Cisco® CCNP Remote Access Exam Cram Notes.

<- Previous   0  1  2  3  4 5

22.0 Queuing:

Cisco IOS support for queuing include the following:

1. Weighted fair queuing (WFQ) - This is an automatic prioritization method. FWQ ensures that bandwidth is shared fairly between the conversations. Low volume traffic such as Telnet is given priority over high volume traffic such as file transfers.
WFQ is the default queuing method for physical interfaces of 2.048 Mbps or less.

The following command enables Weighted Fair Queuing on a router interface and sets the congestive discard threshold to 64. 

Router(config-if)# fair-queue 64

Congestive-discard-threshold is the number of messages creating a congestion threshold. For example, setting a congestive-threshold of 64 results in the maximum number of packets in a conversation held in a queue to 64, after which packets are discarded.

2. Priority Queuing: Priority queuing allows more accurate control over different types of traffic. Priority queuing is used when traffic of certain type, such as mission critical traffic, must have certain bandwidth allocated. The queue with higher priority is always processed first. If the high queue is always filled, other queues will not be processed.

Priority list is a set of rules that assigns packets to different priority queues. For example, the command that assigns all IP traffic to a medium priority queue for priority list2:

R(config)# priority-list 2 protocol ip medium

You apply the priority-list with priority-group command. The command to apply the priority-list to an interface is:
R(config-if)# priority-group 2
Note that 2 is the priority-list defined earlier.

3. Custom Queuing: Custom queuing allows certain bandwidth be allocated to all types of traffic. This ensures that all types of traffic get a fair share of the bandwidth. This also eliminates one of the potential problems with priority queuing, where higher priority queue is always filled and lower priority queue never get processed.

Some instances where queuing is recommended include:

1. Where the interactive traffic suffer resulting in noticeable performance degradation.

2. Where some traffic need to be assigned higher priority due to its nature.

3. When you want to assign specific bandwidth allotments to different traffic flows, depending on its importance.

If you find a link to be congested for most part of a day, the capacity of the link need to be increased. Otherwise, prioritizing the traffic may only result in denying the legitimate service to your customer. Also, if you find the capacity of a WAN link utilization less than about 70 percent, the WAN link may be considered to be OK and not overloaded. But, you may need to plan for future expansion.

23.0 NAT:

When you are configuring NAT, NAT should be enabled on at least one inside and one outside interface. The command for enabling NAT on inside interface is:
R(config-if)# ip nat inside
The command for enabling NAT on the outside interface is:
R(config-if)# ip nat outside

Remember to enter into appropriate configuration modes before entering the commands. Usually, the inside NAT will be configured on an Ethernet interface, whereas the outside NAT is configured on a serial interface.

The command
ip nat inside source static <local ip> <global ip>
configures address translation for static NAT.

The command
ip nat inside source list <access-list-number> pool <name>
is used to map the access-list to the IP NAT pool during the configuration of Dynamic NAT.

The following two statements are true about 'ip nat inside source' command:
1. Translates the source of IP packets that are traveling from inside to outside.
2. Translates the destination of the IP packets that are traveling from outside to inside

The following two statements are true about 'ip nat outside source':
1. Translates the source of the IP packets that are traveling from outside to inside 
2. Translates the destination of the IP packets that are traveling from inside to outside.

It is important to note that the packet actual source and destination addresses are completely isolated from inside to outside.

24. IP Unnumbered:

The following are true about 'ip unnumbered' interface configuration command:

1. This command conserves IP addresses, as it would be using one of the already configured IP addresses.

2. The address of the specified interface is used as the source address of the IP packet.

3. This command can only be used in point-to-point networks.

4. Using loop back interface for 'ip unnumbered' command is ideal. Since loop back interface is a virtual interface, it will never go down.

25.0 Load Distribution:

TCP load distribution allows the hosts inside the interface to share load. Mail server (or a web server) is an example where this type of load sharing may be required. 
The following steps brief the commands that may be required to configure TCP load distribution:

1. Define standard IP access-list 

2. Define an IP NAT pool for the real hosts as below:
ip nat pool <pool-name> <start-ip> <end-ip> {netmask <net-mask> | prefix-length <prefix-length>} type rotary
Note the option 'type rotary'. This option enables the load sharing between the real hosts.

3. Map the access-list and the real hosts pool by using the command:
ip nat inside destination list <access-list-number> pool <pool-name>

4. Finally, enable NAT on the appropriate interface by using the command:
ip nat {inside | outside}

26.0 AAA:

AAA stands for Authentication, Authorization, and Accounting.

Authentication: Authentication is used to determine whether a user is allowed access to network at all. The primary purpose of authentication is to prevent intruders from getting access to the network.

Authorization: The purpose of authorization is to determine the extent to which a user is allowed access to the network resources. Authorization helps in limiting the resources of a network only to authorized individuals, allowing various levels of accessibility to network resources.

Accounting: Accounting is basically to keep track of network resource usage. The usage statistics may include such things as number of hours of usage, kilobits of data transferred etc. It will also be useful to trace the activities of a user at a later date for troubleshooting or investigative purposes.

The command that enables aaa on a router is:
Router(config)# aaa new-model
This is the first command that is given for configuring AAA on a router.

The correct syntax for AAA authentication for use on serial interfaces running PPP (Point to Point Protocol) is:

R(config)# aaa authentication ppp {default | <list-name> <method1> [method2] [method3]..}
For example, to use tacacs+ first and then no authentication (if error is returned in first case), use the command:
R(config)# aaa authentication ppp default tacacs+ none

Alternately, we can use the list-name, say mylist as below:
R(config)# aaa authentication ppp mylist tacacs+ none

List-name is useful when you need to configure the line authentication by calling the list-name.

The following three protocols are supported for security verification between the Access server and the Security server:

1. TACACS+,
2. RADIUS
3. Kerberos V

27. Miscellaneous:

  • The command 'ip tcp header-compression passive' is used to specify that the TCP header compression is not required, but use header compression only if the router receives packets with header compression. The header compression is used for that destination only.
  • If a BRI is used for dial backup, none of the two B channels are available while the interface is in standby mode. This can be overcome by using dialer profiles. Two dialer profiles can be defined, one for the backup line and the other for regular dial up. Physical BRI interface can be made member of both the dialer pools. Under these conditions, both B channels can be used, one for the backup line and the other for regular dial up.
  • The only address translation feature available on Cisco 700 series router is PAT (Port Address Translation). PAT is a subset of NAT. PAT allows a single IP address be assigned to multiple hosts on a LAN. This feature uses ports to uniquely identify the hosts on a LAN. PAT is most widely used feature to access Internet and conserves IP addresses.

<- Previous   0  1  2  3  4 5

Please visit our sponsor: images-used/se-banner125X125.gif