Cisco Discovery 4 Module 8 Picture Descriptions 8.0.0 - Chapter Introduction 8.0.1.0 ? Introduction Slideshow Slide 1 text ?Designing and testing WAN connectivity requires knowledge of communication technologies.? Slide 2 text ?Because telecommunications service provider links are not always available for testing, simulated networks enable the necessary proof-of-concept testing.? Slide 3 Text ?Secure remote access for off-site workers is important in today's increasingly mobile world.? Slide 4 text ?Remote worker access using VPNs and encryption is a critical piece of the network upgrade.? 8.1.0 - Prototyping Remote Connectivity 8.1.1 - Describe Remote Connectivity Testing Methods 1 Diagram, Image Diagram depicts a large complex network that includes the stadium LAN, frame relay links and other networks. 8.1.2 - Testing WAN Connectivity with Simulation Software 3 Diagrams Diagram 1, animation Animation of a packet tracer exercise. Diagram 2, Image Depicts a user of a laptop stating ?That does not seem realistic. That transaction should take at least 2 seconds. I'll need to check the pilot installation.? Diagram 3, Packet Tracer Activity 8.1.3 - Simulating WAN Connectivity in a Lab Environment 4 Diagrams Diagram 1, image The diagram shows a small network of a host connected to a router (Test_R2) which connects via FA0/0 to router Test_1, Fa0/0. Output of router Test_2 consol shows the following Bandwith 3000 No IP address Duplex full Speed 10 Diagram 2, image Diagram depicts router Test_2 connected via its s0/0/0 to a CSU/DSU. A cross over cable connects to another CSU/DSU which, in turn connects to router Test_R1, s0/1/0. A text box associated with the cross over cable contains the following; ?A TELCO jack usually has the functions reversed, i.e. RX and TX are swapped, so that a straight-through cable can be used to connect the CSU/DSU/TSU jack to the TELCO jack. To discern which connection you have, use a wide-band oscilloscope or DVM to measure across the TX and RX Pairs. The TX pairs should have activity and the RX pairs should not. Note: Many T1 jacks provided by the phone company are terminated with a "smart jack". This jack has an automatic loop-back feature built in, so that if no connector is inserted, the TX pair is connected to the RX pair. The phone company uses this feature to test the line from the CO before turning it over to you. A common mistake during installation is to reverse the TX and RX pairs, so it is best to insert a plug/cable into the jack before you do your testing. To connect two T1 jacks that have the same pin-out, you will need a T1 cross-over cable, which has these connections: A T1 loop-back connector will have these connections all on the same jack or plug: Cable End A to end B RJ45 PIN 1 to 4 2 to 5 4 to 1 5 to 2 A T1 loop-back connector will have these connections all on the same jack or plug: T1 Loop-back connector RJ45 Pins 1-4 & 2 to 5 Diagram 3, Image Show how to set the clock rate, refer to the hands on Lab. Diagram 4, Hands on Lab 8.2.0 - Prototyping WAN Connectivity 8.2.1 - Identify WAN Goals and Requirements 1 Diagram, Image Diagram depicts the 2 different stadium Networks, the existing and the proposed. Both are complex and will be covered in detail by your instructor. 8.2.2 - Creating the Test Plan 3 Diagrams Diagram 1 Table Business goal: Provide additional services, such as voice and video, to the remote sites. Technical Requirements Scalability: Use of Frame Relay connections to connect the remote sites. Configuring bandwidth requirements for each virtual circuit Availability: Configuring backup connections using the VPN through the Internet Security: Applying filters to permit only authorized traffic to and from the WAN sites Manageability: Creating a management network and provision of access to devices through SSH Overall Success Criteria: Frame Relay links that provide guaranteed bandwidth for delay sensitive traffic, and backup links that operate as expected. Success Criteria: Scalability: Adding additional sites does not require additional local loop connections CIR guarantees bandwidth for configured virtual circuits Availability: Connectivity is not lost for major applications if Frame Relay fails Security: Undesirable traffic is blocked Manageability: Management station is able to initiate an SSH session to devices at the WAN sites Diagram 2, Image Diagram depicts 2 networks, the actual frame relay network and the simulated frame relay network. Actual: Stadium router (DTE CPE) s0/0 connects to CSU, DLCI10,30 on a T1 line. This connects to the frame relay cloud2 links leave the cloud. 1: DLCI 40 connects to a CSU/DSU that connects to the souvenir shop DTE CPE router 2: DLCI 20 connects to a CSU/DSU that connects to the Ticket sales DTE CPE router All links into the cloud areT1 Simulated 4 routers are connected in a diamond shape, main stadium router CPE1, s1/0 connects to router FR1 on s1/0, DCE via crossover V35. FR1 , s1/0 (sic) DCE connects to CPE2 (remote site), s0/1 via crossover V35. CPE2, Fa0/0 connects to router ISP1 (backup link), Fa0/0. ISP1, Fa0/1 connects back to CPE1, Fa0/1. This is also a backup link. Diagram 3 Hands on Lab 8.2.3 - Validating the Choice of Devices and Topologies 5 Diagrams Diagram 1, Image Diagram depicts the actual frame relay network described in the previous section. Links have the additional text below. Stadium DTE CPE Router to DCE Frame Relay Switch, DLCI 10, 30 Two logical virtual circuits being carried over one point-to-point physical connection. TSP Network to Souvenir Shop DTE CPE Router Single logical virtual circuit carried over a point-to-point physical circuit on DLCI40 TSP Network to Ticket Sales Office DTE CPE Router Single logical virtual circuit carried over a point-to-point physical circuit on DLCI 20 TSP Network: Many logical virtual circuits carried over a packet switched network consisting of one or more Frame Relay Switches. Every virtual circuit has two connection endpoints, each identified with a locally significant data-link connection identifier (DLCI). Diagram 2, Image Diagram depicts the stadium router connected to the TSP network. The following text is associated with the links: From DSU/CSU to TSP network - DLCI numbers are significant on the local loop. They represent the exit point of a virtual circuit on the Frame Relay Switch. From stadium router to TSP Network - T1 point-to-point connection between the DCE Frame Relay Switch and the DTE router at the stadium. This link is referred to as the local loop. Diagram 3, table Cisco IOS keyword: ansi Description: Annex D defined by American National Standards Institute (ANSI) standards T1.617. Cisco IOS keyword: cisco Description: LMI type defined jointly by Cisco and three other companies. Cisco IOS keyword: q933a Description: ITU-T Q.933 Annex A. Diagram 4, Animation Animation depicts the process of congestion control in a frame relay network. The Stadium DTE CPE Router commences the transmission of many packets to the Ticket Sales Office DTE CPE Router, over the frame relay cloud. A text box above the TSP network says ?DCE Frame Relay switch receives frames from the stadium CPE router. It detects congestion in the network and marks the frames appropriately.? The frame relay now becomes congested. The DCE Switch sends frames with FECN bit set to destination device. The DTE Router (ticket sales) receives FECN. Flow control can be evoked if device implements it. DTE Router receives BECN marked frames. Flow control can be evoked if the device implements it. The DCE Switch sends out BECN to source device. Diagram 5, Activity Match each definition to the Frame relay term. A: CIR B: Local Access Rate C: DLCI D: BECN E: Local Loop A bit in the frame header used to indicate that the frame can be dropped if there is congestion. A bit in the frame header used to inform a source device about congestion on the network path. The connection between CPE and the Frame Relay switch at the provider. The rate at which data can travel in to or out of the provider network. The guaranteed data transfer rate for a virtual circuit through the provider network. An identifier used in the local loop to specify a remote endpoint. The signaling between a router and the local Frame Relay switch to manage the connection between them. 8.2.4 - Prototype the WAN 5 Diagrams Diagram 1, Image Diagram depicts 3 routers connected via serial ports. Router Edge2 connects on s0/1/1 172.18.0.9/30, DLCI 110 connects to router FR1 s0/1/1. FR1, s0/1/0, DLCI 100 connects to router BR3, s0/1/0 172.18.0.10/30. Console output from Edge2 is shown: Edge2(config)#interface serial0/1/1 Edge2(config-if)#ip address 172.18.0.9 255.255.255.252 Edge2(config-if)#encapsulation frame-relay A tip box contains the information below: Using a router as a Frame Relay switch is not a common practice in a production network. The Frame Relay configuration for FR1 in this example is frame-relay switching interface serial 0/1/0 frame-relay route 100 interface Serial0/1/1 110 interface serial 0/1/1 frame-relay route 110 interface Serial0/1/0 100 Diagram 2, Animation Diagram depicts 2 routers connected by serial connection via a frame relay clouds. Router Edge2 connects to the cloud via s0/1/1, 172.18.0.9/30, DLCI 110. Router BR3 connects to the cloud on s0/1/0, 172.18.0.10, DLCI 100. The animation commence with the frame relay switch connected to Edge2 noting that DLCI 110 is active.Edge2 states ?DLCI 110 is active. I will send an Inverse ARP request to learn the IP address of the remote router.? BR3 notes that ?I have received an Inverse ARP request on DLCI 100 from 172.18.0.9, Frame Relay Map DLCI 110 = 172.18.0.9? A text box above the cloud states ?Inverse ARP Response from 172.18.0.10? Finaly, Edge2 notes ?Frame Relay Map DLCI 110 = 172.18.0.10? Diagram 3, Image Diagram depicts a router (RTA) connected via a single serial link to the frame relay cloud. On the other side of the cloud are 3 routers RTB,RTC, RTD. With no subinterface, DLCI 19 (to RTC) and DLCI 20 (RTD) are blocked ? routing update from RTB is blocked from RTC by split horizon. With Subinterfaces: S0/0/0 is broken into s0/0.1 and s0/0.2 by the following command Interface serial0/0.1 multipoint Ip address 1.1.1.1 255.255.255.0 Frame-relay interface-dlci 18 Frame-relay interface-dlci 19 Some text is displayed on this interface: Routing update from RTB blocked from RTC by Split Horizon, but allowed to RTD across point-to-point interface. RTA connects to RTB and RTC using a multipoint subinterface, while using a point-to-point subinterface to connect to RTD. Diagram 4, Console listing Examine the commands in the laboratory sessions Diagram 5, Activity Activity is inaccessible, see your instructor for equivalent exercise. 8.2.5 - Troubleshooting Frame Relay Operation 5 Diagrams Diagram 1, image Utilises the previously described simulated frame relay topology: 4 routers are connected in a diamond shape, main stadium router CPE1, s1/0 connects to router FR1 on s1/0, DCE via crossover V35. FR1 , s1/0 (sic) DCE connects to CPE2 (remote site), s0/1 via crossover V35. CPE2, Fa0/0 connects to router ISP1 (backup link), Fa0/0. ISP1, Fa0/1 connects back to CPE1, Fa0/1. This is also a backup link. Backup links now have IP addresses, BR3 fa0/1, 172.18.225.249/30 connects to ISPX, Fa0/0, 172.18.255.250/30. ISPX, Fa0/1, 172.18.0.250/30 connects to Edge2. FA0/1, 172.18.0.249/30. The following config commands are shown Edge2(config) ip route 172.18.255.0 255.255.255.0 172.18.0.10 Edge2(config) ip route 172.18.255.0 255.255.255.0 172.18.0.250 130 Diagram 2, Image Diagram depicts the 3 router topology previously described. Edge2 s0/1/1, 172.18.0.9/30, DLCI 110 connects to FR1, s0/1/1. FR1, s0/1/0, DLCI100 connects to BR3 s1/0, 172.18.0.10/30. DLCI 110 is highlighted. The console output of a sh frame-relay pvc is shown. Highlighted output is: The local deleted field = 1 DLCI= 100 and PVC status = deleted A more info button brings up the following link ../courses/en1200000000/en1208000000/en1208020000/en1208020500/en1208020502/TroubleshootingFrameRelayScenarios.pdf (see instructor for a copy) Diagram 3, Listing Listing shows the output of the debug frame-relay command Diagram 4, Packet Tracer Exploration Diagram 5, Hands on Lab 8.2.6 - Identifying Risks and Weaknesses 2 Diagrams Diagram 1, image Diagram depicts the stadium network previously described. A note is overlaid and reads; Questions - Performance of the backup VPN connections? Performance of the Frame Relay network? Diagram 2, Hands on Lab 8.3.1 - Identifying VPN Goals and Requirements 2 Diagrams Diagram 1, Image Image shows 2 sets of team scouts, one connects to the ?team resources? network via the PSTN, the other through the Internet via ?Easy VPN clients? Diagram 2, Image Diagram depicts a remote user connecting through a POP cloud to the Internet and on to a Central site. Text box under the remote worker says ?VPN clients encrypt and encapsulate the data.? At the Router attached to the central site a text box says ?Encrypted data cannot be filtered.? A note within the central Site says ?VPN endpoint where data is unencrypted.? 8.3.2 - Creating the Test Plan 3 Diagrams Diagram 1, Table 2 tables Business goals: Improve the customer experience by offering additional services to customers and vendors. Overall success goals: Sports team personnel using VPN clients can successfully connect to team resources located on the stadium network. Technical requirements Scalability: Configure split tunneling to permit only the traffic destined for the stadium resources access via the VPN. Availability: Configure redundant VPN servers to provide failover. Security: Configure IPSec VPNs. Manageability: Use Cisco EasyVPN to configure the VPN settings and Use SDM to configure and manage VPN server. Success Criteria Scalability: VPN clients can be added without impacting the performance of the LAN. Availability: Connectivity is not lost if one VPN server goes down. Security: EasyVPN client configuration supports a high level of security. Manageability: It is easy to perform and manage configurations and It is easy to perform and manage configurations. A more info box contains the text ?Additional security measures need to be in place. Split tunneling is a security risk and many organizations do not allow it.? Diagram 2, Image Screen capture of the Cisco EasyVpn application. Diagram 3, Hands on Lab 8.3.3 - Validate Choice of VPN Topology, Devices and Topologies 4 Diagrams Diagram 1, Image Diagram depicts 2 routers connected via a tunnel ? Virtual network and And encrypt pipe connecting to decrypt pipe, this has an encrypted envelope between the 2.. Text is associated with the tunnel and the envelope. Tunnel text: Generic Routing Encapsulation (GRE) tunnels provide a specific pathway across the shared WAN. They encapsulate traffic with new packet headers to ensure delivery to specific destinations. The network is private. This is because traffic can enter a tunnel only at an endpoint and can leave only at the other endpoint. Tunnels do not provide true confidentiality (like encryption does) but can carry encrypted traffic. IP Security (IPSec) acts at the Network Layer, protecting and authenticating IP packets between participating IPSec devices (peers). IPSec is not bound to any specific encryption, authentication, security algorithms, or keying technology. IPSec is a framework of open standards. Layer 2 Forwarding Protocol (L2F) is a protocol developed by Cisco that supports the creation of secure virtual private dialup networks over the Internet by tunneling Layer 2 frames. Point-to-Point Tunneling Protocol (PPTP) was developed by Microsoft. It is described in RFC2637. PPTP is widely deployed in Windows client software to create VPNs across TCP/IP networks. Layer 2 Tunneling Protocol (L2TP) is an IETF standard that incorporates the best attributes of PPTP and L2F. L2TP is used to tunnel Point-Point Protocol (PPP) through a public network, such as the Internet, using IP. Since the tunnel occurs on Layer 2, the upper layer protocols are unaware of the tunnel. Like GRE, L2TP can also encapsulate any Layer 3 protocol. Encrypted message text: Encryption algorithms Data Encryption Standard (DES) algorithm- DES was developed by IBM. DES uses a 56-bit key, ensuring high-performance encryption. 3DES is a symmetric key cryptosystem. Triple DES (3DES) algorithm- 3DES is a variant of the 56-bit DES. 3DES operates similarly to DES, in that data is broken into 64-bit blocks. 3DES then processes each block three times, each time with an independent 56-bit key. 3DES provides significant encryption strength over 56-bit DES. DES is a symmetric key cryptosystem. Advanced Encryption Standard (AES) : The National Institute of Standards and Technology (NIST) have recently adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES. It is computationally more efficient than 3DES. AES offers three different key lengths: 128-, 192-, and 256-bit keys. Rivest, Shamir, and Adleman (RSA) : RSA is an asymmetrical key cryptosystem. It uses a key length of 512, 768, 1024, or larger. IPSec does not use RSA for data encryption. IKE only uses RSA encryption during the peer authentication phase. Diagram 2, Animation Animation shows the process of encrypting/decrypting messages. A message ?Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars? is sent to the encryption algorithm and the message now reads ?4ehlDx67NMop9eR U78IOPotVBn45TR?. A person listening in on the internet says ?I can?t read a thing? The message is decrypted at the receiver. Diagram 3, Image Diagram depicts the process of hashing algorithms. The message ?Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars? has a hash added to the end, if the message is altered to read ?Pay To Alex Jones $1000.00 One Thousand xx/100 Dollars? the hash is different to the original and alteration are detected. Diagram 4, Activity Originally a Crossword Clues Down 1 Tunneling protocol developed by Cisco Systems that supports secure virtual private dial-up networks at Layer 2 (3 words) 2 High-performance encryption algorithm that uses a 56-bit symmetric key (3 words) 4 A strong security algorithm that uses key lengths of 128, 192, or 256 bits. (3 words) 6 An asymmetrical key cryptosystem using key length of 512, 768, 1024 bits or larger (acronym) 10 A framework of open standards providing encryption, authentication, security algorithms, or keying technology (acronym) Across 3 A hash algorithm that uses a 160-bit shared secret key (3 words) Last letter 1 5 A public key exchange method used to establish a shared secret key over an unsecured channel (2 words) 7 Encapsulates packets inside IP tunnels between endpoints without confidentiality (3 words) 8 IETF tunneling solution used to tunnel Point-to-Point Protocol (PPP) through a public networks (3 words) 6th letter = 2 9 A encryption algorithm using 64-bit blocks that are processed three times (acronym)1st letter = 3 11 Developed by Microsoft to enable voluntary VPNs for Windows clients (acronym) 12 A hash algorithm that uses a 128-bit shared secret key (2 words) last letter = 5 8.3.4 - Prototype VPN Connectivity for Remote Workers 4 Diagrams Diagram 1 Image Described within text body. Diagram 2, Image Diagram depicts a network using EasyVPN. A home user is connected to a corporate router via a VPN tunnel. Both the corporate router and the home users router are connected to the Internet. The home user sends 2 messages, one to cisco.com, the other to the 10.14.1.4 server. The VPN allows the 10.14.1.4 message to be delivered and the cisco.com message is forwarded via the Internet. Both messages are sent via the tunnel to the corporate network in default operation. In Split tunnel only the messages destined for the corporate network are sent via the tunnel, the cisco.com message is sent via the home users router directly to the Internet. Diagram 3, Hands on Lab Diagram 4, Hands on Lab 8.3.5 - Validate Placement of VPN Server 1 Diagram, Image Diagram depict the stadium network. A user is connecting to the edge router, 2 parhs for traffic branch off, both branches are identical and have 802.1q trunks between the Cisco EasyVPN servers and the STP Primary root routers. 8.3.6 - Identify Risks or Weaknesses 2 Diagrams Diagram 1, checklist Each item below must be marked passed or failed. LAN Routing and Switching Server Farm/Data Center Frame Relay WAN VPN Configuration Diagram 2, Activity Determine if each acronym represents a tunneling term or an encryption term. Acronyms: 3DES AES DES GRE IPSec L2F L2TP PPTP RSA 8.4.0 - Chapter Summary 8.4.1 ? Summary Slideshow Slide 1 text * Testing remote connectivity options may be more difficult than testing the LAN design. * The designer can use three different methods to test remote connectivity designs: * Simulation software, such as Packet Tracer * Prototype testing using simulated links * Pilot testing in the actual environment * Computer software programs, such as Packet Tracer, offer the designer a tool to test configurations before implementing them on actual equipment. Benefits of using simulation sofware include: * Lower overall cost * Flexibility * Scalability * Control * Disadvantages of using simulations may be that the simulations have limited functionality or report unrealistic performance estimates. * Using cross-over cabling and special device configurations, WAN connections can be simulated in a prototype environment. * When using cross-over cabling to connect two serial interfaces, it is necessary for one device to provide the clocking for the circuit. On a Cisco router, this is accomplished using the clock rate command. * Frame Relay is a high-performance WAN protocol that was standardized by the International Telecommunication Union ITU-T. * Every Frame Relay link has at least three components: o The local point-to-point circuit that connects the local CPE router to the TSP Frame Relay switch o The TSP packet-switched network o The remote point-to-point circuit that connects the remote site into the TSP network * More than one virtual circuit can be carried on a single physical local loop circuit. Each virtual circuit endpoint is identified by a data-link connection identifier (DLCI). * The committed information rate (CIR) specifies the maximum average data rate that the network delivers under normal conditions. * To help manage traffic flows in the network, Frame Relay implements two mechanisms: * Forward-explicit congestion notification (FECN) * Backward-explicit congestion notification (BECN) * Inverse Address Resolution Protocol (Inverse ARP)provides a mechanism to create dynamic DLCI-to-Layer 3 address maps. * Frame Relay is a nonbroadcast multi-access (NBMA) protocol. This means that each virtual circuit on an interface is treated as a separate local network. * One way to configure routers to use a backup link when the primary link is unavailable is to create floating static routes. A floating static route is a static route that has an administrative distance greater than the administrative distance of the corresponding dynamic routes. * A VPN is an extension of the internal private network. VPNs transmit information securely across shared or public networks, like the Internet. * VPNs have two important components: o Tunneling to create the virtual network o Encryption to enable privacy and security * Tunneling methods include: o Generic Routing Encapsulation o IP Security (IPSec) o Layer 2 Forwarding Protocol (L2F) o Point-to-Point Tunneling Protocol (PPTP) o Layer 2 Tunneling Protocol (L2TP) * Encryption algorithms include: o Data Encryption Standard (DES) algorithm o Triple DES (3DES) algorithm o Advanced Encryption Standard (AES) o Rivest, Shamir, and Adleman (RSA) * Encryption algorithms, such as DES and 3DES, require a symmetric, shared secret key to perform encryption and decryption. * Keys can be configured through the use of a key exchange method. The Diffie-Hellman (DH) key agreement is a public key exchange method. * To guard against the interception and modification of VPN data, a data integrity algorithm can be used to add a hash to the message. * IPSec is a framework of open standards. It provides data confidentiality, data integrity, and data authentication between participating peers. IPSec provides these security services at Layer 3. 8.4.2 - Critical Thinking 4 questions Diagram depicts a small network that utilizes a Frame relay link (cloud) and a backup link (cloud) A FTP server connects to router RTR2, 192.168.10.0/24. RTR2 connects to both the backup link and the frame relay cloud, 10.10.1.2/29, DLCI201. Another network, 192.168.20.0/24 is connected to router RTR3 which connects to the frame relay cloud only, 10.1.1.3/29 DLCI431 The other side of the clouds connect to router RTR1, frame relay cloud to s0/0 DLCI101, backup link to s0/1. A network is attached to RTR1, 192.168.50.0/24. A snippet from the config of RTR1 is shown Interface serial 0/0 Ip address 10.10.1.1 255.255.255.248 Encapsulation frame-relay Question 1 RIPv1 has been correctly configured between router RTR1, RTR2 and RTR3. What will happen when a routing change occurs in network 192.168.10.0/24? A: RTR3 will not find out about the routing updates. B: RTR1 and RTR3 will not find out about the routing updates. C: RTR2 will keep the updates confined to the internal LAN. D: RTR1 will pass the routing update information to RTR3. Question 2 The administrator has decided to use sub-interfaces on RTR1 and has decided to continue using RIPv1. What should the administrator do on RTR1? A: Use the commands below on RTR1 RTR1(config-if)# interface serial 0/0.1 multipoint RTR1(config-subif ip address 10.10.10.1 255.255.255.240 RTR1(config-subif)# frame-relay interface-dlci 201 RTR1(config-subif)# frame-relay interface-dlci 431 B: Obtain another DLCI from the ISP and use the commands below on RTR1 RTR1(config-if)# interface serial 0/0.1 multipoint RTR1(config-subif)# ip address 10.10.10.1 255.255.255.240 RTR1(config-subif)# frame-relay interface-dlci 101 RTR1(config-subif)# frame-relay interface-dlci [new_DLCI] C: Use the commands below on RTR1 RTR1(config-if)# interface serial 0/0.1 point-to-point RTR1(config-subif ip address 10.10.10.1 255.255.255.240 RTR1(config-subif)# frame-relay interface-dlci 201 RTR1(config-subif)# frame-relay interface-dlci 431 D: Obtain another DLCI from the ISP and use the commands below on RTR1 RTR1(config-if)# interface serial 0/0.1 point-to-point RTR1(config-subif)# ip address 10.10.10.1 255.255.255.240 RTR1(config-subif)# frame-relay interface-dlci 101 RTR1(config-subif)# frame-relay interface-dlci [new_DLCI] Question 3 If the administrator decides to implement multipoint subinterfaces on RTR1, which statement is true if the administrator continues to use the RIPv1 routing protocol? A: Inverse ARP will need to be defined using static mappings. B: Routing updates from 192.168.10.0/24 will not be passed to the 192.168.20.0/24 network. C: The DLCIs will need to be changed to ensure each site has the same DLCI. D: The Frame Relay encapsulations must be ?cisco? on each router. Question 4 The routing protocol in use between the three routers is RIPv1. The administrator wants to ensure that the FTP server is available to the 192.168.50.0/24 network, even if the Frame Relay connection fails. How should the administrator design a backup link to the FTP server? A: Configure a static route with the command: ip route 192.168.10.0 255.255.255.0 interface serial0/0 B: Configure a static route with the command: ip route 192.168.10.0 255.255.255.0 interface serial0/1 150 C: Install a second circuit to a separate Frame Relay service provider and use a CIR of zero. D: Change the routing protocol to a classless protocol, such as OSPF.