Remote Access Network

March 18, 2011
[REMOTE ACCESS NETWORK (CT043-3-2-RAN)]
Contents
Introduction ..............................................................................................................................................................2 Type and Size of Data................................................................................................................................................3 Primary Link ........................................................................................................................................................... 11 Secondary Link ....................................................................................................................................................... 15 Network Diagram ................................................................................................................................................... 21 Redundant LINK ..................................................................................................................................................... 22 Installation ............................................................................................................................................................. 24 Security .................................................................................................................................................................. 29 Conclusion.............................................................................................................................................................. 32 References ............................................................................................................................................................. 33 Appendices ............................................................................................................................................................ 35 Work Break Down .................................................................................................................................................. 36
Remote Access Network
Page 1
March 18, 2011
Introduction
Network has been an essential element in any field. Network will be able to connect two users that apart from each other. Banks, schools, offices, public services, and many more are all use network either local area network or wide area network. Local Area Network will mostly used for connecting the device with limited space, such as LAN in the office. Wide Area Network (WAN) will connects some LANs to join together in the one network.
Network can be used as for many purposes. For communication purpose, we can use Voice Over Internet Protocol (VOIP) and video conferencing that is booming in the market. VOIP or video conferencing will help the company or institution to save cost, because they are free of charge. All the company need is just the high speed internet for having a smooth conversation. Another advantage is that it can connect to many user instead of only having one on one conversation.
Another feature that a network has is file transfer. For example from main office needs to send a important file and the recipient needs it immediately. It will consume a time if from the main office a sender needs to travel all the way to branch office to pass the file. It will be such a big problem if the distance between two offices is far away apart. File transferring can send the file through the internet and the recipient can get the file immediately.
Page 2
March 18, 2011
Type and Size of Data

1. Voice Over Internet Protocol (VOIP)
Voice Over Internet Protocol (VOIP) is IP based network that transmit voice conversation, without loss in functionality, quality and reliability. VOIP has been very famous because it save cost over the traditional telephone, especially to make long distance or crossed nation calls. Voice signal from VOIP phone or it can use traditional phone that is connected to an adapter will go through a VOIP device that convert the normal telephone signal to the digital signal in order to use the broadband internet connection. The digital signal then will be converted back to the normal signal (original voice call). When the caller calls the recipient number, the VOIP adapter will log on to the routing server. It will look to the destination IP number which is associated with the recipient number. The call will be routed through PSTN if the dialed number is not using VOIP and there is no phone number which tied to an IP number.
Figure 1-1 How the VOIP works
Page 3
March 18, 2011
Types of VOIP calls: VOIP which placed to other VOIP device or on the PSTN PC to phone calls, calls from VOIP device to a PSTN device PC to PC, call from a VOIP device to another VOIP device
Equipment Needed: High speed internet is needed; it can be a connection through cable modem or high speed service such as DSL. Other device needed are a PC, an adaptor, or a specialized phone. Some VOIP service only works on the pc or on the specialized phone. Using pc, it will require a particular software and a high quality of microphone. The service allows the user to use a traditional phone which must have connected to a VOIP adapter. Using a traditional phone which have connected to an adapter is like make a normal phone call which may have dial tone as well. Advantage of Voice Over Internet Protocol (VOIP) Save cost
It is a main advantage of VOIP. It is very effective to reduce a production cost for a company which needs to make a lot of calls, especially for a company which have to make a international calls. Manageability
Each employee has the ability to route the call by themselves. Each employee will have their personal extensions number, so it is easy to reach a particular person. Integration
It can better integrate the phones, voicemail, email, SMS, faxes and other communication.
Page 4
March 18, 2011
2. File Sharing
File sharing can be public or private sharing of data or space in the network. A file transfer system that commonly used it File Transfer Protocol (FTP). FTP can be a public access or a limited access which require username and password to access it. The objective of FTP: To promote sharing of files To encourage indirect or implicit use of the remote computer To shield a user from variation in the file storage system among hosts To transfer data efficient and reliably
Requirement of using FTP An FTP client installed on the computer, for example Auto FTP Manager Information about FTP server destination, including a username and password if needed
To transfer files, server address, username, and password have to be set in the client software. Once it is connected to the server, the user can upload, download, or delete files. FTP and Internet Connections For sending and receiving data, FTP uses one connection and for commands FTP uses another connection. FTP has a standard number port which is logical connection point that FTP server listens for every connections. The standard [ort number for FTP is 21 and it is only for sending commands.
Page 5
March 18, 2011
Figure 1-2 Transferring data in FTP File Transfer Protocol supports active and passive connections. Active FTP means the client open as a port and listen and the server actively connects to it. Passive FTP means the server open and listen passively and the client connects to it.
3. SQL
SQL is a tool to organize, manage, and retrieve data that have been stored in a computer database. SQL is more than just a query tool. Retrieving data is the most important feature in the SQL. Some functions that SQL has are: Data Definition
Structure and the organization of the stored data will be defined by the user. Data retrieval
The user is able to retrieve stored data from database and make use of it. Data Manipulation
The user is able to add data, remove data, or modify the data. Access Control
The user can protect the database from unauthorized user.

Remote Access Network Page 6
March 18, 2011
Data Integrity
SQL defines integrity constraint in the database and protect it from corruption caused by system failure.
Figure1-3 How Database is being stored
SQL is not a structure language compare to other programming languages such as C or Java. SQL has few inconsistencies and some rules that looks perfectly legal but do not make sense. SQL has been a standard language for using relational database. SQL is powerful languages that relative easy to learn compare to the other programming language.
Page 7
March 18, 2011
4. Closed Circuit TV (CCTV)
CCTV consists of some video cameras that transmit video images to a monitor. CCTV is privately broadcast and not for public consumption. CCTV can use both wireless and wired
transmission to broadcast the video images from video camera to monitor. The common usage of CCTV is for safety purposes.
Figure 1-4 Installation of CCTV Wired cable connection The video camera will be physically connected to the monitor via cable. The type of cable that commonly used for CCTV is coaxial cable. This type of connection has a disadvantage which is the longer cable connects from video camera to monitor the higher possibility to decrease the quality of the video images.
Page 8
March 18, 2011
Wireless connection To transmit the video images to a monitor most of the CCTV cameras use 2.4 Gigahertz
frequencies. With that frequency CCTV cameras can easily transmit the video images to the monitor trough any types of obstacle including walls. Wireless connection will enable the CCTV to be placed at anywhere as the user want. As a result some of CCTV wireless connection are using battery as a power supply.
5. Video conferencing
Video conferencing has become more and more popular. Video conferencing happens when there are two or more parties communicate in the real time with audio and video signals. List of technologies that use in the video conferencing, such as: Video input
It can be a video camera or a webcam. It at least have to be two or more devices to be connected each other. Video camera can be projected to larger display such as in the larger monitor or using projector to get larger view of the video images. Video Output
Standard video output will be a monitor or a digital tv set. Audio Input
A microphone will be source for audio input in the video conferencing. It also can be a headset that has microphone on it.
Page 9
March 18, 2011
Audio Output Speaker will be the device as an audio output device. A headphone can be a source for audio
output as well.
Figure 1-5 How Video Conferencing works
Video conferencing works on many kind of technology that is being used such as digital and analog technology. ISDN line, normal broadband internet, radio frequencies, and satellite transmission are eligible to provide video conferencing. The main advantage of video conferencing is to save time and money. It also can involve multiple users to join the video conferencing.
Page 10
March 18, 2011
Primary Link
Just about all office-based and modern retail businesses require some type of Internet access in order to carry out their daily operations and countless have mission critical Internet requirements that allow them to continue business operations at all times (Lemm, 2010). There are many choices to fulfill this need for Internet access, including Dial-up connections, ISDN, DSL, Cable, Wireless applications, a T1 Line, or something larger like a DS3 or OC-3 (Lemm, 2010). In selecting the appropriate choice for the primary link of the remote network for Big Boss Public Limited, our team looked into a few popular choices for primary links of similar circumstances. Among the factors looked at during selection are mainly costing, practicality, speed of transmission, bandwidth and security. After careful consideration, we have decided to use a T1 link to connect the main office to the branch office compared to other solutions such as DSL, Frame Relay or ISDN. This is because T1 has numerous advantages over the others. A "Full T1 Line" is a term normally used to depict a circuit that provides 1.5 megabits per second of high speed Internet access, which is the most general type of T1 (Lemm,2010). A Full T1 can also be used to carry telephone lines, data, video and/or VoIP calls. A T1 Line is made up of 24 channels that transmit data at 64Kbps each, therefore giving a Full T1 Line the capacity to transmit 1.54Mbps of data synchronously (upstream and downstream). Using today's standard email applications and common Internet searching, this amount of bandwidth could sustain anywhere from 1 to approximately 75 users depending on their requirements, preferences, and the company's budget (Rucker, 2004). Most commonly Full T1 Lines are used in offices with 5 to 50 employees. A T1 circuit provides the most consistent and reliable bandwidth available when leased from a high quality T1 Provider, which is why businesses are willing to pay more for a T1 than for other services like DSL or Cable. In some applications, a T1 can save money for a company who uses a less reliable bandwidth connection. Since multiple services can be combined on a single T1, cost efficient solutions are often available by the service providers. A point to point T1, often referred to as a "P2P", provides a very secure and reliable connection, usually from a corporate office to any number of satellite offices. Although a P2P does not actually offer
March 18, 2011
Internet access or phone lines, corporations use P2P T1s to share these services. For example, the company's home office in Kuala Lumpur might have numerous telephone lines and huge Internet access pipes installed at one location to get the best available rates. This company can then utilize P2P T1 to transmit any combination of telephone lines, Internet access, and data between offices to share software systems, and provide in-office dialling from locations across the country ( in this case the branch office in Seremban). The possibilities are endless because there are no restrictions on how a point to point T1 can be used, assuming you have the correct equipment and a source at one end of the P2P. This can be a great way to save money, because a satellite or branch office might have to pay huge prices to have telephone and bandwidth services installed directly, whereas the home office can get better rates because of bulk buying and location. The key advantage of a P2P line is that it is truly and strictly private, making it top choice for those demanding a circuit with a dedicated connection to only their business, therefore offering the highest security available (Lemm, 2010). Principally T1's are business connections. Cable/DSL services are usually residential.
T1's normally have: unlimited throughput a guaranteed uptime per month no port blocking, allowing servers upload 2-5x as high as cable/DSL faster repair times, as in the company will most likely take priority repairing them a dedicated line allows technologies such as video conferencing and VoIP
Cable/DSL typically has an AUP or TOS that disallows servers, and may have high downtimes. Plus when there is no internet, there might be no business either. Cable/DSL have high download speeds, but in a business setting, the employees might only be checking email/browsing the web/updating database records, so there is less need for so much download. However the company may be running a server that uploads a lot or might be updating a website and need to send files often. The
March 18, 2011
upload of a T1 helps in this setting. Raw peak speed is not the most vital to a connection. T1 is marketed as a business class service. That means it is symmetrical, making it easy to run servers, and comes with a service level agreement that guarantees minimal acceptable performance and mean time to repair (MTTR). These are critical components in the marketing of different services. If you are a business the cost of a network outage could be dramatic (Lemm, 2010). The widespread availability of extremely low cost residential services is putting tremendous price pressure on traditional business class services. With that, you see the cost of T1 lines (as well as DS3 even OC3) dropping steadily over the last year. Below are some comparisons between T1 Leased Line, Frame Relay, ISDN and DSL:
T1 Leased Line It is private, dedicated connection which not sharing the bandwidth with others Bandwidth implemented at 1.5Mbps to 45Mbps It gives 24-hours service of data, voice and video capabilities which means it is always active Provides constant and stable digital connection High security as the line is not shared Suitable for the Remote Access Network Frame Relay An advance version of X.25 Operates at datalink layer Bandwidth implemented at 56Kbps to 45Mbps Provides the Permanent Virtual Circuit service, which mean like leased line giving dedicated connection but do not need to pay high cost as leased line Feasible and cost effective for the organization which needs flexible and fast connectivity Less secure than T1 Page 13 ISDN Integrated Services Digital Network Provide digital data communication over regular telephone wire Bandwidth commonly implemented between 64 Kbps to 512Kbps Provides two flavour: BRI and PRI Available in the most geographical areas Allows multiple devices share in single line DSL Digital Subscriber Line Using the regular telephone lines to transmit the data Bandwidth implemented between 128Kbps to 8Mbps Able to do the data and voice transmission simultaneously over the same phone line Provides several different types of service to suit the purpose of the organization like ADSL, SDSL and so on
March 18, 2011 business that needs high bandwidth, fast and stabile transmission
Leased Line Feature Bandwidth Cost High *High installation fee *Varies with distance *Cost effective for P2P
Frame Relay Medium *Medium installation fee *Varies with bandwidth used *Cost does not increase as the distance between points increases
ISDN Low *Low installation fee *Monthly fee + per minute charge *Cost increases as the distance between points increases Voice, Data Circuit High Medium Medium
DSL Low *Low installation fee *Monthly fee *Cost increases as the distance between points increases
Uses Switching Availability QoS and Reliability Security
Voice, Data, Video Dedicated High High High
Voice, Data Packet High Medium Medium
Voice, Data Circuit Low Low Low
Page 14
March 18, 2011
Secondary Link
For the secondary link, Digital Subscriber Line (DSL) connection seems to be a good choice. DSL is a high-speed internet connection which is also known as broadband. It is much faster than a typical 56K modem connection, and also exceeds speeds available from Integrated Services Digital Network (ISDN) services. DSL uses copper wiring and a standard phone line to connect computers to internet. To connect to a DSL, an Internet Services provider (ISP), Ethernet or wireless card or DSL modem is required. DSL is an innovative connection that allows users to transmit data and information through the internet at a much higher frequency over existing phone line. Because it utilizes a higher frequency, users will be able to use the phone line at the same time, without any interference. Telephone call will remain clear and crisp, and the connection will seemed like lightning compared to a 56K modem connection. There are a few ISP that offer inexpensive DSL based internet connection. The most common form of DSL connection will be Asymmetric Digital Subscriber Line (ADSL). ADSL download information from the internet faster than it can upload. Its definitely suits the business requirement nowadays as majority of internet browsing nowadays involve information downloading. Regular telephone uses low frequency while DSL can be used at the same time and on the same telephone line with regular telephone, as it uses high frequency bands. The download speed of DSL mainly depends on DSL technology, line conditions and service-level implementation. It typically ranges from 256Kbit/s to 24,000Kbit/s.
Page 15
March 18, 2011
Heres some comparison between DSL, Frame Relay and Leased Line:
DSL Digital Subscriber Line
Frame Relay An advance version of X.25
Leased Line It is private, dedicated connection which not sharing the bandwidth with others
Using the regular telephone lines to transmit the data
Operates at data-link layer
Bandwidth implemented at 1.5Mbps to 45Mbps
Bandwidth implemented between 128Kbps to 8Mbps
Bandwidth implemented at 56Kbps to 45Mbps, and now can be higher
It gives 24-hours service, which means it is always active
Able to do the data and voice transmission simultaneously over the same phone line
Provides the Permanent Virtual Circuit service, which mean like leased line giving dedicated connection but do not need to pay high cost as leased line
Provides constant and stable digital connection
Provides several different types of service to suit the
Feasible and cost effective for the organization which
High security as the line is not shared
Page 16
March 18, 2011 purpose of the organization like ADSL, SDSL and so on It is always on

needs flexible and fast connectivity
Suitable for the business that needs high bandwidth, fast and stabile transmission
Among all these connection, DSL suits our scenario best. As we all know, a fast DSL access allows us to download images, videos and other large files at a lightning fast speed. DSL connection is always on, which means that there is no wait to get connected, no busy signals and no dialling needed to get connected. DSL also does not need an extra phone line. DSL uses any existing phone line which allows users to utilise the phone and internet at the same time. Besides, other devices can also be used on the telephone. DSL will not interfere with the devices installed. DSL provides a lightning fast download speed, ranging up to 2.4 Mb/s. This means that users will be able to download files faster than other connection available. This will contribute to a faster and smoother run of operations as daily operations using internet can be carried out at a higher speed. Another advantage of using DSL is that it is using a dedicated line. This means that the users will be the only one using the line, instead of sharing it with other users. Normal connection using cable and modems does have the problem of sharing the connection with others, making their connectivity a lot slower. With DSL, the internet speed will be more private, stable and have fewer delays.
Page 17
March 18, 2011
Technology Feature Bandwidth
DSL
Frame Relay
Leased Line
Low
Medium
High
Cost
Low installation fee
Medium installation fee
High installation fee
Monthly fee
Varies with bandwidth
Varies with distance
Cost increases as the distance between points increases
used Cost does not increase as the distance between points increases Cost increases as the distance between points increases
Uses
Voice, Data
Voice, Data
Voice, Data, Video
Switching
Circuit
Packet
Dedicated
Availability
Low
High
High
QoS and Reliability
Low
Medium
High
Security
Low
Medium
High
Page 18
March 18, 2011
DSL is chosen over frame relay and leased line as it is only as a secondary link. In this case the priority will be on the price. It is available at a much lower price, no matter installation or the monthly price. To improve the security features, we will implement a Virtual Private Network (VPN) through the DSL. VPN utilizes public telecommunications networks to conduct private data communications. Most VPN implementations use the Internet as the public infrastructure and a variety of specialized protocols to support private communications through the Internet. VPN follows a client and server approach. VPN clients authenticate users, encrypt data, and otherwise manage sessions with VPN servers utilizing a technique called tunnelling. The main benefit of a VPN is the lower cost needed to support this technology compared to alternatives like traditional leased lines or remote access servers. VPN users typically interact with simple graphical client programs. These applications support creating tunnels, setting configuration parameters, and connecting to and disconnecting from the VPN server. VPN solutions utilize several different network protocols including PPTP, L2TP, IPsec, and SOCKS. VPN servers can also be connected directly to other VPN servers. A VPN server-to-server connection extends the intranet or extranet to span multiple networks. At the head quarter a VPN secure tunnel will be needed to set up. This will need a VPN capable device. This can be done on some internet gateway routers, some Internet firewalls, or a separate VPN aggregation device. You also need a security server at your central site, to authenticate incoming VPN users. At the headquarter we must make sure that the DSL is connected to the internet, and we also need a VPN client software. Basically the process is, the headquarters DSL user has an open internet connection. Then, they must launch the VPN client software. The client software will set up a L2TP or PPTP tunnel to the head sites internet gateway, which is encrypted with IPsec, 3DES, DES56, etc. The VPN Client then asks for a unique user name and password, which must match that in your central sites security database. When properly authenticated, the user then has a high speed secure encrypted tunnel into your central site.
March 18, 2011
The performance is dependent to the bandwidth on the DSL. Normally it depends on the ISP, but in general, setting up a VPN tunnel and encrypting the data causes a little bit of a speed loss in comparison to purely sending data into the internet. Even in consideration of this, the price/performance ratio is much, much better than that of any dial-up modem service.
Page 20
March 18, 2011
Network Diagram
Page 21
March 18, 2011
Redundant LINK
The proposed solution is to use two different types of link via two ISPs. This is measured the perfect setup for full redundancy. In a situation that we have one failed ISP; we still have one link as backup. When we have both up links to both ISPs, we may possibly do load balance or load share between the two links. There are some considerations to follow: We are required to run BGP with both ISP (BGP Multihoming) Usually on each link, we are required to have at least full T1/E1 circuit Each BGP relationship with each ISP should ride over dispersed POP circuit We are required to have Public AS (Autonomous System) number We are required to have Public Subnet within the Public AS number (Redundant link Juniper, 2009) Remember that with multiple ISP scenario, we still need to consider the basic physical connection redundancy as with a single ISP scenario. This basic contains connection to different CO or different backbone network. When both ISP terminate to the same backbone network, then we have a single point of failure on the backbone network. BGP is used when one ISP needs to communicate with different ISP and to whole Internet users. When we are planning to have redundancy connection over multiple ISP, we are considered as ISP even though our network is not like one. This is why we need to run BGP with both ISP. We need to have at least full T1/E1 circuit to each ISP Redundancy involving BGP needs the "real" data network that is originally designed to carry and support Internet data. Broadband connection such as cable Internet and DSL is most likely considered the "extension" of existing non-data network. Cable Internet network is formerly designed to broadcast TV programs. DSL network is originally designed for voice communication (POTS). Neither network is designed originally to carry and support Internet data. Although some ISP might be able to support BGP over DSL, the DSL technology used is most likely SDSL instead of ADSL. Still, BGP over DSL is uncommon.
Page 22
March 18, 2011
On the other hand, T1/E1 circuit is originally designed to transmit and support Internet data; including the BGP support. T1/E1 circuit falls under the similar "real" data network as other "larger bandwidth" circuit technologies such as DS3, OC-x, ATM, and Gigabit Ethernet. That is the reason why most ISP requires us to have T1/E1 circuit or larger to them to be able to do BGP peering with them. Each BGP relationship with each ISP run over different POP termination (Dispersed POP) This is essentially following the same theory of dispersed POP for Multilink (bonded) circuit concept. Note that BGP Multihoming is just a logical separation and redundancy, and does not necessarily mean physical separation and redundancy. We can't really have a full redundancy without having both physical and logical separation. We need to have we own Public AS number Once ISP runs BGP with different ISP, then each ISP needs its own Public AS number. This AS number is used to distinguish between one ISP network and other ISP network. Since we are considered as ISP when running BGP to multiple ISP, then we are also need to have our own BGP AS number. When we don't have one yet, then one of the ISP can provide us one. Keep in mind that we need to inform both ISP beforehand that we will run redundancy over multiple ISP. This is to make sure that all parties involved understand what required setup to implement. The key is to make sure that we would-be Public AS number will be recognized by all ISP as valid Internet-routable Public AS number (or in other words, the Public AS number will be seen by any ISP and the rest of the Internet users). When we don't inform the ISP of we purpose and we are requesting AS number from one of the ISP, the ISP might provide us Private AS number or AS number that is only seen by single ISP and unknown to other ISP and the rest of the Internet users. (Thomas Akin, 2002)
Page 23
March 18, 2011
Installation
This guide presents a general idea and explains how to install, connect, and perform initial configuration for the Cisco 1900 series Integrated Services Routers (ISRs). This model of Cisco Router is modular router with LAN and WAN connections that can be configured by means of exchangeable interface cards and internal service modules. The series currently consists of the 1905, 1921, 1941, and 1941W (wireless) models. The 1941W is Wi-Fi CERTIFIED and 802.11a/b/g/n-compliant. The modular design of the routers provides flexibility, allowing us to
configure usr router according to usr needs.
Chassis Views
Figure 1-1 Front Panel of the Cisco 1905, and Cisco 1921 Router
1 3
SYS PoE
ACT
Page 24
March 18, 2011
EHWIC (HWIC, WIC, or VWIC ) slots 0 and 1slot 0 (Right), slot 1 (Left), or double wide RJ-45 serial console port GE 0/1 S (Speed) USB portUSB 2.0 Type-A port
EN (Enable RJ-45 console)
3 5 7 9
4 6 8
AUX port GE 0/0 L (Link)
10 KensingtonTM security slot
11 PoE 13 On/Off switch 15 Baud reset
12 Ground connector 14 Input power connection 16 USB serial portUSB 5-pin mini USB Type-B 18 Flash
17 EN (Enable USB console)
Figure 1-2 Back Panel of the Cisco 1905 and Cisco 1921 Router (1921 shown)
Page 25
March 18, 2011
Port number 5 and 6 will be used as our LAN interface which is connected to LAN switched. On the slot 1, Cisco High-Speed WAN Interface Card Expansion Module - 2 Ports (HWIC-2FE) will be installed as WAN ports which are connected to two different ISPs via T1 and DSL routers.
Figure 1-3 1-Port T1/E1 HWIC Front Panel
1 3
RJ-48C connector CD/LP LED (bicolor LED)
2 4
Port number AL LED
Figure 1-4 ADSL and G.SHDSL WIC Front Panels
Page 26
March 18, 2011
Table 1 ADSL WIC LEDs LED Color Description Lit when the unit is connected to the network and operating normally. On ADSL interface cards only, this LED blinks while training with DSLAMs. Does not apply to the WIC-1SHDSL-V2 or WIC-1SHDSL-V3 interface cards. DSL interface is in loopback mode. Normal operation. Enabled when the card is detected by the router. Green when cells or frames are passing between the host and the DSLAM. Yellow when the T1E1 framer detects an alarm. Applies only to the WIC-1SHDSL-V2 and WIC-1SHDSL-V3 interface cards.
CD LED Green
LP LED
Yellow Off
OK LED Green LINK (CD) LED Green and Yellow
There some steps to get connectivity from routers as following: Step 1: Enter the setup command facility
Router> enable Password: <password> Router# setup --- System Configuration Dialog --Continue with configuration dialog? [yes/no]:
are basic
Step 2: Basic management setup configures only enough connectivity

Would you like to enter basic management setup? [yes/no]: yes
Step 3: Enter a hostname for the router (this example uses myrouter):
Configuring global parameters: Enter host name [Router]: myrouter
Step 4: Enter an enable secret password. And Router Password

The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: cisco
Step 5: Select one of the available interfaces for connecting the router to the management network
Enter interface name used to connect to the management network from the above interface summary: gigabitethernet0/1
Step 6: Respond to the following prompts as appropriate for your network (Cisco 1900 Series, 2011)
Configuring interface GigabitEthernet0/1: Configure IP on this interface? [yes]: yes
Page 27
March 18, 2011
IP address for this interface [10.10.10.12]: Subnet mask for this interface [255.0.0.0] : 255.255.255.0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24
In order to have link failover and load balancing we can use different method. If we want the backup link to have no traffic over it unless the primary link is down we may setup what Cisco used to call "dialup backup using object tracking". Dialup is a misnomer. The technique uses a ping of a known destination to verify the primary link functions. If a few pings fail then the routing is switched to the backup. The backup can be any link. Both primary and backup are ethernet ports at the site we have this configured.
When pings start working again traffic is switched back. (NAT must be configured for both links)
We may also use OER to load balance over the links if we wish to use both at the same time. There are many different options for configuring OER. We can configure to load balance based on bandwidth at some sites and to fill the primary to 80% before using the backup at other sites.
Page 28
March 18, 2011
Security
The Cisco 1921 builds on the best-in-class offering of the Cisco 1841 Integrated Services Routers. All Cisco 1900 Series Integrated Services Routers offer embedded hardware encryption acceleration, optional firewall, intrusion prevention, and advanced security services. (Cisco 1921, 2011)
Figure 0-1 Embedded hardware Encryption
Embedded hardware encryption in comparing with software encryption is much faster and reliable due to using encryption and decryption algorithm by using hardware resources directly.
Page 29
March 18, 2011
Figure 0-2 Intrusion prevention system framework Source: http://www.asia-net.com.hk/solutions/intrusion_prevention.htm
Intrusion Prevention Systems (IPS), also identified as Intrusion Detection and Prevention Systems (IDPS), are network security services that monitor network and/or system activities for malicious activity. The main job of intrusion prevention systems is to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. IPSs are considered extensions of intrusion detection systems because they both monitor network traffic and/or system behaviord for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More exclusively, IPS can take such actions as sending an
March 18, 2011
alarm, resetting the connection, dropping the malicious packets, and/or blocking the traffic from the attacker IP address. An IPS can also correct CRC, unfragment packet flow, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.
Page 31
March 18, 2011
Conclusion
BigBoss Company needs to build a network that connects the main office and the branch office. It will help the company to do day to day works. Some features that the company will be having are VOIP, video conferencing, File transfer, Database, CCTV. The company can save cost by using VOIP and video conferencing rather than use the traditional phone call. The company will make many calls per day regards stockings and the cost of phone call can be very high. Furthermore it gives more advantages that the company can make video conferencing that involves more users rather than one on one conversation. The main idea of having all the features is to build a stable connection. The primary link of the BigBoss network uses T1 that more stable and faster than the other options. The secondary link uses IP sec. The implementation, maintenance and security are will be decisive to define the rate of the network.
Page 32
March 18, 2011
References
Cisco 1900 Series, 2011, Available on , http://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/19pwrup.html Access on 12th March 2011 Cisco 1921, 2011, Available on
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps10589/data_sheet_c78598389.html , Accessed on 13th March 2011 Thomas Akin, 2002, Hardening Cisco Routers, OReilly Redundant link Juniper, 2009, Available on ,
http://www.juniper.net/techpubs/software/erx/junose91/swconfig-link/html/lag-config12.html Accessed on 15th March 2011
Ross,
D,
-,
How
Video
Conferencing
Security
Works,
Available
on
http://communication.howstuffworks.com/how-video-conferencing-security-works.htm, Accessed on 12th March 2011
Chiltern
District
Council,
-,
How
Does
CCTV
Work,
Available
on
http://www.chiltern.gov.uk/site/scripts/documents_info.php?documentID=57&pageNumber=3, Accessed on 12th March 2011
Red
Hat
Inc.,
-,
How
FTP
works,
Available
on Accessed
http://www.centos.org/docs/5/html/Virtual_Server_Administration/s2-ftp-proto-VSA.html, on 13th March 2011
Topbits, -, FTP, Available on http://www.tech-faq.com/ftp.html , Accessed on 13th March 2011
Page 33
March 18, 2011
Lemm, M, 2010, Available on : http://russbellew.com/broadband_t1_vs_dsl.aspx , Accessed on 12th March 2011 Rucker, L, 2004, Available from: http://www.usavetelecom.com/who-benefits-t1-line.shtml, Accessed on 13th March 2011
Page 34
March 18, 2011
Appendices
Gant Chart
Page 35
March 18, 2011
Work Break Down
Part Name
User requirements Network design and configuration of primary link Network design and configuration of secondary link Implementation Documentation Diagrams
Student Full Name Edwin Kusuma

Shasi Rao Ooi Danial Doustarmoghaddam All Members All Members
Page 36

Remote Access Network

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Remote Access Network

Загружено:

Авторское право:

Доступные форматы

March 18, 2011