Scribd Logo
Importer

Bienvenue sur Scribd !

  • CCNA Exp4 - Chapter06 - Teleworker Services

    Transféré par

    http://heiserz.com/
    41 vues47 pages
    The document discusses various technologies for providing broadband access to teleworkers, including cable, DSL, wireless, and satellite options. Cable uses DOCSIS standards to provide broadband over coaxial lines, while DSL utilizes existing copper telephone lines. Wireless technologies like Wi-Fi, WiMAX, and mesh networks provide mobility. Satellite internet is an option when land-based access is unavailable. Virtual private networks (VPNs) are needed to securely connect teleworkers over these broadband links to the corporate network.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The document discusses various technologies for providing broadband access to teleworkers, including cable, DSL, wireless, and satellite options. Cable uses DOCSIS standards to provide broadband over coaxial lines, while DSL utilizes existing copper telephone lines. Wireless technologies like Wi-Fi, WiMAX, and mesh networks provide mobility. Satellite internet is an option when land-based access is unavailable. Virtual private networks (VPNs) are needed to securely connect teleworkers over these broadband links to the corporate network.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    41 vues47 pages

    CCNA Exp4 - Chapter06 - Teleworker Services

    Transféré par

    http://heiserz.com/
    The document discusses various technologies for providing broadband access to teleworkers, including cable, DSL, wireless, and satellite options. Cable uses DOCSIS standards to provide broadband over coaxial lines, while DSL utilizes existing copper telephone lines. Wireless technologies like Wi-Fi, WiMAX, and mesh networks provide mobility. Satellite internet is an option when land-based access is unavailable. Virtual private networks (VPNs) are needed to securely connect teleworkers over these broadband links to the corporate network.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 47

    Chapter 6 - Teleworker Services

    CCNA Exploration 4.0

    Please purchase a personal license.

    Introduction

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    Business Requirements for Teleworker Services

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    The Business Requirements for Teleworker Services

    When designing network architectures that support a teleworking

    solution, designers must balance organizational requirements for security, infrastructure management, scalability, and affordability against the practical needs of teleworkers for ease of use, connection speeds, and reliability of service.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 4

    The Teleworker Solution

    The term broadband refers to advanced communications systems capable of providing high-speed transmission of services, such as data, voice, and video, over the Internet and other networks. Transmission is provided by a wide range of technologies, including digital subscriber line (DSL) and fiber-optic cable, coaxial cable, wireless technology, and satellite.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 5

    The Teleworker Solution

    Soon, voice over IP (VoIP) and videoconferencing components will become expected parts of the teleworkers toolkit. Home Office Components - The required home office components are a laptop or desktop computer, broadband access (cable or DSL), and a VPN router or VPN client software installed on the computer. Additional components might include a wireless access point. When traveling, teleworkers need an Internet connection and a VPN client to connect to the corporate network over any available dialup, network, or broadband connection. Corporate Components - Corporate components are VPN-capable routers, VPN concentrators, multifunction security appliances, authentication, and central management devices for resilient aggregation and termination of the VPN connections.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 6

    Broadband Services

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    Connecting Teleworkers to the WAN

    The choice of access network technology and the need to ensure suitable bandwidth are the first considerations to address when connecting teleworkers.

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    Connecting Teleworkers to the WAN

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    Cable

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    10

    Cable

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    11

    Cable

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    12

    Cable

    The Data-over-Cable Service Interface Specification (DOCSIS) is an international standard developed by CableLabs, a non-profit research and development consortium for cable-related technologies. DOCSIS specifies the OSI Layer 1 and Layer 2 requirements: Physical layer - For data signals that the cable operator can use, DOCSIS specifies the channel widths (bandwidths of each channel) as 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques (the way to use the RF signal to convey digital data). MAC layer - Defines a deterministic access method, time-division multiple access (TDMA) or synchronous code division multiple access method (S-CDMA).
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 13

    Cable

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    14

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    15

    DSL

    DSL is a means of providing high-speed connections over installed copper wires. Several years ago, Bell Labs identified that a typical voice conversation over a local loop only required bandwidth of 300 Hz to 3 kHz. Advances in technology allowed DSL to use the additional bandwidth from 3 kHz up to 1 MHz to deliver high-speed data services over ordinary copper lines. The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL). The transfer rates are dependent on the actual length of the local loop, and the type and condition of its cabling. For satisfactory service, the loop must be less than 5.5 kilometers (3.5 miles).

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    16

    DSL

    The two key components are the DSL transceiver and the DSLAM: Transceiver - Connects the computer of the teleworker to the DSL. Usually the transceiver is a DSL modem connected to the computer using a USB or Ethernet cable. Newer DSL transceivers can be built into small routers with multiple 10/100 switch ports suitable for home office use. DSLAM - Located at the CO of the carrier, the DSLAM combines individual DSL connections from users into one high-capacity link to an ISP, and thereby, to the Internet.

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    17

    DSL

    The major benefit of ADSL is the ability to provide data services along with POTS voice services. ADSL signals distort voice transmission and are split or filtered at the customer premises. There are two ways to separate ADSL from voice at the customer premises: using a microfilter or using a splitter.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 18

    DSL

    A microfilter is a passive low-pass filter with two ends. One end connects to the telephone, and the other end connects to the telephone wall jack. This solution eliminates the need for a technician to visit the premises and allows the user to use any jack in the house for voice or ADSL service.

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    19

    DSL

    POTS splitters separate the DSL traffic from the POTS traffic. The POTS splitter is a passive device. In the event of a power failure, the voice traffic still travels to the voice switch in the CO of the carrier. Splitters are located at the CO and, in some deployments, at the customer premises. At the CO, the POTS splitter separates the voice traffic, destined for POTS connections, and the data traffic destined for the DSLAM.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 20

    Broadband Wireless

    Broadband access by ADSL or cable provides teleworkers with faster connections than dialup, but until recently, SOHO PCs had to connect to a modem or a router over a Cat 5 (Ethernet) cable. Wireless networking, or Wi-Fi (wireless fidelity), has improved that situation, not only in the SOHO, but on enterprise campuses as well. The benefits of Wi-Fi extend beyond not having to use or install wired network connections. Wireless networking provides mobility. Wireless connections provide increased flexibility and productivity to the teleworker.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 21

    Broadband Wireless

    The significant limitation of wireless access has been the need to be within the local transmission range (typically less than 100 feet) of a wireless router or wireless access point that has a wired connection to the Internet. The concept of hotspots has increased access to wireless connections across the world. A hotspot is the area covered by one or more interconnected access points.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 22

    Broadband Wireless

    The figure shows a typical home deployment using a single wireless router. This deployment uses the hub-and-spoke model.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 23

    Broadband Wireless

    A mesh is a series of access points (radio transmitters) as shown in the figure. Each access point is in range and can communicate with at least two other access points. A meshed network has several advantages over single router hotspots. Installation is easier and can be less expensive because there are fewer wires. Deployment over a large urban area is faster. From an operational point of view, it is more reliable. If a node fails, others in the mesh compensate for it.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 24

    Broadband Wireless

    WiMAX (Worldwide Interoperability for Microwave Access) is

    telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-point links to full mobile cellular type access. A WiMAX network consists of two main components: A tower that is similar in concept to a cellular telephone tower. A single WiMAX tower can provide coverage to an area as large as 3,000 square miles, or almost 7,500 square kilometers. A WiMAX receiver that is similar in size and shape to a PCMCIA card, or built into a laptop or other wireless device.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 25

    Broadband Wireless

    Satellite Internet services are used in locations where land-based Internet access is not available, or for temporary installations that are continually on the move.

    There are three ways to connect to the Internet using satellites: one-way multicast, oneway terrestrial return, and two-way. 1. One-way multicast satellite Internet systems are used for IP multicast-based data, audio, and video distribution. Even though most IP protocols require two-way communication, for Internet content, including web pages, one-way satellite-based Internet services can be "pushed" pages to local storage at end-user sites by satellite Internet. Full interactivity is not possible. 2. One-way terrestrial return satellite Internet systems use traditional dialup access to send outbound data through a modem and receive downloads from the satellite. 3. Two-way satellite Internet sends data from remote sites via satellite to a hub, which then sends the data to the Internet. The satellite dish at each location needs precise positioning to avoid interference with other satellites.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 26

    Broadband Wireless

    The most common standards are included in the IEEE 802.11 wireless local area network (WLAN) standard, which addresses the 5 GHz and 2.4 GHz public (unlicensed) spectrum bands. The 802.11n standard is a proposed amendment that builds on the previous 802.11 standards by adding multiple-input multiple-output (MIMO). The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and has a range of up to 30 miles (50 km). It can operate in licensed or unlicensed bands of the spectrum from 2 to 6 GHz.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 27

    VPN Technology

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    28

    VPNs and Their Benefits

    VPN technology enables organizations to create private networks over


    the public Internet infrastructure that maintain confidentiality and security.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 29

    VPNs and Their Benefits

    Consider these benefits when using VPNs: Cost savings - Organizations can use cost-effective, third-party Internet transport to connect remote offices and users to the main corporate site. This eliminates expensive dedicated WAN links and modem banks. Security - Advanced encryption and authentication protocols protect data from unauthorized access. Scalability - VPNs use the Internet infrastructure within ISPs and carriers, making it easy for organizations to add new users. Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure.

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    30

    Types of VPNs

    Organizations use site-to-site VPNs to connect dispersed locations in

    the same way as a leased line or Frame Relay connection is used. Because most organizations now have Internet access, it makes sense to take advantage of the benefits of site-to-site VPNs.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 31

    Types of VPNs
    Mobile users and
    telecommuters use remote access VPNs extensively. In the past, corporations supported remote users using dialup networks. This usually involved a toll call and incurring long distance charges to access the corporation. In a remote-access VPN, each host typically has VPN client software.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 32

    VPN Components

    Components required to establish this VPN include: 1. An existing network with servers and workstations 2. A connection to the Internet 3. VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs, that act as endpoints to establish, manage, and control VPN connections 4. Appropriate software to create and manage VPN tunnels
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 33

    Characteristics of Secure VPNs

    VPNs use advanced encryption techniques and tunneling to permit organizations to establish secure, end-to-end, private network connections over the Internet.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 34

    VPN Tunneling

    Tunneling allows the use of public networks like the Internet to carry
    data for users as though the users had access to a private network. Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    35

    VPN Data Integrity

    For encryption to work, both the sender and the receiver must know the rules used to transform the original message into its coded form. VPN encryption rules include an algorithm and a key. An algorithm is a mathematical function that combines a message, text, digits, or all three with a key. The output is an unreadable cipher string.
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 36

    VPN Data Integrity

    Some of the more common encryption algorithms and the length of


    keys they use are as follows: Data Encryption Standard (DES) algorithm Triple DES (3DES) algorithm Advanced Encryption Standard (AES) Rivest, Shamir, and Adleman (RSA)
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 37

    VPN Data Integrity

    Hashes contribute to data integrity and authentication by ensuring that unauthorized persons do not tamper with transmitted messages. A hash, also called a message digest, is a number generated from a string of text. The hash is smaller than the text itself. It is generated using a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. There are two common HMAC algorithms: Message Digest 5 (MD5) Secure Hash Algorithm 1 (SHA-1) There are two peer authentication methods: Pre-shared key (PSK) RSA signature
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 38

    IPsec Security Protocols

    IPsec is protocol suite for securing IP communications which provides


    encryption, integrity, and authentication. There are two main IPsec framework protocols. Authentication Header (AH) Encapsulating Security Payload (ESP)
    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    39

    IPsec Security Protocols

    Activity 6.3.7
    H c vi n m ng Bach Khoa - Website: www.bkacad.com 40

    IPsec Security Protocols

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    41

    IPsec Security Protocols

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    42

    IPsec Security Protocols

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    43

    IPsec Security Protocols

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    44

    IPsec Security Protocols

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    45

    Labs

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    46

    Summary

    H c vi n m ng Bach Khoa - Website: www.bkacad.com

    47

    Vous aimerez peut-être aussi