Exam Remote Access 640-605: Building Cisco Remote Access Networks (BCRAN) Vendor Cisco Systems Status Live Reviewer's Rating "Slightly harder than the previous version. Includes several advanced question types." Test Information Reviewer's exam had 53 questions, 75-minute time limit, with score of 706 needed to pass. Cost: $125 (U.S.) Who Should Take This Exam? Candidates pursuing Cisco's mid-level Certified Networking Professional (CCNP) title. Test Objectives Click here

In my opinion, the previous version of the Remote Access exam was slightly easier, but not by much. This new exam features several advanced question types, including simulations, pick-and-place and drag-and-drop, as well as more standard multiple choice items with either select one or a designated number of correct answers. There are even "exhibits" of text in some questions that you can use to find the correct IOS commands!

In this article, I'll address some of the high points to study for this new exam by mapping to the official objectives, which you'll find here.

Tip: After downloading the exam objectives, go here and get the Cisco AS5300 Software Configuration Guide -- this has plenty of relevant information you should study for this exam.

Cisco Remote Access Networks Introduction
The objective in this domain is to specify and /or identify the Cisco products that best meet the WAN connection requirements for permanent or dial-up access connections.

You'll need to be familiar with the Cisco remote access product line when asked for the "best solution" to meet customer or user-connection requirements. There are the Cisco 700, 800, 1600 and 1700 routers for remote locations and the AS5300 for central office connectivity. This version of the exam doesn't include that much on the 700 series; but you should know that it doesn't offer the Cisco IOS. The 800 series routers are capable of supporting DSL and ISDN connections which can be used for voice. The 1600 doesn't include a built-in Wide Area Interface Card (WIC), and the 1700 is the preferred choice when VPNs are needed.

The AS5300 central office router can support ISDN PRI connections and includes integrated modems for dial-up access.

Selecting Cisco Products for Remote Connections
This exam objective is a spin-off of the previous but with the addition of topics that require you to identify the correct Cisco product solution given a set of remote access requirements. I was surprised by the number of Cisco product questions in this revision of the exam. Be sure to study the remote access product line thoroughly. You may encounter some "freebie" type questions here, such as which remote access connection method is the slowest (dial-up modems).

Assembling and Cabling the WAN Components
Within this objective area, you're expected to identify the components necessary to allow WAN connections -- such as Frame Relay and ISDN BRI -- between branch office locations and a central site and vice versa, as well as from a telecommuter site to the central site. For this, you'll need to know a few select IOS commands, such as the one to configure Frame Relay encapsulation on serial interfaces (encapsulation frame-relay ietf). Remember that this is done per physical interface, whereas sub-interfaces are used for the specifics of Frame Relay virtual circuits or connections.

Tip: HDLC is the default encapsulation on Cisco router serial interfaces!

LMIs have been autosensed since IOS version 11.2 but also include ansi, cisco (default) and q933i. The frame-relay map command is used to configure static address mappings.

To verify Frame Relay operation, use the commands show interface serial, show frame-relay pvc and show frame-relay lmi.

ISDN BRI details are essential knowledge; the possibilities for it are endless. ISDN BRI is commonly used today as a backup method to Frame Relay circuits, but it can also be used by a telecommuter as a connection method to the central office.

Tip: ISDN is a circuit-switched connection technology requiring call setup and tear down, but at a much faster rate than asynchronous analog modems.

Dedicated circuits, also known as leased lines (such as point-to-point), are not shared and offer longer connect times but shorter distances. Packet-switched circuits, such as Frame Relay, use virtual circuits and are well suited for large geographic distances.

Tip: This document from Cisco includes invaluable information on configuring and using ISDN.

Configuring Asynchronous Connections to a Central Site with Modems
This objective includes topics that are defined very well in this document from Cisco. For this section, you'll need hands-on knowledge of many IOS commands for configuring asynchronous connections to the central site. The asynchronous interface commands include interface async X (X equals the line number), encapsulation ppp, async dynamic address, async mode interactive and ppp authentication chap.

The most commonly used asynchronous line commands are line X, login, password, flowcontrol, speed and modem. Modem autoconfigure is the command used to autodetect and configure a modem that appears in the modemcap database.

Tip: When configuring asynchronous ports, remember that the interface commands refer to the protocol (logical) aspects of the connection, and line refers to the physical aspects.

Also know your modem show commands. Show modemcap shows the modem database built-in to Cisco access servers. Show line will indicate which type of modem is configured, and clear line will return a line to idle status.

Tip: To make a reverse telnet connection to a modem connected to an access server, specify the interface async 7 by using the port address 2007 where 2000 is the base TCP port.

Configuring PPP and Controlling Network Access with PAP and CHAP
This objective requires knowledge of how to configure authentication protocols and parameters at both ends of a remote access connection. PPP includes an encapsulation method, Link Control Protocol (LCP), for establishing, configuring and authenticating the connection, and Network Control Protocols (NCPs) to establish and configure network-layer protocols such as IP.

Each remote access connection requires encapsulation ppp along with an ip address or ip unnumbered command. For PAP or CHAP authentication, ppp authentication pap or ppp authentication chap is required (of course, CHAP is preferred because of its secure authentication process).

PPP multilink provides load balancing over dialer interfaces such as ISDN, synchronous and asynchronous connections. Use the commands ppp multilink and show ppp multilink to configure a connection and verify load balancing.

Tip: The dialer load-threshold load command provides bandwidth-on-demand when used with PPP multilink.

PPP callback creates a client-server relationship when configured on participating routers. The callback client must be configured to initiate PPP callback requests, and the callback server must be configured to accept PPP callback requests and place calls. Make sure you're familiar with these related commands: dialer callback-secure, ppp callback accept and ppp authentication pap or chap.

The show dialer and debug ppp negotiation commands are very useful when troubleshooting PPP.

Using ISDN and DDR Technologies to Enhance Remote Connectivity
This next objective includes ISDN BRI and PRI -- knowledge that many of us first ran across in our CCNA studies. Know your ISDN BRI reference points such as the U or local loop, as well as NT1 location and purpose (line termination). ISDN operates at OSI layers 1, 2 and 3. Use debug isdn Q921 to troubleshoot layer 2 connection problems and debug ISDN Q931 for layer 3, and don't forget show ISDN status.

ISDN can be configured for snapshot routing to prevent a link from activating to send route update packets. ISDN SPIDs are only required configuration when the service provider's network dictates.

Configuring and Optimizing the Use of DDR Interfaces
The previous exam objective includes a reference to the commands to configure DDR. Since this objective is all DDR, I'll mention them here.

Dial-on-Demand Routing (DDR) is a solution to expensive WAN links such as ISDN. DDR is defined in the IOS with the commands dialer-list, dialer-group, dialer map, dialer idle-timeout and dialer load-threshold. The dialer-list command identifies interesting traffic along with access lists. The dialer-group command assigns this traffic to a specific interface. Dialer-map defines the destination address, hostname, telephone number, whereas dialer idle-timeout and dialer load-threshold are used to disconnect the link when not needed and initiate a call when "queued" traffic is ready for routing.

DDR rotary groups and dialer profiles are used to further define and optimize traffic queues. Rotary groups allow inherited configuration of physical interfaces by applying a logical interface configuration, and "this rotary group" can be used for outgoing calls.

A hunt group is a series of telephone lines that are programmed in conjunction to find the next "free line" when a call is received.

Rotary groups are configured with the IOS commands interface dialer group-number and dialer rotary-group rotary-number. To troubleshoot rotary groups and dialer profiles use show dialer interface bri.

Using X.25 for Remote Access
This is one of the more limited-scope objectives. Here, you're focused on the format of an X.121 address as well as the IOS commands for X.25 protocol configuration. To configure X.25, you'll need to define the X.25 encapsulation type, assign the X.121 address and define map statements.

Encapsulation x25 dte is the command which usually defines the router as the DTE side connected to the X.25 PDN. The x25 address x.121-address command is used to start the process of configuration and the address must match the value designated by the X.25 PDN, such as 311082194567.The x25 map protocol address x.121-address command allows mapping of the network-layer address to the X.121 address.

To verify and troubleshoot x.25, use the ever-helpful show interface command.

Establishing a Dedicated Frame Relay Connection and Control Traffic Flow
The objectives here specify the procedures and commands to configure Frame Relay, as well as troubleshoot it. Remember I said this exam includes simulators, and here is where I found mine! You should already be comfortable with these new simulation questions from the current CCNA exam and the latest CCNP Routing exam. In case you're not, Cisco has added a tutorial as well as notice windows when the exam engine switches between standard multiple-choice questions and simulations. Your exam clock stops while the engine goes back and forth between the two modes.

For each of these questions, read the configuration requirements carefully and choose one of the connected terminals to access the router for configuration. Don't forget the button that allows you to switch on-the-fly between the topology and terminal window.

I'm not positive if it counts against your total score for these types of questions, but just in case, don't forget to save your work before clicking Next!

The Frame Relay encapsulation, LMIs, map configuration and show commands were previously mentioned, so now I'll focus on the ones needed for controlling traffic flow. Using the map-class frame-relay map-class-name command allows you to configure shaping. This is where you can define the average and peak rates, specify the data rate based of BECNs received and specify a custom or priority queue list. Then using the frame-relay traffic-shaping command along with the command above to control traffic flow. I'll come back to this later in the "Managing Network Performance with Queuing and Compression" section below.

Enabling a Backup to the Permanent Connection
Here you'll be expected to understand and select from an exhibit list the required commands to configure a backup connection to activate based on a primary link failure or threshold need. Using the commands interface serial X, backup interface interface-type number and backup delay, you can configure a link to provide backup. These could be used in the case of ISDN, or dialup when needed. Alternatively, you could use floating static routes, which set the administrative distance to a value greater than a dynamic route except for when that network path is unreachable.

One of the many commands for verifying and troubleshooting would be show interface dialer.

Managing Network Performance with Queuing and Compression
Weighted fair queuing, priority queuing and custom queuing are often use to manage and shape network traffic. In this domain, you'll need to determine why queuing is enabled and use the correct procedures and commands to configure, verify and troubleshoot incorrect configurations. There is also mention of traffic compression procedures and commands.

First-in-first-out (FIFO) was the original queuing method on Cisco router interfaces. With the advent of more advanced techniques, a department or company can define policies that can be used to establish a queuing policy for time-sensitive traffic.

Tip: There often times when no other solutions to congestion on the wire exist other than adding more bandwidth.

Router(config)# priority-list 2 protocol ip high tcp 23
Router(config)# priority-list 2 ip high list 1
Router(config)# priority-list 2 interface ethernet 0 medium
Router(config)# priority-list 2 protocol ip normal
Router(config)# priority-list 2 default low
Router(config)# priority-list 2 15 20 20 30
Router(config)# access-list 1 permit 172.16.0.0 0.0.255.255
Router(config)# interface serial 0
Router(config)# priority-group 2

Using the above example for a quick discussion of priority queuing, telnet traffic is assigned to the high-priority queue along with traffic from network 172.16.0.0 as defined by the access list statement. All traffic arriving on E0 is sent to the medium-priority queue, and other traffic is assigned to the normal-priority queue. Remaning traffic is caught by the next line "default low" and assigned to the low-priority queue.

The priority-list 2 15 20 20 30 statement sets the queue-size limits for the high, medium, normal and low in that order. The final two commands assign this custom-queuing priority list to interface serial 0!

Data compression, such as link, payload, TCP header and MPPC, is used to maximize bandwidth and increase WAN link throughput. Compression can be configured on serial interfaces with the IOS commands compress predictor, stac or mppc, frame-relay payload-compress and ip tcp header-compression.

Tip: Microsoft Point-to-Point Compression (MPPC) allows Cisco routers to exchange compressed data with Microsoft clients.

Scaling IP Addresses with Network Address Translation
Where would we be today without the development of NAT? NAT allows for private to public address translation but can be a road block with protocols such as IPSec. NAT does help with hiding inside addressing however, and can be further enhanced using Port Address Translation (PAT). PAT allows for many inside addresses mapped to fewer outside addresses. More operational information can be found here.

The IOS commands ip nat inside or outside applied to an interface, ip Nat pool name, ip Nat inside source list, ip Nat inside destination list, and ip Nat outside source list are used to configure the router for NAT. For verifying and troubleshooting, use show ip Nat translations and clear ip Nat translation.

Using AAA To Scale Access Control in an Expanding Network
In this final exam objective, you need to recognize and/or describe the features of CiscoSecure, as well as specify the procedures and commands to configure AAA on the remote access router to allow client connections.

The fist thing you should do is review this Cisco white paper, which defines what the CiscoSecure product can support (e.g., TACACS+ or RADIUS authentication). You'll then want to familiarize yourself with the AAA commands in the table located here.

And There You Have It
After passing this CCNP exam, you'll have a much greater appreciation and understanding of Cisco remote access technologies and products. Good luck!

Andy Barkl, CCNP, CCDP, CISSP, MCT, MCSE:Security, MCSA:Security, A+, CTT+, i-Net+, Network+, Security+, Server+, CNA, has over 19 years of experience in the IT field. He's the owner of MCT & Associates LLC, a technical training and consulting firm in Phoenix, Arizona. He spends much of his time in the classroom but has also been responsible for many Microsoft Windows 2000, Exchange 2000, and Cisco networking deployments for many clients across Arizona. He's also the online editor for MCPMag.com, TCPMag.com, CertCities.com, and a contributing author and editor for Sybex and Cisco Press. He hosts a multitude of exam preparation chats monthly on MCPmag.com, TCPmag.com and CertCities.com. You can reach him at .

More articles by Andy Barkl:

• Get Switched: Cisco’s BCMSN 642-811 Exam
  
• Conquering Cisco’s Troubleshooting Exam (#642-831)
  
• MCDST Exam #70-272: Application Support Challenge
  
• The New Routing Exam: Building Scalable Cisco Internetworks (642-801)