ccna exp4 - chapter06 - teleworker services

8/3/2019 CCNA Exp4 - Chapter06 - Teleworker Services

1/47

Chapter 6 - Teleworker Services

CCNA Ex loration 4.0

Please purchase apersonal license.


2/47

Introduction

Hc vin mng Bach Khoa - Website: www.bkacad.com 2


3/47

Business Requirements for



4/47

The Business Requirements for Teleworker Services


When designing network architectures that support a teleworkingsolution, designers must balance organizational requirements forsecurity, infrastructure management, scalability, and affordabilityagainst the practical needs of teleworkers for ease of use, connection

speeds, and reliability of service.


5/47

The Teleworker Solution


The term broadband refers to advanced communications systems capable ofproviding high-speed transmission of services, such as data, voice, and video,over the Internet and other networks.

Transmission is provided by a wide range of technologies, including digitalsubscriber line (DSL) and fiber-optic cable, coaxial cable, wireless technology,and satellite.


6/47

The Teleworker Solution


Soon, voice over IP (VoIP) and videoconferencing components will become expectedparts of the teleworkers toolkit.

Home Office Components - The required home office components are a laptop ordesktop computer, broadband access (cable or DSL), and a VPN router or VPN clientsoftware installed on the computer. Additional components might include a wirelessaccess point. When traveling, teleworkers need an Internet connection and a VPN clientto connect to the corporate network over any available dialup, network, or broadbandconnection.

Corporate Components - Corporate components are VPN-capable routers, VPN

concentrators, multifunction security appliances, authentication, and centralmanagement devices for resilient aggregation and termination of the VPN connections.


7/47

Broadband Services



8/47

Connecting Teleworkers to the WAN


The choice of accessnetwork technology andthe need to ensuresuitable bandwidth are

the first considerationsto address whenconnecting teleworkers.


9/47

Connecting Teleworkers to the WAN



10/47

Cable



11/47

Cable



12/47

Cable



13/47

Cable


The Data-over-Cable Service Interface Specification (DOCSIS) is an internationalstandard developed by CableLabs, a non-profit research and development consortiumfor cable-related technologies.

DOCSIS specifies the OSI Layer 1 and Layer 2 requirements: Physical layer - For data signals that the cable operator can use, DOCSIS specifiesthe channel widths (bandwidths of each channel) as 200 kHz, 400 kHz, 800 kHz, 1.6MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques (theway to use the RF signal to convey digital data).

MAC layer - Defines a deterministic access method, time-division multiple access(TDMA) or synchronous code division multiple access method (S-CDMA).


14/47

Cable



15/47



16/47

DSL


DSL is a means of providing high-speed connections over installed copper wires. Several years ago, Bell Labs identified that a typical voice conversation over a local loop

only required bandwidth of 300 Hz to 3 kHz.

Advances in technology allowed DSL to use the additional bandwidth from 3 kHz up to 1MHz to deliver high-speed data services over ordinary copper lines. The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL). The transfer rates are dependent on the actual length of the local loop, and the type and

condition of its cabling. For satisfactory service, the loop must be less than 5.5kilometers (3.5 miles).


17/47

DSL


The two key components are the DSL transceiverand the DSLAM: Transceiver - Connects the computer of the

teleworker to the DSL. Usually the transceiver isa DSL modem connected to the computer usinga USB or Ethernet cable. Newer DSL

transceivers can be built into small routers withmultiple 10/100 switch ports suitable for homeoffice use.

DSLAM - Located at the CO of the carrier, theDSLAM combines individual DSL connectionsfrom users into one high-capacity link to an ISP,and thereby, to the Internet.


18/47

DSL


The major benefit of ADSL is the ability to provide data services along withPOTS voice services.

ADSL signals distort voice transmission and are split or filtered at the customerpremises. There are two ways to separate ADSL from voice at the customerpremises: using a microfilter or using a splitter.


19/47

DSL


A microfilter is a passive low-pass filter with two ends. One end connects tothe telephone, and the other end connects to the telephone wall jack. Thissolution eliminates the need for a technician to visit the premises and allowsthe user to use any jack in the house for voice or ADSL service.


20/47

DSL


POTS splitters separate the DSL traffic from the POTS traffic. The POTSsplitter is a passive device. In the event of a power failure, the voice traffic stilltravels to the voice switch in the CO of the carrier.

Splitters are located at the CO and, in some deployments, at the customerpremises. At the CO, the POTS splitter separates the voice traffic, destined forPOTS connections, and the data traffic destined for the DSLAM.


21/47

Broadband Wireless


Broadband access by ADSL or cable provides teleworkers with faster connections than

dialup, but until recently, SOHO PCs had to connect to a modem or a router over a Cat 5(Ethernet) cable. Wireless networking, or Wi-Fi (wireless fidelity), has improved that situation, not only in

the SOHO, but on enterprise campuses as well. The benefits of Wi-Fi extend beyond not having to use or install wired network

connections. Wireless networking provides mobility. Wireless connections provideincreased flexibility and productivity to the teleworker.


22/47

Broadband Wireless


The significant limitation of wireless access has been the need to be within thelocal transmission range (typically less than 100 feet) of a wireless router orwireless access point that has a wired connection to the Internet.

The concept of hotspots has increased access to wireless connections acrossthe world. A hotspot is the area covered by one or more interconnected access

points.


23/47

Broadband Wireless


The figure shows a typicalhome deployment using asingle wireless router.

This deployment uses thehub-and-spoke model.


24/47

Broadband Wireless


A mesh is a series of access points (radio transmitters) as shown in the figure.Each access point is in range and can communicate with at least two otheraccess points.

A meshed network has several advantages over single router hotspots. Installation is easier and can be less expensive because there are fewer

wires.

Deployment over a large urban area is faster. From an operational point ofview, it is more reliable.

If a node fails, others in the mesh compensate for it.


25/47

Broadband Wireless


WiMAX (Worldwide Interoperability for Microwave Access) istelecommunications technology aimed at providing wireless data overlong distances in a variety of ways, from point-to-point links to fullmobile cellular type access.

A WiMAX network consists of two main components: A tower that is similar in concept to a cellular telephone tower. A

single WiMAX tower can provide coverage to an area as large as3,000 square miles, or almost 7,500 square kilometers.

A WiMAX receiver that is similar in size and shape to a PCMCIA

card, or built into a laptop or other wireless device.


26/47

Broadband Wireless

Satellite Internet servicesare used in locations whereland-based Internet access

is not available, or fortemporary installations thatare continually on the move.


There are three ways to connect to the Internet using satellites: one-way multicast, one-way terrestrial return, and two-way.

1. One-way multicast satellite Internet systems are used for IP multicast-based data,audio, and video distribution. Even though most IP protocols require two-waycommunication, for Internet content, including web pages, one-way satellite-based

Internet services can be "pushed" pages to local storage at end-user sites bysatellite Internet. Full interactivity is not possible.

2. One-way terrestrial return satellite Internet systems use traditional dialup accessto send outbound data through a modem and receive downloads from the satellite.

3. Two-way satellite Internet sends data from remote sites via satellite to a hub,which then sends the data to the Internet. The satellite dish at each location needs

precise positioning to avoid interference with other satellites.


27/47

Broadband Wireless


The most common standards are included in the IEEE 802.11 wireless localarea network (WLAN) standard, which addresses the 5 GHz and 2.4 GHz

public (unlicensed) spectrum bands. The 802.11n standard is a proposed amendment that builds on the previous802.11 standards by adding multiple-input multiple-output (MIMO).

The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and hasa range of up to 30 miles (50 km). It can operate in licensed or unlicensed

bands of the spectrum from 2 to 6 GHz.


28/47

VPN Technolo



29/47

VPNs and Their Benefits


VPN technology enables organizations to create private networks overthe public Internet infrastructure that maintain confidentiality andsecurity.


30/47

VPNs and Their Benefits

Consider these benefits whenusing VPNs:

Cost savings - Organizations canuse cost-effective, third-party


Scalability - VPNs use the Internet infrastructure within ISPs and carriers, making it easy fororganizations to add new users. Organizations, big and small, are able to add large amounts ofcapacity without adding significant infrastructure.

nternet transport to connect

remote offices and users to themain corporate site. This eliminatesexpensive dedicated WAN linksand modem banks.

Security - Advanced encryptionand authentication protocols

protect data from unauthorizedaccess.


31/47

Types of VPNs


Organizations use site-to-site VPNs to connect dispersed locations inthe same way as a leased line or Frame Relay connection is used.

Because most organizations now have Internet access, it makes senseto take advantage of the benefits of site-to-site VPNs.


32/47

Types of VPNs

Mobile users andtelecommuters useremote access VPNs

extensively. In thepast, corporationssupported remoteusers using dialup


ne wor s. s usua y

involved a toll call andincurring long distancecharges to access thecorporation.

In a remote-accessVPN, each hosttypically has VPNclient software.


33/47

VPN Components


Components required to establish this VPN include:1. An existing network with servers and workstations

2. A connection to the Internet

3. VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs,that act as endpoints to establish, manage, and control VPN connections

4. Appropriate software to create and manage VPN tunnels


34/47

Characteristics of Secure VPNs


VPNs use advanced encryption techniques and tunnelingto permit organizations to establish secure, end-to-end,private network connections over the Internet.


35/47

VPN Tunneling


Tunneling allows the use of public networks like the Internet to carrydata for users as though the users had access to a private network.

Tunneling encapsulates an entire packet within another packet andsends the new, composite packet over a network.


36/47

VPN Data Integrity


For encryption to work, both the sender and the receiver must know the rules used totransform the original message into its coded form.

VPN encryption rules include an algorithm and a key. An algorithm is a mathematicalfunction that combines a message, text, digits, or all three with a key. The output is anunreadable cipher string.


37/47

VPN Data Integrity


Some of the more common encryption algorithms and the length of

keys they use are as follows: Data Encryption Standard (DES) algorithm

Triple DES (3DES) algorithm

Advanced Encryption Standard (AES)

Rivest, Shamir, and Adleman (RSA)


38/47

VPN Data Integrity

Hashes contribute to data integrityand authentication by ensuring thatunauthorized persons do not tamperwith transmitted messages.

A hash, also called a messagedigest, is a number generated froma string of text.

The hash is smaller than the textitself. It is generated using a formula


unlikely that some other text willproduce the same hash value.

There are two common HMACalgorithms:

Message Digest 5 (MD5)

Secure Hash Algorithm 1

(SHA-1) There are two peer authentication

methods:

Pre-shared key (PSK)

RSA signature


39/47

IPsec Security Protocols


IPsec is protocol suite for securing IP communications which providesencryption, integrity, and authentication. There are two main IPsec framework protocols.

Authentication Header (AH) Encapsulating Security Payload (ESP)


40/47



Activity 6.3.7

S


41/47



IP S i P l


42/47



IP S it P t l


43/47



IP S it P t l


44/47





45/47



Labs


46/47

Labs


Summary


47/47

Summary


ccna exp4 - chapter06 - teleworker services

Documents