Authorized Self-Study Guide

Designing for Cisco Internetwork
Solutions (DESGN)
Second Edition
Diane Teare

Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA

ii

Authorized Self-Study Guide
Designing for Cisco Internetwork Solutions (DESGN), Second Edition
Diane Teare
Copyright© 2008 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.

Printed in the United States of America
First Printing October 2007
Library of Congress Cataloging-in-Publication Data:
Teare, Diane.
Designing for Cisco internetwork solutions (DESGN) / Diane Teare. -- 2nd ed.
p. cm. -- (Authorized self-study guide)
Rev. ed. of: CCDA self-study : designing for Cisco internetwork solutions (DESGN) / Diane Teare. c2004.
"Exam 640-863."
ISBN-13: 978-1-58705-272-9 (hardcover)
ISBN-10: 1-58705-272-5 (hardcover)
1. Computer networks--Examinations--Study guides. 2. Telecommunications engineers--Certification. 3. Internetworking
(Telecommunication)--Examinations--Study guides. I. Title. II. Series.

TK5105.5.T418 2008
004.6--dc22
2007032855
ISBN-13: 978-1-58705-272-9
ISBN-10: 1-58705-272-5

Warning and Disclaimer
This book is designed to provide information about designing Cisco networks. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor
responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from
the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.



iii

Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press
or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may
include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact:
U.S. Corporate and Government Sales

1-800-382-3419

For sales outside the United States please contact:
International Sales


Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality
of this book, or otherwise alter it to better suit your needs, you can contact us through email at Please
make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.

Publisher: Paul Boger

Cisco Representative: Anthony Wolfenden

Associate Publisher: Dave Dusthimer

Cisco Press Program Manager: Jeff Brady

Executive Editor: Brett Bartow

Development Editor: Eric Stewart


Managing Editor: Patrick Kanouse

Copy Editor: Mike Henry

Senior Project Editor: Tonya Simpson

Technical Editors: Shawn Boyd and Richard Piquard

Editorial Assistant: Vanessa Evans

Proofreader: Gayle Johnson


Designer: Louisa Adair
Composition: Mark Shirar
Indexer: Ken Johnson


iv

About the Author
Diane Teare is a professional in the networking, training, and e-learning fields. She has more than
20 years of experience in designing, implementing, and troubleshooting network hardware and
software and has also been involved in teaching, course design, and project management. She has
extensive knowledge of network design and routing technologies and is an instructor with one of

the largest authorized Cisco Learning Partners. She was recently the Director of e-Learning for
the same company, where she was responsible for planning and supporting all the company’s
e-learning offerings in Canada, including Cisco courses. Diane has a bachelor’s degree in applied
science in electrical engineering (BASc) and a master’s degree in applied science in management
science (MASc). She is a certified Cisco instructor and currently holds her CCNP and CCDP
certifications. She coauthored the Cisco Press titles Campus Network Design Fundamentals, the
three editions of Building Scalable Cisco Internetworks (BSCI), and Building Scalable Cisco
Networks. She also edited the first edition of this book and Designing Cisco Networks.

About the Technical Reviewers
Shawn Boyd is a senior network consultant for ARP Technologies, Inc. He has worldwide
experience in consulting on many different projects, such as security/VoIP for Cisco Systems

Israel, intrusion prevention for Top Layer Networks of Boston, and DSL infrastructure rollout for
Telus Canada. Shawn is also active in course development and is a certified Cisco instructor with
ARP Technologies, Inc., responsible for teaching most of the Cisco curriculum. He has coauthored
IT security–related books for Cisco Press and has been a technical editor on a few Cisco Press
Self-Study Guides. His background is in network security and design at a service provider level.
He has worked for Canada’s largest telco providers, performing network designs and
implementations, and was lead contact on many large government contracts.
Richard Piquard is a senior network architect for Global Knowledge Network, Inc. He has more
than seven years of experience as a certified Cisco instructor, teaching introductory and advanced
routing, switching, design, and voice-related courses throughout North America and Europe.
Richard has a highly diverse skill set in design and implementation of both Cisco and multivendor
environments. His experience in the industry ranges from his military background as the network

chief of the Marine Corps Systems Command, Quantico, Virginia, to a field engineer for the Xylan
Corporation (Alcatel), Calabasas, California, to a member of a four-person, worldwide network
planning and implementation team for the Household Finance Corporation, Chicago.


v

Dedications
This book is dedicated to my wonderful husband, Allan Mertin, whose optimism inspires
me; to our captivating son, Nicholas, and his enthusiastic curiosity and quest for
knowledge; to my parents, Syd and Beryl, for their continuous love and support; and to
my friends, including “the Girls,” for continuing to help me keep my sanity!


Acknowledgments
I would like to thank the many people who helped put this book together, including the following:
The Cisco Press team—Brett Bartow, the executive editor, for driving this book through the
process, and his continued support over the years. Vanessa Evans was instrumental in organizing
the logistics and administration. Eric Stewart, the development editor, has been invaluable in
producing a high-quality manuscript. I would also like to thank Tonya Simpson for her excellent
work in shepherding this book through the editorial process. Thanks also to Richard Froom, Balaji
Sivasubramanian, and Erum Frahim, the authors of Cisco Press’s Building Cisco Multilayer
Switched Networks (BCMSN), Fourth Edition.
The Cisco Systems team—Many thanks to the members of the team who developed the latest
version of the DESGN course. The team included two people from Chesapeake Netcraftsmen:

Carole Warner Reece and Peter Welcher. Members of the team from Cisco Systems included
Dennis Masters, Dwayne Fields, Pat Lao, Bill Chadwick, Bob Eckoff, Bob Ligett, Drew Blair, and
the project manager, Dan Stern.
The technical reviewers—I would like to thank the technical reviewers of this book, Shawn Boyd
and Richard Piquard, for their comprehensive, detailed review and beneficial input.
My family—Of course, this book would not have been possible without the constant
understanding and tolerance of my family, who have lived through the many weekends and nights
it took to complete it. Special thanks to Nicholas for always making sure I got lots of hugs!


vi



vii

Contents at a Glance
Foreword

xxvi

Introduction

xxvii


Chapter 1

Network Fundamentals Review 3

Chapter 2

Applying a Methodology to Network Design

Chapter 3

Structuring and Modularizing the Network


Chapter 4

Designing Basic Campus and Data Center Networks

Chapter 5

Designing Remote Connectivity

Chapter 6

Designing IP Addressing in the Network


Chapter 7

Selecting Routing Protocols for the Network

Chapter 8

Voice Network Design Considerations

Chapter 9

Wireless Network Design Considerations


Chapter 10

Evaluating Security Solutions for the Network

57
129
221

293
377
429


479
565
651

Appendix A

Answers to Review Questions and Case Studies

Appendix B

IPv4 Supplement


Appendix C

Open System Interconnection (OSI) Reference Model

Appendix D

Network Address Translation

Acronyms and Abbreviations
Index

888


725

807

871

859

845



viii

Contents
Foreword xxvi
Introduction xxvii

Chapter 1

Network Fundamentals Review 3
Introduction to Networks 3
Protocols and the OSI Model 4
The OSI Model 5

Protocols 6
The OSI Layers 6
Physical Layer—Layer 1 7
Data Link Layer—Layer 2 7
Network Layer—Layer 3 7
Transport Layer—Layer 4 8
Upper Layers—Layers 5 Through 7 9
Communication Among OSI Layers 9
LANs and WANs 11
Network Devices 13
Terminology: Domains, Bandwidth, Unicast, Broadcast, and Multicast
Hubs 14

Switches 14
Routers 16
Introduction to the TCP/IP Suite 17
TCP/IP Transport Layer Protocols 18
Port Numbers 20
TCP Sequencing, Acknowledgment, and Windowing 21
TCP/IP Internet Layer Protocols 24
Protocols 25
IP Datagrams 25
TCP/IP-Related Data Link Layer Protocol 27
Routing 27
Routers Work at the Lower Three OSI Layers 28

Routing Tables 29
Routing Protocols 31
Addressing 31
Physical Addresses 31
Logical Addresses 32
Routing and Network Layer Addresses 33
IP Addresses 34
IP Address Classes 34
Private and Public IP Addresses 35
Subnets 36

13



ix

Switching Types 38
Layer 2 Switching 38
Layer 3 Switching 41
Spanning Tree Protocol 42
Redundancy in Layer 2 Switched Networks
STP Terminology and Operation 43
STP Terminology 43
STP States 45

Rapid STP 47
Virtual LANs 47
VLAN Membership 48
Trunks 49
STP and VLANs 49
Inter-VLAN Routing 51
Comprehensive Example 52
Summary 55

Chapter 2

42


Applying a Methodology to Network Design

57

The Cisco Service Oriented Network Architecture 57
Business Drivers for a New Network Architecture 57
Intelligence in the Network 58
Cisco SONA Framework 60
Network Design Methodology 64
Design as an Integral Part of the PPDIOO Methodology 64
Benefits of the Lifecycle Approach to Network Design 66

Design Methodology 67
Identifying Customer Requirements 69
Assessing the Scope of a Network Design Project 69
Identifying Required Information 70
Extracting Initial Requirements 70
Gathering Network Requirements 71
Planned Applications and Network Services 73
Organizational Goals 75
Organizational Constraints 78
Technical Goals 80
Technical Constraints 81
Characterizing the Existing Network and Sites 83

Customer Input 83
Sample Site Contact Information 84
Sample High-Level Network Diagram 86
Auditing or Assessing the Existing Network 87
Tools for Assessing the Network 89
Manual Information Collection Examples 90
Automatic Information Collection Examples 94


x

Analyzing Network Traffic and Applications 95

Tools for Analyzing Traffic 96
NBAR 97
NetFlow 98
Other Network Analysis Tools Examples 101
Network Health Checklist 102
Summary Report 103
Creating a Draft Design Document 104
Time Estimates for Performing Network Characterization 105
Using the Top-Down Approach to Network Design 107
The Top-Down Approach to Network Design 107
Top-Down Approach Compared to Bottom-Up Approach 108
Top-Down Design Example 108

Decision Tables in Network Design 110
Structured Design 112
Network Design Tools 114
Building a Prototype or Pilot Network 115
Documenting the Design 116
The Design Implementation Process 117
Planning a Design Implementation 117
Implementing and Verifying the Design 119
Monitoring and Redesigning the Network 119
Summary 120
References 120
Case Study: ACMC Hospital Network Upgrade 121

Case Study Scenario 121
Organizational Facts 121
Current Situation 122
Plans and Requirements 124
Case Study Questions 124
Review Questions 125

Chapter 3

Structuring and Modularizing the Network

129


Network Hierarchy 129
Hierarchical Network Model 129
Hierarchical Network Design Layers 129
Access Layer Functionality 131
The Role of the Access Layer 131
Layer 2 and Multilayer Switching in the Access Layer
Access Layer Example 133
Distribution Layer Functionality 134
The Role of the Distribution Layer 134
Distribution Layer Example 136


132


xi

Core Layer Functionality 136
The Role of the Core Layer 137
Switching in the Core Layer 137
Hierarchical Routing in the WAN 139
Using a Modular Approach to Network Design 140
Evolution of Enterprise Networks 140
Cisco SONA Framework 141

Functional Areas of the Cisco Enterprise Architecture 141
Guidelines for Creating an Enterprise Network 145
Enterprise Campus Modules 146
Campus Infrastructure Module 148
Building Access Layer 148
Building Distribution Layer 148
Campus Core Layer 149
Server Farm Module 149
Enterprise Campus Guidelines 150
Enterprise Edge Modules 150
E-commerce Module 152
Internet Connectivity Module 152

Remote Access and VPN Module 153
WAN and MAN and Site-to-Site VPN Module 154
Enterprise Edge Guidelines 154
Service Provider Modules 155
Internet Service Provider Module 156
PSTN Module 156
Frame Relay/ATM Module 156
Remote Enterprise Modules 157
Enterprise Branch Module 157
Enterprise Data Center Module 158
Enterprise Teleworker Module 158
Services Within Modular Networks 159

Interactive Services 159
Security Services in a Modular Network Design 162
Internal Security 162
External Threats 166
High-Availability Services in a Modular Network Design 169
Designing High Availability into a Network 169
High Availability in the Server Farm 170
Designing Route Redundancy 173
Designing Link Redundancy 175
Voice Services in a Modular Network Design 177
Two Voice Implementations 177
IP Telephony Components 178

Modular Approach in Voice Network Design 179
Evaluating the Existing Data Infrastructure for Voice Design

181


xii

Wireless Services in a Modular Network 181
Centralized WLAN Components 182
Application Networking Services in a Modular Network Design
ANS Examples 184

ANS Components 184
Network Management Protocols and Features 186
Network Management Architecture 186
Protocols and Standards 187
SNMP 188
SNMPv1 189
SNMPv2 190
SNMPv3 191
MIB 192
MIB-II 194
Cisco MIB 195
MIB Polling Guidelines 195

MIB Example 196
RMON 197
RMON1 198
RMON1 Groups 198
RMON1 and RMON2 199
RMON2 Groups 200
Netflow 202
NetFlow Versus RMON Information Gathering 204
CDP 205
CDP Information 206
How CDP Works 206
Syslog Accounting 207

Syslog Distributed Architecture 210
Summary 211
References 212
Case Study: ACMC Hospital Modularity 212
Review Questions 215

Chapter 4

Designing Basic Campus and Data Center Networks
Campus Design Considerations 221
Designing an Enterprise Campus 221
Network Application Characteristics and Considerations 222

Peer-Peer Applications 222
Client–Local Server Applications 223
Client–Server Farm Applications 224
Client–Enterprise Edge Applications 226
Application Requirements 227
Environmental Characteristics and Considerations 228
Network Geography Considerations 228
Transmission Media Considerations 230

183

221



xiii

Infrastructure Device Characteristics and Considerations 235
Convergence Time 236
Multilayer Switching and Cisco Express Forwarding 237
IP Multicast 239
QoS Considerations in LAN Switches 241
Load Sharing in Layer 2 and Layer 3 Switches 244
Enterprise Campus Design 245
Enterprise Campus Requirements 246

Building Access Layer Design Considerations 246
Managing VLANs and STP 247
Managing Trunks Between Switches 251
Managing Default PAgP Settings 252
Implementing Routing in the Building Access Layer 252
Building Distribution Layer Design Considerations 253
Using First-Hop Redundancy Protocols 254
Deploying Layer 3 Routing Protocols Between Building Distribution and Campus Core
Switches 255
Supporting VLANs That Span Multiple Building Access Layer Switches 257
Campus Core Design Considerations 257
Large Campus Design 259

Small and Medium Campus Design Options 260
Edge Distribution at the Campus Core 261
Server Placement 263
Servers Directly Attached to Building Access or Building Distribution Layer Switches 264
Servers Directly Attached to the Campus Core 264
Servers in a Server Farm Module 264
Server Farm Design Guidelines 266
Server Connectivity Options 267
The Effect of Applications on Switch Performance 267
Enterprise Data Center Design Considerations 268
The Enterprise Data Center 268
The Cisco Enterprise Data Center Architecture Framework 269

Enterprise Data Center Infrastructure 272
Data Center Access Layer 274
Data Center Aggregation Layer 274
Data Center Core Layer 275
Density and Scalability of Servers 276
Summary 276
References 277
Case Study: ACMC Hospital Network Campus Design 277
Case Study Additional Information 278
Case Study Questions 279
Review Questions 289



xiv

Chapter 5

Designing Remote Connectivity

293

Enterprise Edge WAN Technologies 293
Introduction to WANs 293
WAN Interconnections 294

Traditional WAN Technologies 295
Packet-Switched Network Topologies 296
WAN Transport Technologies 298
TDM (Leased Lines) 299
ISDN 300
Frame Relay 300
Asynchronous Transfer Mode 301
MPLS 301
Metro Ethernet 304
DSL Technologies 304
Cable Technology 308
Wireless Technologies 309

Synchronous Optical Network and Synchronous Digital Hierarchy 311
Dense Wavelength Division Multiplexing 313
Dark Fiber 314
WAN Transport Technology Pricing and Contract Considerations 314
WAN Design 316
Application Requirements of WAN Design 317
Response Time 318
Throughput 318
Packet Loss 318
Reliability 318
Technical Requirements: Maximum Offered Traffic 319
Technical Requirements: Bandwidth 320

Evaluating the Cost-Effectiveness of WAN Ownership 321
Optimizing Bandwidth in a WAN 322
Data Compression 322
Bandwidth Combination 324
Window Size 324
Queuing to Improve Link Utilization 325
Congestion Avoidance 329
Traffic Shaping and Policing to Rate-Limit Traffic Classes 330
Using WAN Technologies 332
Remote Access Network Design 332
VPN Design 333
VPN Applications 333

VPN Connectivity Options 334
Benefits of VPNs 337
WAN Backup Strategies 338
Dial Backup Routing 338
Permanent Secondary WAN Link 338
Shadow PVC 340


xv

The Internet as a WAN Backup Technology 341
IP Routing Without Constraints 341

Layer 3 Tunneling with GRE and IPsec 341
Enterprise Edge WAN and MAN Architecture 343
Enterprise Edge WAN and MAN Considerations 344
Cisco Enterprise MAN and WAN Architecture Technologies 345
Selecting Enterprise Edge Components 348
Hardware Selection 348
Software Selection 348
Cisco IOS Software Packaging 348
Cisco IOS Packaging Technology Segmentation 351
Comparing the Functions of Cisco Router Platforms and Software Families 351
Comparing the Functions of Multilayer Switch Platforms and Software Families 352
Enterprise Branch and Teleworker Design 352

Enterprise Branch Architecture 353
Enterprise Branch Design 355
Small Branch Office Design 356
Medium Branch Office Design 359
Large Branch Office Design 360
Enterprise Teleworker (Branch of One) Design 362
Summary 364
References 365
Case Study: ACMC Hospital Network WAN Design 366
Case Study Additional Information 366
Business Factors 367
Technical Factors 367

Case Study Questions 368
Review Questions 372

Chapter 6

Designing IP Addressing in the Network

377

Designing an IP Addressing Plan 377
Private and Public IPv4 Addresses 377
Private Versus Public Address Selection Criteria 378

Interconnecting Private and Public Addresses 379
Guidelines for the Use of Private and Public Addresses in an Enterprise Network
Determining the Size of the Network 381
Determining the Network Topology 382
Size of Individual Locations 383
Planning the IP Addressing Hierarchy 384
Hierarchical Addressing 384
Route Summarization 384
IP Addressing Hierarchy Criteria 386
Benefits of Hierarchical Addressing 386
Summarization Groups 387
Impact of Poorly Designed IP Addressing 388


380


xvi

Benefits of Route Aggregation 389
Fixed- and Variable-Length Subnet Masks 390
Routing Protocol Considerations 391
Classful Routing Protocols 391
Classless Routing Protocols 393
Hierarchical IP Addressing and Summarization Plan Example 394

Methods of Assigning IP Addresses 395
Static Versus Dynamic IP Address Assignment Methods 396
When to Use Static or Dynamic Address Assignment 396
Guidelines for Assigning IP Addresses in the Enterprise Network 397
Using DHCP to Assign IP Addresses 398
Name Resolution 400
Static Versus Dynamic Name Resolution 400
When to Use Static or Dynamic Name Resolution 401
Using DNS for Name Resolution 401
DHCP and DNS Server Location in a Network 403
Introduction to IPv6 404
IPv6 Features 405

IPv6 Address Format 406
IPv6 Address Types 408
IPv6 Address Scope Types 408
Interface Identifiers in IPv6 Addresses 409
IPv6 Unicast Addresses 410
Global Aggregatable Unicast Addresses 411
Link-Local Unicast Addresses 411
IPv6 Address Assignment Strategies 412
Static IPv6 Address Assignment 412
Dynamic IPv6 Address Assignment 413
IPv6 Name Resolution 414
Static and Dynamic IPv6 Name Resolution 414

IPv4- and IPv6-Aware Applications and Name Resolution 414
IPv4-to-IPv6 Transition Strategies and Deployments 415
Differences Between IPv4 and IPv6 415
IPv4-to-IPv6 Transition 416
Dual-Stack Transition Mechanism 416
Tunneling Transition Mechanism 417
Translation Transition Mechanism 418
IPv6 Routing Protocols 419
RIPng 420
EIGRP for IPv6 420
OSPFv3 421
Integrated IS-IS Version 6 421

BGP4+ 422


xvii

Summary 422
References 423
Case Study: ACMC Hospital IP Addressing Design
Review Questions 426

Chapter 7


423

Selecting Routing Protocols for the Network

429

Routing Protocol Features 429
Static Versus Dynamic Routing 430
Static Routing 430
Dynamic Routing 431
Interior Versus Exterior Routing Protocols 432
IGP and EGP Example 432

Distance Vector Versus Link-State Versus Hybrid Protocols
Distance Vector Example 435
Link-State Example 436
Routing Protocol Metrics 438
What Is a Routing Metric? 438
Metrics Used by Routing Protocols 439
Routing Protocol Convergence 441
RIPv2 Convergence Example 442
Comparison of Routing Protocol Convergence 443
Flat Versus Hierarchical Routing Protocols 444
Flat Routing Protocols 444
Hierarchical Routing Protocols 445

Routing Protocols for the Enterprise 446
EIGRP 446
EIGRP Terminology 447
EIGRP Characteristics 449
OSPF 449
OSPF Hierarchical Design 450
OSPF Characteristics 451
Integrated IS-IS 453
Integrated IS-IS Terminology 453
Integrated IS-IS Characteristics 455
Summary of Interior Routing Protocol Features 455
Selecting an Appropriate Interior Routing Protocol 456

When to Choose EIGRP 457
When to Choose OSPF 457
Border Gateway Protocol 457
BGP Implementation Example 459
External and Internal BGP 460
Routing Protocol Deployment 461
Routing Protocols in the Enterprise Architecture 461
Routing in the Campus Core 461
Routing in the Building Distribution Layer 463

433



xviii

Routing in the Building Access Layer 463
Routing in the Enterprise Edge Modules 464
Route Redistribution 464
Using Route Redistribution 465
Administrative Distance 466
Selecting the Best Route 467
Route Redistribution Direction 467
Route Redistribution Planning 468
Route Redistribution in the Enterprise Architecture 468

Route Filtering 470
Redistributing and Filtering with BGP 470
Route Summarization 471
The Benefits of Route Summarization 471
Recommended Practice: Summarize at the Distribution Layer 471
Recommended Practice: Passive Interfaces for IGP at the Access Layer
Summary 474
References 474
Case Study: ACMC Hospital Routing Protocol Design 475
Review Questions 475

Chapter 8


Voice Network Design Considerations

479

Traditional Voice Architectures and Features 479
Analog and Digital Signaling 479
The Analog-to-Digital Process 480
Time-Division Multiplexing in PSTN 482
PBXs and the PSTN 483
Differences Between a PBX and a PSTN Switch 484
PBX Features 485

PSTN Switches 486
Local Loops, Trunks, and Interswitch Communications 487
Telephony Signaling 489
Telephony Signaling Types 490
Analog Telephony Signaling 491
Digital Telephony Signaling 491
PSTN Numbering Plans 495
International Numbering Plans 495
Call Routing 496
Numbering Plans 496
Integrating Voice Architectures 500
Introduction to Integrated Networks 500

Drivers for Integrating Voice and Data Networks 502
H.323 503
Introduction to H.323 503
H.323 Components 503
H.323 Example 507

473


xix

Introduction to IP Telephony 508

IP Telephony Design Goals 509
Single-Site IP Telephony Design 510
Multisite WAN with Centralized Call Processing Design 511
Multisite WAN with Distributed Call Processing Design 513
Call Control and Transport Protocols 514
Voice Conversation Protocols 515
Call Control Functions with H.323 516
Call Control Functions with the Skinny Client Control Protocol
Call Control Functions with SIP 518
Call Control Functions with MGCP 520
Voice Issues and Requirements 521
Voice Quality Issues 521

Packet Delays 521
Fixed Network Delays 522
Variable Network Delays 524
Jitter 526
Packet Loss 527
Echo 527
Voice Coding and Compression 529
Coding and Compression Algorithms 530
Voice Coding Standards (Codecs) 530
Sound Quality 531
Codec Complexity, DSPs, and Voice Calls 532
Bandwidth Considerations 533

Reducing the Amount of Voice Traffic 533
Voice Bandwidth Requirements 534
Codec Design Considerations 536
QoS for Voice 536
Bandwidth Provisioning 538
Signaling Techniques 538
Classification and Marking 538
Congestion Avoidance 539
Traffic Policing and Shaping 539
Congestion Management: Queuing and Scheduling 539
Link Efficiency 541
CAC 541

Building Access Layer QoS Mechanisms for Voice 544
AutoQoS 545
Introduction to Voice Traffic Engineering 545
Terminology 546
Blocking Probability and GoS 546
Erlang 547
CCS 547
Busy Hour and BHT 547
CDR 548

516



xx

Erlang Tables 548
Erlang B Table 549
Erlang Examples 549
Trunk Capacity Calculation Example 550
Off-Net Calls Cost Calculation Example 551
Calculating Trunk Capacity or Bandwidth 552
Cisco IP Communications Return on Investment Calculator
Summary 553
References 554

Case Study: ACMC Hospital Network Voice Design 555
Case Study Additional Information 556
Case Study Questions 556
Review Questions 557

Chapter 9

Wireless Network Design Considerations

565

Introduction to Wireless Technology 565

RF Theory 567
Phenomena Affecting RF 567
RF Math 568
Antennas 570
Agencies and Standards Groups 570
IEEE 802.11 Operational Standards 571
IEEE 802.11b/g Standards in the 2.4 GHz Band 572
802.11a Standard in the 5-GHz Band 575
802.11 WLANs Versus 802.3 Ethernet LANs 576
WLAN Topologies 577
WLAN Components 577
Cisco-Compatible WLAN Clients 577

Autonomous APs 578
Lightweight APs 578
AP Power 578
WLAN Operation 579
WLAN Security 580
The Cisco Unified Wireless Network 581
The Cisco UWN Architecture 581
Cisco UWN Elements 582
Cisco UWN Lightweight AP and WLC Operation 583
Cisco UWN Wireless Authentication and Encryption 585
LWAPP Fundamentals 588
Layer 2 LWAPP Architecture 588

Layer 3 LWAPP Architecture 589
WLAN Controllers 590
WLC Terminology 590
WLC Interfaces 590
WLC Platforms 592
Access Point Support Scalability 594

553


xxi


Lightweight APs 597
Lightweight AP Discovery and Join Process 598
Lightweight AP and WLC Control Messages 600
Access Point Modes 601
Mobility in a Cisco Unified Wireless Network 602
Intracontroller Roaming 603
Intercontroller Roaming at Layer 2 604
Intercontroller Roaming at Layer 3 606
Mobility Groups 607
Recommended Practices for Supporting Roaming 609
Radio Resource Management and RF Groups 610
Radio Resource Management 610

RF Grouping 612
AP Self-Healing 613
Cisco UWN Review 613
Designing Wireless Networks with Lightweight Access Points and Wireless LAN Controllers
RF Site Survey 615
RF Site Survey Process 616
Define the Customer Requirements 616
Identify Coverage Areas and User Density 617
Determine Preliminary AP Locations 618
Perform the Actual Survey 619
Document the Findings 621
Controller Redundancy Design 621

Dynamic Controller Redundancy 622
Deterministic Controller Redundancy 624
Deterministic Redundancy Options 625
Design Considerations for Guest Services in Wireless Networks 628
Design Considerations for Outdoor Wireless Networks 631
Wireless Mesh Components 632
MAP-to-RAP Connectivity 633
Mesh Design Recommendations 634
Design Considerations for Campus Wireless Networks 635
Common Wireless Design Questions 635
Controller Placement Design 636
Campus Controller Options 637

Design Considerations for Branch Office Wireless Networks 638
Branch Office Considerations 638
Local MAC 638
REAP 639
Hybrid REAP 640
Branch Office WLAN Controller Options 642
Summary 642
References 643

615



xxii

Case Study: ACMC Hospital UWN Considerations
Review Questions 646

Chapter 10

644

Evaluating Security Solutions for the Network

651


Network Security 651
The Need for Network Security 651
Network Security Requirements 652
Security Legislation Examples 652
Terminology Related to Security 653
Threats and Risks 654
Threat: Reconnaissance Attacks 655
Threat: Gaining Unauthorized Access to Systems 657
Threat: DoS 657
Risk: Integrity Violations and Confidentiality Breaches 659
Network Security Policy and Process 660

Security Policy 662
The Need for a Security Policy 662
Risk Assessment and Management 663
Documenting the Security Policy 666
Network Security Process 667
The Cisco Self-Defending Network 669
The Cisco Self-Defending Network Framework 669
Secure Network Platform 670
Cisco Self-Defending Network Phases 670
Trust and Identity Management 672
Trust 672
Identity 674

Access Control 677
Trust and Identity Management Technologies 677
Identity and Access Control Deployment 681
Threat Defense 682
Physical Security 683
Infrastructure Protection 686
Threat Detection and Mitigation 688
Secure Connectivity 691
Encryption Fundamentals 692
VPN Protocols 693
Transmission Confidentiality: Ensuring Privacy 693
Maintaining Data Integrity 695

Security Management 697
Cisco Security Management Technologies 698
Network Security Solutions 699
Integrated Security Within Network Devices 699
Cisco IOS Router Security 700
Security Appliances 702


xxiii

IPSs 702
Catalyst Services Modules 703

Endpoint Security Solutions 705
Securing the Enterprise Network 706
Deploying Security in the Enterprise Campus 706
Deploying Security in the Enterprise Data Center 707
Deploying Security in the Enterprise Edge 709
Summary 711
References 712
Case Study 10-1: ACMC Hospital Network Security Design 713
Case Study Questions 714
Case Study 10-2: ACMC Hospital Network—Connecting More Hospitals
Case Study Questions 715
Review Questions 719


Appendix A

Answers to Review Questions and Case Studies

Appendix B

IPv4 Supplement

Appendix C

Open System Interconnection (OSI) Reference Model


Appendix D

Network Address Translation

Acronyms and Abbreviations
Index

888

715


725

807

871

859

845


xxiv


Icons Used in This Book
Access Point

Cisco Unified
Communications
Manager

H.323
Device

PBX


Router

Catalyst
Switch

DSU/CSU
DSU/CSU

Cisco IP Phone

Bridge


Hub

Multilayer
Switch

ATM
Switch

ISDN/Frame
Relay
Switch


Content Switch

Gateway

Access
Server

Phone

Netflow
Router


V
Voice-Enabled
Router

Router with
Firewall

Communication
Server

LWAPP

VPN
Concentrator

Network
Management
Appliance

DSLAM

Wide Area
Application
Engine


WiSM

Optical
Services Router

Lightweight
Double Radio
Access Point

WLAN
Controller


PC with
Software

Terminal

File
Server

Web
Server


Cisco Works
Workstation

Modem

Printer

Laptop

Cisco Security
MARS


NAC
Appliance

PIX Security
Appliance

Network Cloud

PC

Token
Ring


NAS
Cisco MDS
9000 SSM

Optical
Transport

NAS

InfiniBand


WAFS

IDS

Token Ring

FDDI
Line: Ethernet
FDDI

Line: Serial


Line: Switched Serial

Wireless Connection