index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/9781587201769/index/15872017… ·...

Index

Numerics802.11 Wired Equivalent Privacy (WEP), 259802.11i, 269–272802.1x

authentication, 278–280EAP standard, 260–272

AAAR (automated alternate routing), 43access

APs. See APscategories, 237communication devices, 10databases, 10guest, 292switches, 235WFQ, 134

access points. See APsACS (Access Control Server), 260adding

locations, 310–312maps, 309–310WLC, 307–308

administrationcongestion, 127–130dial plans, 45dynamic RF, 296EAP, 261keys, 269phone features, 46radio (WLSE), 295RF, 306RRM, 301SDM, 81–88

WLANsCisco Unified Wireless Management,

291–292components, 294implementations, 292–293need for, 291WCS, 299–313WLSE, 295–299

WLSE, 296WPA, 269–272

admission control, 73AES (Advanced Encryption Standard), 260AF (assured forwarding), 103–105agents, call, 11aggregation

traffic shaping, 165troubleshooting, 127

aggressive dropping, WFQ, 135AH (Authentication Header), 182alarms

rogue APs, 312–313WCS Base, 301

algorithmscodecs, 24queuing, 128voice compression standards, 24–25

Allowed setting, 246amplitude, 22analog interfaces, VoIP, 13analog phones, 11analog voice

converting from digital, 20–21converting to digital, 19–20

applicationsCisco Wireless Location Appliance,

305–306classification, 206conferencing, 10

dynamic port, 207interfaces, 46QoS

pre-classify, 181–183TCP, 62VoIP, 187

servers, 11APs (access points), 293

autonomous, 293Cisco WCS Servers, 308deployment, 296lightweight, 272–280SSID, 258WCS Base, 301WLSE, 295–296

architectureCisco Wireless Location Appliance, 305LWAP, 238–240Split MAC Architecture, 238–239

asset tags, Cisco Wireless Location Appliance, 305

assigningchannels, 301sequence numbers, 134

assured forwarding (AF), 103–105ATM (asynchronous Transfer Mode), 99attacks

CoPP, 192–193DoS, 259

audio. See also voicekeywords, 117signals, 31streams, 26VAD, 42

audits, 301business, 70networks, 70

authentication, 272–273802.1x, 278–280configuring, 272–280EAP, 260–261LEAP, 262–264PEAP, 267–269static WEP, 273–274VPNs, 180WPA, 269–272WPA PSK, 274–275

Authentication Header (AH), 182authorization

objects, 74rogue APs, 259

authorized users, 74auto discovery qos command, 81, 210auto qos command, 79, 81, 210auto qos voip cisco-phone command, 211auto qos voip command, 81auto qos voip trust command, 211auto re-site surveys, 298autodiscovery, 212, 218automated alternate routing (AAR), 43automated monitoring, WCS Base, 301automation, AutoQoS, 215–217autonomous APs, 293–296AutoQoS, 79–81, 205–212, 215–221

automation, 215–217configurations, 219–221for Enterprise, 206

availability of bandwidth, 63–64avoidance (congestion), 67, 153

CBWRED, 158–162limitations of tail drop, 153–154link efficiency mechanisms, 167RED, 154–156traffic shaping and policing, 163–167WRED, 156–157

356

BBA (behavior aggregate), 101background

access, 237VAD, 42

backups, WCS Base, 301backward explicit congestion notification

(BECN), 99bandwidth

availability, 63–64codecs, 35–36guarantees, 67

CBWFQ, 139–140SLAs, 187

packet telephony networks, 10requirements

codecs, 24compression, 24–25

reserving, 141VAD, 41–42voice, 34–36VoIP, 34–42

bandwidth command, 140, 219bandwidth percent command, 140BECN (backward explicit congestion

notification), 99behavior aggregate (BA), 101benefits

of CBWFQ, 140of LLQ, 144of telephony packet networks, 10–11of WEQ, 135

best-effortaccess, 237models (QoS), 72

bits, CoS, 98–99boundaries, trust, 108–110, 189British Telecom, 25broadcast key management, 269Bronze access, 237buffers, increasing space, 67buildups, queues, 192business audits, 70bytes, ToS, 102

CCAC (call admission control), 15, 49, 69calculating bandwidth for VoIP, 34–42call

agents, 11control models, 16–19processing, 45routing, 15

call admission control, 15, 49, 69campus maps, adding, 310–312campus networks, QoS, 188–190carrier sense multiple access collision avoid

(CSMA/CA), 236–235carrier sense multiple access collision detect

(CSMA/CD), 236CAS (channel associated signaling), 14CBWFQ (Class-Based Weighted Fair

Queuing), 138–139benefits/drawbacks, 140classification, 139–140configuration, 141–142monitoring, 161

CBWRED (class-based weighted random early detection), 158–162

CCM (Cisco CallManager), 45–46CCMP (Cipher Block Chaining Message

Authentication Code Protocol), 271CCO (Cisco Connection Online), 111CCS (common channel signaling), 14CDP (Cisco Discovery Protocol), 110CDT (congestive discard threshold), 135CEF (Cisco Express Forwarding), 209cell loss priority (CLP), 99centralized call control, 16–19centralized RF management, LWAP, 239certificates, PKI, 260channel associated signaling (CAS), 14channels, assigning, 301characters, NBAR, 116Cipher Block Chaining Message

Authentication Code Protocol (CCMP), 271CIR (committed information rate), 165, 186Cisco Aironet 128-bit devices, 259Cisco CallManager (CCM), 45–46Cisco Compatible Extensions program, 291Cisco Connection Online (CCO), 111Cisco Discovery protocol (CDP), 110Cisco Express Forwarding (CEF), 209

BA (behavior aggregate)

357

Cisco IOSconfiguring, 183NBAR, 112–117policing and shaping mechanisms, 167switches, 210–212voice, 48–49

Cisco IP Communicator, 11Cisco Key Integrity Protocol (CKIP), 260Cisco LEAP, 259, 262–264Cisco Message Integrity Check (CMIC), 260Cisco Unified Communication System, 45–46Cisco Unified Wireless Networks, 291–292Cisco WCS, 299–313Cisco WCS Base, 300–301Cisco Wireless Location Appliance, 304–306CiscoWorks WLSE, 295–299CKIP (Cisco Key Integrity Protocol), 260Class-Based Weighted Fair Queuing

(CBWFQ), 138–139benefits/drawbacks, 140classification, 139–140configuration, 141–142monitoring, 161

class-based weighted random early detection (CBWRED), 158–162

classesmaps, 219selector PHBs, 102service, 106–108statements, 78traffic, 106

AutoQoS, 216defining QoS, 71marking, 97–100SLAs, 187

classification, 73, 97–100applications, 206AutoQoS, 79, 220CBWFQ, 139–140CoS on 802.1Q/P Ethernet frames, 98–99DE and CLP on ATM/Frame Relay, 99MPLS EXP field, 100NBAR, 110–112subport, 111traffic, 64, 189video and voice, 189WEQ, 133–134

class-map command, 77, 97CLI (command-line interface), 76

clientsCisco Unified Wireless Networks, 291EAP, 261LEAP, 262open authentication, 272–273

CLP (cell loss priority), 99clustering over WAN models, 48CMIC (Cisco Message Integrity Check), 260codecs

compression algorithms, 24types, 35–36

collection (statistics), NBAR, 110–112coloring traffic, 98command-line interface (CLI), 76commands

auto discovery qos, 81, 210auto qos, 79, 81, 210auto qos voip, 81auto qos voip cisco-phone, 211auto qos voip trust, 211AutoQoS, 79–81bandwidth, 140, 219bandwidth percent, 140class-map, 77, 97fair-queue 16, 135, 141hold-queue max-limit out, 136IOS, 112–117IP CEF, 112ip nbar port-map, 113ip nbar protocol-discovery, 114match protocol, 115max-reserved-bandwidth, 139mls qos, 211no auto discovery qos, 210no auto qos, 221police, 193policy-map, 77priority, 219priority-list, 131qos pre-classify, 181–184queue-limit, 141random-detect, 158service-policy, 77–78, 142, 193service-policy output, 114show, 112show auto discovery qos, 212show auto discovery qos interface, 212show auto qos, 212, 214, 219

commands

358

show auto qos interface, 213show class-map, 78show controllers serial, 130show interface, 67, 136show mls qos interface, 215show mls qos maps, 212show mls qos maps dscp-cos, 215show policy-map, 78show policy-map interface, 79, 142,

212–213show queue interface, 137tx-ring-limit, 129voices, 48–49

committed information rate (CIR), 165, 186common channel signaling (CCS), 14communication, device access, 10components, 261

EAP, 261queuing, 128telephony packet networks, 11–13WLANs, 294

Compressed RTP (cRTP), 32–34, 64, 208compression, 20, 64

codecs, 24configuring, 64cRTP, 32–34headers, 66, 169–170Layer 2, 66payload (Layer 2), 168–169standards, 24–25

concurrent calls, limiting, 49conferencing

applications, 10DSPs, 26

confidentiality, VPNs, 180configuration

802.1x authentication, 278–280APs, 308AutoQoS, 79–81CAC, 49CBWFQ, 141–142CBWRED, 158–162CiscoWorks WLSE, 295compression, 64gateways (voice), 44–45IOS (qos pre-classify command), 183legacy CLIs, 76LLQ, 144–145NBAR, 112–117

open authentication, 273Over the Air QoS fields, 245static WEP authentication, 273–274utoQoS Enterprise, 206voice, 48–49WCS, 299–313web authentication, 276–278WEQ, 135–137WLANs

QoS, 243–246security, 272–280

WLSE, 297WPA PSK authentication, 274–275

confluence problem, 127congestion

avoidance, 67, 153CBWRED, 158–162limitations of tail drop, 153–154link efficiency mechanisms, 167RED, 154–156traffic shaping and policing, 163–167WRED, 156–157

management, 127–130notification, 99

congestive discard threshold (CDT), 135connections

access switches, 235VPNs, 180–181

consistency, AutoQoS, 79, 206consolidated network expenses, 10contention window (CWmin), 237control

and management plane traffic, 192policies (EAP), 261

control plane policing (CoPP), 192–193Controller option, 244controllers

WCS Base, 301WLAN, 243–244

converged networks, QoS, 62–68converting voice

analog to digital, 19–20digital to analog, 20–21Nyquist theorem, 21quantization, 22–23

CoPP (control plane policing), 192–193CQ (custom queuing), 128cRTP (Compressed RTP), 32–34, 64, 208

commands

359

CSMA/CA (carrier sense multiple access collision avoid), 236–237

CSMA/CD (carrier sense multiple access collision detect), 236

custom queuing (CQ), 128customization. See also configuration

WCS, 300–302Web Login Page, 277

CWmin (contention window), 237

DDashboard (Network), 303–304data integrity, VPNs, 180data links, overhead, 35–37Data Link Control, 235data plane traffic, 192databases

access, 10EAP, 261LEAP, 262packet telephony networks, 11

data-link connection identifier (DLCI), 207DCF (distributed coordinated function),

236–237DE (discard eligible), 99decimal bits, CoS bits, 98–99default PHBs, 103defining

AutoQoS, 216QoS policies, 71

delayend-to-end (VoIP), 16, 62–65link fragmentation, 171processing, 65propagation, 65queuing, 65serialization, 65variation (jitter), 63, 65–66

delivery, voice, 27–34denial of service, 259, 270deployment

APs, 296AutoQoS

on Enterprise on Cisco routers, 206, 209–210

on IOS-based switches, 210–212IP Telephony options, 46–48

QoSend-to-end, 185–193pre-classification options, 183–184

queuing, 64wizards (WLSE), 296

descriptors, traffic, 97design

802.1x authentication, 278–280APs, 308AutoQoS, 79–81CAC, 49CBWFQ, 141–142CBWRED, 158–162CiscoWorks WLSE, 295compression, 64gateways (voice), 44–45IOS (qos pre-classify command), 183legacy CLIs, 76LLQ, 144–145NBAR, 112–117open authentication, 273Over the Air QoS fields, 245static WEP authentication, 273–274trust boundaries, 108–110AutoQoS Enterprise, 206voice, 48–49WCS, 299–313web authentication, 276–278WEQ, 135–137WLANs

QoS, 243–246security, 272–280

WLSE, 297WPA PSK authentication, 274–275

detectionCisco WCS Servers, 312–313IDS, 260rogue APs, 259

devicesAutoQoS, 79–81campus LAN, 189Cisco Unified Wireless Networks, 291Cisco Wireless Location Appliance,

304–306communication, 10control, 45DSPs, 25–26SDM, 81–88trust boundaries, 108–110

devices

360

dial plan administration, 45Differentiated Services Code Point (DSCP),

100–105DiffServ

fields, 100models, 100–105QoS, 74–75

digital interfaces, VoIP, 14–15digital signal processors. See DSPsdigital voice

converting from analog, 19–20converting to analog, 20–21

directories, services, 46Disables setting, 246discard eligible, 99discovery, 218

autodiscovery, 212NBAR, 110–112

distributed callcontrol, 16–19processing, 47

distributed coordinated function, 236–237distribution (multilayer) switches, 235DLC (Data Link Control), 235DLCI (data-link connection identifier), 207DoS (denial of service) attacks, 259, 270drawbacks

of CBWFQ, 140of WFQ, 135

dropinput queue, 67output, 67WFQ, 135

DSCP (Differentiated Services Code Point), 100–105

CBWRED, 160IP precedence, 102–105

DSPs (digital signal processors), 12, 25–26dynamic keys, WPA2, 279dynamic port applications, 207dynamic queues, WFQ, 134dynamic RF management, 296dynamic WEP keys, 261dynamic-queues parameter, 136

EE&M (Earth and Magneto or Ear and

Mouth), 13EAP (Extensible Authentication Protocol),

260–272EAP over LAN (EAPOL), 265EAP-FAST (Extensible Authentication

Protocol-Flexible Authentication via Secure Tunneling), 264–266

EAPOL (EAP over LAN, 265EAP-TLS (Extensible Authentication

Protocol-Transport Layer Security), 266–267

early dropping, WFQ, 135Earth and Magneto or Ear and Mouth

(E&M), 13ease, best-effort QoS model, 72EDCF (Enhanced Distributed Coordination

Function), 238Edit QoS Profile Page, 245editing profiles, 244EF (expedited forwarding), 103efficiency

links, 167packet telephony networks, 10

elements of WLAN managementCisco Unified Wireless Networks, 291–292components, 294implementations, 292–293need for, 291WCS, 299–313WLSE, 295–299

employees, productivity, 10enabling, 207–212. See also configurationEncapsulating Security Payload (ESP), 182encapsulation

HDLC, 207voice packets, 27–34

encoding, 20encryption. See also security

configuring, 272–280EAP, 261

endpointscentralized call control, 17video, 12

end-to-end delay, VoIP, 16, 62–65end-to-end delivery voice, 27–30

dial plan administration

361

end-to-end QoS. See also QoSdeployment, 185–193maintaining, 240

Enhanced Distributed Coordination Function (EDCF), 238

enterprise campus QoS implementations, 188–190

Enterprise mode, WPA, 272enterprise networks, VoIP, 42–49Enterprise on Cisco routers, deploying

AutoQoS, 209–210Equipment, packet telephony networks, 10equivalent to direct conversation, 24errors. See also troubleshooting

frames, 67quantization, 22

ESP (Encapsulating Security Payload), 182event logs, WCS Base, 301evolution of WLAN security solutions,

259–260EXP field (MPLS), 100expedited forwarding (EF), 103expressions, regular (NBAR), 116Extensible Authentication Protocol, 260–272Extensible Authentication Protocol-Flexible

Authentication via Secure Tunneling, 264–266

Extensible Authentication Protocol-Transport Layer Security, 266–267

extensible markup language, 10, 46external applications, programming

interfaces to, 46

Ffair-queue 16 command, 141fair-queue command, 135FastTrack traffic, NBAR, 116–117fault monitoring, WLSE, 295FECN (forward explicit congestion

notification), 99fields

DiffServ, 100EXP (MPLS), 100inner QoS, 241Over the Air QoS, 245

FIFO (first in, first out), 128–132filters, MAC, 259

firmware, WLSE, 295first in, first out, 128–132Foreign Exchange Office (FXO), 13Foreign Exchange Station (FXS), 13forward explicit congestion notification

(FECN), 99forwarding

AutoQoS, 209important packets first, 66

four-way handshakes, 264fragile flows, 66fragment size, 171Frame Relay, DE and CLP on, 99frame errors, 67FXO (Foreign Exchange Office), 13FXS (Foreign Exchange Station), 13

Ggatekeepers, 11gateways

centralized call control, 17DSPs, 25–26interfaces

analog, 13digital, 14–15

packet telephony networks, 11voice, 44–45VoIP, 29

generating hashes, 133global synchronization, TCP, 153Gold access, 237GTK (group transient key), 270guarantees

bandwidth, 67CBWFQ, 139–140SLAs, 187

lack of service, 72services, 75

guest access, 292

Hhackers, 258. See also securityhandshakes, four-way, 264hardware

packet telephony networks, 10QoS, 189queuing, 128

hardware

362

hashes, generating, 133HDLC (high-level data link control)

encapsulation, 207headers

compression, 66, 169–170MPLS, 100overhead, 32–34

hierarchies, trust boundaries, 109high availability, WLSE, 298high-level data link control (HDLC)

encapsulation, 207hold-queue max-limit out command, 136

IIBNS (Identity Based Networking Services),

292IDSs (Intrusion Detection Systems), 260, 292IEEE (Institute of Electrical and Electronics

Engineers)802.11 Wired Equivalent Privacy (WEP),

259802.11i, 269–272802.1x

authentication, 278–280EAP standard, 260–272

IETF (Internet Engineering Task Force), 15, 99

IFS (inter-frame spacing), 236Ignore counter, 67images, WLSE, 296implementation. See also configuration

AutoQoSenabling, 207–212troubleshooting, 215–221verifying, 212, 215

LLQ (policy maps), 161QoS

AutoQoS, 205–207best-effort model, 72converged network issues, 62–68DiffServ model, 74–75enterprise campus, 188–190IntServ model, 73–74models, 72policies, 62, 68–71, 76, 88, 106–108pre-classify, 180–184WAN edge, 190–192

trust boundaries, 109VoIP enterprise networks, 42–49WLANs, 239–242, 292–293

increase (upgrade) link bandwidth, 64–67increasing capacity, comparing to queuing,

128initialization vector (IV), 259inner QoS fields, mapping, 241input

keywords, 78queue drop, 67

insertion, WEQ, 135installation, rogue APs, 259Institute of Electrical and Electronics

Engineers. See IEEEintegrity, VPNs, 180interfaces

applications, 46legacy CLI, 76MQC, 76–79, 139QoS, 183–184queuing, 130–132transmit, 189VIP, 65VoIP

analog, 13digital, 14–15

WCS, 302web

authentication, 276–278users, 243–244

inter-frame spacing (IFS), 236Internet Engineering Task Force (IETF), 15,

99Internet Protocol. See IPInternetwork Operating System. See IOSInternetwork Packet Exchange (IPX), 112interpreting AutoQoS configurations, 219–221Intrusion Detection Systems, 260, 292IntServ models, QoS, 73–74IOS (Internetwork Operating System)

configuring, 183NBAR, 112–117policing and shaping mechanisms, 167switches, 210–212voice, 48–49

IP (Internet Protocol)CEF command, 112overhead, 35

hashes, generating

363

phones, 11precedence

CBWRED, 159DSCP, 102–105

QoSconverged network issues, 62–68implementing, 68–71overview of, 62

Telephony deployment options, 46–48ip nbar port-map command, 113ip nbar protocol-discovery command, 114IPsec (IP Security), VPNs, 182IPX (Internetwork Packet Exchange), 112IV (initialization vector), 259

Jjitter, 30, 143

converged networks, 63–66VoIP, 16

JPEG (Joint Photographics Expert Group), 115

Kkeepalives, CoPP, 192keys

dynamic (WPA2), 279GTK, 270management, 269PMK, 264PSK, 274–275PTK, 270session, 260

keywordsaudio, 117input/output, 78payload-type, 117statistics, 215trust, 210video, 117voip, 210

KPN Research, 25

Llack of service, 72LANs (local-area networks)

campus devices, 189EAPOL, 265

laptops, Cisco Wireless Location Appliance, 305

Layer 2compression, 66payload compression, 64, 168–169QoS

CoS on 802.1Q/P Ethernet frames, 98–99

DE and CLP on ATM/Frame Relay, 99Layer 2, 100layers, implementing trust boundaries, 109LEAP (Lightweight Extensible

Authentication Protocol), 259, 262–264legacy CLIs, 76levels, services, 70, 75LFI (link fragmentation and interleaving),

208LightWeight Access Point Protocol (LWAPP),

291lightweight AP wireless architecture. See

LWAPLightweight Extensible Authentication

Protocol, 259, 262–264limitations

of CAC, 49of NBAR, 111of tail drop, 153–154of traffic rates, 163

linear quantization, 23link fragmentation and interleaving (LFI ),

208links

efficiency, 167utilization with/without RED, 154

LLC (Logical Link Control), 235LLQ (Low-Latency Queuing), 142–143

AutoQoS, 208benefits of, 144configuration, 144–145policy maps, 161

local-area networks. See LANs

local area networks

364

locationsCisco WCS Servers, 310–312Cisco Wireless Location Appliance,

304–306rogue APs, 313services, 292WCS tracking options, 300–302

logarithmic quantization, 23Logical Link Control, 235login

Cisco WCS Server, 306Web Login Page, 277

logs, events, 301loss, packets, 63–68Low Latency Queuing. See LLQlow-speed serial links, enabling AutoQoS, 207LWAPP (Lightweight Access Point Protocol),

291LWAP (lightweight AP wireless architecture,

238–239, 293tunnels in Split MAC architecture, 240viewing, 308WCS, 299–313

MMAC (Media Access Control)

filters, 259Split MAC Architecture, 238–239

maintenance, call, 16management

congestion, 127–130dial plans, 45dynamic RF, 296EAP, 261keys, 269phone features, 46radio (WLSE), 295RF, 306RRM, 301SDM, 81–88WLANs

Cisco Unified Wireless Management, 291–292

components, 294implementations, 292–293need for, 291

WCS, 299–313WLSE, 295–299

WLSE, 296WPA, 269–272

mappingCisco WCS Server, 309–310inner QoS fields, 241LLQ, 144, 161markings, 107modifying, 219policies, 141QoS markings, 240–241

mark probability denominator (MPD), 154marking, 97–100

DSCP, 100–105enterprise campus QoS, 189mapping, 107QoS, 240–241traffic, 64trust boundaries, 108–110

match protocol command, 115match statements, 77, 97, 113, 219max-reserved-bandwidth command, 139MCUs (multipoint control units), 11MD5 (Message Digest 5), 182mean opinion score (MOS), 24measurements

traffic rates, 165–167voice signals, 24

Media Access Control. See MACMedia Gateway Control Protocol, 15menus, WCS, 302Message Digest 5 (MD5), 182Message Integrity Check, 15MGCP (Media Gateway Control Protocol), 15MIC (Message Integrity Check), 260, 269mismatch, speed, 165missed trap polling, 301mixed-mode conferences, 26MLP (Multilink PPP), 207mls qos command, 211mobile devices, Cisco Wireless Location

Appliance, 305mobility platforms, Cisco Unified Wireless

Networks, 291models

call control, 16–19DiffServ, 100–105

locations

365

QoS, 72best-effort, 72DiffServ, 74–75IntServ, 73–74

modifyingAutoQoS configurations, 219–221mapping, 219root passwords, 306

modular QoS command-line interface (MQC), 76–79, 139

MOH (music on hold), 41monitoring

AutoQoS, 79, 206CBWFQ, 141–142, 161LLQ, 144–145threshold-based, 296WCS Base, 300–301WFQ, 135–137WLSE, 295

MOS (mean opinion score), 24MPD (mark probability denominator), 154MPLS (Multi-Protocol Label Switching), 100MQC (modular QoS command-line

interface), 76–79, 139Multilink PPP (MLP), 207multiple queues, 189multiplexing, 31multipoint control units (MCUs), 11Multi-Protocol Label Switching, 100multisite

with centralized call processing model, 46with distributed call processing model,

47–48music on hold (MOH), 41

NNAC (Network Admission Control), 292National Institute of Standards and

Technology (NIST), 271navigating WCS, 302NBAR (Network Based Application

Recognition), 97, 110–117, 205Network Admission Control (NAC), 292Network Based Application Recognition,

97, 110–117, 205Network Dashboard, 303–304network interface card, 258

network module high density voice (NM-HDV), 25

networksaudits, 70campus, 188–190Cisco Unified Wireless Networks, 291–292converged, 62–68enterprise, 42–49outages, 62packet telephony networks

benefits of, 10–11components, 11–13

services, 295unification, 291VPNs, 180–181

NIC (network interface card), 258NIST (National Institute of Standards and

Technology), 271NM-HDV (network module high density

voice), 25no auto discovery qos command, 210no auto qos command, 221notification, congestion, 99Nyquist theorem, 21

Ooff-hook, calling phones, 18one-time password (OTP), 261open authentication, 272–273operating systems, LEAP support for, 262optimizing WLSE, 298options. See also configuration; customization

Controller, 244IP Telephony deployment, 46–48WCS tracking, 300–302

OTP (one-time password), 261outages, networks, 62output

drop, 67keywords, 78

Over the Air QoS fields, configuring, 245overhead

data link, 35–37headers, 32–34IP, 35security, 37–39tunneling, 35–39

overhead

366

Overrun counter, 67overutilization, 154

PPacket Description Language Modules

(PDLMs), 111packet voice DSP modules (PVDMs), 25packets

access, 134loss, 63, 66–68periods, 36size, 35telephony networks


voice, 27–34packets per second (pps), 35pairwise master key (PMK), 264pairwise transient key (PTK), 270PAM (pulse amplitude modulation), 20parameters

queues, 136traffic, 219

passwordsOTP, 261root, 306

payloadscompression (Layer 2), 168–169voice, 34–36

payload-type keyword, 117PBX phones, 11PCM (pulse code modulation), 20PDLMs (Packet Description Language

Modules), 111PDU (protocol data unit), 100PEAP (Protected Extensible Authentication

Protocol), 267–269people, tracking with Cisco Wireless Location

Appliances, 305perceptual analysis measurement system

(PAMS), 25perceptual evaluation of speech quality

(PESQ), 25perceptual speech quality measurement

(PSQM), 25perfect conversation, 24Per-Hop Behavior (PHB), 100–105

permanent virtual circuits (PVC), 207per-packet keying (PPK), 269Personal mode, WPA, 272PESQ (perceptual evaluation of speech

quality), 25phases, EAP-FAST, 264PHB (Per-Hop Behavior), 100–105phones

feature administration, 46IP phones, 11packet telephony networks, 11stages of phone calls, 15–19

PKI (Public Key Infrastructure) certificates, 260

placement of trust boundaries, 108–110planning QoS policy implementation, 106–108Platinum access, 237PMK (pairwise master key), 264polarity, 22police command, 193policies

AutoQoS, 206control, 261drop, 135maps, 141

LLQ, 144, 161modifying, 219

objects, 74QoS

AutoQoS, 79converged network issues, 62–68implementing, 62, 68–71, 76, 88,

106–108pre-classify deployment, 183–184

trust boundaries, 108–110WCS Base, 301WLSE, 295

policing, 73CoPP, 192–193traffic, 163–167, 189

policy-map command, 77polling, missed trap, 301ports

dynamic application, 207subport classification, 111

PPK (per-packet keying), 269pps (packets per second), 35PQ (priority queuing), 128–132precedence, IP, 159

Overrun counter

367

pre-classify (QoS), implementing, 180–184prerequisites, enabling AutoQoS, 209prioritization

delay-sensitive packets, 66traffic, 237

priority command, 219priority queuing (PQ), 128–132priority-list command, 131processes, voice, 27–34processing

delay, 65distributed call, 47

processors, DSPs, 25–26productivity, employees, 10profiles, 244

RED, 155WRED, 156

programming interfaces to external applications, 46

propagation, delay, 65Protected Extensible Authentication Protocol

(PEAP), 267–269protocol data unit (PDU), 100protocols

CCMP, 271CDP, 110CKIP, 260discovery, 111EAP, 260–272EAP-FAST, 264–266EAP-TLS, 266–267LEAP, 259, 262–264LWAPP, 291MGCP, 15PEAP, 267–269RTP, 65, 117, 169–170signaling, 15–19SIP, 15TCP

global synchronization, 153header compression, 170starvation, 154

TKIP, 269tunneling, 37UDP, 15voice, 27–34

PSQM (Perceptual speech quality measurement), 25

PSTN (public switched telephone network), 19PTK (pairwise transient key), 270

Public Key Infrastructure (PKI) certificates, 260

public switched telephone network, 19pulse amplitude modulation (PAM), 20pulse code modulation (PCM), 20PVCs (permanent virtual circuits), 207PVDMs (packet voice DSP modules), 25

QQoS (Quality of Service)

AutoQoS, 79–81, 205–207enabling, 207–212modifying configurations, 219–221troubleshooting, 215–221verifying, 212, 215

converged network issues, 62–68CoPP, 192–193end-to-end, 185–193hardware, 189implementing, 68–71, 76, 88markings, 240–241models, 72

best-effort, 72DiffServ, 74–75IntServ, 73–74

MQC, 76–79overview of, 62policies, 106–108pre-classify, 180–184SDM, 81–88SLAs, 186–187WANs, 190–192WLANs

configuration, 243–246description of, 237–238implementation, 239–242need for, 235–237Split MAC architecture, 238–239

qos pre-classify command, 181, 183–184quantization, 20–23queue-limit command, 141queues, 73, 127–130

buildups, 192CBWFQ, 138–139

benefits/drawbacks, 140classification, 139–140configuration, 141–142monitoring, 161

queues

368

CQ, 128delay, 65deploying, 64LLQ, 142–143, 208

benefits of, 144configuration, 144–145policy maps, 161

multiple, 189TxQ, 128types of, 130–132WFQ, 132

benefits/drawbacks, 135classification, 133–134configuration, 135–137insertion and drop policies, 135

WRR, 128

Rradio frequency. See RFradio frequency identification, 305radio management, WLSE, 295radio resource management (RRM), 301RADIUS (Remote Authentication Dial In

User Service)EAP features, 260servers, 262

random early detection (RED), 154–156random wait timers, 236random-detect command, 158rates

CIR, 165, 186packets, 35traffic, 165–167

RC4 vulnerabilities, 259Real-Time Protocol Control Protocol (RTCP),

117Real-time Transport Protocol. See RTPREAP (Remote-Edge Access Point), 293received signal strength indicator (RSSI), 296RED (random early detection), 154–156reducing header overhead, 32–34regular expressions, NBAR, 116releasing signals, 31re-marking traffic, 163

remote access VPNs, 180–181Remote Authentication Dial In User Service.

See RADIUSRemote-Edge Access Point (REAP), 293reports

AutoQoS, 79, 206WLSE, 295–296

reprioritization, packets, 66Required setting, 246requirements

bandwidthcodecs, 24compression, 24–25

EAP-TLS, 266system, 302traffic, 70–71

reservable-queues parameter, 136reserving bandwidth, 141Resource Reservation Protocol (RSVP), 101response times, CoPP, 192restrictions, AutoQoS, 207return on investment (ROI), 11RF (radio frequency)

Cisco Wireless Location Appliance, 304–306

dynamic management, 296management, 306visibility, 296

RFID (radio frequency identification), 305roaming, EAP, 261rogue APs. See also APs

Cisco WCS Serversdetecting, 312–313viewing, 313

detecting, 312–313viewing, 313

ROI (return on investment), 11root passwords, modifying, 306round-robin (RR) queuing, 130–132routers

Cisco Enterprise on, 209–210congestion, 128queuing, 128voice, 44–45

routingcall, 15updates, 192

RR (round-robin) queuing, 130–132RRM (radio resource management), 301

queues

369

RSSI (received signal strength indicator), 296RSVP (Resource Reservation Protocol), 101RTCP (Real-Time Protocol Control Protocol),

117RTP (Real-Time Transport Protocol),

65, 117, 169header compression, 170VoIP, 30–32

Ssamples, 20

Nyquist Theorem, 21voice payloads, 34–36

scalabilitybest-effort QoS model, 72DiffServ model, 75

scheduling, 74CBWFQ, 139–140WFQ, 133–134

SDM (Security Device Manager), 81–88Secure Hash Algorithm (SHA), 182security

evolution of, 259–260overhead, 37–39SOHO, 272troubleshooting, 258–259WLANs, 296

Cisco Wireless Location Appliance, 306

configuring, 272–280EAP, 260–272overview of, 258–260

WPA, 269–272Security Device Manager (SDM), 81–88segments, 22Self-Defending Network, 292self-healing, WLSE, 298sequence numbers, assigning, 134serialization, delay, 65servers

ACS, 260application, 11RADIUS

EAP, 260LEAP, 262

WCS requirements, 302service level agreement (SLA), 101, 186–187

Service Set Identifier (SSID), 258service-policy command, 77–78, 142, 193service-policy output command, 114services, 46

directories, 46DSPs, 25–26guarantees, 75levels

defining, 70DiffServ model, 75

networks, 295QoS, 106–108XML, 46

Session Initiation Protocol, 15session keys, 260set statement, 219SHA (Secure Hash Algorithm), 182shaping traffic, 163–167show auto discovery qos command, 212show auto discovery qos interface command,

212show auto qos command, 212, 214, 219show auto qos interface command, 213show class-map command, 78show command, 112show controllers serial command, 130show interface command, 67, 136show mls qos interface command, 215show mls qos maps command, 212show mls qos maps dscp-cos command, 215show policy-map command, 78show policy-map interface command, 79, 142,

212–213show queue interface command, 137signals, 15–19

control, 45DSPs, 25–26releasing, 31

signal-to-noise quantization ratio (SQR), 23Silver access, 237single-mode conferences, 26single-site model, IP Telephony, 46SIP (Session Initiation Protocol), 15site-to-site VPNs, 181. See also VPNs, 180–181size

packetization, 35voice payloads, 34–36

size

370

SLA (service level agreement), 101, 186–187small office, home office (SOHO), 272sniffers, 258software, queuing, 128SOHO (small office, home office), 272space, increasing buffer, 67special characters, NBAR, 116speed mismatch

traffic shaping, 165troubleshooting, 127

Split MAC architecture, 238–240SQR (signal-to-noise quantization ratio), 23SSID (Service Set Identifier), 258stages of phone calls, 15–19standards

AES, 260codecs, 35–36compression, 24–25

starvation, TCP, 154statements

class, 78match, 77, 97, 113, 219set, 219

static WEP authentication, 273–274statistics

call maintenance, 16keywords, 215NBA, 110–112

status, monitoring with WCS Base, 301streams, audio, 26strings, NBAR, 116subport classification, 111summaries

LWAPs, 308WCS, 303–304

switchesaccess, 235congestion, 128IOS-based, 210–212

synchronization, TCP global, 153system requirements, WCS, 302

Ttagging traffic, 98tail drop, 67, 128

limitations of, 153–154

TCP (Transmission Control Protocol)applications, 62global synchronization, 153header compression, 64, 170starvation, 154

TCP/IP (Transmission Control Protocol/Internet Protocol), 30–32

telemetry, Cisco Wireless Location Appliance, 306

telephone clients, 305telephony

IP Telephony deployment options, 46–48packet networks


templates, WLSE, 296–297Temporal Key Integrity Protocol (TKIP), 269thresholds

CDT, 135monitoring, 296MPD, 154

timers, random wait, 236TKIP (Temporal Key Integrity Protocol), 269tools, AutoQoS, 205ToS (type of service), 100–102tracking

Cisco Wireless Location Appliance, 304–306

WCS, 300–302traffic

classes, 106AutoQoS, 216defining QoS, 71SLAs, 187

classification, 64, 97–100congestion management, 127–130CoPP, 192–193enterprise campus QoS, 189FastTrack, 116–117mapping, 107NBAR, 110–112parameters, 219policing, 163–167, 189prioritization, 237rates, 165–167re-marking, 163requirements, 70–71shaping, 163–167types, 70

SLA (service level agreement)

371

transcoding, 12, 26Transmission Control Protocol. See TCPTransmission Control Protocol/Internet

Protocol, 30–32transmissions, packet telephony networks, 10transmit interfaces, 189transmit queue (TxQ), 128troubleshooting, 215, 220–221

bandwidth availability, 64congestion, 127–130, 153. See also

congestionsecurity, 258–259

trunks, CoS on 802.1Q/P Ethernet frames, 98–99

trustboundaries, 108–110, 189keywords, 210

tunnelinginterfaces, 183–184LWAP, 240modes (ESP), 182overhead, 35, 37–39protocols, 37

TxQ (transmit queue), 128tx-ring-limit command, 129type of service (ToS), 100types

of codecs, 35–36of queuing, 130–132of traffic

mapping, 107identifying, 70

UUDP (User Datagram Protocol), 15, 30–32underutilization, 154unicast key management, 269unification, networks, 291updating

images, 296routing, 192

upgrading firmware, WLSE, 295User Datagram Protocol. See UDPutilization

CoPP, 192Links with/without RED, 154

Vvalues

AF DSCP, 104CoS bits, 98–99MOS, 24MPD, 154

verification, 212, 215versatile interface processor (VIP), 65versions

AutoQoS, 206CiscoWorks WLSE, 296–297

videoaccess, 237classification, 189endpoints, 12keywords, 117packet telephony networks, 10

viewingLWAPs, 308rogue APs, 313

views, WCS, 300–301VIP (versatile interface processor), 65VIP-DTS (virtual IP distributed traffic

shaping), 163virtual IP distributed traffic shaping

(VIP-DTS), 163virtual private networks, 180–181visibility

Cisco Wireless Location Appliance, 305RF, 296

VNMs (voice network modules), 25voice

access, 237classification, 189encoding

converting analog to digital, 19–20converting digital to analog, 20–21Nyquist Theorem, 21quantization, 22–23

end-to-end delivery, 27–30gateways, 25–26, 44–45IOS, 48–49packets

encapsulating, 27–34telephony networks, 10

payloads, 34–36signals, 24, 31

voice

372

voice interface cards (VIC) XE, 19voice network modules (VNM), 25VoIP (Voice over IP)

AutoQoS, 210–212bandwidth, 34–42Cisco Wireless Location Appliance, 305compression standards, 24–25DSPs, 25–26end-to-end delay, 62–65enterprise networks, 42–49IP QoS SLAs, 187Nyquist Theorem, 21packets

benefits of networks, 10–11components, 11–13encapsulating, 27–34

phone calls, 15–19voice encoding

converting analog to digital, 19–20converting digital to analog, 20–21Nyquist Theorem, 21quantization, 22–23

voip keyword, 210VPNs (virtual private networks), 180–181

WWANs (wide-area networks)

clustering over model, 48congestion, 128QoS, 190–192

war driving, 258WCS (Wireless Control System), 299–313WCS Base, 300–301WCS Location + 2700 Series Wireless

Location Appliance, 300–301WCS Network Summary (Network

Dashboard), 303–304WDSs (Wireless Domain Services), 294web authentication, 276–278Web Login Page, customizing, 277web user interfaces, 243–244Weighted Fair Queuing. See WFQweighted random early detection (WRED),

104, 128, 156–157WEP (Wired Equivalent Privacy), 259

EAP, 261keys, 260static authentication, 273–274

WFQ (Weighted Fair Queuing), 132benefits/drawbacks, 135classification, 133–134configuration, 135–137insertion and drop policies, 135

wide-area networks. See WANsWi-Fi, 305Wi-Fi Multimedia, 237–239Wi-Fi Protected Access. See WPAWired Equivalent Privacy. See WEPWireless Control System (WCS), 299–313wireless devices, LEAP support, 263Wireless Domain Services (WDS), 294wireless LAN controller, 235, 291, 307–308Wireless LAN Solution Engine (WLSE),

295–299wireless local-area networks. See WLANswireless sniffers, 258wizards

deployment, 296SDM QoS, 81–88

WLANs (wireless local-area networks)controllers, 243–244management

Cisco Unified Wireless Networks, 291–292

components, 294implementations, 292–293need for, 291WCS, 299–313WLSE, 295–299

QoSconfiguration, 243–246description of, 237–238implementation, 239–242need for, 235–237Split MAC architecture, 238–239

security, 296Cisco Wireless Location Appliance,

306configuring, 272–280EAP, 260–272overview of, 258–260

WLC (wireless LAN controller), 235, 291, 307–308

WLSE (Wireless LAN Solution Engine), 295–299

WMM (Wi-Fi Multimedia), 237–239

voice interface cards (VICs) XE

373

workflow automation, Cisco Wireless Location Appliance, 305

WPA (Wi-Fi Protected Access), 269–272802.1x authentication, 279PSK authentication, 274–275

WPA2, 269–272, 279WRED (weighted random early detection),

104, 128, 156–157WRR (weighted round-robin) queuing,

128–132

XXML (extensible markup language), 10, 46

XML (extensible markup language)

index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/9781587201769/index/15872017… ·...

Documents