CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Module Overview
t.molalign@londonmet.ac.uk
Tarik Molalign
s.salek@londonmet.ac.uk Shahram Salekzamankhani
2.1 Describing Remote Connection Topologies for Teleworkers
2.1.1
Remote Connection Topologies for the Teleworker
2.1.2
The Teleworker Solution
2.1.3
Options for Connecting the Teleworker
2.1.4
Components of the Teleworker Solution
2.1.5
Traditional Versus Business-Ready Teleworker Requirements
2.2 Describing Cable Technology
2.2.1
What is a Cable System?
2.2.2
Cable Technology Terms
2.2.3
Cable System Components
2.2.4
Cable System Benefits
2.2.5
Sending Digital Signals over Radio Waves
2.2.6
The Data-over-Cable Service Interface Specification: DOCSIS
2.3 Deploying Cable System Technology
2.3.1
Hybrid Fiber-Coaxial (HFC) Cable Networks
2.3.2
Sending Data over Cable
2.3.3
Cable Technology: Putting It All Together
2.3.4
Data Cable Network Technology Issues
2.3.5
Provisioning a Cable Modem
2.4 Describing DSL Technology
2.4.1
What is DSL
2.4.2
How Does DSL Work?
2.4.3
DSL Variants
2.4.4
Factors Affecting DSL Performance
2.4.5
DSL Distance Limitations
2.5 Deploying ADSL
2.5.1
ADSL
2.5.2
ADSL and POTS Coexistence
2.5.3
ADSL Channel Separation
2.5.4
Data over ADSL
2.5.5
PPPoE
2.5.6
DSL and PPPoE Deployment Options
2.5.7
PPPoE Session Establishment
2.5.8
Data over ADSL: PPPoA
2.6 Configuring the CPE as the PPPoE or PPPoA Client
2.6.1
Configuring the CPE as the PPPoE Client
2.6.2
Configuring the CPE as the PPPoE Client over the ATM Interface
2.6.3
Configuring a PPPoE Client
2.6.4
Configuring the PPPoE DSL Dialer Interface
2.6.5
Adjusting MSS and MTU Size
2.6.6
Configuring PAT
2.6.7
Configuring DHCP to Scale DSL
2.6.8
Configuring a Static Default Route
1
CCNP 2 Version 5
2.6.9
2.6.10
2.6.11
Module 2 – Teleworker Connectivity
Verifying a PPPoE Configuration
Configuring a PPPoA DSL Connection
Configuring a DSL ATM Interface
2.7 Troubleshooting Broadband ADSL Configurations
2.7.1
Troubleshooting Layers 1, 2, and 3
2.7.2
Determine Whether the Router Is Properly Trained to the DSLAM
2.7.3
Troubleshooting Layer 1 Issues
2.7.4
Determining the Correct DSL Operating Mode
2.7.5
Troubleshooting Layer 2 Issues
2.7.6
Layer 2: Is Data Being Received from the ISP?
2.7.7
Proper PPP Negotiation
2.8 PPPoE Simulation Practice
2.8.1
PPPoE Simulation Practice
2
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Modern companies employ people who cannot commute to work every day or for whom working out
of a home office is more practical. These people, called teleworkers, must connect to the company
network so that they can work from their home offices.
Other workers may make use of the technologies described in this module when traveling or working
at remote sites.
This module explains some of the many different ways to provide secure, fast, and reliable remote
connections to teleworkers.
2.1.1 Remote Connection Topologies for the Teleworker
Companies require secure, reliable, and cost-effective means by which to connect an
increasing number of teleworkers working in small offices/home offices (SOHOs) and other
remote locations. The previous lesson explained how the Cisco Enterprise Architecture
framework provides solutions to meet all remote connectivity requirements. This lesson
focuses on the teleworker.
To review, recall that Cisco Enterprise Architecture provides the building blocks to build a
secure network that supports advanced technologies over the entire network. There are three
main goals of the Cisco Enterprise Architecture framework:



Protection: Cisco Enterprise Architecture helps avoid, mitigate, and rapidly recover
from potentially costly business threats or disruptions by ensuring continuous access
to applications, services, and data.
Lower cost of operations: Cisco Enterprise Architecture helps reduce management
and operational overhead as well as deployment and maintenance expenses.
Growth: Cisco Enterprise Architecture allows for the efficient and effective addition of
new users, branches, applications, and services. This provides a scalable network
and allows businesses to grow quickly to accommodate emerging technologies and
new products.
Figure illustrates the remote connection topologies that modern enterprise networks use to
connect remote locations. In some cases, the remote locations are connected only to the
headquarters (HQ), while in other cases remote locations must be connected to multiple sites.
The SOHO in the figure is connected to both the branch office and HQ. The teleworker is
connected only to the corporate headquarters.
Figure displays three remote connection options that Cisco Enterprise Architecture offers:



Layer 2 VPN: Traditional private WAN Layer 2 technologies including Frame Relay,
ATM, and leased lines provide many remote connection solutions. The security of
these connections depends on the service provider.
IP VPN: Service provider Multiprotocol Label Switching (MPLS)-based IP Virtual
Private Networks (VPNs) offer flexible and scalable connectivity. The security level of
connections without additional security protocols (e.g., IPsec) deployment is almost
the same as with traditional private WAN Layer 2 technologies.
Internet: The most common option for teleworkers is site-to-site connection and
remote access over broadband to establish an IPsec VPN over the public Internet.
This setup can provide a secure, fast, and reliable remote connection to teleworkers.
A less reliable means of connectivity is dial-up.
In general, broadband refers to telecommunication in which a wide band of frequencies is
available to transmit information. Because a wide band of frequencies is available, information
can be multiplexed and sent on many different frequencies or channels within the band
concurrently, allowing more information to be transmitted in a given amount of time (much as
3
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
more lanes on a highway allow more cars to travel on it at the same time). Broadband is
generally defined as any sustained speed of 200K or more. Broadband options include digital
subscriber line (DSL), high-speed cable modems, fast downstream data connections from
direct broadcast satellite (DBS) and fixed wireless providers. The most common problem with
broadband access is lack of coverage area.
4
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.1.2 The Teleworker Solution
The enterprise teleworker broadband solution delivers an always-on, secure voice and data
5
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
service to remote small or home offices creating a flexible work environment. Centralized
management minimizes support overhead and costs. Integrated security allows easy
extension of HQ security policies to teleworkers. The always-on VPN grants employees easy
access to authorized services and applications. Adding IP phones enhances productivity by
allowing access to centralized IP communications with voice and unified messaging.
The teleworker solution provides the following benefits:





Continuity of operations in case employee access to the workplace is lost due to
inclement weather, commuter traffic, natural disasters and other unpredictable events
Increased responsiveness across functional, business, and decision-making
boundaries
Secure, reliable, and manageable employee access to critical network resources and
confidential information
Data, voice, video, and real-time applications extended over one common network
connection, cost-effectively
Increased employee productivity, satisfaction, and retention
Using IPsec technology over the Internet makes the teleworker solution secure and costeffective to deploy.
2.1.3 Options for Connecting the Teleworker
Teleworkers typically use diverse applications (for example, e-mail, web-based applications,
mission-critical applications, real-time collaboration, voice, video, and videoconferencing) that
require a high-bandwidth connection. The choice of access network technology and suitable
bandwidth should be the first consideration addressed when connecting teleworkers.
Residential cable and DSL are two options that provide high bandwidth to teleworkers. The
low bandwidth provided by a dial-up modem connection is usually not sufficient for the
teleworker solution. A modem dial-up connection should only be considered when other
options are unavailable.
These are the infrastructure services options that are available:



IPsec VPN: An IPsec VPN establishes a secure tunnel in a broadband connection
between a teleworker remote site and the central site. Site-to-site VPNs provide an
always-on transparent VPN connection. Remote access VPNs provide on-demand
secured connections.
Security: Security options safeguard the corporate network and close unguarded
back doors. Deploying firewall, intrusion prevention, and URL filtering services meets
most security needs. Depending on the enterprise corporate security policy, split
tunneling may be used to share the broadband connections between secured
corporate access and unsecured Internet access at the same time.
Authentication: Authentication defines who gains access to resources. Identitybased network services using authentication, authorization, and accounting (AAA)
6
CCNP 2 Version 5


Module 2 – Teleworker Connectivity
servers, 802.1X port-based access control, Cisco security, and trust agents are used.
Quality of Service (QoS): QoS mechanisms prioritize the traffic, optimize WAN
bandwidth usage, balance the differences in uplink and downlink speed of broadband
connections, and ensure adequate performance for applications that are sensitive to
delay and jitter (for example, voice and video).
Management: Network management techniques meet the challenges brought by the
complexity of support over a broadly based remote network and the loss of corporate
control that such topologies bring. Information Technology (IT) staff centrally manage
and support teleworker connections and equipment, and transparently configure and
push security and other policies to the remote devices. Tools are available that
implement performance and fault management and monitor service level agreements
(SLAs).
2.1.4 Components of the Teleworker Solution
The teleworker solution has three major components: home office, corporate, and optional IP
telephony components:



The required home office components are broadband access (cable or DSL), a
remote VPN router with QoS functionality, and a laptop or desktop computer.
Additional components might be a Wireless Access Point or video devices. When
traveling, teleworkers need an Internet connection and a VPN client to connect to the
corporate network.
Corporate components are VPN headend routers, VPN concentrators or multifunction
security appliances such as the Cisco Adaptive Security Appliance (ASA),
authentication, and central management devices for resilient aggregation and
termination of the IPsec VPN tunnels.
The optional corporate IP telephony components are Cisco Unified CallManager for
call processing, signaling, and device control; voice gateway for interconnection of
traditional phone networks with VoIP environment; IP phones for voice and added
value services; Cisco video telephony (VT) camera: voice messaging platform for
diverse message consolidation; and Cisco Contact Center for advanced call
treatment.
7
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.1.5 Traditional Versus Business-Ready Teleworker Requirements
The traditional teleworker solution uses a software VPN client on the remote user laptop or
desktop PC. This solution has these disadvantages:




There is a lower level of accessibility; for example, the inability to deploy and support
advanced applications, such as voice, video, and videoconferencing.
There is no QoS for efficient delivery and prioritization of traffic.
There may be inadequate security because most of the security responsibility relies
on the end user, leaving little or no control to IT staff.
There is an absence of controlled configuration, management, and support by IT staff.
Figure shows how Cisco’s Business-Ready Teleworker solution overcomes all the problems of
the traditional teleworker solution.
8
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.2.1 What is a Cable System?
Cable television (TV) first began in Pennsylvania in 1948. John Walson, the owner of an
appliance store in a small mountain town, needed to solve poor over-the-air reception
problems experienced by customers trying to receive TV signals from Philadelphia through the
mountains. Walson erected an antenna on a utility pole on a local mountaintop that enabled
him to demonstrate the televisions in his store with strong broadcasts coming from the three
Philadelphia stations. He connected the antenna to his appliance store via a cable and
modified signal boosters. He then connected several of his customers who were located along
the cable path. This was the first community antenna television (CATV) system in the United
States.
Walson’s company grew over the years, and he is recognized as the founder of the cable
television industry. He was also the first cable operator to use microwave to import distant
television stations, the first to use coaxial cable to improve picture quality, and the first to
distribute pay television programming (HBO).
The “cable” in cable system refers to the coaxial cable that carries radio frequency (RF)
signals across the network. Coaxial cable is the primary medium used to build cable TV
systems.
A typical cable operator now uses a satellite dish to gather TV signals. Early systems were
one-way with cascading amplifiers placed in series along the network to compensate for signal
loss. Taps were used to couple video signals from the main trunks to subscriber homes via
drop cables .
Modern cable systems provide two-way communication between subscribers and the cable
operator. Cable operators now offer customers advanced telecommunications services
including high-speed Internet access, digital cable television, and residential telephone
service.
9
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.2.2 Cable Technology Terms
The following terms describe key cable technologies:








Broadband: Broadband transmission methods send multiple pieces of data
simultaneously to increase the effective rate of transmission. In cable systems,
broadband refers to the frequency-division multiplexing (FDM) of many signals in a
wide RF bandwidth over a hybrid fiber-coaxial (HFC) network and the capability to
handle vast amounts of information.
Community antenna television (CATV): The original meaning of the term CATV
changed over the years. The term now widely refers to residential cable systems.
Coaxial cable: Coaxial cable transports RF signals and has certain physical
properties that define the attenuation of the signal. These properties include cable
diameter, dielectric construction, ambient temperature, and operating frequency. It
consists of a center conductor surrounded by insulation and an outside ground shield
of braided wire. The shield is designed to minimize electrical and RF interference.
Tap: A tap divides the input signal's RF power to support multiple outputs. Typically,
the cable operators deploy taps with two, four, or eight ports called subscriber drop
connections.
Amplifier: An amplifier magnifies an input signal and produces a significantly larger
output signal.
Hybrid fiber-coaxial (HFC): HFC is a mixed optical-coaxial network in which optical
fiber replaces the lower bandwidth coaxial where useful in the traditional trunk portion
of the cable network.
Downstream: This is the direction of an RF signal transmission (TV channels and
data) from the source (headend) to the destination (subscribers). Transmission from
source to destination is called the forward path.
Upstream: This is the direction of an RF signal transmission opposite to downstream:
from subscribers to the headend, or the return or reverse path.
10
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.2.3 Cable System Components
CATV distributes TV channels collected at a central location, called a headend, to subscribers
over a branched network of optical fibers, coaxial cables, and broadband amplifiers. Since the
early 1990s, the most common architecture is the HFC network.
There are five major components of a modern cable system: –





Antenna site: The location of an antenna site is chosen for optimum reception of
over-the-air, satellite, and sometimes point-to-point signals. The main receiving
antennas and satellite dishes are located at the antenna site.
Headend: The headend is a master facility where signals are first received,
processed, formatted, and then distributed downstream to the cable network: the
transportation and distribution network. The headend facility is usually unmanned,
under security fencing, and is similar to a telephone company central office.
Transportation network: A transportation network links a remote antenna site to a
headend or a remote headend to the distribution network. The transportation network
can be microwave, coaxial supertrunk, or fiber-optic.
Distribution network: In a classic cable system called a tree-and-branch cable
system, the distribution network consists of trunk and feeder cables. The trunk is the
backbone that distributes signals throughout the community service area to the feeder
and typically uses 0.750-inch (19-mm) diameter coaxial cable. The feeder branches
flow from a trunk and reach all of the subscribers in the service area via coaxial
cables. The feeder cable is usually a 0.50-inch (13-mm) diameter coaxial cable.
Subscriber drop: A subscriber drop connects the subscriber to the cable services.
The subscriber drop is a connection between the feeder part of a distribution network
and the subscriber terminal device (for example, TV set, videocassette recorder
[VCR], High Definition TV set-top box, or cable modem). A subscriber drop consists of
radio grade (RG) coaxial cabling (usually 59-series or 6-series coaxial cable),
grounding and attachment hardware, passive devices, and a set-top box.
11
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.2.4 Cable System Benefits
The cable system architecture provides a cost-effective solution for densely populated areas
by cascading a broadcast architecture to the users. The development of cable systems made
new services possible. Cable systems support telephony and data services and analog and
digital video services. With the advent of high-speed data, telephony, and similar services,
larger cable operators adopted a common practice of keeping various equipment (for
example, telephone switches and CMTS) in the same facility, integrating all types of
services—telephony, data, and analog and digital video services.
A high-speed cable data connection provides a cost-effective solution for accessing the
Internet. Businesses that employ teleworkers can gain the following benefits from this widely
available high-speed cable Internet access method:




VPN connectivity to corporate intranets
SOHO capabilities for work-at-home employees
Interactive television
Public switched telephone network (PSTN)-quality voice and fax calls over the
managed IP networks
Cable provides teleworkers with secure high-speed remote access to the enterprise network
with the same level of accessibility that workers in the office have and access to the Internet
12
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
for e-mail communication and using corporate applications.
2.2.5 Sending Digital Signals over Radio Waves
The electromagnetic spectrum encompasses a broad range of frequencies. Frequency is the
rate at which current (or voltage) cycles occur; that is, the number of “waves” per second.
Radio waves, generally called RF, constitute a portion of the electromagnetic spectrum
roughly between approximately 1 kilohertz through 1 terahertz.
When users tune a radio or TV set across the RF spectrum to find different radio stations or
TV channels, they tune the radio or TV to different electromagnetic frequencies across that RF
spectrum. The same principle applies to the cable system.
The cable TV industry uses a portion of the RF electromagnetic spectrum. Within the cable,
different frequencies carry TV channels and data. At the subscriber end, equipment such as
TVs, VCRs, and High Definition TV set-top boxes tune to certain frequencies that allow the
user to view the TV channel or, using a cable modem, to receive high-speed Internet access.
A cable network is capable of transmitting signals on the cable in either direction at the same
time. The following frequency scope is used:


Downstream: Transmitting the signals from the cable operator to the subscriber, the
outgoing frequencies are in the range of 50 to 860 MHz.
Upstream: Transmitting the signals in the reverse path from the subscriber to the
cable operator, the incoming frequencies are in the range of 5 to 42 MHz.
The downstream frequency range is divided into channels (6 MHz channels in North America
and 7 to 8 MHz for Europe). The range of frequencies between the upstream and downstream
frequency ranges is called a guard band. The guard band is required because of the cutoff
characteristics of the high-pass and low-pass filtering. The filtering ensures that the signal
does not spill into the adjacent spectrum.
The cable industry defines the cable TV spectrum for the downstream path as follows:





VHF low band (TV channels 2 to 6)
VHF midband (TV channels 98, 99, and 14 to 22)
VHF high band (TV channels 7 to 13)
VHF superband (TV channels 23 to 36)
VHF hyperband (TV channels 37 and higher)
There is no frequency plan for the upstream path. The cable operator can monitor the
frequency band of the upstream and place the upstream data signals into clean areas where
there is no interference from noise and other signals. The area between 5 and 15 MHz is
usually noisy and unusable.
13
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
TV signals may also be transmitted over the air, and the channel assignments may not align
with the over-the-cable assignments. Much of the RF spectrum is reserved for radio
communications and therefore cannot be used for TV signals. In the over-the-air TV broadcast
environment, a very-high frequency (VHF) range covering 30 to 300 MHz and an ultra-high
frequency (UHF) range covering 300 to 3000 MHz are defined.
2.2.6 The Data-over-Cable Service Interface Specification: DOCSIS
DOCSIS is an international standard developed by CableLabs, a nonprofit research and
development consortium for cable-related technologies. CableLabs tests and certifies cable
equipment vendor devices (cable modem [CM] and cable modem termination systems
[CMTS]) and grants DOCSIS-certified or Qualified status.
DOCSIS defines the communications and operation support interface requirements for a dataover-cable system and permits the addition of high-speed data transfer to an existing CATV
system. Cable operators employ DOCSIS to provide Internet access over their existing HFC
infrastructure.
DOCSIS specifies the Open Systems Interconnection (OSI) Layers 1 and 2 requirements:


Physical layer: For data signals that the cable operator can use, DOCSIS specifies
the channel widths (bandwidths of each channel) as 200 kHz, 400 kHz, 800 kHz, 1.6
MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques (the way
to use the RF signal to convey digital data).
MAC layer: Defines a deterministic access method (time-division multiple access
[TDMA] or synchronous code division multiple access [S-CDMA]).
DOCSIS currently uses two standards, and a third standard is under development:



DOCSIS 1.0 was the first standard issued in March 1997.
Revision 1.1 followed in April 1999.
DOCSIS 2.0 was released in January 2002 because of an increased demand for
symmetric, real-time services such as IP telephony. DOCSIS 2.0 enhanced upstream
14
CCNP 2 Version 5

Module 2 – Teleworker Connectivity
transmission speeds and QoS capabilities.
DOCSIS 3.0 is under development and expected to feature channel bonding, enabling
the use of multiple downstream and upstream channels together at the same time by
a single subscriber for increased bandwidth.
Note
More information about DOCSIS is available at http://www.cablemodem.com/specifications.
Plans for frequency allocation bands differ between U.S. and European cable systems.
Therefore, Euro-DOCSIS was adapted for use in Europe. The main differences between
DOCSIS and Euro-DOCSIS relate to different channel bandwidths.
Television technical standards vary across the world and this affects the way DOCSIS variants
develop. International TV standards include the following:



National Television Standards Committee (NTSC) is a North American TV technical
standard for analog TV systems.
Phase Alternating Line (PAL) is a color encoding system used in broadcast television
systems in most of Europe, Asia, Africa, Australia, Brazil, and Argentina.
Système Electronic Couleur avec Mémoire (SECAM) is an analog color TV system
used in France and some Eastern European countries.
European cable channels conform to PAL-based standards and are 7 MHz and 8 MHz wide.
North American cable channels conform to the NTSC standard, which specifies 6 MHz-wide
cable channels. The wider channels in Euro-DOCSIS architectures allocate more bandwidth to
the downstream data path.
2.3.1 Hybrid Fiber-Coaxial (HFC) Cable Networks
Accessing the Internet through a cable network is a popular option that teleworkers can use to
access their enterprise network. This lesson describes how modern cable operators deploy
HFC networks to enable high-speed transmission of data to cable modems located in a
SOHO. The lesson presents the basic steps required to provision a cable modem.
A significant drawback of only using coaxial cable is the signal attenuation that happens when
the signal travels from the antenna to the subscriber. Amplifiers placed approximately every
2000 feet, boost signal strength and ensure that RF signals have enough power to receive all
channels within the spectrum (50 to 860 MHz) for analog TV, digital TV, and digital data cable
modem services. Unfortunately, amplifiers introduce noise and distortion and the failure of a
single amplifier disrupts service.
Modern cable operators use an HFC network that deploys fiber in the trunks. Fiber has
several benefits over regular coaxial cable:





Reduces the number of amplifiers
Thin and lightweight—takes less space
Covers longer distances
Induces less or virtually no noise
Less loss of signal
15
CCNP 2 Version 5


Module 2 – Teleworker Connectivity
Immune to external influences, such as thunder or RF interference
Easier to handle
HFC architecture is relatively simple. A web of fiber trunk cables connects the headend (or
hub) to the nodes where optical-to-RF signal conversion takes place. The fiber carries the
same broadband content for Internet connections, telephone service, and streaming video as
the coaxial cable carries. Coaxial feeder cables originate from the node that carries RF signals
to the subscribers. The effective range or service area of a distribution network segment
(feeder segment) is from 100 to as many as 2000 subscribers.
Fiber trunks carry downstream traffic at a signal strength above 50 decibels (dB) and reduce
the number of cable amplifiers in trunk lines. Coaxial cable is already in place throughout
many neighborhoods, so cable operators can build an HFC network without having to replace
existing coaxial cable between nodes and subscribers. By upgrading a cable plant to an HFC
architecture, cable operators can deploy a data network over an HFC system, offer highspeed Internet services, and serve more subscribers.
Cable operators segment their networks into smaller service areas in which fewer amplifiers
are cascaded after each optical node, typically five or fewer. The tree-and-branch network
architecture for HFC can be a fiber backbone, cable area network, superdistribution, fiber to
the feeder, or a ring.
2.3.2 Sending Data over Cable
Delivering services over a cable network requires different RF frequencies: the
downstream frequencies are in the 50 to 860-MHz range, and the upstream frequencies
are in the 5 to 42 MHz range.
Two types of equipment are required to send digital modem signals upstream and
downstream on a cable system:

A cable modem (CM) on the subscriber end
16
CCNP 2 Version 5

Module 2 – Teleworker Connectivity
A cable modem termination system (CMTS) at the headend of the cable operator
A headend CMTS communicates with CMs that are located in subscriber homes. In
addition, a headend incorporates a computer system with databases for providing
Internet services to cable subscribers.
In a modern HFC network, 500 to 2000 active data subscribers are typically connected to
a cable network segment, all sharing the upstream and downstream bandwidth. The
actual bandwidth for Internet service over a CATV line can be up to 27 Mbps on the
download path to the subscriber and about 2.5 Mbps of bandwidth on the upload path.
Based on the cable network architecture, cable operator provisioning practices, and traffic
load, an individual subscriber can typically use an access speed of between 256 kbps
and 6 Mbps.
When high usage causes congestion, the cable operator can add additional bandwidth for
data services by allocating an additional TV channel for high-speed data. This addition
may effectively double the downstream bandwidth that is available to subscribers.
Another option is to reduce the number of subscribers served by each network segment.
To reduce the number of subscribers, the cable operator further subdivides the network
by laying the fiber-optic connections closer and deeper into the neighborhoods
2.3.3 Cable Technology: Putting It All Together
Figure shows how these cable technologies work together to deliver video and data. In the
downstream path, the local headend (LHE) distributes TV signals to subscribers via the
distribution network. TV signals are received through satellite dishes, antennas, analog and
digital video servers, local programming, and other headends. A modulator/scrambler
appropriate for the specific RF channel assigned on the cable processes these TV signals
individually. The CMTS modulates digital data on an RF signal and combines that RF signal
with the TV signals. The combined signal is input to a fiber transmitter that converts the signal
from RF to light (optical) and transmits to a fiber node further downstream. At the fiber node,
the optical signal is converted back to an RF signal and then transmitted over the coaxial
network comprised of amplifiers, taps, and drops.
At the subscriber end, an RF splitter divides the combined RF signal into video and data
17
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
portions. The CM receives the data portion of the RF signal. The CM, tuned to the data RF
signal channels, demodulates the data RF signal back into digital data and finally passes the
data to the computer over an Ethernet connection.
In the upstream direction, the CM decodes the digital information from the Ethernet
connection, modulates a separate RF signal with this digital information, and transmits this
signal at a certain RF power level. At the headend, the CMTS, tuned to the data RF channels,
demodulates the data RF signal back to digital data and routes the digital data to the Internet.
2.3.4 Data Cable Network Technology Issues
Because subscribers share a coaxial cable line, some problems may occur:


Subscribers on a segment share the available bandwidth on that segment. The
bandwidth that is available to each subscriber varies based on the number of
subscribers sharing it. Cable operators resolve this issue by adding RF channels
and splitting the service area into multiple smaller areas within the segment.
As with any shared media, there is a risk of privacy loss. Available safeguards
are encryption and other privacy features, which are specified in the DOCSIS
standard used by most CMs.
Note
A common misconception is that a computer may communicate directly with another
computer on the same segment. This is not possible because the CM transmits on a
completely separate frequency than the frequency on which another CM would receive.
18
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.3.5 Provisioning a Cable Modem
Data and TV signals travel down the cable on different channels. Downstream data travels to
a user on a 6-MHz channel. On the cable, the data looks just like a single TV channel and
takes up the same amount of space. When the user sends data back up the cable, only 2 MHz
are used. The reason the downstream and upstream channel sizes are different is because it
is assumed that most users download more than they upload.
Putting both upstream and downstream data on the cable system requires two types of
equipment:


A CM on the customer end
A CMTS at the cable operator’s end
Between these two components, all the computer networking, security, and management of
Internet access over cable television is implemented.
There are several steps used to provision a CM. The CMTS at the headend must have
operational provisioning servers, such as DHCP and TFTP servers. DOCSIS defines the
initialization and registration steps. CMs are designed and coded to follow specific steps :
Step 1
Downstream setup: The CM powers up and then scans and locks
the downstream path for the appropriate RF data channel (frequency)
that will be used for the physical and data link layers to be
established.
Step 2
Upstream setup: The CM listens to the management messages
received through the downstream path. The messages include
information on how, where, and when to communicate in the upstream
path and are used to establish the upstream physical and data link
layers.
Step 3
Layers 1 and 2 establishment: The CM communicates with CMTS to
establish physical and data link layers.
Step 4
Obtaining an IP address: After establishing Layer 1 and Layer 2
connectivity with the CMTS, the CM requests IP configuration
parameter information (IP address, default gateway, and TFTP server)
from the DHCP server.
Step 5
Getting the DOCSIS configuration: The CM requests a DOCSIS
configuration file from the TFTP server. A DOCSIS configuration file is
an ASCII file created by special DOCSIS editors and includes settings,
such as downstream channel identification, class of service (CoS)
settings, baseline privacy settings, general operational settings,
network management information, and vendor-specific settings.
Step 6
Register QoS with CMTS: The CM registers, negotiates, and
ensures QoS settings with the CMTS.
Step 7
IP network initialization: When the CM initialization and registration
is complete, the PC-based network initialization takes place. That is,
19
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
the PC requests its own IP configuration parameters from the DHCP
server. If multiple PC connections behind the CM are required, a
router can be used. A common scenario is for the router to obtain a
public IP address from the DHCP server of the cable provider. The
home router also performs Network Address Translation (NAT), Port
Address Translation (PAT) and serves as a DHCP server for the PCs
connected behind the router.
2.4.1 What is DSL
Several years ago, research by Bell Labs identified that a typical voice conversation over
a local loop only required the use of bandwidth of 300 Hz to 3 kHz. For many years, the
telephone networks did not use the bandwidth beyond 3 kHz. Advances in technology
allowed DSL to use the additional bandwidth above 3 kHz up to 1 MHz to deliver highspeed data services over ordinary copper lines. As an example, asymmetric DSL (ADSL)
uses a frequency range from approximately 20 kHz to 1 MHz. Fortunately, only relatively
small changes to existing telephone company infrastructure are required to deliver highbandwidth data rates to subscribers. Figure shows a representation of bandwidth space
allocation on a copper wire for ADSL. The green area represents the space used by
POTS, while the other colored spaces represent the space used by the upstream and
downstream DSL signals.
DSL is not a complete end-to-end solution but rather a physical layer transmission
technology similar to dial, cable, or wireless technologies. Service providers deploy DSL
connections in the last step of a local telephone network, the local loop. The connection is
set up between a pair of modems on either end of a copper wire that extends between
the customer premises equipment (CPE) and the DSL access multiplexer (DSLAM). A
DSLAM is the device located at the central office (CO) of the provider and concentrates
connections from multiple DSL subscribers.
Figure shows the key equipment that you need to provide a DSL connection to a SOHO.
20
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
The two key components are the DSL transceiver and the DSLAM.
The DSL transceiver connects the teleworker’s computer to the DSL line. Usually the
transceiver is a DSL modem connected to the teleworkers computer using a USB or
Ethernet cable. Newer DSL transceivers can be built into small routers with 10/100 switch
ports suitable for home office use.
The DSLAM is at the central office and combines individual DSL connections from users
into one high capacity link to the Internet. The advantage that DSL has over cable
technology is that DSL is not a shared medium. Each user has a separate direct
connection to the DSLAM. Adding users does not impede performance unless the
DSLAM Internet connection on the other side becomes saturated.
21
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.4.2 How Does DSL Work?
DSL transmission is either downstream or upstream based on the direction of the
transmission. Downstream transmission is from a CO toward a subscriber, and upstream
transmission is from a subscriber toward a CO.
22
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
DSL types fall into two major categories, taking into account downstream and upstream
speeds:


Symmetrical DSL: Upstream and downstream speeds are the same.
Asymmetrical DSL: Upstream and downstream speeds are different.
Downstream speed is typically higher than upstream speed.
The term xDSL covers a number of DSL variations, such as Asymmetric DSL (ADSL),
high-data-rate DSL (HDSL), Rate Adaptive DSL (RADSL), symmetric DSL (SDSL), ISDN
DSL (IDSL), and very-high-data-rate DSL (VDSL).
DSL types that do not use the voice frequency band allow DSL lines to carry both data
and voice signals simultaneously (for example, ADSL and VDSL types), while other DSL
types occupying the complete frequency range can carry data only (for example, SDSL
and IDSL types). Data service provided by a DSL connection is always on.
The data rate that DSL service can provide depends on the distance between the
subscriber and the CO. The shorter the distance: the higher the bandwidth available. If a
subscriber is close enough to a CO offering DSL service, the subscriber might be able to
receive data at rates of up to 6.1 Mbps out of a theoretical maximum of 8.448 Mbps.
2.4.3 DSL Variants
The following properties differentiate DSL variants:





Nature: The nature of DSL is the relationship between downstream and
upstream speeds. Symmetrical DSL has the same speed in both directions, while
asymmetric DSL has different downstream and upstream speeds.
Maximum data rate: This defines the maximum speed that you can deploy with
a certain type of DSL.
Line coding technology: This describes the technique used to represent digital
signals transported over a copper twisted pair so that the receiver can interpret
the signals accurately.
Data and voice support: Depending on the usage of the available frequency
spectrum, certain DSL types support data and voice simultaneously while other
types do not.
Maximum distance: This describes the maximum distance that a certain type of
DSL connection can span.
Figure shows some examples of DSL variants. DSL types include ADSL, RADSL, VDSL,
IDSL, SDSL, HDSL, and Symmetrical High-Data-Rate DSL (G.SHDSL). The table lists
their characteristics:

ADSL is designed to deliver more bandwidth downstream than upstream and
supports data and voice simultaneously over existing copper lines. ADSL is
oriented toward residential subscribers, where usually more bandwidth is
required in the downstream for applications such as downloading music and
movies, playing online games, surfing the Internet, or receiving e-mail with large
attachments. The downstream rate ranges from 256 kbps to 8 Mbps, while
23
CCNP 2 Version 5






Module 2 – Teleworker Connectivity
upstream speed can reach 1 Mbps. ITU-T Recommendation G992.1 and ANSI
Standard T1.413-1998 specify full rate ADSL.
RADSL is ADSL service with a data transmission rate that can be adapted to the
local loop line conditions. Specifically, if noise or signal loss affects downstream
speeds, upstream speeds will adjust downwards to as low as 64 kbps to provide
better downstream performance. This allows it to function over longer distances.
VDSL can provide symmetrical or asymmetrical services. The downstream
bandwidth ranges from 13 Mbps to 52 Mbps. Like ADSL, VDSL also supports
data and voice over a single copper line. Cisco Long Reach Ethernet (LRE)
solution is based on Ethernet over VDSL.
IDSL transmits data digitally (rather than via analog) on a twisted-pair copper
telephone line across existing ISDN lines. IDSL delivers up to 144 kbps of
symmetrical bandwidth derived from two bearer channels (B-channels at 64 kbps
each) plus the signaling channel (D-channel at 16 kbps). This configuration
makes IDSL essentially a leased-line ISDN BRI in which there is no D channel.
IDSL does not support voice; it can only carry data but has an advantage over
ISDN in that it is always on.
SDSL delivers 768 kbps both downstream and upstream over a single copper
twisted pair. SDSL technology is proprietary and non-standardized, and can only
carry data. The symmetrical nature of SDSL makes it ideal for commercial use
when the end user must send large amounts of data by applications such as email messaging to customers with large attachments, uploading data to corporate
servers, or updating web pages.
HDSL delivers 1.544 Mbps or 2.048 Mbps of symmetrical bandwidth over two
copper twisted pairs. Service providers have been using HDSL as a substitute for
T1 and E1. HDSL only carries data.
G.SHDSL offers symmetrical data rates from 192 kbps to 2.3 Mbps. The
International Telecommunication Union (ITU) developed and standardized
G.SHDSL to address the worldwide SDSL market.
2.4.4 Factors Affecting DSL Performance
All DSL types are limited in distance and speed. Speed is inversely proportional to
distance. That is, a longer distance in the local loop means a lower maximum speed that
a particular DSL connection supports. Various impairments in the local loop that
24
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
attenuate or distort the signal also affect the maximum speed of certain DSL connections:








Signal attenuation: Attenuation means signal loss over distance and is
determined by the distance between a subscriber and the CO. The longer the
distance between the two, the more attenuation occurs and therefore the lower
the speed.
Bridge tap: A bridge tap is an extra telephone wire with an un-terminated cable
end connected to the local loop. Such an un-terminated tap can cause noise and
reflections and can radiate power that reduces signal strength and, consequently
speed. DSL providers should remove bridge taps before installing a DSL
connection.
Load coil: Provisioning of loading coils was a standard procedure used to
improve plain old telephone service (POTS) voice quality on longer local loops.
This procedure is called “conditioning” the loop. A loading coil is a wrap of wire
placed at specific intervals along the local loop that extends the local loop
distance. This wire creates a low-frequency band pass filter and cuts off, or
blocks, the DSL frequencies. For the DSL to operate, load coils must be removed
from the loop.
Wire gauge: Wire gauge is the thickness of the wire that is used in the local loop.
For higher speeds, thicker wire is used.
Impedance mismatch: Noise or an echo in the local loop that is caused by
changes in wire gauge, wire splices, or corrosion is called impedance mismatch.
Crosstalk: Crosstalk is the interference between two wires in a bundle. Electrical
energy causes crosstalk.
AM radio interference: AM radio frequencies can interfere with a DSL signal
and reduce speed. The interference is particularly a problem with in-house wiring
when untwisted or poorly twisted wiring exists.
Fiber-optic cable: ADSL signals cannot pass through the conversion from
analog to digital to analog that occurs if a portion of the telephone circuit
traverses fiber-optic cable in transit.
2.4.5 DSL Distance Limitations
The table in Figure summarizes the maximum data rate and operational reach for each
xDSL technology from the central office (CO), assuming that there are no defects or
impairments in the copper wiring.
The maximum data rate describes the maximum achievable downstream and upstream
bandwidth with the shortest operational distance (distance between the subscriber and
the CO). The maximum operational reach is the maximum achievable distance with the
lowest operational data rate. The relationship between bandwidth and distance is
inversely related.
ADSL reaches greater distances than other DSL types, but the achievable speed of
ADSL transmissions degrades as the distance increases. The maximum distance is
limited to approximately 18,000 feet (5.5 km) from the CO. ADSL2 and ADSL2+ are
enhancements to basic ADSL and provide a downstream bandwidth of up to 24 Mbps
25
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
and an upstream bandwidth of up to 1.5 Mbps.
VDSL offers the highest operational speed but has the shortest achievable distance. For
VDSL to support the maximum speed of 52 Mbps, the subscriber has to be very close to
the CO—within 1000 feet (300 meters). The maximum operational distance is 4500 feet
(1.4 km).
The maximum operating distance of IDSL is limited to 18,000 feet (5.5 km). An IDSL line
can be configured for a speed of 64 kbps, 128 kbps, or 144 kbps. The line coding
mechanism you use for IDSL is two binary, one quaternary (2B1Q). This line coding
mechanism allows transparent operation through an ISDN interface.
The use of a single twisted pair wiring limits the operating range of SDSL to about 22,000
feet (6.7 km) from the CO.
The operating range of HDSL is limited to approximately 12,000 feet (3.7 km) from the
CO.
The maximum operational distance supported by G.SHDSL is about 28,000 feet (8.5 km)
from the CO. G.SHDSL offers greater reach than other deployed DSL technologies do.
2.5.1 ADSL
Figure shows how ADSL exists on the same twisted-pair telephone line as the POTS.
Three information channels usually exist over the same wiring (depending on the variety
of ADSL): a POTS channel for analog voice, a lower-speed ADSL upstream data
channel, and a high-speed ADSL downstream data channel. A user can use the phone
line and the ADSL connection simultaneously without adverse effects on either service.
ADSL has asymmetric data rates, with higher data rates toward the user (downstream)
and lower data rates toward the carrier (upstream).
The distance between the end user and the CO provides the guideline for line speeds.
Downstream, ADSL supports speeds up to slightly more than 8 Mbps. For upstream, the
rate is approximately 1 Mbps. The maximum distance for the maximum upstream rate is
18,000 feet (5.5 km) over a one-wire pair without repeaters on an optimized loop. The
maximum downstream speed can be achieved at distances up to 12,000 feet (3.7 km)
26
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
using standard 0.6 mm (24-gauge) wire on an optimal loop.
Standardized in 2004, newer ADSL variants offer improvements over regular ADSL:


ADSL2 (ITU G.992.3/4) offers higher downstream rates of up to 12 Mbps for
spans of less than 8000 feet (2.5 km).
ADSL2+ (ITU G.992.5) provides up to 24 Mbps for spans of less than 5000 feet
(1.5 km).
Figure lists key ADSL equipment and characteristics:




Service providers deploy ADSL service between ADSL modems at the subscriber
and the CO locations with an ADSL modem at each end:
o An ADSL Transmission Unit-Remote (ATU-R) located at the subscriber
end
o An ADSL Transmission Unit-central office (ATU-C) located at the service
provider end; a DSLAM at the central office encompasses multiple ATUCs
There are three basic line-coding techniques associated with ADSL:
o Single-carrier: Carrierless Amplitude and Phase Modulation (CAP)
o Multicarrier with DMT: Discrete Multi-Tone (DMT) modulation
o Multicarrier with G.lite: G.lite, also known as splitterless ADSL, offers
slower speeds but does not require the signals to be split at the
subscriber end. This technique is the most popular method for the mass
market.
The service provider determines which modulation technique to use. The
technique has to correspond with the ADSL CPE and ADSL modems on the
DSLAM.
When dealing with problems in ADSL operation, be aware of these causes:
o Load coils must be removed from the line for ADSL to operate.
o Throughput is reduced when impedance mismatches are present (for
example, when a different wire gauge is used in the line).
o Bridge taps also reduce the achievable throughput.
o Crosstalk from other lines and wiring degrades the throughput.
o External interference like AM radio interference results in unpredictable
effects on ADSL performance.
27
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.5.2 ADSL and POTS Coexistence
The major benefit of ADSL is the ability to provide data services with voice services.
When the service provider puts analog voice and ADSL on the same wire, the provider
splits the POTS channel from the ADSL modem using filters or splitters. This setup
guarantees uninterrupted regular phone service even if ADSL fails. When filters or
splitters are in place, the user can use the phone line and the ADSL connection
simultaneously without adverse effects on either service.
Figure shows how ADSL and voice traffic travel back and forth between the CO and the
customer premises. ADSL offloads the data (modem) traffic from the voice switch and
keeps analog POTS separate from data. Separating voice and data traffic provides failsafe emergency-call services for POTS operation. The data channel is established
between the CPE modem and the CO DSLAM. The voice channel is established between
the telephone and the voice switch at the CO premises.
ADSL signals distort voice transmission and are split or filtered at the customer premises.
There are two ways to separate ADSL from voice at the customer premises: using a
microfilter or using a splitter.
A microfilter filters the ADSL signal from the voice signal. A microfilter is a passive lowpass filter with two ends. One end connects to the telephone, and the other end connects
to the telephone wall jack. This solution eliminates the need for a technician to visit the
28
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
premises and allows the user to use any jack in the house for voice or ADSL service.
POTS splitters separate the DSL traffic from the POTS traffic. The POTS splitter is a
passive device. In the event of a power failure, the voice traffic still travels to the voice
switch in the CO. Splitters are located at the CO and, in some deployments, at the
customer premises. At the CO, the POTS splitter separates the voice traffic that is
coming back from the customer and going to the voice switch in the CO and the data
traffic that goes to the DSLAM in the CO.
Figure uses a splitter at the customer premises. The local loop terminates on the
customer premises at the demarcation point in the network interface device (NID). This
point is usually where the phone line enters the customer premises. At this point, a
splitter is attached to the phone line. The splitter forks the phone line; one branch
provides the original house telephone wiring for telephones, and the other branch
connects to the ADSL modem. The splitter acts as a low-pass filter, allowing only the 0 to
4 kHz frequencies to pass to or from the telephone. Installing the POTS splitter at the NID
usually means that a technician must go to the customer site. Because of this additional
labor, most home installations today use microfilters. Also, since the splitter separates the
ADSL and voice signals at the NID, there is usually only one ADSL outlet available in the
house.
29
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.5.3 ADSL Channel Separation
ADSL uses two types of modulation techniques: a single-carrier CAP, which is
proprietary, and multicarrier standardized DMT.
Figure describes CAP modulation. CAP modulation is easy to implement and was used in
many early ADSL installations. CAP-based DSL makes use of three separate channels
on the wire by dividing the signals into three distinct bands:



Voice channel: Voice traffic occupies the 0- to 4-kHz band and is unchanged.
Upstream channel: CAP modulated upstream data traffic uses the 25- to 160kHz range.
Downstream channel: CAP modulated downstream data traffic uses the 240kHz to 1.5-MHz range. The actual width of the downstream channel (the upper
frequency) varies and depends on a number of conditions, such as line length or
line noise.
30
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
The three channels are widely separated to minimize the possibility of interference
between them on one line or between the signals on different lines. A single-carrier
notation means that only one frequency band carries either an upstream or a downstream
channel. CAP is similar to Quadrature Amplitude Modulation (QAM) in how it manipulates
the carrier wave to convey data. CAP produces a signal that filters the carrier frequency
(suppresses the carrier). This results in less power required in transmission. A single
frequency carrier, centered in the middle of the frequency range, is modulated (via CAP)
and the resulting output signal with a suppressed carrier has sufficient detail to decode on
the receiving end. Due to the use of the entire bandwidth and multibit encoding, the data
throughput is quite high. As an example, 256 CAP at 1088 kbaud symbol rate results in 8
Mbps.
Figure describes DMT modulation. DMT modulation is standardized with ANSI and ITU—
ITU 992.1 (G.dmt), ITU 992.2 (G.lite), and ANSI T1.413 Issue 2. DMT is the prevailing
modulation technique used in modern ADSL deployments.
As with CAP-based DSL, DMT divides the signals on the wire into separate channels.
The main difference is that DMT does not use only two wide channels for upstream and
downstream data traffic. DMT divides the frequency band into 256 separate 4 kHz-wide
channels. Channels 6 to 38 are duplex and used for both upstream and downstream data
traffic. Downstream data traffic uses channels 39 and onwards. Carrier frequencies
centered in each channel are each modulated using a complex form of QAM. To
compensate for noise, the system constantly monitors each channel. When channel
quality decreases, the system adjusts the number of bits per channel. If the quality is too
impaired, the signal shifts to another channel. DMT modulation constantly searches for
the best channels to use for transmission and reception. The system shifts signals among
different channels as required.
Implementing DMT modulation is more complex than implementing CAP modulation
because DMT modulation uses a large number of channels. However, DMT modulation
offers more flexibility when traversing lines of differing quality.
G.lite is a less complex version of the DMT standard. G.lite, sometimes called half-rate
DMT, uses only half the subchannels (128 channels). Having fewer channels determines
a lower maximum downstream speed of 1.5 Mbps and a maximum upstream speed of
640 kbps.
31
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.5.4 Data over ADSL
32
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Figure illustrates the components of an ADSL network. Most DSL networks use ATM as
the data-link layer protocol. In basic terms, a DSLAM is an ATM switch with DSL interface
cards (ATU-Cs). The DSLAM terminates the ADSL connections and then switches the
traffic over an ATM network to an aggregation router.
The aggregation router is the Layer 3 device where IP connections from the subscriber
terminate. There are three ways to encapsulate IP packets over an ATM and DSL
connection:



RFC 1483/2684 Bridged
PPP over Ethernet (PPPoE)
PPP over ATM (PPPoA)
In RFC 2684 Bridging, the ADSL CPE bridges the Ethernet frame from the end user’s PC
to the aggregation router, where integrated routing and bridging (IRB) provides
connectivity to the IP cloud. RFC 2684 Bridging has security and scalability issues,
making it unpopular. ISPs are now opting for PPPoE and PPPoA, both of which are much
more scalable and secure but involve a more complex implementation.
Note that the connection from the ATU-R to the ATU-C is using DSL at Layer 1 to send
and receive ATM cells. The connection from the DSLAM to the aggregation router is over
an ATM-based network that may include a fiber ring at Layer 1. This allows an ATM PVC
to be established between the DSL modem and the aggregation router that can be used
to carry Ethernet frames (RFC 2684 Bridging). The DSLAM essentially performs as an
ATM switch. If the CPE equipment has an ATM interface this connection still uses DSL as
layer-1 but at layer-2 it establishes an ATM PVC directly to the aggregate router
(PPPoA).
2.5.5 PPPoE
33
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating
PPP frames in Ethernet frames. It is used mainly with ADSL services. It offers standard
PPP features such as authentication, encryption, and compression. Figure summarizes
these points and shows the PPPoE and TCP/IP protocol stack.
In an ADSL deployment, the CPE bridges the Ethernet frames from the end user’s PC to
an aggregation router over ATM with an Ethernet frame carrying a PPP frame. A PPP
session is established between the subscriber device with PPPoE client support (either
an end user PC with PPPoE client software or the CPE router configured as the PPPoE
client) and the aggregation router.
Figure shows a router as a client. Depending on the deployment you choose, either the
PC or the router can be the PPPoE client.
In the PPPoE architecture, the PPPoE client functionality connects to the ADSL service.
The PPPoE client first encapsulates the end-user data into a PPP frame, and then the
PPP frame becomes encapsulated inside an Ethernet frame. The IP address allocation
for the PPPoE client uses the same principle as PPP in dial mode, which is through IP
Control Protocol (IPCP) negotiation with Password Authentication Protocol (PAP) or
Challenge Handshake Authentication Protocol (CHAP) authentication. The aggregation
router that authenticates the users can use either a local database on the aggregation
router or an authentication, authorization, and accounting (AAA) server.
PPPoE client functionality can be available as a software PPPoE client application on the
end-user PC. With this model, PPPoE provides the ability to connect a host over a simple
bridging CPE to an aggregation router. A host uses its own PPP stack, and the user is
presented with a familiar user interface (using the PPPoE client software) similar to
establishing a dial-up connection. Unlike PPPoA, access control, billing, and type of
service can be controlled on a per-user, rather than a per-site, basis.
34
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
35
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.5.6 DSL and PPPoE Deployment Options
When deploying PPPoE and DSL, three options are available based on the equipment
used, DSL termination, and PPPoE client functionality:



A router with an internal modem and PPPoE client functionality can terminate a
DSL line and establish a PPPoE session. The router can also act as a DHCP
server and provide NAT and PAT functionality to connect multiple users behind a
single ADSL connection with a single PPP username and password.
An external modem can terminate a DSL line, and a router with PPPoE client
functionality can establish a PPPoE session. A router can also act as a DHCP
server and provide NAT and PAT functionality.
An external modem can terminate a DSL line. An end-user PC encompasses the
PPPoE client for establishing a PPPoE session.
2.5.7 PPPoE Session Establishment
Usually, PPP only works over a point-to-point connection. Using PPP over an Ethernet
multiaccess environment requires additional enhancements. PPPoE has two distinct
stages as defined in RFC 2516:


Discovery stage
PPP session stage
When a PPPoE client (end-user PC or router) initiates a PPPoE session, the client must
first complete a discovery process to identify which PPPoE server can meet the client
request. Then, the host must identify the Ethernet MAC address of the peer and establish
a PPPoE session ID. Although PPP defines a peer-to-peer relationship, discovery is
36
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
inherently a client-server relationship. In the discovery process, the PPPoE client
discovers an aggregation router (the PPPoE server). Based on the network topology,
there can be more than one PPPoE server, with which the PPPoE client can
communicate. The discovery stage allows the PPPoE client to discover all PPPoE
servers and then select one to use.
There are four steps to the discovery stage :
Step 1
The PPPoE client (end-user PC or router) broadcasts a PPPoE
Active Discovery Initiation (PADI) packet. This packet includes the
service type that the client is requesting. The destination MAC
address is set to broadcast.
Step 2
The PPPoE server (aggregation router) sends a PPPoE Active
Discovery Offer (PADO) packet that describes which service the
server can offer. The destination MAC address is the unicast
address of the client (end-user PC or router). The source MAC is
the unicast address of the PPPoE server.
Step 3
The PPPoE client sends a unicast PPPoE Active Discovery
Request (PADR) packet to the PPPoE server.
Step 4
The PPPoE server sends a unicast PPPoE Active Discovery
Session-confirmation (PADS) packet to the client.
When discovery is successfully completed, both the PPPoE client and the selected
PPPoE server have the information that they will use to build their point-to-point
connection over the Ethernet. After the PPPoE session begins, PPP goes through the
normal link control protocol (LCP) and Network Control Protocol (NCP) process.
A PPPoE Active Discovery Terminate (PADT) packet can be sent anytime after a session
has been established to indicate that a PPPoE session has been terminated. Either the
PPPoE client or the PPPoE server can send the packet.
More information on the PPPoE specification can be obtained in RFC 2516.
As specified by RFC 2516, the maximum receive unit (MRU) option must not be larger
than 1492 bytes because Ethernet has a maximum payload size of 1500 octets. The
PPPoE header is 6 octets and the PPP protocol ID is 2 octets, so the PPP maximum
transmission unit (MTU) must not be greater than (1500 – 8 =) 1492 bytes.
An Ethernet and PPPoE frame contains one of these Ethertypes:


0x8863 Ethertype = PPPoE control packets
0x8864 Ethertype = PPPoE data packets
37
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.5.8 Data over ADSL: PPPoA
Point-to-Point Protocol over ATM (PPPoA), is a network protocol for encapsulating PPP
frames in ATM AAL5. It is used mainly with cable modem, DSL and ADSL services.
PPPoA provides authentication, encryption, and compression. If it is used as the
connection encapsulation method on an ATM based network it has slightly less overhead
than PPPoE. PPPoA also avoids issues related to having a MTU lower than that of
standard Ethernet transmission protocols that affect PPPoE. PPPoA is a routed solution,
unlike RFC 1483 Bridged and PPPoE. Figure shows the PPPoA protocol stack.
With PPPoA, the CPE routes the packets from the end-user PC over ATM to an
aggregation router. The PPP session is established between the CPE and the
aggregation router. Unlike PPPoE, PPPoA does not require host-based (PPPoE client)
software.
Figure shows how a PPP session is established with PPPoA between the CPE and the
aggregation router. The CPE device must have a PPP username and password
configured for authentication to the aggregation router that terminates the PPP session
from the CPE. The aggregation router that authenticates the users can either use a local
database on the aggregation router or a AAA server. The PPPoA session authentication
can be based on PAP or CHAP. After the PPP username and password are
authenticated, IPCP negotiation takes place and the IP address is assigned to the CPE.
After the IP address has been assigned, a host route is established on both the CPE and
the aggregation router. The aggregation router must assign only one IP address to the
CPE, and the CPE can be configured as a DHCP server and use NAT and PAT to
support multiple hosts connected via Ethernet behind the CPE.
38
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
39
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.1 Configuring the CPE as the PPPoE Client
There are two interfaces to configure, depending on the deployment requirements: the
Ethernet interface or the ATM interface. Use the following PPPoE DSL configuration
steps in addition to dial-on-demand routing (DDR)-derived commands:
Step 1
Configure Ethernet 0/1 interface of the Cisco router with a PPPoE
client configuration.
Step 2
Create and configure the dialer interface of the Cisco router for
PPPoE with a negotiated IP address and an MTU size of 1492.
Step 3
Configure Ethernet 0/0 interface of the Cisco router with PAT to
allow the sharing of the dynamic public IP address of the dialer
interface. Use the ip tcp adjust-mss command on this
interface to limit TCP maximum segment size because of PPPoE
overhead.
Step 4
Configure the Cisco router to be the DHCP server for the end-user
PCs that are behind the router.
Step 5
Configure a static default route on the Cisco router.
Note
Prior to Cisco IOS software Release 12.2(13)T, you had to first configure a PPPoE virtual
private dial-up network (VPDN) group before the steps described above. You only had to
perform this preliminary step for PPPoE, not for PPPoA.
As an example, Figure shows the first two steps for configuring a CPE router acting as
the PPPoE client:
Step 1
Configure Ethernet interface.
Step 2
Configure dialer interface.
Figure shows the remaining configuration steps for a CPE router acting as the PPPoE
client. Note that the figure shows abbreviated configuration scripts to reduce clutter. The
full script includes all the lines from the previous steps:
Step 3
Configure the Ethernet0/0 interface with PAT and an adjusted
MSS size of 1452.
Step 4
Enable a DHCP server on the router for clients in the customer
network.
Step 5
Configure an IP default route.
40
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
41
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.2 Configuring the CPE as the PPPoE Client over the ATM Interface
Configuring the CPE as the PPPoE client over an ATM interface follows the same steps
as configuring the CPE over the Ethernet interface except that you configure the ATM
interface rather than an Ethernet interface in the first step.
Use the PPPoE DSL configuration steps listed here in addition to DDR-derived
commands:
Step 1
Configure the ATM interface (ADSL interface) of the Cisco router
with an ATM permanent virtual circuit (PVC), encapsulation.
Note
The pvc command establishes settings for the virtual circuit –
virtual path identifier/virtual channel identifier (VPI/VCI) – on the
Cisco router and must match the configuration by the service
provider. ATM uses the VPI/VCI to identify an ATM VC.
Step 2
Create and configure the dialer interface of the Cisco router for
PPPoE with a negotiated IP address and an MTU size of 1492.
Step 3
Configure Ethernet 0/0 interface of the Cisco router with PAT to
allow the sharing of the dynamic public IP address of the dialer
interface. Also configure the TCP maximum segment size.
Step 4
Configure the Cisco router to allow it to be the DHCP server for
the end-user PCs behind it.
Step 5
Configure a static default route on the Cisco router.
42
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Figure shows a sample configuration for a CPE router acting as the PPPoE client over an
ATM interface:
Step 1
Configure ATM interface.
Step 2
Configure the dialer interface.
Figure shows the remaining configuration steps for a CPE router acting as the PPPoE
client. Note that the figure shows abbreviated configuration scripts to reduce clutter. The
full script includes all the lines from the previous steps:
Step 3
Configure the Ethernet0/0 interface with PAT and an adjusted
MSS size of 1452.
Step 4
Enable a DHCP server on the router for clients in the customer
network.
Step 5
Configure an IP default route.
43
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
44
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.3 Configuring a PPPoE Client
Figure lists the commands used to configure the Ethernet interface (ADSL interface) of
the Cisco router with an ATM PVC and encapsulation:



To configure a PPPoE client on an Ethernet interface, use the interface
ethernet command in global configuration mode to enter interface configuration
mode.
Next, enable the PPPoE on Ethernet interface.
Finally, specify which dialer interface to use. Use the pppoe-client dialpool-number command to bind the Ethernet interface to a dialer interface to set
the encapsulation to the PPPoE client.
Figure is an example of how to configure a PPPoE client on a router.
45
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.4 Configuring the PPPoE DSL Dialer Interface
Use the commands in Figure and in the following table to configure the PPPoE DSL dialer
configuration.
Dialer Commands for PPPoE DSL Configuration
Command
Description
interface dialer number
Configure the dialer interface.
ip address negotiated
Enables a dynamic address from the service
46
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
provider using IPCP. With IPCP, DSL routers
automatically negotiate a globally unique
(registered or public) IP address for the dialer
interface from the service provider
aggregation router.
encapsulation ppp
Specifies PPP encapsulation for the dialer
interface.
no cdp enable
(Optional) Stops Cisco Discovery Protocol
(CDP) advertisements from going out through
the dialer interface.
Figure shows the additional commands used for PPPoE DSL dialer configuration:
Additional Dialer Commands for DSL Configuration
Command
Description
dialer pool pool_number
Specifies which pool the dialer interface is
assigned to.
ip mtu mtu_size
Sets the maximum Ethernet payload size.
Reduces the MTU size from 1500 to 1492
because the PPPoE header and PPP protocol
ID together require 8 bytes.
ppp authentication chap [callin]
(Optional) Configures the CHAP. With the
keyword callin, the access server only
authenticates the remote device if the remote
device initiates the call.
ppp chap password password
(Optional) This command defines an
interface-specific CHAP password.
Note
Unlike an ISDN DDR configuration, DSL is always on. Therefore, a dialer list is not required to
identify interesting traffic.
47
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Figure shows an example of configuring a PPPoE dialer interface on the router.
48
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.5 Adjusting MSS and MTU Size
In earlier topics that explained how to configure the CPE as the PPPoE Client over the
Ethernet and ATM Interfaces, the configuration used the ip tcp adjust-mss and ip
49
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
mtu commands. Figure shows the command syntax for these two commands.
When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP
segment size by using the maximum segment size (MSS) option field in the TCP SYN
packet. The value of the MSS field is determined by the maximum transmission unit
(MTU) configuration on the host. The default MSS value for a PC is 1500 bytes.
However, the PPPoE standard only supports an MTU of 1492 bytes.(PPPoE uses eight
bytes of the data segment to encapsulate the IP packet into a PPP stream, effectively
reducing the MTU over standard Ethernet to 1500.) In most cases, the optimum value for
the max-segment-size argument is 1452 bytes. This value plus the 20-byte IP header, the
20-byte TCP header, and the 8-byte PPPoE header fill the 1500-byte packet that
matches the MTU size for the Ethernet link.
Disparities between the host and PPPoE MTU size cause the router in between the host
and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE
network. Even if the path MTU (which detects the correct MTU across the path) is
enabled on the host, sessions may be dropped because system administrators
sometimes disable the ICMP error messages that must be relayed from the host in order
for path MTU to work.
As a result of these issues, it is necessary to limit the packet sizes going in either
direction: on the outward facing dialer interface and on the inward facing E0/0 interface.
On the in-facing interface, you just need to set the MSS to a lower value, but on the outfacing interface, you need to set the MTU to lower values:


Use the ip tcp adjust-mss command on the in-facing interface to adjust the
MSS value of the TCP SYN packets to 1452 to help prevent the router from
dropping TCP sessions. The ip tcp adjust-mss command is effective only
for TCP connections passing through the router.
Use the ip mtu command to tell the device to fragment packets going out of the
interface if they are larger than 1492 bytes.
Figure shows an example of configuring the MTU and MSS on the router interfaces.
50
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.6 Configuring PAT
PAT is a feature of a network device that translates TCP or UDP communications made
between a host and port on an outside network and a host and port on an inside network.
PAT allows a single IP address to be used for many internal hosts. A PAT device
transparently and automatically modifies the IP packets' destination or source host IP and
port fields that belong to its internal hosts.
PAT is related to NAT and is sometimes referred to as NAT overload. Like NAT, port
address translation makes changes to the sender’s address or recipient’s address on
data packets. However, any IP address change involves the PAT device’s outside IP
address while changes that NAT makes involve a pool of addresses.
PAT translates both the IP and port fields wherever those values belong to an internal
host. Port numbers on packets coming from the external network, rather than destination
IP addresses, are used to identify and designate traffic to different computers on the
inside network.
Figure displays an example of static PAT. You can translate several internal addresses
using NAT into just one or a few external addresses using PAT.
PAT uses unique source port numbers on the inside global IP address to distinguish
between translations. Because the port number is encoded in 16 bits, the total number of
internal addresses that NAT can translate into one external address is, theoretically, as
many as 65,536. PAT attempts to preserve the original source port. If the source port is
already allocated, PAT attempts to find the first available port number. PAT starts from
the beginning of the appropriate port group, 0–511, 512–1023, or 1024–65,535. If PAT
does not find a port that is available from the appropriate port group and if more than one
external IP address is configured, PAT moves to the next IP address and tries to allocate
the original source port again. PAT continues trying to allocate the original source port
until it runs out of available ports and external IP addresses.
51
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
PAT, PPP, and IPCP are popular techniques used to scale limited addresses.
Figure displays how to use PAT to share the one registered IP address of the public
interface for all the devices behind the PAT router to access the Internet.
Figure illustrates a sample PAT configuration on the Cisco router.
The access list will match any source address in the 10.0.0.0/8 network.
In this example, the Dialer0 interface is the outside interface, and the Ethernet0/0
interface is the inside interface.
PAT translates the 10.x.x.x source addresses to the Dialer0 IP address. The Dialer0
interface receives its IP address from the service provider aggregation router using IPCP.
52
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
53
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.7 Configuring DHCP to Scale DSL
The Cisco IOS DHCP Server feature is a full implementation that assigns and manages
IP addresses from specified address pools within the router to DHCP clients. After a
DHCP client has booted, it sends a DHCP broadcast to obtain an IP address. Once it has
an address, the client begins sending packets. The IP address of the default router
should be on the same subnet as the client device.
With the Cisco IOS DHCP Server, configuration information can be updated
automatically. Network administrators can configure one or more centralized DHCP
servers to update specific DHCP options within the DHCP pools. The remote servers can
request or “import” these option parameters from the centralized servers.
To configure a DHCP address pool on a Cisco IOS DHCP Server and enter DHCP pool
configuration mode, use the ip dhcp pool global configuration command.
To import DHCP option parameters into the Cisco IOS DHCP Server database, use the
import all DHCP pool configuration command.
To configure the subnet number and mask for a DHCP address pool on a Cisco IOS
DHCP Server, use the network DHCP pool configuration command.
To specify the default router list for a DHCP client, use the default-router DHCP
pool configuration command. Note that the DHCP server excludes this address from the
pool of assignable addresses.
Figure describes how to configure the Cisco router as the DHCP server for the end-user
PCs behind the router Ethernet interface.
In this example, a DHCP address pool with the name MyPool is configured. The CPE
router acts like a DHCP server to the hosts, connected to the Ethernet 0/0 interface.
54
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
Hosts obtain IP addresses from range 10.0.0.2 to 10.255.255.254 with the subnet mask
255.0.0.0. The IP address 10.0.0.1 is excluded from this range, because this address is
already used on the router interface. Hosts receive a default route pointing to the router
interface IP address 10.0.0.1 and other parameters that the router receives from the
aggregation router, such as Domain Name System (DNS) and Windows Internet Naming
Service (WINS).
55
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
56
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.8 Configuring a Static Default Route
You can configure a static default route on a Cisco router to allow the router to reach
all unknown destinations toward the dialer interface. In most DSL installations, the
CPE does not run a dynamic routing protocol to the aggregation router of the service
provider. Therefore, a static default route is required on a Cisco router.
When a PPPoE session is established between a Cisco router and the aggregation
router of the service provider, the dialer interface IP address is assigned from the
service provider aggregation router via IPCP. The service provider aggregation router
automatically builds a /32 host route to reach the Cisco router dialer interface.
To configure a static default route on a Cisco router, enter global configuration mode
and use the ip route 0.0.0.0 0.0.0.0 command.
Figure shows an example describing how to configure a static default route on a Cisco
router. In this example, a static default route points to a Dialer0 interface, which is
used for a PPPoE connection.
2.6.9 Verifying a PPPoE Configuration
To verify proper PPPoE session establishment and PPP authentication, follow the steps
outlined Figure .
Figure shows the debug and show commands needed for the first three steps:
Cisco IOS debug Commands
Command
Description
debug pppoe events
Displays PPPoE protocol messages about
events that are part of normal session
establishment or shutdown
debug ppp authentication
Displays authentication protocol messages,
including CHAP and PAP packet
exchanges
Note
Prior to Cisco IOS software Release 12.2(13)T, the command you used to display the
PPPoE protocol session establishment or shutdown messages was debug vpdn
pppoe-events.
Cisco IOS show Command
Command
Description
show pppoe session
Displays basic information about currently
active PPPoE sessions
Figure shows how to verify proper PPPoE configuration, DHCP setup, and NAT
configuration using additional show commands and an ipconfig command.
Additional Cisco IOS show Commands
Command
Description
show ip dhcp binding
Displays address bindings on the Cisco
IOS DHCP server
57
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
show ip nat translations
Displays active NAT translations
Windows NT, 2000, and XP Command
Command
Description
ipconfig /all
Displays the complete IP configuration on
Windows NT, 2000, and XP systems
including IP address, network mask, default
gateway, DNS, and so on
Step 1: Debug PPP PPPoE Events
Figure shows the PPPoE debug commands that you use to determine if the PPPoE
connect phase is successful.
The significant fields shown in the output are:




15:13:41.991: Sending PADI: Interface = Ethernet1: This is a broadcast
Ethernet frame that requests a PPPoE server.
15:13:44.091: PPPOE: we've got our pado and the pado timer went off: This is a
unicast reply from a PPPoE server (similar to a DHCP offer).
15:13:44.091: OUT PADR from PPPoE Session: This is a unicast reply that
accepts the offer.
15:13:44.187: IN PADS from PPPoE Session: This is a confirmation that
signals a completed connection.
After the PPPoE session is established, use the show pppoe session command to
see the status.
Step 2: Debug PPP Authentication
To verify PPP authentication success, follow these steps as illustrated in Figure :
Step 1
Enable PPP authentication debugging with the debug ppp
authentication command.
Step 2
Enable an external ATM interface on the router.
Step 3
Observe debugging messages on the router. CHAP authentication
should be successful, as our example printout shows.
Step 4
Disable debugging with the no debug ppp authentication
command.
If CHAP authentication is successful, verify the connectivity from your router toward an IP
address on the Internet.
The DSL connection to the ISP router is established and is permanently maintained. The
CHAP authentication verifies the identity of the remote node using a three-way
handshake at the establishment of the session and periodically during the session.
Step 3: Verify DHCP Clients
Figure shows how to verify how the IP address is assigned on the PC.
Open the command prompt on the PC and check the IP setup. The output of the
ipconfig command on the PC confirms that the PC has obtained the IP address
(10.0.0.2), subnet mask (255.0.0.0), default gateway address (10.0.0.1), DNS servers
58
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
(192.168.1.1 and 192.168.1.2), and WINS server (192.168.1.3) from the DHCP server.
Step 4: Verify DHCP Server
To verify the existing automatic and manual DHCP bindings on the router, use the show
ip dhcp binding command shown in Figure .
The output shows the mapping between the IP address, assigned to the DHCP client,
and the hardware address (client ID), which belongs to the host. Lease expiration shows
how long this mapping is valid. After expiration, the DHCP server sends a new binding,
which can be the same or a different IP address. Type defines whether the binding was
automatically or manually set.
The client ID is composed from the media type, which is Ethernet in this example, with
code 01 and the MAC address of the host.
Step 5: Verify PAT
Figure shows how to verify PAT. Use the show ip nat translations command to
check the IP NAT (PAT) translation table on the router. PAT adds an entry in the table.
The PAT translation table that appears when the show ip nat translation
command is run shows the translations between IP addresses and ports. In this example,
the router translates packets for Internet Control Message Protocol (ICMP) from source
IP address 10.0.0.2 and port number 512 (inside local) into IP address 192.168.1.202
and the same port 512 (inside global). Outside local and global IP addresses are the
same, which means that the router changes only the source IP addresses and ports for
the packets going from the customer network to the Internet, and changes destination IP
addresses and ports for the packets going in the opposite direction (from the Internet to
the customer network).
Figure is an example of the complete PPPoE client configuration with PAT, DHCP
services, MTU adjustments and the static default routing.
2.6.10 Configuring a PPPoA DSL Connection
With PPPoA, a CPE device encapsulates a PPP session for transport across a DSL
access multiplexer (DSLAM). PPPoA is commonly used in SOHO and branch office
environments, although it is not limited to these environments. PPPoA has greater
flexibility for the home than the average PPPoE deployment because the customer LAN
behind the CPE is under the complete control of the customer and the CPE acts as a
router rather than a bridge for PPPoE (where the CPE bridges the PPPoE frame from the
end-user PC running the PPPoE client software).
When you configure PPPoA, a logical interface, known as a virtual access interface,
associates each PPP connection with an ATM virtual circuit (VC). You can create this
logical interface by configuring an ATM PVC or switched virtual circuit (SVC). This
configuration encapsulates each PPP connection in a separate PVC or SVC, allowing
each PPP connection to terminate at the router ATM interface as if the connection were
received from a typical PPP serial interface.
The virtual access interface for each VC obtains its configuration from a virtual interface
59
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
template (virtual template) when the VC is created. Cisco recommends that you create
and configure a virtual template before you create the ATM VC.
Once you have configured the router for PPPoA, the PPP subsystem starts, and the
router attempts to send a PPP configure request to the remote peer. If the peer does not
respond, the router periodically goes into a “listen” state and waits for a configuration
request from the peer. After a timeout, the router again attempts to reach the remote
router by sending configuration requests.
The virtual access interface remains associated with a VC as long as the VC remains
configured. If you remove the configuration of the VC, the virtual access interface is
marked as deleted. If you shut down the associated ATM interface, you will also cause
the virtual access interface to be marked as down, and you will bring the PPP connection
down. If you set a keepalive timer for the virtual template on the interface, the virtual
access interface uses the PPP echo mechanism to verify the existence of the remote
peer.
There are three supported types of PPPoA connections:



Internet Engineering Task Force (IETF)-compliant multiplex (MUX) encapsulated
PPPoA
IETF-compliant logical link control (LLC) encapsulated PPPoA
Cisco-proprietary PPPoA
The PPPoA configuration is similar to the PPPoE configuration. The difference between
the two configurations is shown in the configuration outputs illustrated in the Figure :


VPDN group is enabled for PPPoE (Prior to Cisco IOS software Release
12.2(13)T), and the ATM PVC is configured for PPPoE client encapsulation. In
the PPPoA configuration, you must configure proper ATM adaptation Layer 5
(AAL5) encapsulation on the ATM PVC.
In the PPPoE client configuration, you also have to reduce the dialer interface
MTU size from 1500 to 1492.
60
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.6.11 Configuring a DSL ATM Interface
Figures and show the steps you use to configure a DSL ATM interface.
Use the dsl operating-mode auto interface configuration command to specify that
the router automatically detects the DSL modulation that the service provider is using and
sets the DSL modulation to match.
An incompatible DSL modulation configuration can result in failure to establish a DSL
connection to the DSLAM of the service provider.
Use the pvc interface configuration command to set the virtual path identifier/virtual
channel identifier (VPI/VCI) that is used by the DSL service provider, as shown in the pvc
Parameters table. Settings for the VPI/VCI value on the Cisco router must match the
61
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
configuration on the DSLAM of the service provider switch configuration. ATM uses the
VPI/VCI to identify an ATM VC.
pvc Parameters
Parameter
Description
Vpi
VPI from the service provider
Vci
VCI from the service provider
The encapsulation method must correspond with the method configured on the
aggregation router. The Encapsulation Commands table shows the available commands.
Encapsulation Commands
Command
Description
encapsulation aal5mux ppp dialer Sets the encapsulation for PPPoA, which
uses AAL5 in the MUX mode
dialer pool-member number
Links the ATM interface to a dialer interface
Use the dialer pool-member command to specify which dialer interfaces can use the
ATM physical interface on the Cisco router.
Figure shows an example of a complete PPPoA configuration. The example presents the
complete PPPoA configuration with PAT, DHCP services, MTU adjustments, and static
default routing.
62
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.7.1 Troubleshooting Layers 1, 2, and 3
ADSL service problems can reside at Layer 1, Layer 2, or Layer 3. Troubleshooting
should start by determining which ADSL service layer is failing. To determine which layer
has a problem, use a bottom-up approach; that is, start troubleshooting at Layer 1 and
move to subsequent layers as required. Figure illustrates this approach.
63
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.7.2 Determine Whether the Router Is Properly Trained to the DSLAM
Start troubleshooting Layer 1 by verifying whether a Cisco Systems CPE router is trained
to the DSLAM in the CO by using the show dsl interface atm command.
When a router is successfully trained to the DSLAM, the modem status field has the
value Showtime. Along with that value, the command also displays the upstream and
downstream speed in kbps (in the row Speed, the Interleave or Fast columns will have a
nonzero value). Figure is an example of the output from a properly trained modem. If the
modem and router are properly trained, move troubleshooting efforts to Layer 2.
When the router is not properly trained, as shown in the following output, the problem is
at Layer 1, and a solution needs to be found at this layer.
Router#show dsl interface atm 0
Line not activated: displaying cached data from last activation
Log file of training sequence:
<...rest of the output omitted...>
64
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.7.3 Troubleshooting Layer 1 Issues
You can monitor the status of the ATM interface on the router by checking the status of
the Carrier Detect (CD) light on the router’s interface panel:


If the CD light is on, proceed to Layer 2 troubleshooting.
If the CD light is off, continue with Layer 1 troubleshooting.
Next, use the show interface atm privilege level command from the enable mode of
the router to check the status of the ATM interface on the router. This command appears
in Figure .
If the ATM interface status is down and the line protocol is down, the router is not seeing
a carrier on the ADSL line. Such a status usually indicates two possible issues:


The active pins on the DSL wall jack may be incorrect. For example, the
registered jack-11 (RJ-11) connector provides an xDSL connection to an external
media via a standard RJ-11 6-pin modular jack.
The service provider may not be providing DSL service on this wall jack.
The Cisco router uses a standard RJ-11 cable to provide the ADSL connection to the wall
jack. The center pair of pins on the RJ-11 cable carries the ADSL signal (pins 3 and 4 on
a 6-pin cable, or pins 2 and 3 on a 4-pin cable).
If the wall jack is using the correct pins, and the ATM interface is still down and the line
protocol is down, replace the RJ-11 cable between the DSL port and the wall jack.
If the interface is still down and the line protocol is down after you have replaced the RJ-
65
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
11 cable, contact the service provider to verify that ADSL service has been enabled on
the wall jack you are using.
The show interface atm command also shows whether the interface is
administratively disabled. If such a case exists, enable the interface by using the no
shutdown command under the interface configuration mode.
2.7.4 Determining the Correct DSL Operating Mode
If everything that you have checked up to now in the Layer 1 troubleshooting procedure is
verified and is operating properly, the next step is to ensure that the correct DSL
operating mode is being used. Check with the service provider whether the DSLAM
supports the particular DSL chipset (for example, Alcatel) and the configured modulation
method of the deployed Cisco CPE DSL router.
If the DSL modulation being used by the service provider is unknown, Cisco recommends
using the default auto operating mode to autodetect the modulation type. Run the auto
operating mode using this command (see the dsl operating-mode Parameters table
for details):
66
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
dsl operating-mode {auto | ansi-dmt | itu-dmt | splitterless}
dsl operating-mode Parameters
Parameter
Description
auto
Configures the ADSL line after auto
negotiating with the DSLAM located at the
CO; this is the default operating mode
ansi-dmt
Configures the ADSL line to use the ANSI
T1.413 Issue 2 mode
itu-dmt
Configures the ADSL line to use the
G.992.1 mode
splitterless
Configures the ADSL line to use the
G.992.2 (G.lite) mode
If problems persist and the router has been properly configured, proceed to Layer 2
examination and troubleshooting.
2.7.5 Troubleshooting Layer 2 Issues
After establishing that Layer 1 is operating correctly, the troubleshooting can continue at
Layer 2.
First, check whether a permanent virtual circuit (PVC) is configured at the DSLAM by
using the ping atm interface atm command. This command sends Operation,
Administration, and Maintenance (OAM) F5 loopback packets to the DSLAM. A
successful ping designates that a PVC is configured at the DSLAM.
Next, check whether the correct VPI/VCI values are configured on the router, by using the
debug atm events command. The output shows the VPI/VCI values that the DSLAM
expects. During the debug process, use another working Internet connection and begin to
ping the static IP address assigned by your Internet service provider (ISP). It is important
that the ATM interface status is up, the line protocol is up, and that the IP address
provided by the ISP is being pinged. If there is no output for 60 seconds, debugging the
VPI/VCI values is probably incorrect and you should contact ISP support. Finally, verify
the VPI/VCI values and make the necessary changes to the configuration.
When you are finished with this troubleshooting task, turn off debugging by using the
undebug all command.
67
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
2.7.6 Layer 2: Is Data Being Received from the ISP?
If the VPI/VCI values are correct and the PVC is active, then the next step is to verify
that data is being sent and received on the ATM interface.
The show interfaces atm command shows the interface status and counters for
incoming and outgoing packets. If the incoming and outgoing packet counters are
incrementing, the router is receiving and sending packets from the ISP; therefore, data
is received from the ISP and is sent to the ISP.
2.7.7 Proper PPP Negotiation
With Layer 1 set up properly, correct VPI/VCI in use, PVC active, and data being received
and sent, the next step is to ensure that a PPP session is established properly between
the Cisco CPE router and the aggregation router of the service provider. You can observe
the PPP negotiation process by issuing the debug ppp negotiation and debug ppp
authentication commands.
PPP session setup occurs in three stages:
1. Link Control Protocol (LCP): A mandatory phase in which parameters to
establish, configure, and test the data-link connection are negotiated.
2. Authentication: In this optional phase, authentication is performed with the
authentication protocol (CHAP or PAP) agreed upon in LCP negotiation.
3. Network Control Protocol (NCP): This mandatory phase establishes and
configures different network-layer protocols. The most common Layer 3 protocol
negotiated is IP. The routers exchange IPCP messages to negotiate options
specific to the IP protocol.
The debug output in Figure shows the successful PPP session establishment. In case the
PPP session does not come up successfully, there are four main points of failure in a
PPP negotiation:


There is no response from the remote device (aggregation router of the service
provider).
LCP is not opened.
68
CCNP 2 Version 5


Module 2 – Teleworker Connectivity
PAP or CHAP authentication failure occurs.
IPCP failures.
Summary
This module concentrated on teleworkers and the ways to connect them to the enterprise
network. The most common technologies, cable and variants of the DSL, are described in
detail. The differences between PPPoE and PPPoA are described and details on how to
configure and troubleshoot each method are included. The module also describes how to
verify the configurations of broadband connections, and troubleshoot problems.
69
CCNP 2 Version 5
Module 2 – Teleworker Connectivity
70