Practice tests for CCNA, CCNP, MCSE, A+, Server+, i-Net+ Network+, , CCSA, and More!

CCNP™- Remote Access ExamCram

 To be CCNP certified, the following exams need to be successfully completed:

Alternatively, one can take the following exams to obtain CCNP certification:

Examcram

1.0 Central site equipment:

Cisco^® recommends any of the following router equipment for central site or Corporate site:

1. Cisco 3600 series: Several models are available including 3620, 3640, and 3660. 36XX series of routers/access servers support variety of connections and protocols. The supported network interfaces include the following:
Ethernet, Fast Ethernet, Token Ring, Asynchronous, Synchronous serial, High Speed Serial Interface, ISDN BRI, Channelized T1/ISDN PRI (with and without CSU) , Digital Modems, Analog Modems, Voice, among others.

2. Cisco 4000 series: Cisco 4000 series include Cisco 4500 and Cisco 4700. Each of these have three network module slots. The presence of network module slots allows us to use variety of network modules and protocols. WAN Interface Card (WIC) can also be plugged in.
Cisco AS5X00: Cisco AS5X00 family of access servers support both analog modem and ISDN dial services. It is ideal where large number of remote users want to access the central site using dial up or ISDN services.

3. Cisco 7000 series: These are high end routers that supports combination of Ethernet, Fast Ethernet, Token Ring, FDDI, ATM, serial, ISDN etc. 

The selection of equipment depends on the number of computers situated at the central site, type of applications that are being used, the number of remote connections from branch offices/home offices/telecommuter sites, and the bandwidth requirements.

1.1 Cisco recommends the following router equipment for branch office:

Series 1600: Cisco 1600 series includes Cisco 1601 through Cisco 1605. Each router has one empty network module slot.

Series 1700: Cisco 1700 series include Cisco 1720. It has one 10/100 Ethernet interface and two WAN slots.

Series 2500: Cisco 2500 series include Cisco 2501,2502. These routers are typically fixed configuration with any combination of the Ethernet, Token Ring, synchronous serial, ISDN BRI, and Hub (at least two of these interfaces are present).

Series 2600: Cisco 2600 series includes Cisco 2610, and 2620 routers. Each router has two empty WAN slots and one empty network module slot.

Note that Cisco series 1600, 1700, 2500, and 2600 are recommended for branch office applications.

1.2 The following are recommended by Cisco for Telecommuter site:

Series 700 are easy to configure multiprotocol ISDN access routers.
Series 800 are fixed configuration routers with ISDN BRI and Ethernet interfaces. Cisco recommends these models for home office/telecommuter facility.

Note that Series 700/Series 800/ Series 1000 routers are recommended for home office/telecommuter facility.

2.0 Some important routers series and their configurations:

Series 800 are fixed configuration routers with one Ethernet interface and most models (Only Cisco 805 does not have ISDN BRI interface) have ISDN BRI interface. Cisco805 has Serial interface. Cisco803, 804, and 813 can also accommodate 2 POTS in addition to Ethernet and ISDN BRI.

Series 1000: These are also fixed configuration routers. Cisco1003, Cisco1004 have 1 ISDN BRI + 1 Ethernet interface. Cisco 1005 has one Ethernet + 1 serial (sync/async) interface.
Note that Cisco 700 series, 800 series, and 1000 series are recommended for telecommuter or home office.

Series 1600: Cisco 1600 series includes Cisco 1601 through Cisco 1605. Each router has one WAN slot. Models 1601,15602,1603,1604 have one Ethernet interface, whereas model 1605 has 2 Ethernet interfaces. Support is also provided for ISDN BRI (1603,1604), and serial interface (1601). Cisco1602 has 56/64K CSU/DSU interface.

Series 2500: Cisco 2500 series include Cisco 2501,2502 and several other models. These routers are of fixed configuration (except Cisco2524) with any combination of the Ethernet, Token Ring, synchronous serial, ISDN BRI, and Hub (at least two of these interfaces are present).

Series 2600: Cisco 2600 series includes Cisco 2610, 2611 and 2620, 2621 routers. Each router has two empty WAN slots and one empty network module slot. 2610 has 1 Ethernet interface, whereas 2611 has two Ethernet interfaces. 2620 has 1 Fast Ethernet interface, whereas 2621 has two Fast Ethernet interfaces. The major difference between 2610 and 2620 is that the later provides support for Fast Ethernet.

It is recommended that you practice configuration of routers using ConfigMaker, a free utility available at Cisco Website and free to download and use.

By observing the status of various LEDs on a Cisco router, the health of a router can be found quickly. However, if the LED status is OK, and the problem still remains, you need to consult the manufacturer documentation for troubleshooting. Other options include Cisco Website, CCO Website etc.

Important LEDs on a Cisco 1600 router are as follows:
1. System PWR: Green indicates that the DC power to the router is OK.
2. System OK: Green indicates that the router has booted properly.
3. WIC CD: Green indicates an active connection on the serial port of WAN interface card.
4. WIC ACT: Activity indicates an active connection on the serial port of WAN interface card.
5. LAN ACT: This indicates that data is being sent or received.
6. LAN COL: Frame collisions are indicated by a flashing yellow LED.

4.0 EIA-232 / RS 232:

In EIA/TIA-232 standard, signals can be grouped as below (Pin numbers are given assuming 25 pin connector cable):
A. Data Transfer Group:
TxD (pin 2 on DTE): Transmit Data - This represents data transmit from DTE to DCE (Note the reference is DTE)
RxD (pin 3 on DTE): Receive Data - This represents data received from DCE to DTE (Again note the reference is DTE)
GRD (pin 7 on DTE)
B. Flow Control Group:
RTS (pin 4): Request To Send - Represents that the DTE has buffer space available to receive data from the DCE.
CTS (pin 5): Clear To Send - Represents that the DCE has buffer space available to receive data from DTE.
C. Modem Control Group:
DTR: Data Terminal Ready - Represents that the DTE is ready to receive data.
CD (pin8) - Carrier Detect - Indicates that the DCE has detected carrier from remote DCE.
DSR (pin6): Data Set Ready - It indicates that the DCE is ready to use.
If you are using a 25 pin connector on either end, and the cable is straight through, there is one to one correspondence in the pin connections. That is pin 2 of DTE is connected to pin 2 of DCE, pin 3 of DTE is connected to pin 3 of DCE etc. However, if you are using 25 pin connector at one end and 9 pin connector at the other end, the pin numbers change. 

5.0 Null Modem:

In normal course, a DTE device is expected to communicated with a DCE device. In such event, the connections between the DCE and DTE devices is straight. However, if the communication need to happen between two DTEs or two DCEs (Null Modem), the signals need to be rolled. This is achieved by rolling the pins in the cable or in the DB-25 adapter. Typically, a DTE to DTE communication can be achieved by:

1. By connecting DTE to a rolled RJ-45 cable to a straight DB-25 adapter to DTE, OR

2. By connecting a straight RJ-45 cable to a rolled DB-25 adapter to DTE.

Similarly, a DTE to DCE communication can be achieved by:

1. Connecting a DTE to a straight RJ-45 cable to a straight DB-25 adapter to DCE, OR

2. Connecting a rolled RJ-45 cable to a rolled DB-25 adapter to DCE.
Note that rolling the signals twice is same as using straight through cables or adapters without any rolling at all.

6.0 Line Numbers - Cisco devices have the line numbers assigned in the following manner:

Console line (CON): Assigned line number 0

Asynchronous lines (TTY): Assigned line number n, where n represents the first physical line after the Console line. For example, TTY line 4 is assigned line number 4.

Auxiliary line (AUX): The auxiliary line is assigned the last TTY (async) line + 1. For example, if there can be n TTY lines, the Auxiliary line is assigned n+1. Note that the TTY lines are as recognized by Cisco IOS and not necessarily be present physically.

6.1 The Interface number of a port in a Cisco 3600 router is calculated as below:

Interface number = 32Xslot number + Unit number + 1
Note that slot numbers and port numbers start at 0. 

For 3640, there are 4 network module slots, ranging from 0 to 3. The line number for slot 1, port 9 is given as below:
32X1 + 9 + 1 = 42.

Also, note that the interface number is same for a given slot/port combination irrespective of whether the other modules are of different type (like 8 port or 16 port or 32 port) or even empty.

Note that line 0 is always used by console port. The async lines start from line 1 onwards. For 3620, there are two network module slots. Therefore, the line numbers are assigned as below by IOS software:

Console: Line 0
Slot 0 (Port #s 0 to 31): Line 1 to 32
Slot 1 (Port #s 0 to 31): Line 33 to 64
Aux. Port: Line 65. Note that Auxiliary port is assigned a line number next to async lines (async lines are also known as tty lines).

7.0 Asynchronous Communications:

There are two different kinds of configurations required to make an asynchronous port to place and receive calls. These are:

1. Line configuration

2. Interface configuration.

Line configuration commands allow you to configure the modem parameters such as line speed, flow control, etc.
Interface configuration commands allow you to configure the protocol aspects such as encapsulation, authentication etc. The distinction between these two configurations must be known clearly!

7.1 Given below are various types of interfaces / cables that are supported for connecting Cisco routers to the external networks:

1. Asynchronous connections make use of RJ-11 cables between the modem's line port ad the telephone company jack. If the modem is external to the router, a EIA/TIA-232 cable is required between the router and the modem. DB-60 end of the cable is connected to the router and DB-25 end of the cable is connected to the modem.

2. ISDN BRI connections make use of RJ-45 cables between the BRI interface and the ISDN network. 

3. ISDN PRI connections in North America are done in either of two ways: 

 3.1. Internal CSU: Routers with internal CSU modules attach directly to the ISDN network with a standard JR-48 connector.

 3.2. External CSU: DB-15 female end of the cable is attached to the router, and the other end is attached to the CSU. The CSU in turn is attached to the ISDN network.

4. For Frame Relay connection, the following signaling standards are supported by Cisco routers:
EIA/TIA-232, EIA/TIA-449, V.35, X.21 and EIA-530. The router end of the serial cable is always a DB-60 port sitting on the serial interface of the router.

8. Chat Scripts - Chat-scripts are divided into two types:

1. Modem scripts: These are sent between the DTE and DCE.
2. System scripts: These are sent between the DTE and DTE.
The chat-script consists of simple "Expect - Send" pairs. The local device 'expects' certain word, and sends a matching word.
  
Chat-scripts can be used to do the following:
1. Initializing the directly attached modem,
2. Instructing the modem to dial out or logging in to a remote system,
3. Detection of errors etc.

9. Access Servers:

Async interfaces on Access Servers can be configured in one of two modes:

1. Dedicated - In this mode, an interface is automatically configured for SLIP or PPP. The end user cannot change the encapsulation method, address, etc. basically there will be no user prompt or EXEC level.
The command used for this is:
Router(config-if)# async mode dedicated

2. Interactive - In this mode, the user prompt or EXEC level are available to the dial-in user. Therefore, the dial-in user can select whether to run SLIP, PPP, or Telnet etc. interactively.
The command 'autoselect' is used to autosense between arap, ppp, or slip. This command needs to be given only after the command async mode interactive is given. If you try to give 'autoselect' command without first issuing 'async mode interactive', you will get an error message.
Finally, the command 
Router(config-if)# async dynamic address - is used to allow the remote dial-in client to enter its own IP address.

10.0 PPP:

The command 'ppp callback accept' is used on the Access Server side to enable callback to clients. On the other side, the callback client is configured with 'ppp callback request' command to request a callback from the Access Server.
The command 'dialer callback-secure' is used to disconnect calls that are not properly configured for callback.

Following are important commands often used while configuring PPP:
1. Encapsulation ppp - specifies ppp authentication method.
2. PPP authentication PAP - Specifies that PAP be used for authentication during the PPP negotiation.
3. PPP authentication CHAP - Specifies that CHAP be used for authentication during PPP negotiation.

11.0 Compression 

The broad category of compression techniques is as given below:
1. Header compression - Here the TCP/IP header is compressed. This type of compression is suitable for small packets since the TCP/IP header constitute significant fraction of the overall packet.

2. Payload compression - Here the data portion of the packet gets compressed. By using payload compression, the header of the packet is left intact (uncompressed) and hence useful for virtual circuit services such as X.25, Frame Relay. Payload compression uses STAC compression method. This is because the header can readily be read for determining the route that the packet will take.

• The following are some important points regarding payload compression:
  1. When you use layer 2 payload compression, the frame header is not compressed. The entire contents of the frame except the header is compressed, including higher layer headers.
  2. Payload compression is achieved by using either Stacker algorithm or Predictor algorithm.
  3. It is not recommended to use both TCP header compression and payload compression simultaneously, as this may result in poor performance and sometimes the link may not come up at all.
  4. WAN protocols, such as Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), X.25, and Link Access Procedure, Balanced (LAPB) use layer 2 payload compression.
  
  

3. Link compression - This compression method compresses both the header and the payload. Link compression is also known as per-interface compression. Link compression uses any of two types of algorithms:

Predictor - Predictor is memory intensive 
Stacker - Stacker is CPU intensive.

12.0 Cisco routers typically support the following compression methods:

1. Predictor 
2. Stacker
3. MPPC, and
4. TCP header compression.
Predictor is more memory intensive, whereas Stacker, and MPPC are more CPU intensive.
Note that you must enable compression on both ends of the link. Compressing and already compressed data does not yield any better throughput. In fact, it can cause performance degradation due more strain on system resources.

Keep in mind the following points when enabling compression:

1. In dial-up environment, if compression is done at the modem level, it is not recommended to configure router level compression, as this would result in expansion rather than compression. Compressing a compressed data usually results in expansion.

2. When data is encrypted by an application, it is not efficient to enable data compression at layer 2. The recommended practice is to compress data before it is encrypted and send it. This is because, encryption occurs at layer 3 and compression at layer 2 only results in expansion of data. Hence, it is recommended to compress the data before it is encrypted, where possible.

3. Use Predictor compression when you want the compression to be memory intensive rather than CPU intensive.

4. The command 'frame-relay payload-compress' is used to enable compression on a Frame Relay interface. Note that it is not recommended to use link compression in Frame Relay environment, as you do not want the header to be compressed.

13.0 Win98:

To configure Dial-Up Networking in WIndows '98, double click My Computer on the Desk Top, and then double click Dial-Up Networking.

14.0 ISDN BRI:

The total bandwidth of an ISDN BRI can be calculated as below:
2 B (Bearer) channels: 2X64 = 128 Kbps
1 D (Data) channel: 16Kbps
Framing and Synchronization: 48 Kbps
Total bandwidth: 128+16+48 = 192 Kbps.
Also, note that the bandwidth excluding framing and synchronization is 128+16 Kbps -= 144 Kbps.

ISDN can be mapped to bottom 3 layers of OSI reference model.

Layer 1 is the physical layer and the following protocols are defined at this level:

1. I.430: Defines the communication across S/T reference point.

2. I.431: Defines a full-duplex, point-to-point, serial, synchronous connection and applicable for ISDN PRI.

3. ANSI T1.601: Defines the communication across the U interface (North America only).
Layer 2 and layer 3 work for D channel only. 
Layer 2 of ISDN uses LAPD (Q.921), and Layer 3 of D channel uses Q.931 which is a subset of DSS1.

The B channel is where actual user data is transmitted or received. B channel uses IP/IPX with HDLC/PPP/FR/LAPB protocol.

ISDN BRI Switch types that are widely used in various countries:

basic-5ess: AT&T basic rate switches (US)
basic-1tr6: Used in Germany
basic-net3: Used in UK and Europe
ntt: Widely used in Japan

15.0 ISDN PRI:

15.1 Some of the important channel characteristics of ISDN PRI are given below:

1. ISDN PRI (Primary Rate Interface) has 23 B channels , one D channel at 64 Kbps, and one Framing and Synchronization channel at 8 Kbps in North America. The corresponding values in Europe are: 30 B Channels, one D channel at 64 Kbps, and one framing and synchronization channel at 64 Kbps. Note that D channel speed is same for both in Europe and N.America.

2. The D channel is N.America is carried in timeslot 24, whereas the D channel in Europe is carried in timeslot 16.

3. The aggregate speed of ISDN PRI in N.America is equivalent to T1 (1.544 Mbps), and in Europe it is equivalent to E1 (2.048 Mbps).

15.2 The command used for specifying the D-channel for ISDN PRI is:
Router(config)# interface serial {slot / port: | unit} {23 | 15}
slot / port correspond to Cisco 7000 and 3600 series of routers. Unit number correspond to Cisco 4000 or AS5000 series routers.

The channel numbers for T1 range from 1 to 24. The serial interfaces on Cisco routers start numbering from 0. Therefore channel 24 correspond to sub-interface 23. Also, D channel on T1 signaling always correspond to channel 24.

The channel number for E1 range from 1 to 31. The D channel on E1 signaling is always channel 16. Therefore, the corresponding sub-interface will be 15.

The command 
'isdn switch-type primary-5ess' configures an ISDN PRI controller to switch type 5ess.

15.3 Some more of the important commands used in ISDN PRI are as below:

1. Isdn switch-type <switch-type>: This command configures the controller for ISDN PRI operation. The command can be used at global level as well as interface level. If used at global level, the specified switch-type applies to all controllers.

2. Controller {t1 / e1} slot/port: This command is used to identify Cisco 7000 or 36000 series controller. For Cisco 4000 or AS5000 series use 'Controller {t1 / e1} unit#' command.

3. Pri-group: This command configures the specifies interface for PRI operation. Also, number of times slots allocated to the PRI is specified using this command.
Syntax: pri-group [timeslot range].

4. Interface serial: This command is used for ISDN PRI D-channel selection.

5. Isdn incoming-voice modem: This command is used to allow incoming analog calls to be switched to internal modems that are installed on a digital network module.

15.4 ISDN Show commands that are used extensively while configuring and troubleshooting ISDN:

1. show isdn status - This command outputs ISDN switch type, whether the ISDN connection is working properly. It also displays the status of Layer 1, Layer 2, and layer 3.

2. Show interface bri 0 - This command shows whether BRI 0 is up and whether line protocol is up (spoofing). The command also displays encapsulation method used (PPP, HDLC, or X.25).

3. Debug isdn q921: Turns of ISDN Q.921 debugging. To turn-off, use the command no debug isdn q921 or undebug all command.

4. Show controller t1 - This command is used to verify whether the ISDN PRI controller is working properly or not.

16.0 WAN Link speeds (typical):

1. Leased lines/ Frame Relay: Up to E3/T3
2. ISDN PRI: E1/T1
3. X.25, ISDN-BRI: 128 Kbps
4. Asynchronous Dial-up: Up to 56/64 Kbps.

17.0 Dialer Interface and Dialer Profiles:

17.1 Dialer Interface: The following are most commonly used optional commands while configuring dialer profile. These commands commonly used with map-class dialer command.

1. Dialer idle-timeout <seconds> - This command is used to specify a disconnect time, if there is no interesting packets for the specified time (in seconds). The default is 120 seconds.

2. Dialer fast-idle <seconds> - This command is used to specify a quick disconnect time if another call is waiting for the same interface, and the interface is idle. It is important to note the difference between the dialer idle-timeout and dialer fast-idle commands. The former disconnects the line even when there is no call waiting in the queue after specified time (120 sec default), the latter disconnects the line even before the idle timer expires, if there is another call waiting in the queue. Obviously, the fast idle timer is of shorter duration than the idle timer.

3. Dialer wait-for-carrier-time - This command is used to wait the carrier for specified time, and to abandon the call if no carrier is detected within specified time. For analog lines, set this for relatively high value.

4. Dialer isdn [speed 56|spc] - This command is used to set the ISDN line speed to 56 Kbps instead of the default 64 Kbps. Spc specifies semi permanent connection.
Note that the command dialer pool-member is used to assign a physical interface to a dialer pool.

Usually, when dialing is in progress the outgoing packets are dropped, since the connection is not yet made. To hold the interesting traffic to be held in a queue, to be sent out as soon as the connection is made use the command
Router(config-if)# dialer hold-queue <number>, where number is number of packets, range 0-100.
holds unto 100 packets of the interesting outgoing traffic in a queue, while the dialing takes place.

17.2 A dialer profile consists of the following required components:

1. Dialer interface - is the logical entity that uses per destination dialer profile. All configuration settings specific to the given destination are defined here. Each dialer interface uses a dialer pool.

2. Dialer pool - Each dialer interface belongs to a dialer pool. A group of physical interfaces associated with a dialer profile constitute a dialer pool. 

3. Physical interface - Physical interfaces are configured for encapsulation parameters, and the dialer pool(s) which they belong. A physical interface can belong to multiple dialer pools. The contention for a given physical interface is addresses through the use of priority.

The following component is optional:
Dialer map-class - this is an optional component of dialer profile. A map class is used to specify optional characteristics applicable to various destinations. If a map-class is configured, a dialer interface may simply reference the pertinent map-class during configuration. This eases the administrator of entering the optional configuration commands on each dialer interface.

The command used for creating a dialer profile is:
interface dialer - This global configuration command creates a dialer interface and enters interface configuration mode. Other configuration commands need to be entered at the interface configuration mode for completing the dialer profile.

18.0 X.25:

X.25 maps to the bottom 3 layers of ISO OSI stack. These are: Physical layer, Data Link layer, and Network layer. Also, note that X.25 standards were evolved during the days of analog circuits, where data transfer reliability was poor due to inherent noise of analog transmissions. X.25 is considered over engineered protocol for today's networks, because these days networks are noiseless (employ digital technology end-to-end) compared to analog days. However, X.25 enjoys widespread support and still used in most parts of the world mainly due to installed base and existing infrastructure support.

18.1 When using X.25, the following interface parameters must be set:

1. X.25 encapsulation, use the command:
   Router(config-if)# encapsulation x25 [dte | dce];
   X.25 DTE is the default. Select DCE if the router is acting as a X.25 switch.
   
2. X.121 address need to be set. Use the command:
   Router(config-if)# x25 address <x.121 address>, 
   where 
   * The first four digits uniquely identify the Data Network and called DNIC (Data Network Identification Code). Out of this, first 3 digits represent the country code. The fourth digit is the provider number. If there are more than 10 providers in a country, a second country code is assigned. 
   * The Network Terminal Number (NTN) is 8 to 10 or 11 digits long. This number is assigned by the X.25 network provider to the customer, and unique to the network.
   The above command assigns the x.121 address to the interface. 
   
3. The x.121 address need to be mapped to a higher layer protocol address, such as IP address. Map command is used for this mapping of X.121 address to its logical address such as IP address. 
   Associate the X.121 address to its higher layer protocol address such as IP using map statement. The command syntax for this command is:
   
   Router(config-if)#x25 map <protocol> <protocol-address> <x.121 address> [options]
   Here,
   < protocol> can be IP, XNS, DECNET, IPX, AppleTalk etc.
   <Protocol-address> is the address of the host at the other end of the PVC
   <x.121 address> is the x.121 address of the interface.
   Options are used to customize the connection.
   The IP address is resolved to X.121 address in the similar manner that it is resolved to MAC address using ARP.

18.2 There are several optional configuration commands that can be set in X.25 environment. Some important commands are given below:

1. R(config-if)# x25 ips <bytes> - This command sets the default maximum input packet size

2. R(config-if)# x25 ops <bytes> - This command sets the default maximum output packet size

3. R(config-if)# x25 win <packets> - This command sets the default window size. The window size determines the maximum number of packets that can be received without sending an acknowledgement.

4. R(config-if)# x25 wout <packets> - this command also sets the default window size. The window size here determines the maximum number of packets that can be sent without receiving an acknowledgement. Note that the number of packets specified in win and wout statements must be one less than the modulus that we discuss in point 5.

5. R(config-if)# x25 modulo <modulus>; modulus can be 8 or 128. The win and wout must be one to one less than the modulus specified here.

19.0 Frame Relay:

I. Important terms used in Frame-Relay:

1. CIR (Committed Information Rate) - this is the rate that the FR switch provider agrees to transfer data. 
2. Bc (Committed Burst) - This is the maximum number of bits that a switch provider agrees to transfer during any time Tc, where Tc is the committed rate measurement time.
3. Be (Excess Burst) - This is the maximum number of uncommitted bits that the Frame Relay switch provider attempts to transfer beyond the CIR.
4. Tc (Committed Time interval) - This is the time interval, the time over which, the CIR is averaged.

II. The following are true about Frame-Relay:
1. Cisco routers support two types of encapsulations, a) cisco b) ietf
Use ietf if you are communication with a non Cisco router.
2. The encapsulation type can be configured either at interface lever or on per-destination level.
3. The command 'frame-relay map' is used for static address mapping.
4. Cisco IOS allows FR address mapping to be done either statically (manually) or dynamically (if the FR environment supports).

III. Note the following points about Frame Relay DLCIs:
1. DLCIs (Data Link Connection Identifier) have only local signification. It means, the end devices over FR network can have can different DLCI numbers.
2. DLCI number is provided by the FR service provider. DLCI number is mapped to Layer 3 protocol address using 'frame-relay map' statement.
3. Typically, the DLCIs 0 to 15 and 1008 to 1023 are reserved for special purposes. Service providers are assigned DLCIs 16 through 1007.
4. DLCIs 1019, 1020 can be used by multicasts.

IV. LMI (Link Management Interface) is a signaling standard between the CPE (Customer Premise Equipment) and the FR switch.
Cisco IOS supports the following three types of LMIs:

1. Cisco - This LMI type is jointly developed by Cisco, Stratacom, Northern Telecom, and DEC.

2. Ansi - ITU-T 

3. Q.933a standard.
One of the above three LMI types need to be selected for FR to work.

The correct syntax for specifying LMI-type for use by FR switch is:
frame-relay lmi-type {ansi | cisco | q933a }
cisco is the default lmi type.

For specifying ansi lmi-type, use the following command at interface configuration mode:
frame-relay lmi-type ansi

V. The syntax of command for enabling frame-relay encapsulation on Cisco routers is:
Router1(config-if)# encapsulation frame-relay [cisco | ietf]
Note that cisco is the default encapsulation type selected, if you don't specify any.
If communication with a non-Cisco router, select ietf as the encapsulation type.

20.0 Traffic Shaping:

Given below are the normal sequence of steps and relevant commands that are required in enabling Frame Relay traffic shaping:

1. Specify the map class name - Use the command
R(config)# map-class frame-relay <map-class-name>, where <map-class-name> is the name of map class.

2. Define map class - Typical configuration steps here may include:
A) Enabling rate enforcement by defining average and peak rates of traffic.
B) Specifying a custom queue list for the map class
C) Specifying a priority queue list for the map class.
D) Enabling BECN feedback to throttle the output rate on any SVC for the map class. 
All the above (A through D) are optional configuration commands.

3. Enable Frame Relay on an interface by issuing interface configuration command:
R(config-if)#encapsulation frame-relay
Note that the default encapsulation type is cisco.

4. Next, enable frame relay traffic shaping on an interface by issuing the command:
R(config-if)# frame-relay traffic-shaping

5. Specify a Traffic Shaping Map Class for the Interface by issuing the following command:
R(config-if)# frame-relay class <map-class-name>, where <map-class-name> is the map class name.
Specifying a Frame Relay map class for a main interface, results in all the VCs on its sub interfaces inherit all the traffic shaping parameters defined for the class.

Traffic shaping is recommended under the following circumstances:

1. If a FR network consists of high speed connections at the central site and low speed connections (less than 64 Kbps) at branch offices, bottlenecks may occur at slow links. Traffic shaping is useful to address this problem.

2. If the FR network occasionally get congested, traffic can be throttled using BECN, so that the congestion is overcome. Note that the traffic shaping may not be useful when a FR network consistently encounters congestion due to insufficient bandwidth.

3. Also, if the FR network has to carry different types of protocols, such as IP, SNA it is recommended to enable traffic shaping. This would allow the prioritization of time sensitive traffic.

Frame Relay traffic shaping can be achieved through the following means:

1. By using rate enforcement - Here the average and peak data rates are defined by using the command:
R(config-map-class)# frame-relay traffic-rate <average> [peak],
where <average> is the average rate in bps, which is equivalent to the CIR.
Peak is optional command - specifies the peak rate in bps.

2. Adaptive shaping through the use of BECN by using the following command:
R(config-map-class)# frame-relay adaptive-shaping becn
The above command enables the router to dynamically adjust the rate at which it sends packets, depending on the BECNs received.

3. Traffic shaping through use of custom queuing:
Custom queuing is recommended when a particular protocol or service needs to be given guaranteed transmission rate. The command that enables custom queuing is:
R(config-map-class)# frame-relay custom-queue-list <list-number>

4. Traffic shaping through use of priority queuing:
Priority queuing allows absolute priority to be assigned to a protocol or service. The command that enables priority queue list is:
R(config-map-class)# frame-relay priority-group <list-number>
Both custom-queue-list and priority-queue-list commands require that you have previously defined a custom queue or priority queue respectively.
Only one form of queuing may be associated with a given map class.

21.0 Back-up Interface configuration:

The backup interface configuration involves the following steps:

1. Configure the primary interface as needed.

2. Configure the backup (secondary) interface using the command:
R(config-if)# backup interface <interface-type number>, where <interface-type-number> is the interface port or slot/port number.

An example, for assigning BRI0 as the backup, use the command:
R(config-if)# backup interface bri0

3. Specify the time to wait before enabling the backup link after the primary link goes down with the command:
R(config-if)# backup delay {enable-delay} | never} {disable-delay | never}
where,
enable-delay - is the number of seconds that elapse after the primary link goes down and before the secondary (backup) link is activated.
Disable-delay - is the number of seconds that elapse after the primary line comes up, and before the secondary (backup) link is deactivated.
Never - prevents the secondary line from being activated or deactivated.

The following statements are true with respect to backup lines:

1. The command 'backup interface' is used for configuring an interface for backup operation.

2. A backup line can be configured to be activated based on the traffic load on the primary line, such that the backup is activated if the load on primary exceeds certain percentage of available bandwidth.

3. When an interface is configured as backup interface to a primary line, the backup route does not appear in the routing table. However, if the primary line fails, and the backup is activated, then the backup route shows up in the route table.

4. If a BRI is used for dial backup, none of the two B channels are available while the interface is in standby mode. This can be overcome by using dialer profiles. Two dialer profiles can be defined, one for the backup line and the other for regular dial up. Physical BRI interface can be made member of both the dialer pools. Under these conditions, both B channels can be used, one for the backup line and the other for regular dial up.

22.0 Queuing:

Cisco IOS support for queuing include the following:

1. Weighted fair queuing (WFQ) - This is an automatic prioritization method. FWQ ensures that bandwidth is shared fairly between the conversations. Low volume traffic such as Telnet is given priority over high volume traffic such as file transfers.
WFQ is the default queuing method for physical interfaces of 2.048 Mbps or less.

The following command enables Weighted Fair Queuing on a router interface and sets the congestive discard threshold to 64. 

Router(config-if)# fair-queue 64

Congestive-discard-threshold is the number of messages creating a congestion threshold. For example, setting a congestive-threshold of 64 results in the maximum number of packets in a conversation held in a queue to 64, after which packets are discarded.

2. Priority Queuing: Priority queuing allows more accurate control over different types of traffic. Priority queuing is used when traffic of certain type, such as mission critical traffic, must have certain bandwidth allocated. The queue with higher priority is always processed first. If the high queue is always filled, other queues will not be processed.

Priority list is a set of rules that assigns packets to different priority queues. For example, the command that assigns all IP traffic to a medium priority queue for priority list2:

R(config)# priority-list 2 protocol ip medium

You apply the priority-list with priority-group command. The command to apply the priority-list to an interface is:
R(config-if)# priority-group 2
Note that 2 is the priority-list defined earlier.

3. Custom Queuing: Custom queuing allows certain bandwidth be allocated to all types of traffic. This ensures that all types of traffic get a fair share of the bandwidth. This also eliminates one of the potential problems with priority queuing, where higher priority queue is always filled and lower priority queue never get processed.

Some instances where queuing is recommended include:

1. Where the interactive traffic suffer resulting in noticeable performance degradation.

2. Where some traffic need to be assigned higher priority due to its nature.

3. When you want to assign specific bandwidth allotments to different traffic flows, depending on its importance.

If you find a link to be congested for most part of a day, the capacity of the link need to be increased. Otherwise, prioritizing the traffic may only result in denying the legitimate service to your customer. Also, if you find the capacity of a WAN link utilization less than about 70 percent, the WAN link may be considered to be OK and not overloaded. But, you may need to plan for future expansion.

23.0 NAT:

When you are configuring NAT, NAT should be enabled on at least one inside and one outside interface. The command for enabling NAT on inside interface is:
R(config-if)# ip nat inside
The command for enabling NAT on the outside interface is:
R(config-if)# ip nat outside

Remember to enter into appropriate configuration modes before entering the commands. Usually, the inside NAT will be configured on an Ethernet interface, whereas the outside NAT is configured on a serial interface.

The command
ip nat inside source static <local ip> <global ip>
configures address translation for static NAT.

The command
ip nat inside source list <access-list-number> pool <name>
is used to map the access-list to the IP NAT pool during the configuration of Dynamic NAT.

The following two statements are true about 'ip nat inside source' command:
1. Translates the source of IP packets that are traveling from inside to outside.
2. Translates the destination of the IP packets that are traveling from outside to inside

The following two statements are true about 'ip nat outside source':
1. Translates the source of the IP packets that are traveling from outside to inside 
2. Translates the destination of the IP packets that are traveling from inside to outside.

It is important to note that the packet actual source and destination addresses are completely isolated from inside to outside.

24. IP Unnumbered:

The following are true about 'ip unnumbered' interface configuration command:

1. This command conserves IP addresses, as it would be using one of the already configured IP addresses.

2. The address of the specified interface is used as the source address of the IP packet.

3. This command can only be used in point-to-point networks.

4. Using loop back interface for 'ip unnumbered' command is ideal. Since loop back interface is a virtual interface, it will never go down.

25.0 Load Distribution:

TCP load distribution allows the hosts inside the interface to share load. Mail server (or a web server) is an example where this type of load sharing may be required. 
The following steps brief the commands that may be required to configure TCP load distribution:

1. Define standard IP access-list 

2. Define an IP NAT pool for the real hosts as below:
ip nat pool <pool-name> <start-ip> <end-ip> {netmask <net-mask> | prefix-length <prefix-length>} type rotary
Note the option 'type rotary'. This option enables the load sharing between the real hosts.

3. Map the access-list and the real hosts pool by using the command:
ip nat inside destination list <access-list-number> pool <pool-name>

4. Finally, enable NAT on the appropriate interface by using the command:
ip nat {inside | outside}

26.0 AAA:

AAA stands for Authentication, Authorization, and Accounting.

Authentication: Authentication is used to determine whether a user is allowed access to network at all. The primary purpose of authentication is to prevent intruders from getting access to the network.

Authorization: The purpose of authorization is to determine the extent to which a user is allowed access to the network resources. Authorization helps in limiting the resources of a network only to authorized individuals, allowing various levels of accessibility to network resources.

Accounting: Accounting is basically to keep track of network resource usage. The usage statistics may include such things as number of hours of usage, kilobits of data transferred etc. It will also be useful to trace the activities of a user at a later date for troubleshooting or investigative purposes.

The command that enables aaa on a router is:
Router(config)# aaa new-model
This is the first command that is given for configuring AAA on a router.

The correct syntax for AAA authentication for use on serial interfaces running PPP (Point to Point Protocol) is:

R(config)# aaa authentication ppp {default | <list-name> <method1> [method2] [method3]..}
For example, to use tacacs+ first and then no authentication (if error is returned in first case), use the command:
R(config)# aaa authentication ppp default tacacs+ none

Alternately, we can use the list-name, say mylist as below:
R(config)# aaa authentication ppp mylist tacacs+ none

List-name is useful when you need to configure the line authentication by calling the list-name.

The following three protocols are supported for security verification between the Access server and the Security server:

1. TACACS+,
2. RADIUS
3. Kerberos V

27. Miscellaneous:

1. The command 'ip tcp header-compression passive' is used to specify that the TCP header compression is not required, but use header compression only if the router receives packets with header compression. The header compression is used for that destination only.
2. If a BRI is used for dial backup, none of the two B channels are available while the interface is in standby mode. This can be overcome by using dialer profiles. Two dialer profiles can be defined, one for the backup line and the other for regular dial up. Physical BRI interface can be made member of both the dialer pools. Under these conditions, both B channels can be used, one for the backup line and the other for regular dial up.
3. The only address translation feature available on Cisco 700 series router is PAT (Port Address Translation). PAT is a subset of NAT. PAT allows a single IP address be assigned to multiple hosts on a LAN. This feature uses ports to uniquely identify the hosts on a LAN. PAT is most widely used feature to access Internet and conserves IP addresses.

                 - Vijay