization the ISR routers (routing, switching, voice, network management, security and wireless) designed as an aio (all-in-one) appliance and Vitalizing Servers (if you have proper designed for the job servers) you can’t be trying this on SMB servers or try recycling 10 year old technology and thinking “bargain let’s load 5 operating systems on this”.
Phase 3: Integrated Applications, using application orientated networking (AON) to make the network “aware” allowing the network to actively monitor and participate in service delivery.

Service-Orientated Network Architecture (SONA) is the practical application or “how-to” of IIN in enterprise networks. SONA breaks down IIN into three layers;

SONA Infrastructure Layer is basically the same as IIN Phase 1,
SONA interactive Services Layer maps to IIN Phase 2,
SONA Application Layer has the same concepts as IIN Phase 3.

Resources:

Aragoen Celtdra on BSCI: Network Architecture and Design

Notes and Notices:

This is a part of my personal BSCI notes and research to assist myself in learning and understanding the concepts and theory for the BSCI exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BSCI Certification.

Switch Security – Wireless

Published

Deon Botha

on May 27, 2008

in 802.11, Access Point, BCMSN, BPDU Guard, Certification, Cisco Systems, Concepts and Constructs, Root Guard, STP and Wireless

. 0 Comments

This post will be broken into five (including this one) smaller posts. This is taking me far longer than I imagined to finish “Switch Security” (the last section of work before revision) as a section and I have had a few too many close calls in losing this draft post as it gets bigger and bigger.

Security has in the past been focused from the outside in and at the upper layers of the OSI model. Think of the deployment in most situations of a firewall (at the edge). Firewall and security devices often focus on edge routing devices and layer-3 and layer-4 information, stateful packet inspection, etc.

This being said internal communication is often open and unhindered. This is because out of the box “internal” trusted devices forward and just “trust” all. If an attack is launched from inside the network (trusted) then it often goes without notice for a long time. Many security features are available for internal network devices but they must be activated to work.

Access Points

With the large scale adoption of Access Points (APs) and other Wireless devices many employees want the same devices at work as those they enjoy at home. This brings with it the problem of employees plugging wireless AP devices into the office network (Malicious Rogues) when the IT department has no knowledge and has not given consent for these devices to operate on the enterprise network. This is a serious breach of company security because the APs are plugged into a network point (trusted) behind the firewall (untrusted) intentionally hidden from view (behind credenzas, filing cabinets, etc) and network view (SMTP, etc). Because John Doe office employee isn’t thinking about the L33t Hacker or Security ramifications they make the wireless AP work (without any security measures whatsoever).

To mitigate against Spanning Tree Protocol (STP) manipulation, use root guard and the BPDU guard enhancement commands. These commands enforce the placement of the root bridge in the network and enforce the STP domain borders. BPDU guard is best deployed towards user-facing ports to prevent rogue switch-network extensions by an attacker.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

QoS and Voice Traffic

Published

Deon Botha

on May 22, 2008

in AutoQoS, BCMSN, Certification, Cisco Systems, CoS, Concepts and Constructs, NBAR, QoS and Trunk

. 1 Comment

Definitions

ingress: arrives/come in/enter

egress: leaving/exit/to go

Its the new words of the day so its going to be used alot

Introduction

Regardless of the speed of individual switches (slower/older vs. faster/newer switches) or links (10/100), speed mismatches (ingress 1000/egress 100), many-to-one switching fabrics(multiple access layer switches into a distribution layer switch), and aggregation (multiple devices communicating through a single connection or to a single device or server) may cause a device to experience congestion, which can result in latency that result in dropped packets.

If and inevitably when congestion occurs (I have heard of enterprise pay-rolls that cause certain amounts of congestion on a network at the end of each month) and congestion management features are not in place (QoS, load balancing on servers, etc) then some packets will be dropped, causing retransmission (TCP) that inevitably increase overall network load and if voice and video are on the network (UDP) the inevitable will be angry employees. QoS can to an extent mitigate latency caused by congestion.

QoS is implemented by classifying and marking traffic at one device while allowing other devices to prioritize or to queue the traffic according to those marks applied to individual frames or packets.

LAN-Based Classification and Marking of Traffic

Classification and marking of traffic is the process of identifying traffic for prioritization as that traffic moves across the network. Traffic is classified by examining information at various layers of the Open Systems Interconnection (OSI) model. IP traffic can be classified according to any values configurable in an access control list (ACL) or any of these layers:

Layer-2 parameters: MAC Address, Multiprotocol Label Switching (MPLS), ATM Cell Loss Priority (CLP) bit, Frame Relay discard eligible (DE) bit, ingress interface
Layer-3 parameters: IP precedence, DiffServ Code Point (DSCP), QoS group, IP Address, ingress interface
Layer-4 parameters: TCP or User Datagram Protocol (UDP) ports, ingress interface
Layer-7 parameters: Application signature, ingress interface

QoS marks (values) establish priority levels (priority classes of service) for network traffic as it is processed by each switch (Access, Distribution, or Core). Once traffic is marked with a QoS value, then QoS policies on switches and interfaces will handle traffic accordingly at the frame and packet level. As a result of classification and marking, traffic will be prioritized accordingly at each switch to ensure that delay-sensitive traffic receives priority processing (voice, video) while non-delay sensitive data traffic waits it’s turn as each switch manages congestion, delay, and bandwidth allocation.

Layer-2 Qos

QoS layer-2 classification occurs by examining information in the Ethernet or 802.1Q header (trunking), like destination MAC Address, Virtual Local Area Network (VLAN) ID. QoS layer-2 markings occur in the priority field of the 802.1q header (LAN layer-2 headers have no place for this so 802.1Q encapsulation must occur). The priority field is 3 bits long (a.k.a 802.1p User Priority or class of Service (CoS) value).

The 3-bit Priority field can carry a value of 1 to 7; 1 is associated with delay tolerant traffic like TCP/IP traffic. Voice traffic receiving a higher priority for Call Signalling receiving a 3 value and Voice bearer traffic 5 value.

As a result of Layer-2 Classifications and marking, these QoS operations can occur:

Input queue scheduling: when a frame enters a port, it can be assigned to one of a number of port-based queues before being scheduled for switching to an egress port. Typically, multiple queues are used where traffic requires different levels of service.
Policing: is the process of inspecting a frame to see if it has exceeded a predefined rate of traffic within a certain time frame that is typically a fixed number internal to a switch. If a frame is determined to be in excess of the predefined rate limit, it can either be dropped, or the CoS value be marked down.
Output Queue Scheduling: is where the switch will place the frame into an appropriate egress queue for switching. The switch will perform buffer management on this queue by ensuring that the buffer does not overflow.

Layer-3 QoS

QoS layer-3 classification occurs by examining information of the header values such as destination IP address or protocol. Qos Layer-3 markings occurs in the Type of Service (ToS) byte in the IP header. The first three bits of the ToS byte are occupied by IP precedence, which correlates to three CoS bits carried in the Layer-2 header.

The ToS byte can also be used for DSCP marking that allows prioritization hop by hop as packets are processed on each switch and interface.

Trust Boundaries

In QoS campus implementations, trust boundaries are defined/created where existing QoS values that are attached to frames and packets are to be accepted or altered. These “trusts” are established by configuring trust levels on the ports of key peripheral network devices where QoS policies will be enforced (trusted) as traffic makes its way into/onto the network. At this entry point traffic will be allowed or not allowed to retain its original QoS markings or will be ascribed new markings (best practice is to mark traffic as close to the source as possible).

In practice this means that if you have a network with a Desktop/Notebook attached to a Cisco IP Phone attached to a Catalyst Switch attached to a Cisco Router the trust boundary can be set at the Cisco IP Phone. Where the IP Phone attaches priority values which are then trusted.

Otherwise if there is a Desktop/Notebook with Softphone attached to a Catalyst Switch attached to a Router the trust boundary can be set to the Desktop/Notebook. Where the softphone attaches priority values which are then trusted.

Configuration IP Phone Attachment

This goes hand in hand with how to configure VLANs first off we create a VLAN

switch#configure terminal switch(config)#vlan 10 name 001-WORK-STATION switch(config)#vlan 100 name 001-IP-PHONE

Now we need to assign the Data and Voice VLAN to a interface

switch(config)#interface gigabitethernet 0/1 switch(config-if)#switchport voice vlan 100 switch(config-if)#switchport access vlan 10

Now we need to setup trust as they arrive at the switch port

switch(config-if)#mls qos trust cos

Finally set the trust conditional to a Cisco IP Phone being attached

switch(config-if)#mls qos trust device cisco-phone

Auto QoS

Cisco AutoQoS gives the ability to deploy QoS features for converged IP Telephony and allow for telephony networks to be deployed quicker and efficiently than if it had to be done manually. Cisco AutoQoS generates traffic classes and policy map command-line (CLI) templates across platforms that are the same where doing things manually might not have the same congruence. Cisco AutoQoS simplifies and automates the QoS CLI (MQC) definition of traffic classes and the creation and configuration of traffic policies.

AutoQos can be beneficial in these scenarios:

SMB that deploy IP Telephony quickly but lack experience and staffing to deploy IP QoS Services.
Large enterprises that need to deploy Cisco Systems Telephony solutions on a large scale, while reducing costs, complexity, and time frame for deployment, and ensuring that the appropriate QoS for voice applications is being set in a consistent fashion.
International enterprises or service providers requiring QoS for VoIP where little expertise exists in different regions of the world and where provisioning QoS remotely and across different time-zones is difficult.
Service providers requiring a template-driven approach to deliver managed services and QoS for voice traffic of customer premises devices.

Cisco AutoQoS simplifies and shortens the deployment cycle in the following ways:

Application classification: By leveraging intelligent classification on routers Cisco network-based application recognition (NBAR) provides stateful and deep packet inspection. Cisco AutoQos uses Cisco Discovery Protocol (CDP) for voice packets to ensure that end-device attached to the Local Area Network (LAN) is really an Cisco IP Phones (keep in mind that CDP is Cisco Proprietary).
Policy Generation: Cisco AutoQos evaluates the network environment and generates the initial policy. This feature automatically generates interface configurations, policy maps, class maps, and Access Control Lists (ACL).
Configurations: Using one command, Cisco AutoQoS configures the port to prioritize voice traffic without affecting other network traffic, while still offering the flexibility to adjust QoS settings for unique network requirements. Cisco AutoQoS will automatically detect Cisco IP Phones and enable QoS settings, in turn it will also disable QoS settings to prevent malicious activity when a Cisco IP Phone is relocated or moved.
Monitoring and reporting: Cisco AutoQoS provides visibility into the Class of Service (CoS) deployed via system logging and Simple Network Management Protocol (SNMP) traps, with notification of abnormal events(VoIP packet drops).
Consistency: Cisco AutoQoS configurations are consistent among router and switch platforms. This level of consistency ensures seamless QoS operation and interoperability within the network.

Cisco Catalyst Switch Configuration – Cat OS

To configure the global QoS settings

Console> (enable) set qos autoqos ......... All ingress and egress QoS scheduling parameters configured on all ports. CoS to DSCP, DSCP to CoS. Precedence to DSCP and policed dscp maps configured. Global QoS configured, port specific autoqos recommended: set port qos <mod/port> autoqos trust <cos/dscp> set port qos <mod/port> autoqos voip <ciscoipphone/ciscosoftphone>

To configure Cisco AutoQoS settings and the trusted boundary features on/for Cisco IP Phones, CDP V.2 or later needs to be enabled on a port. If the trusted boundary feature is enabled. You will receive a syslog warning message if CDP is not running or CDP V.1 is running.

CDP need not be enabled if you do not use the ciscoipphone QoS configuraiton.
Console> (enable) set port qos 4/1 autoqos voip ciscoipphone Warning: CDP is disabled or CDP version 1 is in use. Ensure that CDP version 2 is enabled globally, and also ensure that CDP is enabled on the port(s) you wish to configure autoqos on. Port 4/1 ingress QoS configures for ciscoipphone. It is recommended to execute the "set qos autoquos" gloval command if not executed previously. Console> (enable)

To configure the port-specific QoS macro that handles all inbound QoS configurations that are specific to a particular port. This should only be used when the port connects to other known switches or servers because the port tursts all inbound traffic marked.
Console> (enable) set port qos 4/1 autoqos voip code/dscp

Cisco Catalyst Switch Configuration – Cisco IOS

When Cisco AutoQos in enabled on the first interface, QoS is globally enabled. This would be like configuring this command

switch#configure terminal switch(config)msl qos

To in turn enable QoS on an interface use this command that tells the switch that the interface is connected to a trusted router/switch and that the VoIP classifications in the ingress packet should be trusted:

switch#configure terminal switch(config)#interface gigabitethernet 0/1 switch(config-if)#auto qos voip trust

OR that the interface is connected to a Cisco IP Phone, the QoS labels of incoming packets are trusted only when the IP Phone is detected; this enabled CDP to detect the IP Phones absence or presence.

switch#configure terminal switch(config)#interface gigabitethernet 0/1 switch(config-if)#auto qos voip cisco-phone
To check config use the following command
switch#show auto qos interface-id

Cisco AutoQoS Automation

Cisco AutoQoS automates several things when configured. It enforces trust boundaries on Cisco Catalyst switches access ports, uplinks and downlinks. Enables Catalyst strict priority queuing (PQ) (a.k.a expedited queuing) with weighted round-robin (WRR) scheduling for voice and data traffic. It configures queue admission criteria and finally modifies queue sizes and weights as needed.

Notes and Notices:

Planning Voice on a Data Network

Published

Deon Botha

on May 21, 2008

in BCMSN, Certification, Cisco Systems and VoIP

. 0 Comments

There are numerous benefits to packet switched telephony:

More efficient use of bandwidth and kit: Traditional telephony networks use a 64-kbps (For argument lets say 1B Channel on a ISDN line) channel for every voice call. Packet telephony shares bandwidth among multiple logical connections and offloads traffic volumes from existing voice switches.
Lower costs for telephony network transmissions: A substantial amount of equipment is needed to combine 64-kbps (ISDN) channels into a high-speed link for transport across a network (Lets say an ISDN PRI). Packet telephony statistically multiplexes voice traffic alongside data traffic. This consolidation represents substantial savings on CAPEX and OPEX.
Consolidated voice and data network expenses: Data networks functioning separately from voice networks become major traffic carriers. The underlying voice networks can be converted to utilize the packet-switched architecture to create a single integrated communications network with a common switching and transmission system. The benefit is CAPEX and OPEX savings.
Increased revenues from new services: Packet telephony enables new integrated services, such as broadcast-quality audio, unified messaging, and real-time voice and data collaboration. These services increase employees productivity and profit margins well above those of basic voice services. In addition, these services enable companies and service providers to differentiate themselves and improve their market position.
Greater innovation in services: Unified communications use the IP infrastructure to consolidate communications methods that were previously independent (Fax, voicemail, email, wireline telephone, cellular phone, and the web). The IP Infrastructure provides users with a common method to access messages and initiate real-time communications – independent of time, location, or device.
Adding to new communications devices acket technology can reach devices that are largely inaccessible to the time-division multiplexing (TDM) infrastructures of today (pcs, wireless devices, household appliances, PDAs). Access to these devices enable companies and service providers to increase the volume of communications they deliver, the breadth of service they offer, and the number of subscribers they serve. Packet technology, therefore, enables companies to market new devices, including videophones, multimedia terminals, and advanced IP Phones.
Flexible new pricing structures: Companies and services providers with packet-switched networks can transform their service and pricing models. Because network bandwidth can be dynamically allocated, network usage no longer needs to be measured in minutes or distance. Dynamic allocation gives service providers the flexibility to meet the needs of their customers in ways that bring them the greatest benefits.

The basic components for voice on a IP network are as follows:

IP Phones: The end-device on desks
Gatekeeper: Provides Connection Admission Control (CAC), bandwidth control and management and address translation.
Gateway: Provides translation between voice over Internet Protocol (VoIP) and non-VoIP networks, such as the public switched telephone network (PSTN). It provides physical access for local analog and digital devices (telephones, fax machines, and PBXs)
Multipoint Control Unit: Provides real-time connectivity for participants in multiple locations to attend the same videoconference or meeting.
Call Agent: Provides call control for IP Phones, CAC, bandwidth control and management, and address translation.
Application Server: Provides services such as voicemail, unified messaging, and Cisco CallManager Attendant Console.
Videoconference Station: Provides access for end-users participation in videoconferencing. This station has a video camera and a microphone. The user can view video streams and hear the audio that originates from the remote user station.

There are other components not listed here like voice applications, interactive voice response (IVR) systems, and softphones that meet the specific needs of enterprise.

Voice and Data Traffic Characteristics

Voice traffic has extremely stringent QoS requirements (because it is extremely delay sensitive). Voice traffic generates a smooth demand on bandwidth and has minimal impact on other traffic (60 – 120 bytes), as long as voice traffic is managed. Because of the resulting time sensitive nature User Datagram Protocol (UDP) is used to package voice packets; TCP retransmit capabilities have no value (because if it needs to be retransmitted then there is delay in the actual conversation occuring NOW).

For voice quality, delay should be no more than 150ms (one-way) and less than 1% packet loss. A typical voice call requires 17 – 106 kbps of guaranteed priority bandwidth, plus additional 150bps per call for voice-control traffic. Multiplying this out for the maximum calls expected during busiest times the overall bandwidth requirements for voice traffic can be calculated.

Because Data traffic is not as delay sensitive and can tolearate high drop rates the restransmit capabilities of TCP has become important, as a result many applications use by default TCP.

In networks, important business critical applications are ussually easy to identify. Most applications can be identified based on TCP or UDP port numbers (HTTP, HTTPS, FTP, TELNET, SQL, ETC). Some application use dynamic port numbers that, to some extent, make classification more difficult. Cisco IOS software supports network-based application recognition (NBAR), which can be used to recognize dynamic port applications.

VoIP Call Flow

As I mentioned in a previous post (see HSRP Accross Trunk Links) and some other places its best practice to setup voice and data on separate VLANs (I did in my own network). This is done so that QoS can be applied to prioritize the VoIP traffic as it traverses the network. If this is not done then voice and data traffic contend for available traffic without consideration for other devices (one or the other is going to suffer).

A major component of designing a successful IP Telephony network is bandwidth provisioning. The bandwidth requirement is calculated by adding the total required bandwidth for voice, video and data together; the sum should not be more than 75% of the link total.

For a traffic perspective IP Telephony consists of two types of traffic:

Voice Carrier Stream consists of Real-Time Transport Protocol (RTP) packets that contain actual voice samples.
Call Control Signaling that contains packets belonging to one of several protocols used to set up, maintain, tear down, or redirect calls. Depending on the end-point this could be H.323 or Media Gateway Control Protocol (MGCP)

Auxiliary VLANs

Some Cisco Catalyst switches offer a unique feature called “Auxiliary VLAN“. This feature allows one to overlay a voice topology over an existing data network. One can segment phones into a separate logical network, even though the data and voice network are physically the same.

The auxiliary VLAN feature places the phones into their own VLANs without any end-user configuration. Additionally VLAN assignment can be maintained even if the phone is moved.

How this works is that when a phone is plugged into the switch (whichever port), the phone will request a DHCP address, and the phone is placed in a VLAN automatically. With phones in their own VLANs administrators can troubleshoot and identify problems easily. This also makes enforcement of QoS and security policies easier.

QoS

QoS is the application of features and functionality required to actively manage and satisfy the networking requirements of applications that are sensitive to loss, delay and delay variations (jitter). QoS allows preference to be given to critical application flows for the available bandwidth.

Cisco IOS implementations allows for QoS to provid these features:

Priority access to resources: QoS allows administrators to control which traffic it allows to access specific network resources such as bandwidth, kit, and WAN links.
Efficient management of network resources: If network management and accounting tools indicate that specific traffic is experiencing latency, jitter, and packet loss, then QoS tools can be used to adjust how traffic is handled.
Tailored service: The control provided by QoS enables Internet Service Providers to offer carefully tailored grades of service to their customers.
Coexistance of mission-citical applications: QoS technologies ensure that mission-critical applications receive priority access to network resources while providing adequate processing for applications that are not delay sensitive.

High Availability

Traditional Telephony networks strive to provide 99.999 (5.25 minutes) of downtime a year. This is less downtime than most data networks. To provide the same experience this means choosing hardware and software with a low mean time between failure (MTBF) or installing redundant links and hardware.

Availability is when a user wants to make a call the network is able to respond to that need. Efforts to ensure availability would include proactive management to predict failure and taking steps to correct problems in design of the network as it grows. When the converged network goes down things downtime can be minutes, hours or days. This is unacceptable in a converged network where downtime means no phone calls. Providing for uninterpretable power supplies (UPS), lighting arrestors and other means to ensure availability at all costs.

High Availability encompases many areas of a network. In a fully redundant network these components need to be duplicated:

Servers and call managers,
Acces layer devices (layer-2 switches)
Distribution layer devices (routers or Layer-3 switches)
Core layer devices (layer-3 switches)
Interconnections (WAN links, PSTN Gateways, ISP links)
Power supplies and UPSs

Notes and Notices:

WLAN Standards

Published

Deon Botha

on May 15, 2008

in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless

. 0 Comments

This is a generally a nice to know topic; if you don’t want to know the basics on “how” it works but rather just care that it works this might not be “light” reading.

There are “generally” (dependant on your country) unlicensed bands:

900-MHz Industrial, Scientific and Medical (ISM) Band (902-MHz to 928-MHz)
2.4-GHz Industrial, Scientific and Medical (ISM) Band (2400-MHz to 2483-MHz) (Japan to 2495-MHz)
5.7-GHz Unlicensed National Information Infrastructure (UNII) Band (5150-MHz to 5350/5725/5825 MHz) (Not all countries support 802.11a)

Radio Frequency Transmission (for dummies i.e. with no electric/electronic engineering background a.k.a ME):

Radio Frequencies (RF) are radiated (why does this not make me feel better I’ve seen what a microwave do when it radiates things) into the air by antennas that create radio waves. When radio waves are propagated through objects, they may be absorbed (walls) or reflected (metal). This absorption may cause areas of low-signal.

Radio wave transmission is affected by the three factors:

Reflection: when RF waves bounce of objects (metal, glass)
Scattering: when RF waves strike uneven surfaces and are reflected in many directions
Absorption: when RF waves are absorbed by objects (concrete, bricks, walls)

Data Transmission over Radio Waves (for dummies i.e. with no eletric/electronic engineering background a.k.a ME):

Higher data rates (faster connection) have shorter range because the receiver needs a stronger signal with a better signal-to-noise ratio (SNR) to retrieve the information.
Higher transmit power results in greater range. To double the range, the power has to be increased by a factor of 4 (four).
Higher data rates require more bandwidth. Increased bandwidth is possible with higher frequencies.
Higher frequencies have shorter range through higher degradation and absorption. More efficient antennas can compensate for this effect.

WLAN Regulations and Standardizations:

Regulatory Agencies control the use and enjoyment of RF bands. The two main regulatory agencies are the FCC (USA) and ETSI (Europe) (South Africa and EMEA region if in doubt follow ETSI).

The network (802) standardization is done by the IEEE. The wireless (802.11) standards are part of the network standard these include 802.11 a/b/g and soon to be finalized/ratified n.

Finally the Wi-Fi Alliance offers certification for vendors of 802.11 products so that their products are interoperable. The Wi-Fi Alliance certifications include all three 802.11 RF technologies and Wi-Fi Protected Access (WPA) security model (2003) based on IEEE 802.11i (ratified 2004).

IEEE 802.11b

Ratified Sept 1999

Operates in the 2.4-GHz ISM Band

Specifies direct sequence spread spectrum (DSSS)

Specifies four data rates up to 11-Mbps (1, 2, 5.5, and 11-Mbps)

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

2.4-GHz Channels

Up until this point Wireless channels might not have made “sense” if you weren’t as I joked “previously advantaged” with a electrical or electronic engineering qualification. Those ladies and gents are force fed this amongst other things for at the very least a semester in university so they know this kind of thing backwards (I know how they complained about it). If you are like myself a business grad then this is all new.

What this graph shows (pay attention to the grey highlight) is 3 non-overlapping Channels (except for Japan). If you are in Japan you can use the 14th channel along with 3 others to have access to 4 total channels.

This information is region specific and then also country specific (I know South Africa in general follows ETSI which falls under EMEA). Some countries may allow 14 channels while others may only allow 1 channel.

At a Cisco Tech-Update (I can’t remember the speaker forgive me) Wireless channel usage was explained using the below diagram and it made all the above fall into place for me.

What the diagram shows is the 2.4-Ghz frequency (visually) with the channels laid out how all the channels overlap. This is what 802.11 b/g “looks” like with the 3 non-overlapping channels (black).

Example: Three non-overlapping channels (1, 6, and 11) that do not share RFs. There would be no degradation in throughput if 3 APs were to operate in the same cell using channels 1, 6, and 11.

To show the maths 3 APs on 3 non-overlapping channels (2, 6, and 11) provide an aggregate data-rate for a cell of 33-Mbps (11-Mbps x 3), with an aggregated throughput of approx. 16-Mbps (33-Mbps/2).

Example: Three APs sharing the same channel, in the same cell.

To show the math 3 APs on the same channel(1, 1, and 1) provide an aggregate data rate a 11-Mbps but an aggregated throughput of 6-Mbps. This results from APs sharing a cell.

Example: Three APs sharing overlapping channels, in the same cell.

To show the math 3 APs on overlapping channels (1, 2, and 3) the throughput could drop to well below 1-Mbps due to interference.

Channel Reuse

At the same Tech Update they explained how using the non-overlapping channels a deployment can be done where none of the same channels border. Imagine the cells from top down on an overaly of an office plan looking like the diagram below.

Data Rates

WLAN clients (end-devices) can shift data rates as they move. The closer you are to a AP the better coverage will be (11-Mbps), as you move away from the AP coverage will get worse (5.5-Mbps) and worse (2-Mbps) and worse (1-Mbps) until there is no signal. This data rate shifting occurs without user interaction or connection loss.

This rate shifting also happens on a transmission-by-transmission basis; whereby the AP can support multiple clients at multiple speeds (meaning transmissions 1 might be 11-Mbps and transmission 2 might be 1-Mbps depending on the end-user location).

IEEE 802.11a

Ratified Sept 1999

Operates in the 5-GHz ISM Band

Uses orthogonal frequency-division multiplexing (OFDM)

Specifies eight data rates up to 54-Mbps (6, 9, 12, 18, 24, 36, 48, 54-Mbps)

FCC – 12 to 23 non-overlapping channels

ETSI – up to 19 non-overlapping channels

Regulatory differences across countries

802.11a requires Transmit (Tx) power control and dynamic frequency selection (802.11h)

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

5-GHz Channels

802.11a must comply with two features in 802.11h namely Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).

TPC links back to the basics, the more Transmit Power pumped into an AP the greater the range (greater range = less data-rate). TPC is where an AP exchanges transmit power information with end-device adapters. This has a twofold advantage:

end-device adapters use only enough power to maintain association with APs at any given data rate. In turn conserving energy (good for mobile devices and at current Eksom).
end-devices contribute less to adjacent cell interference.

DFS is where the AP monitors the available 5-Ghz RF spectrum radar installations in the environment and if found flags the appropriate channel(s) as unavailable. DFS continually monitors the operating environment for changes during operation.

IEEE 802.11g

Ratified June 2003

Operates in the 2.4-GHz ISM Band as 802.11b

Uses direct sequence spread spectrum (DSSS) complementary code keying (CKK) and orthogonal frequency-division multiplexing (OFDM)

Specifies twelve data rates up to 54-Mbps (1, 2, 5.5, 11-Mbps DSSS/802.11b and 6, 9, 12, 18, 24, 36, 48, 54-Mbps OFDM).

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

Security and Mitigation of Wireless Risks

Linking back to the beginning of this post and why Wireless could potentially be a security threat. The process of Wireless is “Radio Frequencies (RF) (that) are radiated into the air by antennas that create radio waves” and in turn your network data travels across radio waves from source (server or point A) to destination (end-device or point B).

This wireless communication if left unsecured, leaves a wide open method of access to anyone that wants to enter, use and abuse your enterprise infrastructure. With the low cost of IEEE 802.11 wireless equipment these days adoption is gaining in the mass market (home, small office/home office (SOHO), small medium business (SMB)). With greater adoption of the mass market the products are easier to use and deploy and implement (graphical user interface (GUI) deployments and out the box operation). This large adoption also makes for sub-business class consumer grade products making a regular appearance in server-rooms, business settings and other environments where they are definitely not meant to be (don’t get me wrong consumer products work great for a family of 5 people but aren’t built or designed to handle with an office of 10 people or a department of 50 people).

There are many large telco (Telkom) companies that offer pre-configured Wi-Fi combination routers with the DSL accounts. Most if not the majority of users literally plug and play (plug it in and use it with default settings). This is a very conducive environment for “war driving” for the single purpose of free Internet, collecting sensitive information through the use of various freely available tools and applications.

The Process

Anyone implementing Wireless needs to at the very least consider security which is a three step process of Authentication (802.1x or Extensible Authentication Protocol (EAP)), Encryption (Wi-Fi Protected Access (WPA – TKIP, WPA2 – AES or TKIP)) and Intrusion Detection and Protection (IDS and IPS).

Wireless Association

Looking at how end-devices (clients like notebooks, smartphones, PDAs) associate with APs then something I mentioned in a previous post will crystallize.

APs broadcast (send out) beacons with SSIDs (one or many), data rates (depending on distance from AP) and other information. The end-device scans the available channels looking for beacons and responses from APs. The end-device then in turn associates with the AP with the strongest signal.

If you are using a mobile device and moving with your device and signal becomes weak this process will repeat.

It is during this association process that SSID, MAC address and security settings are sent from end-device to the AP and checked. This is what we are going to be talking about in the next couple of paragraphs.

Authentication

When an end-device attempts to associate this is done via the 802.1x protocol. The end-device is called a supplicant which communicates with an autonomous AP* (called the authenticator) that communicates and in turn authenticates to an Authentication, Authorization and Accounting Server (AAA Server) like RADIUS/TACACS+ or Cisco Secure ACS.

*LWAPP uses the WLAN controller that acts as the Athenticator that in turn communicates and authenticates with the AAA Server.

Encryption

After authentication is successful (if unsuccessful the connection is denied) data between the end-device and the AP is sent encrypted in either TKIP or AES encryption.

Definitions

Signal-to-Noise

Notes and Notices:

Wireless and WLANs and related Technologies

Published

Deon Botha

on May 12, 2008

in 802.11, Access Point, BCMSN, Certification, Cisco Systems and Wireless

. 1 Comment

You will all probably see that I have no love lost for Wireless as I do these notes, I really love to hate and hate to love Wireless. Its maybe because its so unpredictable, I don’t know. But without further ado, lets get right into the thick of things.

There are various types of Wireless without being specific. What follows below is the list of “Wireless” data Technologies available:

Wireless-Data-Technologies

Moving swiftly forward; thinking back to CCNA studies the different type(s) of network(s) and respective sizes that defined and characterized those networks now becomes important. A wireless Technology is defined by its tangible and intangible characteristics, think carefully about that statement and its application.

I won’t have a UMTS network (no matter how cool it would on the bragging rights) as my home network or Small Office Network. Even if it might/could/would support voice, video and data just like my 802.11 a/b/g/n network. (I’m not going to start on how fried your brain might get)

Personal Area Networks (PAN): This is marketing and advertising buzz (at least consider it as such). This technologies are Infrared (IR) and Bluetooth. The distance is painfully short and designed to cover your personal work-space environment. Think mobile to headset, notebook to printer, mobile to mobile (all peer-to-peer and device to device) and in the case of IR line of sight. In this category you own the products and therefore there is no charge for “airtime”.

Local Area Networks (LAN): Like a wired LAN, the Wireless LAN (WLAN) is enterprise-based allowing the same enterprise (company) applications to be used without wires. WLANs since 802.11n have reached and surpassed 10/100 spec wired networks with connectivity speed of 300 Mbps maximum (this I think is marketing for when the wind is blowing in the right direction, you are standing on one leg, there is no interference and no other users on the network). WLANs are the same as PANs where the customer owns 100% of the network thus there are no “airtime” charges.

Metropolitan Area Networks (MAN): These Wireless networks are deployed inside an urban area and allow connection within that area without the use of wires. Wireless MANs can connect up to the speed of DSL broadband (define broadband) but not much faster. These networks can be run and maintained by a licensed carrier requiring customers to purchase airtime or by a entity (public mostly) like the police, emergency services, etc. Examples are multichannel multipoint distribution service (MMDS) and local multipoint distribution service (LMDS).

Wide Area Network (WAN): The Wireless WAN is typically slower with more coverage than the “smaller” network technologies. These networks usually cover rural areas or a larger scale areas. Due to the infrastructure requirements, scale and scope of the network they all require the purchase of airtime for data transmission. Examples are packet radio service (GPRS), and code division multiple access (CDMA).

WLANs

A Wireless Local Area Network (WLAN) is similar to a Ethernet network in many ways. WLANs are shared networks as are Ethernet Networks. An Access Point (AP) functions like a Ethernet HUB aggregating and sending for all intents and purposes network information to and from end-devices. In any wireless cell only one station can transmit data at any time; while all others listen.

The transmission setup of wireless is similar to that of coax cable or half-duplex Ethernet working through a Ethernet hub. The average data rate per station is the total bandwidth divided by the total number of stations connected to that AP. Now in reality the actual data throughput is less because of wireless specific issues and the above mentioned calculation.

Use

WLANs are meant for local networks and not WANs. They are used inside buildings, line of sight outdoor building bridging connections (combination of both). There is no license required for WLANs (country specific). A WLAN is not a cellular network. It does not provide packet data transmission for cellular phones.

Similarities

WLANs are 802 LANs (802.11 to get specific). The data in WLANs is sent over radio waves while wired LANs send data over wires (duh). Both WLANs and Wired LANs define physical and data link layers and use MAC addresses. The same applications can be used on WLANs and Wired LANs.

Differences

In WLANs Radio Frequencies (RF) are used as the physical layer of the network. WLANs use carrier sense multiple access collision avoidance (CSMA/CA) and not carrier sense multiple access collision detection (CSMA/CD). This is because collision detection is not possible because a sending station can’t receive at the same time that it is transmitting thus cannot detect a collision. Instead Request to Send (RTS) and Clear to Send (CTS) protocols are used to avoid collisions. Additionally to this WLANs use different frame formats needing more information in the layer-2 header of the frame.

Radio Waves have problems (read lots of) not found with wires. Connectivity issues in WLANs can be caused by several problems, RF transmission, multipath distortion, and interference from other wireless services or other WLANs. There is security and privacy issues because a radio frequency doesn’t stop at the end of a property and can therefore be picked up by someone off-site.

In WLANs mobile clients are used to connect to the network, these mobile devices don’t have a physical wired connection to the network and often run on battery power as opposed to mains.

WLANs must meet country specific RF regulations where wired LANs don’t have these country specific regulations.

History

WLAN technology evolution started in the 1980s using 800-MHz direct sequence spread spectrum (DSSS) technology. DSSS was easy as it required no licenses to use and a single AP could cover large areas. The single biggest problem with DSSS was that few countries allowed the technology. As time passed, need for speed, open standards, and global adoption forced manufacturers to engineer products in the 2.4-GHz band sometime in the 1990s.

The 2.4GHz band put Wireless into a cleaner RF this meant less interference from other “devices” but higher speeds and higher frequency had a range drawback requiring more APs to be placed but the 860 kbps to 1-2 Mbps speed made up for this. The only problem still remaining with Wireless was the proprietary nature of the technology. In 1992 the IEEE drafted the 802.11 standard making the WLAN standard open.

In July 1997, the IEEE ratified the 2.4-GHz standard to include DSSS technology t the physical layer. The standard specified 1 Mbps standard speed and 2 Mbps as “turbo” speed.

In September 1999 the IEEE ratified the IEEE 802.11 a standard (5-GHz at 54 Mbps) and IEEE 802.11b standard (2.4-GHz at 11 Mbps). Then in June 2003 the IEEE ratified 802.11g (2.4-GHz at 54 Mbps). The 802.11b and 802.11g standard are backward compatible (both use 2.4-GHz). Then sometime November 2008 the IEEE should maybe finalize an amendment to IEEE 802.11 for 802.11n (2.4-GHz and/or 5-Ghz at 300 Mbps (2 streams)).

Terms:

Last Mile Access:From CCNA studies referring to the cable connects a customers premises to the telco equipment. The right term for the telco kit would be their Central Office (CO) Customer Premises to the Central Office of the telco.

Resources:

Pretoria Wireless Project

Notes and Notices:

Inter-VLAN Routing (Router on a Stick)

Published

Deon Botha

on April 22, 2008

in BCMSN, Certification, Cisco Systems and Inter-Vlan Routing

. 0 Comments

When a switch supports multiple VLANs but has no Layer-3 capability, the switch must be connected to an external Layer-3 device (router). This is done by creating a trunk link (isl or 802.1q) between the switch and router that can carry all VLAN information and provide inter-VLAN routing (a.k.a. Routing on a stick). The interface must be FastEthernet or better preferably.

There are some advantages and disadvantages to Inter-VLAN routing:

Advantages are that it is simple to implement, A Layer-3 switch (expensive) is not required, The router provides communication between VLANs.
Disadvantages are that the router is the single point of failure for the network, the single trunk link may become congested, Latency may be introduced as frames leave the switch.

Configuration

There are a couple of things that are needed to configure inter-VLAN routing. First things first would be that you need VLANs to route. I jumped the gun here and explained the entire process of Inter-VLAN routing; what can I say I was excited

So to in revision lets create some VLANs

switch>enable switch#config term switch(config)#vlan 100 name Inter switch(config)#vlan 200 name VLAN switch(config)#vlan 300 name Routing

Now lets configure an interface as a trunk on the switch

switch(config)#interface gigabitethernet 0/1-28 switch(config)#switchport trunk encapsulation dot1q switch(config)#switchport mode trunk

The switch now has VLANs and a Trunk Link onto the router

router>enable switch#config term switch(config)#interface fastethernet 0 switch(config)#no ip address switch(config)#description trunk-link switch(config)#interface fastethernet 0/0.1 switch(config)#description Native-vlan switch(config)#ip address 192.168.1.1 255.255.255.0 switch(config)#encapsulation dot1q native switch(config)#interface fastethernet 0/0.100 switch(config)#description Inter-vlan switch(config)#ip address 192.168.2.1 255.255.255.0 switch(config)#encapsulation dot1q 100 switch(config)#interface fastethernet 0/0.200 switch(config)#description VLAN-vlan switch(config)#ip address 192.168.2.1 255.255.255.0 switch(config)#encapsulation dot1q 200 switch(config)#interface fastethernet 0/0.300 switch(config)#description Routing-vlan switch(config)#ip address 192.168.3.1 255.255.255.0 switch(config)#encapsulation dot1q 300
To check the configuration use the following commands
router#show vlan 100
router#show ip protocols
router#show ip route
To verify and test connectivity do the following two things: First you ping from the router a host in each VLAN to confirm connectivty from the router to the separate hosts and VLANs.
router#ping instert.host.address.here Sending 5, 100-byte ICMP Echos to insert.host.address.here, timout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Second go to hosts (in our case 3 hosts one in VLAN 100, 200, 300) and ping other hosts in other VLANs (make sure the hosts you are pinging to are in other VLANs otherwise you aren’t testing Inter-VLAN connectivity). So a host on VLAN 100 will ping hosts in 200 and 300, a host in VLAN 200 will ping hosts in 100 and 300 and VLAN 300 will ping hosts in 100 and 200….
C:\Users\Administrator>ping insert.host.address.here Pinging insert.host.address.here with 32 bytes of data: Reply from insert.host.address.here: bytes=32 time<1ms TTL=127 Reply from insert.host.address.here: bytes=32 time<9ms TTL=127 Reply from insert.host.address.here: bytes=32 time<8ms TTL=127 Reply from insert.host.address.here: bytes=32 time<1ms TTL=127 Ping Statistics for insert.host.address.here: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 9ms, Average = 4ms C:\Users\Administrator>

Network Ninja

Tag Archive for 'Vision'

Open Shortest Path First – OSPF Fundamentals – Multiple Areas

CCIE Command Memorizer

Linksys Brand to Disapear

BSCI Design Foundation – Network Models

Switch Security – Wireless

QoS and Voice Traffic

Planning Voice on a Data Network

WLAN Standards

Wireless and WLANs and related Technologies

Inter-VLAN Routing (Router on a Stick)

Search

About

Latest

Archives

Categories