cisco ccna ccnp

Sponsored Links

Sponsored Links

Donate ciscoforall

Your contribution will help keep this site updated!

Email Subscriptions

Enter your email address:

Sponsored Links

Donate

Your contribution will help keep this site updated!

Get Domain 1.99$

Get Domain 5.99$

affiliate_link

VPN (Virtual private network) Connectivity

Sponsored Links

VPN technology allows businesses to use their existing Internet connections to connect to other offices (site-to-site VPNs) or allow telecommuting or mobile users to connect into the office network from their PCs (remote-access VPN).

VPN Connectivity

VPNs provide a variety of benefits over private-line connections:

  • Cost savings over private-line connections
  • Remote-access connections for telecommuting or mobile users
  • Scalability

At the same time, VPNs have some major drawbacks:

  • Higher overhead
  • Varying service levels
  • Additional security considerations

VPN connections come in two major genres: site-to-site and remote-access VPNs.

Site-to-site VPNs are the direct replacement for private-line WAN connections. They allow offices to maintain permanent or semipermanent connections between each other through the Internet.

Remote-access VPNs typically are used to allow telecommuting or mobile workers to connectto the corporate network from home or hotel-like locations. These remote-access VPNs comein a couple of styles: client-based (requires the installation of a VPN client) and clientless (also known as SSL or WebVPN; users connect through a secure web page).

The key protocol that drives VPN connections is IPsec. This is actually a suite of protocols that provide standards for encryption, authentication, and data integrity.

Three primary encryption standards are used with IPsec:

  • Data Encryption Standard (DES) algorithm was originally developed by IBM to support a 56-bit key.
  • Triple DES (3DES) algorithm uses three different DES keys to encrypt data, thus tripling the strength of DES.
  • Advanced Encryption Standard (AES) currently offers 128-, 192-, and 256-bit encryption.

Currently, two data-integrity standards are used with IPsec:

  • Message Digest 5 (MD5) uses a 128-bit hashing algorithm.
  • Secure Hash Algorithm 1 (SHA-1)uses a 160-bit hashing algorithm.

OSPF Characteristics

OSPF
Hello/dead time 10/40, 30/1 20
Cisco or IETF I ETF
Updates Multicast (224.0.0.5, 224.0.0.6)
Load balancing Equal paths
Routed protocols IP

 

OSPF
Hello/dead time 10/40, 30/1 20
Cisco or IETF I ETF
Updates Multicast (224.0.0.5, 224.0.0.6)
Load balancing Equal paths
Routed protocols IP

 

OSPF is a link-state routing protocol that automatically discovers its neighbors by sending hello messages to 224.0.0.5. After the neighbors are discovered, they form an adjacency by syn­chronizing their databases. This database lists all possible routes that the neighbor is aware ofin the topology. Each subnet learned has a cost associated with it, which is calculated by tak­ing 1 08/bandwidth. The paths with the lowest cost to a destination are put in the routing table.

Sponsored Links

TCost Values Based on Bandwidth
Bandwidth OSPF Cost
56Kbps 1785
64Kbps 1562
T1 (1 .544 Mbps) 64
E1 (2048 Mbps) 48
Ethernet (10 Mbps) 10
Fast Ethernet (100 Mbps)Gigabit Ethernet (1000 Mbps) 11

 

 Verifying and Troubleshooting OSPF Commands

Command Output
show ip route The routing table with OSPF entries represented as “O.” Routes learned from other areas also have an interarea indicator ( “ IA”).
show ip protocols OSPF process ID and advertised networks.
show ip ospf interface Local router’s router ID, interface topology type, link cost and priority, router ID for the DR and BDR on the segment, hello/dead intervals, and a count of how many neighbors and adjacencies.
show ip ospf neighbor Neighbor table to verify neighbor IDs and if neighbor is DR or BDR.
showip ospf database OSPF subnets and advertising routers in the topology table.
debug ip ospf events Real-time display of LSAs and LSUs being sent and received.

RIP and RIPv2 Comparison

 

 RIP and RIPv2 Comparison
RIPv1 RIPv2
Classfu l/classless Classful Both
Algorithm Bellman-Ford Bellman-Ford
Metric Hops Hops
Maximum hop count 15 15
Infinite metric 16 16
Hello/dead time 30/1 80 30/1 80
Updates Broadcast Multicast (224.0.0.9)
Update authentication No Yes
Load balancing Equal paths Equal Paths

 

RIP Configuration

The configuration for RIP is seamless as long as you remember these two simple rules:

  1. Advertise only your directly connected networks.
  2. Advertise only the classful network.

Router(config)#routerrip

Router(config-router)#network192.168.7.0 Router(config-router)#network172.17.0.0

RIPv2 Configuration

Router(config)#routerrip

Router(config-router)#network192.168.7.0 Router(config-router)#network172.17.0.0 Router(config-router)#version2

Router(config-router)#noauto-summary

Verifying and Troubleshooting RIP Commands

Command                                   Output

showiproute                            The routing table with RIP entries represented as “R”

show ipprotocols                  RIP timers, advertised networks

debug iprip                              Real-time display of RIP routing updates being sent and received

Read More >> what is difference between RIPv1 and RIPv2