1.2 Overview of Scalable Internetworks
1.2.7 Making the network accessible but secure
The network should be accessible, particularly at the access layer. Access routers need to connect to a variety of WAN services, yet be secure, as shown in the figure.

Support for a variety of WAN technologies is important because the technologies are not all available throughout the world. In many cases, not only is usage a consideration when selecting a WAN technology, but so is geographical availability.

IP access routers must also allow telecommuters to dial in, but be able to differentiate between legitimate and hostile connection attempts. Cisco IOS features that support access include:

Dedicated and Switched WAN Support

  • Dedicated access --- Cisco routers can be directly connected to basic telephone service or digital services such as T1/E1. This means that you can create a core WAN infrastructure for heavy traffic loads, and then use other access services for sporadic traffic requirements.
  • Switched access --- Cisco routers support Frame Relay, X.25, Switched Multimegabit Data Service (SMDS), and ATM. With this variety of support, you can determine which switched service, or combination of switched services, to use, based on cost, location, and traffic requirements.

Exterior Protocol Support

Cisco IOS software supports several exterior protocols, including EGP and BGP. EGP is an older exterior gateway protocol that provides connection between separate autonomous systems. BGP is often used by Internet service providers (ISPs) and by organizations that want to connect to ISPs.

Features that support network security include:

Access lists --- Access lists, which are lists containing information about which type of traffic should be forwarded, can be defined to prevent user traffic from accessing portions of the network. Access lists can also assist in providing security because when they block user traffic effectively, the users themselves are being denied access to sensitive areas of the network. Access lists can be used to filter access to certain locations, but this is not a security feature.

Authentication protocols --- These protocols authenticate a user before allowing access to data. On WAN connections using Point-to-Point Protocol (PPP), you can configure authentication protocols such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). As shown in the figure, the central-site router participates in an authentication process with the dial-in user. If authentication fails, the user is denied access.