In: Categories » Electronics and communication » Network security » Creating WANs by Using a Cisco Router as a Frame Relay Switch
|
You can configure any Cisco router with Cisco IOS Release 11.0 or later and at least two serial interfaces as a Frame Relay switch. Two interfaces are needed because the switch is primarily a data communications equipment (DCE) device and requires two routers to serve as the data terminal equipment (DTE) devices. Because the Frame Relay switch is a DCE-only device, it requires DCE serial cables as well. The most common way to provide Layer 1 WAN connectivity between routers is to connect a female V.35 DCE cable to a male V.35 DTE cable. In any back-to-back configuration, you need to ensure that one side (DCE) of the link sets clocking. To configure an interface's clock rate, use the clock rate [value] command. Example 1 shows how to set the clocking on a serial interface. Example 1. Configuring the Clock Rate on a DCE Interface fr_switch(config)#interace serial 1 fr_switch(config-if)#clock rate ? Speed (bits per second) 1200 2400 4800 9600 19200 38400 56000 64000 72000 125000 148000 250000 500000 800000 1000000 1300000 2000000 4000000 <300-4000000> Choose clockrate from list above These cables can be ordered from Cisco Systemspart number CAB-V35MT for the V.35 male DTE cable and part number CAB-V35FC for the female DCE cable. When the cables are connected in a back-to-back mode, sometimes it can be difficult to tell which one is the DCE cable. The show controller command specifies the cable type and whether the cable is DCE or DTE. Example 2 shows the output of show controller, where you can tell what the interface type is. As you can see from the example, the interface serial 0 is a V.35 DTE cable. Use V.35 cables whenever possible because of their flexibility in a lab environment. Example 2. show controller Command Router#show controller serial 0 HD unit 0, idb = 0xCED94, driver structure at 0xD3B18 buffer size 1524 HD unit 0, V.35 DTE cable cpb = 0xE2, eda = 0x4140, cda = 0x4000 RX ring with 16 entries at 0xE24000 00 bd_ptr=0x4000 pak=0x0D66F0 ds=0xE2DDB0 status=80 pak_size=0 Configuring a Cisco Router as a Frame Relay SwitchTo configure Frame Relay switching, you must perform the following tasks: Step 1. Enable Frame Relay switching. You do this with the global configuration command frame-relay switching. Step 2. Configure the interface LMI and the Frame Relay interface type. You need to set the encapsulation to Frame Relay with the encapsulation frame-relay command, and you must set the LMI type with the frame-relay lmi-type [ansi | cisco | q993a] command from the interface prompt. To continue configuring the Frame Relay interface, add the frame-relay intf-type dce command. Because the interface is DCE, you also need to use the clock rate bps command. The bps values range from 1200 to 8000000. Step 3. Configure PVCs with the frame-relay route command. You do this with the interface command frame-relay route [16-1007] inbound_DLCI interface outbound_serial_interface [16-1007] outbound_DLCI. This command creates a PVC on the interface and maps it to another interface. Example 3 demonstrates the use of these commands and the basic configuration of a Frame Relay switch. Example 3 Configuring a Basic Frame Relay Switch fr_switch#configuration terminal Enter configuration commands, one per line. End with CNTL/Z. fr_switch(config)#frame-relay switching fr_switch(config)#interface serial 0 fr_switch(config-if)#encapsulation frame-relay fr_switch(config-if)#frame-relay intf-type dce fr_switch(config-if)#frame-relay lmi-type ansi fr_switch(config-if)#clock rate 128000 fr_switch(config-if)#frame-relay route 110 interface s1 120 fr_switch(config-if)#exit fr_switch(config)# fr_switch(config)#interface serial 1 fr_switch(config-if)#encapsulation frame-relay fr_switch(config-if)#frame-relay intf-type dce fr_switch(config-if)#frame-relay lmi-type ansi fr_switch(config-if)#clock rate 128000 fr_switch(config-if)#frame-relay route 120 interface s0 110 fr_switch(config-if)#exit Example 4 shows the router's configuration in its entirety. Example 4 Entire Frame Relay Configuration fr_switch#show running-config hostname fr_switch ! frame-relay switching ! interface Serial0 no ip address encapsulation frame-relay clockrate 128000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 110 interface Serial1 120 ! ! interface Serial1 no ip address encapsulation frame-relay clockrate 128000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 120 interface Serial0 110 ! ! no ip classless ! line con 0 line aux 0 line vty 0 4 login ! end
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
The first question that beginners ask before assembling their kit is whether a laptop or a PDA should be used for wireless penetration testing of any kind. Our answer is to use both if you can. The main advantage of PDAs (apart from size) is decreased power consumption, letting you cover a significant territory while surveying the site. The main disadvantage is the limited resources, primarily nonvolatile memory. The CPU horsepower is not that important here as we are not cracking AES. Other disadvantages are the limited amount...
2. Cryptographic Hash Functions
Can symmetric cryptography meet the requirements of the Biba model, based on the data integrity checks and proper authentication? The answer is "yes," but in a very inefficient way. Recall the practical authentication example with the UNIX (well, Linux in our case) password encryption flaw when DES in ECB is used. Of course, any of the feedback modes or 128-bit block ciphers can be used instead of DES, with the obvious performance penalties. However, in our example, MD5 scales very well. A cryptographic hash function i...
3. 802.11i Wireless Security Standard and WPA
Thus, the main hope of the international 802.11 community and network administrators lies with the 802.11i standard development. Sometimes 802.11i is referred to as the Robust Security Network (RSN) as compared to traditional security network (TSN). The "i" IEEE task group was supposed to produce a new wireless security standard that should have completely replaced legacy WEP by the end of 2003. In the meantime, some bits and pieces of the incoming 802.11i standard have been implemented by wireless equipment and software vendor...
4. Proprietary Improvements to WEP and WEP Usage
The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards. The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues: All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design,...
It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks. First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteris...
6. Asymmetric Cryptography
Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted partitions on them, but what if many users live all over the world? What if the physical key distribution method takes time and the keys must be frequently changed? This is the case with the traditional WEP, which should be rotated every few minutes. Key-encrypting keys (KEKs) were offered as symmetric cipher keys used only to encrypt...
7. Examples and Analysis of Common Wireless Attack Signatures
The best way of knowing these signatures is trying out the tools in question and sniffing out their output: "Attack through defending, defend through attacking" (Dr. Mudge). The best source on wireless network intrusion tool detection and attack signatures we are aware of is Joshua Wright's "Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection" and "Detecting Wireless LAN MAC Address Spoofing" papers. A large part of this tutorial is inspired by these brilliant articles and our experience of analyzing WLAN tr...
8. Deploying a Wireless IDS Solution for Your WLAN
How many IDS solutions that implement the recommendations and follow the guidelines we have already discussed are present on the modern wireless market? The answer is none. There are many wireless IDS solutions that look for illicit MAC addresses and ESSIDs on the monitored WLAN. Some of these solutions are even implemented as specialized hardware devices. Although something is better than nothing, in our opinion such "solutions" are a waste of both money and time. They might also give you a false sense of security. Let's...