Introducing VPN

Solutions
LAN Extension into a WAN
What Is a VPN?

Virtual: Information within a private network is transported

over a public network.
Private: The traffic is encrypted to keep the data confidential.
Benefits of VPN

 Cost
 Security
 Scalability
Site-to-Site VPNs

Site-to-site VPN: extension of classic WAN

 Remote-Access VPNs

Remote-access VPN: evolution of dial-in networks and ISDN

Cisco Easy VPN
 Cisco IOS IPsec SSL VPN (WebVPN)

 Integrated security and routing

 Browser-based full network SSL VPN access
VPN-Enabled Cisco IOS Routers
Cisco ASA Adaptive Security
Appliances
VPN Clients

(legacy)
 What Is IPsec?

IPsec acts at the network layer, protecting and authenticating IP packets.

 It is a framework of open standards that is algorithm independent.
 It provides data confidentiality, data integrity, and origin authentication.
IPsec Security Services

 Confidentiality
 Data integrity
 Authentication
 Antireplay protection
Confidentiality (Encryption)
Encryption Algorithms

Encryption algorithms:
 DES  3DES
 AES  RSA
DH Key Exchange

Diffie-Hellman algorithms:
 DH1
 DH2
 DH5
Data Integrity

Hashing algorithms:
 HMAC-MD5
 HMAC-SHA-1
Authentication

Peer authentication methods:

 PSKs
 RSA signatures
IPsec Security Protocols
IPsec Framework
Summary

 Organizations implement VPNs because they are less expensive,

more secure, and easier to scale than traditional WANs.
 Site-to-site VPNs secure traffic between intranet and extranet
peers. Remote access VPNs secure communications from the
traveling telecommuter to the central office.
 VPNs can be implemented with a variety of different Cisco
devices: Cisco IOS routers, ASA 5500 Series Adaptive Security
Appliances, and Cisco VPN Client software.
 IPsec is the framework that combines security protocols together
and provides VPNs with data confidentiality, integrity, and
authentication.
 AH and ESP are the two main IPsec framework protocols.
Establishing a Point-to-Point
WAN Connection with PPP
LAN Extension into a WAN
Typical WAN Encapsulation
Protocols
An Overview of PPP

 PPP can carry packets from several protocol suites using NCP.
 PPP controls the setup of several link options using LCP.
PPP Session Establishment

PPP session establishment:

1. Link establishment phase
2. Authentication phase (optional)
Two PPP authentication protocols: PAP and CHAP
3. Network layer protocol phase
PPP Authentication Protocols: PAP

 Passwords sent in plaintext

 Peer in control of attempts
 PPP Authentication Protocols: CHAP

 This is an example of the Santa Cruz router authenticating to the HQ router.

 Hash values, not actual passwords, are sent across the link.
 The local router or external server is in control of authentication attempts.
Configuring PPP and Authentication
Overview
Configuring PPP and Authentication

RouterX(config-if)# encapsulation ppp

 Enables PPP encapsulation

RouterX(config)# hostname name

 Assigns a hostname to your router

RouterX(config)# username name password password

 Identifies the username and password of remote router

RouterX(config-if)# ppp authentication

{chap | chap pap | pap chap | pap}
 Enables PAP or CHAP authentication
PPP and CHAP Configuration Example

hostname RouterX hostname RouterY

username RouterY password sameone username RouterX password sameone
! !
int serial 0 int serial 0
ip address 10.0.1.1 255.255.255.0 ip address 10.0.1.2 255.255.255.0
encapsulation ppp encapsulation ppp
ppp authentication chap ppp authentication chap
 Verifying the PPP Encapsulation
Configuration
RouterX# show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:05, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
38021 packets input, 5656110 bytes, 0 no buffer
Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
38097 packets output, 2135697 bytes, 0 underruns
0 output errors, 0 collisions, 6045 interface resets
0 output buffer failures, 0 output buffers swapped out
482 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
 Verifying PPP Authentication

RouterX# debug ppp authentication

4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up
4d20h: Se0 PPP: Treating connection as a dedicated line
4d20h: Se0 PPP: Phase is AUTHENTICATING, by both
4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"
4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"
4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"
4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"
4d20h: Se0 CHAP: O SUCCESS id 2 len 4
4d20h: Se0 CHAP: I SUCCESS id 3 len 4
4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

The debug ppp authentication command shows successful

CHAP output
 Verifying PPP Negotiation
RouterX# debug ppp negotiation
PPP protocol negotiation debugging is on
RouterX#
*Mar 1 00:06:36.645: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
*Mar 1 00:06:36.661: BR0:1 PPP: Treating connection as a callin
*Mar 1 00:06:36.665: BR0:1 PPP: Phase is ESTABLISHING, Passive Open
*Mar 1 00:06:36.669: BR0:1 LCP: State is Listen
*Mar 1 00:06:37.034: BR0:1 LCP: I CONFREQ [Listen] id 7 len 17
*Mar 1 00:06:37.038: BR0:1 LCP: AuthProto PAP (0x0304C023)
*Mar 1 00:06:37.042: BR0:1 LCP: MagicNumber 0x507A214D (0x0506507A214D)
*Mar 1 00:06:37.046: BR0:1 LCP: Callback 0 (0x0D0300)
*Mar 1 00:06:37.054: BR0:1 LCP: O CONFREQ [Listen] id 4 len 15
*Mar 1 00:06:37.058: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:06:37.062: BR0:1 LCP: MagicNumber 0x1081E7E1 (0x05061081E7E1)
*Mar 1 00:06:37.066: BR0:1 LCP: O CONFREJ [Listen] id 7 len 7
*Mar 1 00:06:37.070: BR0:1 LCP: Callback 0 (0x0D0300)
*Mar 1 00:06:37.098: BR0:1 LCP: I CONFACK [REQsent] id 4 len 15
*Mar 1 00:06:37.102: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:06:37.106: BR0:1 LCP: MagicNumber 0x1081E7E1 (0x05061081E7E1)
*Mar 1 00:06:37.114: BR0:1 LCP: I CONFREQ [ACKrcvd] id 8 len 14
*Mar 1 00:06:37.117: BR0:1 LCP: AuthProto PAP (0x0304C023)
*Mar 1 00:06:37.121: BR0:1 LCP: MagicNumber 0x507A214D (0x0506507A214D)
Summary

 PPP is a common Layer 2 protocol for the WAN. There are two
components of PPP: LCP negotiates the connection and NCP
encapsulates traffic.
 You can configure PPP to use PAP or CHAP. PAP sends
everything in plaintext. CHAP uses an MD5 hash.
 Common PPP verification commands include show interface to
verify PPP encapsulation and debug ppp negotiation to verify
the LCP handshake.
WAN Connection with
Frame Relay

34
Overview
 Identify the components of a Frame Relay network
 Explain the scope and purpose of Frame Relay
 Discuss the technology of Frame Relay
 Compare point-to-point and point-to-multipoint topologies
 Examine the topology of a Frame Relay network
 Configure a Frame Relay Permanent Virtual Circuit (PVC)
 Create a Frame Relay Map on a remote network
 Explain the issues of a non-broadcast multi-access network
 Describe the need for sub interfaces and how to configure
them
 Verify and troubleshoot a Frame Relay connection

35
Introducing Frame Relay
Frame Relay is a connection
oriented packet-switched WAN
service and is also an industry
standart.
It operates at the data link layer (L2)
of the OSI reference model.
Typical speeds range from 56 kbps
up to 2 Mbps, although higher
speeds are possible. (Up to 44.736
Mbps)
Frame Relay does not define the Frames carry data,voice,video
way the data is transmitted within between user devices called data
the service provider’s Frame terminal equipment (DTE), and the
Relay cloud. data communications equipment
This is ATM in many cases! 
(DCE) at the edge of the WAN.

36
Frame Relay vs. X.25
Frame Relay is not a reliable protocol which
does not have the sequencing, windowing,
and retransmission mechanisms that are
used by X.25.
Because it was designed to operate on high-
quality digital lines, Frame Relay provides no
error recovery mechanism.
If there is an error in a frame it is discarded
without notification.
Frame Relay uses a subset of the high-level
data link control (HDLC) protocol called Link
Access Procedure for Frame Relay (LAPF).

37
Introducing Frame Relay

Access Circuits
or
Access Link

Access Circuit - A serial connection, such as a T1/E1 or 256kbps

leased line, will connect the router to a Frame Relay switch of the
carrier at the nearest point-of-presence for the carrier.
A Frame Relay network may be privately owned, but it is more
commonly provided as a service by a public carrier.
A Frame Relay Cloud typically consists of many geographically
scattered Frame Relay switches interconnected by trunk lines.

38
DTE – Data Terminal Equipment

DTEs generally are considered to be terminating equipment

for a specific network and typically are located on the
premises of the customer (CPE).

Examples of DTE devices are Router.

39
DCE – Data Communications
Equipment
UNI NNI

FR switch
 DCEs are usually carrier-owned internetworking devices.
 The purpose of DCE equipment is to provide clocking and
switching services in a network.
 In most cases, these are packet switches, which are the devices that
actually transmit data through the WAN.
 The connection between the customer and the service provider is
known as the User-to-Network Interface (UNI).
 The Network-to-Network Interface (NNI) is used to describe how
networks from different providers connect to each other.
NOTE: Cisco router has abilitiy to act as DCE also Frame
40 
Relay Switch (DCE). We will use it in our labs.
Virtual Circuits ( VCs)
VC
FR, ATM, X.25 etc

VC
 VC is a logical connection between two devices,
that acts as if direct connection. Even though it may physically
be indirect. In this case, the two hosts can communicate as if
they have a dedicated connection.
 In order for any two Frame Relay sites to communicate, the
service provider must set up a virtual circuit between these
sites within the Frame Relay network.
 Service providers will typically charge for each virtual circuit.
 Virtual circuits can be either permanent (PVCs)
or temporary (SVCs). 41
Frame Relay Terminology
SVCs PVCs
Per Session Path Always same Path.
may change.

The connection through the Frame Relay network between two DTEs is
called a virtual circuit (VC).
Switched Virtual Circuits (SVCs) Virtual circuits may be established
dynamically by sending signaling messages to the network.
 However, SVCs are not very common.
Permanent Virtual Circuits (PVCs) are more common.
 PVC are VCs that have been preconfigured (static) by the carrier are
used.
 The switching information for a VC is stored in the memory of
42 the switch.
DLCI NUMBERS

DLCI 400

A Data-Link Connection Identifier (DLCI)

identifies the each VC between the DTE and the
Frame Relay switch.
The Frame Relay switch maps the DLCIs between
each pair of routers to create a PVC.
43
 DLCI NUMBERS

DLCI 400
PVC’s use : Local DLCI
numbers

DLCIs is a L2 address of Frame Relay Network

DLCIs have local significance for PVC , although there some implementations
that use global DLCIs (SVC’s use :Global DLCI numbers)

Service providers assign DLCIs to us in the range of 16 to 1007.

DLCIs 0 to 15 and 1008 to 1023 are reserved for special purposes.

DLCI 1019, 1020: Multicasts
DLCI 1023: Cisco LMI
DLCI 0: ANSI LMI 44
PVCs and DLCI numbers
Virtual Circuits

DLCI 100

DLCI 300 FR Header

DLCI 200 DATA DLCI =100
DLCI 100
 Router connected to the Frame Relay network may have
multiple virtual circuits connecting it to different end points.
 This makes it a very cost-effective replacement for a full mesh of
access lines. Remember leased line it can be only point-to point
 Each end point needs only a single access circuit and
interface. 45
 Note: Also do not have to pay for leased line between two sites
IETF’s Frame Relay Frame (RFC 1490)

Cisco routers support two types of Frame Relay encapsulation

type.
 IETF’s: which is a 2-byte header that conforms to the IETF
standards.
 Cisco’s: which is a 4-byte header.
46
Cisco’s Frame Relay Frame

Cisco’s
Extra 2 byte

 Default Frame Relay encapsulation type for

Cisco devices

47
More about FR encapsulation Type

FR CLOUD

Encapsulation

Frame Relay encapsulation type not an issue between

Router and FR switch. Because Frame Relay Switch
can forward different encapsulation type as long as
they conformance with IETF’s RFC 1490. (like Cisco’s)

So Encapsulation should be same, only at the each

end of PVC’s (Router- Router)

For more info: http://www.protocols.com/pbook/frame.htm

48
 Frame Relay Bandwidth
Access Rate: This is the clock speed or
port speed of the physical connection
(Access Line) beetween DTE and Frame
We need to do is become Relay Switch
familiar with some of the  It is the max. rate at which data travels
terminology. into or out of the our network, regardless
of other settings.

Committed Information Rate (CIR)

This is the rate, in bits per second, at
which the Frame Relay switch agrees to
transfer data.
 The rate is usually averaged over a
period of time, referred to as the
Access Rate
committed rate measurement interval
(Tc).
 Note: CIR don’t have to be same speed
with Acces Rate.
CIR =256kbps  CIR defined for each VC
Access Rate = E1 2.048 Mbps
49
 Relation Between CIR, Bc,Tc
• Committed time (Tc) - Comitted time, it is an interval, during which
the user can send maximum amount of data
• Committed burst (Bc) – The maximum number of bits that the
switch agrees to transfer during any Tc.

Bc Bc Bc Bc
Tc Tc Tc Tc
1 second

Bc Bc Bc Bc
CIR
Next slide as a example
Main Formula CIR= Bc x (1/Tc) 50
 Bc and CIR and Tc
!!!!!!! CIR =Bc x (1/Tc) !!!!!!!

Tc = 250ms CIR =64kbps

Bc = 16000 bit
16000 bit 16000 bit 16000 bit 16000 bit
16000 x 4= 64000 bps
CIR Tc 1sec

Committed burst (Bc) –The maximum committed amount of data (bits)

for each VC that the switch agrees to transfer during any Tc.

 For example, if the Tc=250ms and the, the Bc=16000bits CIR=64kbps

 The Tc calculation is Tc = Bc/CIR.
 The DE (Discard Eligibility) bit is set on the traffic that was received after
the Bc was met. (coming soon )

Committed Time Interval (Tc) –The committed time, it is a interval during,

which the user can send maximum amount of data
51
Excess burst (Be) and Excess Information
Rate (EIR) EIR =Be x (1/Tc)

Access
EIR=32kpbs
PIR Rate
CIR=64kpbs Be
Tc = 250ms
(Be x 1/Tc)= EIR = 32kbps
Be = 8000 bit Bc
EIR + CIR= Peak Information Rate
Tc
Excess burst (Be) – This is the maximum number of un-committed (extra) bits that are still
accepted by the Frame Relay switch for each VC, during Tc. But are marked as eligible to be
discarded (next slide)
Excessive Burst (Be) is dependent on the service offerings available from your vendor, but it is
typically limited to the port speed of the local access loop.
Excess Information Rate (EIR) This defines the extra bandwidth available to the customer
for each VC, which is derived from Tc and Be.
For our example Tc=250ms, Be=8000bits
You can reach PIR value just for one interval. You can not reach PIR value constantly.
Think Be value as a piggy bank 52
Frame Relay Bandwidth and Flow control
DE bit

Traffic Flow

Discard eligibility (DE) bit – When the router or switch detects network
congestion, it can mark the packet "Discard Eligible".
 The DE bit is set on the traffic that was received after the CIR was
met.
 These packets are normally delivered.
 However, in periods of congestion, the Frame Relay switch will drop
packets with the DE bit set first.
53
Frame Relay Bandwidth and Flow control
DE bit

 Either a router or a Frame Relay switch tags each frame that is

transmitted beyond the CIR as eligible to be discarded.So all
frame in EIR bandwith eligible for discarding
 When a frame is tagged DE, a single bit in the Frame Relay
frame is set to 1.

 These frames will be the first to be dropped when congestion

occurs. 54
Frame Relay Bandwidth

E1 1024kbps
2.048Mbps 1024kbps

Several factors determine the rate at which a customer can send data on a
Frame Relay network.
 Foremost in limiting the maximum transmission rate is the capacity of the
local loop (access rate) to the provider.
– If the access rate is a E1, no more than 2.408 Mbps can be sent.
– In Frame Relay terminology, the speed of the local loop is called the local
access rate.

 Providers use the CIR and EIR parameter to provision network resources
and regulate usage.
– For example, a company with a E1 connection to the packet-switched network
(PSN) may agree to a CIR of 1024 Kbps.
– This means that the provider guarantees 1024 Kbps of bandwidth to the
55
customer’s link at all times.
Frame Relay Bandwidth

E1 1024kbps
2.048Mbps 1024kbps

Typically, the higher the CIR,EIR the higher the cost of service.
Customers can choose the CIR,EIR that is most appropriate to their
bandwidth needs, as long as the CIR+EIR=PIR is less than or equal to
the local Access Rate.
If the CIR of the customer is less than the local access rate, the
customer and provider agree on whether bursting above the CIR is
allowed.(EIR)
If the local access rate is E1 or 2.048 Mbps, and the CIR is 1024 Kbps,
half of the potential bandwidth (as determined by the local access rate)
remains available.
56
Frame Relay Bandwidth

E1 1024kbps
2.048Mbps 1024kbps

 Many providers allow their customers to purchase a CIR of 0 (zero).

 This means that the provider does not guarantee any throughput.
In practice, customers usually find that their provider allows them to
burst over the 0 (zero) CIR virtually all of the time.
If a CIR of 0 (zero) is purchased, carefully monitor performance in order
to determine whether or not it is acceptable.
Frame Relay allows a customer and provider to agree that under
certain circumstances, the customer can “burst” over the CIR. (EIR)

57
TT FR, ATM başvuru formu
Frame Relay Bandwidth and
Oversubscription
CIR 1 Mbps
S0
CIR 1 Mbps

CIR 1 Mbps
S0= 2.048 Mbps
CIR =1024kbps per VC
CIR =1024kbps per VC
CIR =1024kbps per VC

 Oversubscription – is when the sum of the CIRs on all the VCs

exceeds the access line speed.
 But none of them can exceed access line speed.
 Oversubscription is a one of important advantages of Frame
relay networks.
 Oversubscription increases the likelihood that packets will be
dropped.
 Often, oversubsription limited by carrier. For example Turk
58 Telecom
limit over subscription by two factor of access rate
Brief for Bc&CIR , Be&EIR, PIR 
Data

All data above red line discarded immediately

Bc+Be=96kb
Data still forwarded but
Be=32 Set DE bit=1 it’s eligible for discarding
in the event of congestion
Bc=64kb

Data forwarded

Tc= 500ms t
CIR=128kbps + EIR=64kbps = PIR= 192kbps
Can we know whether Frame Relay switch congested?
Coming soon 59
 Frame Relay Bandwidth and
Congestion-Control Mechanisms BECN & FECN bits

Traffic Flow

Backward Explicit Congestion Notification (BECN) – When a Frame

Relay switch recognizes congestion in the network, it sends a BECN packet
to the source router.
- This instructs the router to reduce the rate at which it is sending
packets. If the router receives any BECNs during the current time interval, it
decreases the transmit rate by 25%.

Forward Explicit Congestion Notification (FECN) – When a Frame

Relay switch recognizes congestion in the network, it sends an FECN
packet to the destination device. 60
- This indicates that congestion has occurred
LMI – Local Management Interface

LMI
LMI status inquiry

LMI status
LMI is a signaling standard between the DTE and the Frame Relay
switch.
LMI is responsible for managing the connection and maintaining the
status between FR Switch and Router.
LMI includes:
 A keepalive mechanism, which verifies that data is flowing
 A status mechanism, which provides an current status on the
PVC’s known to the switch (active,inactive etc.). coming soon
 The multicast addressing, Allows a sender to transmit a single
frame but have it delivered by the network to multiple recipients (not
common) 61
LMI

LMI

In order to deliver the firstly LMI services to customers as soon as possible,

vendors and standards committees worked separately to develop and deploy LMI
in early Frame Relay implementations.

Cisco, StrataCom, Northern Telecom, and Digital Equipment Corporation

released one type of LMI, while the ANSI and the ITU-T each released their own
versions
The result is that there are three types of LMI, none of which is compatible
with the others.

The LMI type must match between the provider Frame Relay switch and the
customer DTE device. 62
 LMI Autosensing 
Before IOS 11.2, the Frame Relay interface must be manually
configured to use the correct LMI type, which is furnished by the
service provider.
If using Cisco IOS Release 11.2 or later, the router attempts to
automatically detect the type of LMI used by the provider switch.
This automatic detection process is called LMI autosensing.
No matter which LMI type is used, when LMI autosense is active, it
sends out a full status request to the provider switch.

LMI Yippee!!!
I don’t have to
configure LMI

63
 LMI Status Messages
The Frame Relay switch uses LMI to
report the status of configured PVCs.
The three possible PVC states are as
follows:
 Active state: Indicates that the connection
is active and that routers can exchange data.
 Inactive state: Indicates that the local
connection to the Frame Relay switch is
working, but the remote router connection to
the Frame Relay switch is not working.
 Deleted state: Indicates that no LMI is
being received from the Frame Relay switch,
or that there is no service between the CPE
router and Frame Relay switch.

Active state Inactive or deleted

64
To see PVC state; show frame-relay pvc
 Frame Relay Mapping

Router need to know remote end ip for each VC

Static
Administrators use a frame relay map statement, by using IOS command

Dynamic
• Inverse Address Resolution Protocol (IARP) provides a given DLCI and
requests next-hop protocol addresses for a specific connection.
• The router then updates its mapping table and uses the information in the
table to forward packets on the correct route. 65
• How works IARP?  next slide
 Inverse ARP (dynamic)
Needs remote IP for each PVC
FR CLOUD
Inverse Address Resolution Protocol
(Inverse ARP) was developed to
provide a mechanism for dynamic Inverse ARP request
DLCI to Layer 3 address maps
Inverse ARP reply

Inverse ARP works much the same way Address Resolution Protocol (ARP)
works on a LAN.
However, with ARP, the device knows the Layer 3 IP address and needs to know
the remote data link MAC address. (L3 to L2)
With Inverse ARP, the router knows the Layer 2 address which is the DLCI, but
needs to know the remote Router’s Layer 3 IP address.(L2 to L3)

Inverse ARP request sent separately inside each VC

66
 Inverse ARP (dynamic)
Knows DLCI, needs remote IP
1
2 3 My IP is 1.1.1.1
Your IP ?

4 My IP is 1.1.1.2
1- Once the router learns from the switch about available PVCs and their
corresponding DLCIs, the
2- Router sends an Inverse ARP request for each DLCI. (unless statically
mapped)
3- In effect, the Inverse ARP request asks the remote station for its IP address.
At the same time, it provides the remote system with the IP address of the local
system.
4 -The return information from the Inverse ARP is then used to build the Frame
Relay map.
67
Configuring Cisco Router as a Frame Relay Switch

Frame-relay switching
interface Serial0/0
no ip address
clock rate 128000
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 102 interface Serial0/1 201
frame-relay route 103 interface Serial1/0 301
frame-relay route 104 interface Serial1/1 401
!
interface Serial0/1
no ip address
clock rate 128000
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 201 interface Serial0/0 102

68
 Configuring Frame Relay LMI

Router(config-if)# frame-relay lmi-type {ansi | cisco | q933a}

It is important to remember that the Frame Relay service provider maps the
virtual circuit within the Frame Relay network connecting the two remote
customer premises equipment (CPE) devices that are typically routers.
Once the CPE device, or router, and the Frame Relay switch are exchanging
LMI information, the Frame Relay network has everything it needs to create the
virtual circuit with the other remote router.
The Frame Relay network is not like the Internet where any two devices
connected to the Internet can communicate.

REMEMBER : You don’t have to configure it for IOS 11.2 or later

69
Configuring Frame Relay
encapsulation
Router(config-if)# encapsulation frame-relay {cisco | ietf}

FR CLOUD

Encapsulation

cisco : Default frame relay encapsulation type for cisco routers

ietf - Select this if connecting to a non-Cisco router.(RFC 1490)
Use this if connecting Cisco router with other vendor router.
 The frames flow from DTE to DTE, both DTEs must agree to the
encapsulation used. However, each VC can use a different
encapsulation.
 Frame Relay Switch can forward different encapsulation type (like
Cisco) as long as they conformance with IETF’s RFC 1490 70
Minimum Frame Relay Configuration

S0 S0
172.16.1.1/24
FRAME RELAY 172.16.1.2/24
Hub Spoke1
DLCI 102 CLOUD
DLCI 201

Hub(config)# interface serial 0

Hub(config-if)# ip address 172.16.1.1 255.255.255.0
Hub(config-if)# encapsulation frame-relay

Spoke1(config)# interface serial 0

Spoke1(config-if)# ip address 172.16.1.2 255.255.255.0
Spoke1(config-if)# encapsulation frame-relay

Default encapsulation type is Cisco

71
How it works: Next slide
Minimum Frame Relay Configuration
S0 S0
172.16.1.1/24 172.16.1.2/24
Hub FRAME RELAY
Spoke1
DLCI 102 CLOUD DLCI 201

Cisco Router is now ready to act as a Frame-Relay DTE device.

The following process occurs;

 The interface is enabled.
 The Frame-Relay switch announces the configured
DLCI(s) to the router by using LMI.
 Inverse ARP is performed to map remote network layer
addresses to the local DLCI(s).
The routers can now ping each other!
72
Inverse ARP

S0 S0
172.16.1.1/24 172.16.1.2/24
Hub FRAME RELAY
Spoke1
DLCI 102 CLOUD DLCI 201

Hub# show frame-relay map

Serial0 (up): ip 172.16.1.2 dlci 102,
dynamic, broadcast, status defined, active

• dynamic refers to the router learning the IP address via Inverse ARP
• The DLCI 102 is configured on the Frame Relay Switch by the provider.
• Dynamic address mapping is enabled by default for all protocols
enabled on a physical interface 73
Configuring Frame Relay maps
Router(config-if)# frame-relay map protocol protocol-address
dlci [broadcast] [ietf | cisco]

 If the environment does not support LMI autosensing and Inverse

ARP, a Frame Relay map must be manually configured.
 Use the frame-relay map command to configure static address
mapping.
 Once a static map for a given DLCI is configured, Inverse ARP is
disabled on that DLCI.

 The broadcast keyword provides two functions.

Forwards broadcasts when multicasting is not enabled.
 (IOS’s ability not FR switch)

74
 Configuring Frame Relay maps

By default, PVC
cisco is the
default
encapsulation

Uses cisco encapsulation Remote IP

for this DLCI (not needed, Address Local DLCI
75
default)
 Frame Relay Map Statements

Spoke1(config-if)# frame-relay map protocol protocol-address dlci

[broadcast] [ietf | cisco]

frame-relay map ip 172.16.1.3 110 broadcast

Frame-Relay map statements can be used to:

 Statically map local DLCIs to an unknown remote network

layer addresses.

 Also used when the remote router does not support Inverse
ARP
Note: Broadcast keyword is optional (but recommended)

76
 Broadcast Handling

192.168.1.2
CI 100
DL 192.168.1.1
DLCI120
Broadcast
255.255.255.255 DLCI
90

interface serial 0
frame-relay map ip 192.168.1.2 100 broadcast 192.168.1.3
frame-relay map ip 192.168.1.1 120 broadcast
frame-relay map ip 192.168.1.3 90

Router send copy of broadcast with DLCI 100,120 because

of broadcast keyword on map statement.

BUT Router don’ t send copy of broadcast with DLCI 90

because of there is NOT broadcast keyword on map 77
statement.
More on Frame Relay Encapsulation

Applies to all DLCIs unless

configured otherwise

If the equipment at the destination is Cisco and non-Cisco, configure the Cisco encapsulation on the
interface and selectively configure IETF encapsulation per DLCI, or vice versa.
These commands configure the Cisco Frame Relay encapsulation for all PVCs on the serial interface.
Except for the PVC corresponding to DLCI 49, which is explicitly configured to use the IETF
encapsulation. configured on a serial interface, then by default, that encapsulation applies to all VCs o

78
Verifying Frame Relay interface
configuration
Router#
Router# sh
sh interfaces
interfaces s0 s0
Serial0
Serial0 is up, line protocol is
is up, line protocol is up
up
Hardware is PowerQUICC Serial
Hardware is PowerQUICC Serial
MTU
MTU 1500
1500 bytes,
bytes, BWBW 512
512 Kbit,
Kbit, DLY
DLY 20000
20000 usec,
usec,
reliability
reliability 255/255, txload 1/255, rxload 1/255
255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY IETF, loopback
Encapsulation FRAME-RELAY IETF, loopback not set not set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
LMI
LMI enq sent 22086, LMI
enq sent 22086, LMI stat
stat recvd
recvd 22087,
22087, LMI
LMI upd
upd recvd
recvd 0,
0, DTE
DTE LMI
LMI up
up
LMI enq recvd 0, LMI stat sent 0, LMI upd
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 sent 0
LMI
LMI DLCI
DLCI 00 LMI
LMI type
type is
is ANSI
ANSI Annex
Annex DD frame
frame relay
relay DTE
DTE

The show interfaces serial command displays information

regarding the encapsulation and the status of Layer 1 and Layer 2.
It also displays information about the DLCIs used on the Frame Relay-
configured serial interface, and the DLCI used for the LMI signaling.

79
Verifying PVC Status
show frame-relay pvc
Router#
Router# show
show frame-relay
frame-relay pvc
pvc 106
106
PVC
PVC Statistics
Statistics forfor interface
interface Serial0
Serial0 (Frame
(Frame Relay
Relay DTE)
DTE)
DLCI
DLCI = 106, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE
= 106, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE == Serial0.1
Serial0.1
input pkts 1270482
input pkts 1270482 output pkts 1306186
output pkts 1306186 in bytes 1050308258
in bytes 1050308258
out bytes 215117180
out bytes 215117180 dropped pkts
dropped pkts 0 0 in
in FECN
FECN pkts
pkts 451508
451508
in BECN pkts
in BECN pkts 0 0 out FECN pkts
out FECN pkts 0 0 out
out BECN pkts 00
BECN pkts
in
in DE
DE pkts
pkts 00 out
out DE
DE pkts
pkts 00
out
out bcast
bcast pkts
pkts 3601
3601 out
out bcast
bcast bytes
bytes 1206326
1206326
55 minute input rate 1000 bits/sec, 2 packets/sec
minute input rate 1000 bits/sec, 2 packets/sec
55 minute
minute output
output rate
rate 00 bits/sec,
bits/sec, 00 packets/sec
packets/sec
pvc
pvc create time 2d13h, last time pvc status
create time 2d13h, last time pvc status changed
changed 04:55:38
04:55:38

show frame-relay pvc; command displays the status of each configured connection, as well as
traffic statistics.

This command is also useful for viewing the number of Backward Explicit Congestion Notification
(BECN) and Forward Explicit Congestion Notification (FECN) packets received by the router.
If a single PVC is specified, only the status of that PVC is shown.

80
 Verifying Mapping
show frame-relay map
Router#
Router# show
show frame-relay
frame-relay map
map
Serial0.1
Serial0.1 (up):
(up): point-to-point
point-to-point dlci,
dlci,
dlci
dlci 106(0x6A,0x18A0),
106(0x6A,0x18A0), broadcast
broadcast
status
status defined,
defined, active
active

The show frame-relay map command displays

the current map entries and information about the
connections.

81
 Verify LMI Status
show frame-relay lmi
Router#
Router# show
show frame-relay
frame-relay lmi
lmi
LMI
LMI Statistics
Statistics for
for interface
interface Serial0
Serial0 (Frame
(Frame Relay
Relay DTE)
DTE) LMI
LMI TYPE
TYPE == ANSI
ANSI
Invalid
Invalid Unnumbered
Unnumbered info
info 00 Invalid
Invalid Prot
Prot Disc
Disc 00
Invalid
Invalid dummy
dummy Call
Call Ref
Ref 00 Invalid
Invalid Msg
Msg Type
Type 00
Invalid
Invalid Status
Status Message
Message 00 Invalid
Invalid Lock
Lock Shift
Shift 00
Invalid
Invalid Information
Information IDID 00 Invalid
Invalid Report
Report IE
IE Len
Len 00
Invalid
Invalid Report
Report Request
Request 00 Invalid
Invalid Keep
Keep IE
IE Len
Len 00
Num
Num Status
Status Enq.
Enq. Sent
Sent 22191
22191 Num
Num Status
Status msgs
msgs Rcvd
Rcvd 22191
22191
Num
Num Update Status Rcvd 00
Update Status Rcvd Num Status Timeouts
Num Status Timeouts 5 5

The show frame-relay lmi command displays

LMI traffic statistics showing the number of status
messages exchanged between the local router and
the Frame Relay switch.
82
Troubleshooting the Frame Relay
configuration
Use the debug
frame-relay lmi
command to determine
whether the router and
the Frame Relay switch
are sending and
receiving LMI packets
properly.

0x0: Inactive (probably remote side

down)
0x2: Active (everything is ok )
0x4: Deleted means that the Frame
You should see increasing number with Relay switch does not have this
myseq and yourseen value, and status code 0x2, DLCI programmed for the router, but
that it was programmed at some
on healty Frame Relay interfaces point in the past. 83
Frame Relay Topologies

Full Mesh

84
 NBMA – Non Broadcast Multiple
Access Networks
-Frames between two routers are
only seen by those two devices
(non broadcast).
- Similar to a LAN, multiple device
have access to the same network
and potentially to each other
(multiple access).

An NBMA network is the opposite of a broadcast network.

On a broadcast network, multiple computers and devices are attached to a shared
network cable or other medium. When one computer transmits frames, all nodes on the
network "listen" to the frames, but only the node to which the frames are addressed
actually receives the frames. Thus, the frames are broadcast.
Think about ethernet broadcast address and ethernet switch behavior when it receive
broadcast frame.... Unlike ethernet, there is no L2 broadcast address on NBMA
network. So FR switch can’t copy and flood broadcast frames
FR, ATM,X25 are example of the NBMA networks

85
Star Topology (Hub and Spokes)
Spoke
Spoke

HUB
Spoke
A star topology, also known as a hub and spokes configuration, is the
most popular Frame Relay network topology because it is the most
cost-effective.
In this topology, remote sites are connected to a central site that
generally provides a service or application.
This is the least expensive topology because it requires the fewest
PVCs.
In this example, the central router provides a multipoint connection,
because it is typically using a single interface to interconnect multiple
86
PVCs.
 Full Mesh Topology
Full Mesh Topology
Number of Number
nodes of PVCs
2 1
4 6
5 10
6 15
8 28
In a full mesh topology, all routers have PVCs to all other destinations.
This method, although more costly than hub and spoke, provides direct
connections from each site to all other sites and allows for redundancy.
For example, when one link goes down, a router at site Brussels can reroute traffic
through site Paris.
As the number of nodes in the full mesh topology increases, the topology becomes
increasingly more expensive.
The formula to calculate the total number of PVCs with a fully meshed WAN
is [n . (n - 1)] /2, where n is the number of nodes.

87
 A Frame-Relay Configuration Supporting Multiple Sites
Hub and Spoke
Topology
with Multipoint
• This is known as a Hub interface HUB
and Spoke Topology, S0 172.16.1.1/24
dlci 102 dlci 103
where the Hub router
relays information
between the Spoke
routers. PVC FR Cloud PVC
• Limits the number of
PVCs needed as in a full-
mesh topology (coming). dlci 301
dlci 201
S0 S0
All interfaces member of 172.16.1.2/24 172.16.1.3/24
the same network
SPOKE1 SPOKE2

172.16.1.0/24
Point-to-Multipoint Configuration
using Inverse ARP
Hub
interface Serial0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay

Spoke1
interface Serial0
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay

Spoke2
interface Serial0
ip address 172.16.1.3 255.255.255.0
encapsulation frame-relay

89
 Verifying Dynamic mapping (IARP)
Hub# show frame-relay map
Serial0 (up): ip 172.16.1.2 dlci 102,
dynamic, broadcast, status defined,
active

Serial0 (up): ip 172.16.1.3 dlci 103,

dynamic, broadcast, status defined,
active

Spoke1# show frame-relay map

Serial0 (up): ip 172.16.1.1 dlci 201,
dynamic, broadcast, status defined,
active

Spoke2# show frame-relay map

Serial0 (up): ip 172.16.1.1 dlci 301,
dynamic, broadcast, status defined,
active

One subnet

90
 Verifying Dynamic mapping (IARP)
Hub#
Hub# show
show frame-relay
frame-relay map
map
Serial0
Serial0 (up): ip 172.16.1.2 dlci
(up): ip 172.16.1.2 dlci 102,
102, dynamic,
dynamic, broadcast,
broadcast, status
status defined,
defined,
active
active
Serial0
Serial0 (up):
(up): ip
ip 172.16.1.3
172.16.1.3 dlci
dlci 103,
103, dynamic,
dynamic, broadcast,
broadcast, status
status defined,
defined,
active
active

Spoke1#
Spoke1# show
show frame-relay
frame-relay map
map
Serial0
Serial0 (up): ip 172.16.1.1 dlci
(up): ip 172.16.1.1 dlci 201,
201, dynamic,
dynamic, broadcast,
broadcast, status
status defined,
defined,
active
active

Spoke2#
Spoke2# show
show frame-relay
frame-relay map
map
Serial0
Serial0 (up):
(up): ip
ip 172.16.1.1
172.16.1.1 dlci
dlci 301,
301, dynamic,
dynamic, broadcast,
broadcast, status
status defined,
defined,
active
active

Inverse ARP resolved the ip addresses for Hub for both Spoke1 and Spoke2
Inverse ARP resolved the ip addresses for Spoke1 for Hub
Inverse ARP resolved the ip addresses for Spoke2 for Hub
What about between Spoke1 and Spoke2 ???

91
 Inverse ARP Limitations
 Can Hub ping both Spoke1 and Spoke2? Yes!
 Can Spoke1 and Spoke2 ping to Hub? Yes!
 Can Spoke1 and Spoke2 ping each other? No!

The Spoke routers’ serial interfaces (Spoke1 and Spoke2)

has failed to encapsulate ICMP packets because there is
no DLCI-to-IP address mapping for the destination
address.
For Example Spoke1 sees Spoke2’s serial interface
network as a directly connected on its routing table .
So try to route packet to S0 but which DLCI??? It can’t
find anything in frame-relay map table because IARP
couldn’t sent through indirect PVC
Solutions to the limitations of Inverse ARP
1. Configure additional Frame-Relay Map Statements
2. Configure Point-to-Point Subinterfaces. (coming soon)
3. Add an additional PVC between Spoke1 and Spoke2 (Full Mesh)

92
 Frame-Relay Map Statements
Hub
interface Serial0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay
!!(Inverse-ARP still works here)
Spoke1
interface Serial0
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.16.1.3 201
Spoke2
interface Serial0
ip address 172.16.1.3 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.16.1.2 301

93
Reachability issues with routing
updates
Frame Relay is an NBMA Network
An NBMA network is a multiaccess network,
which means more than two nodes can
connect to the network.
Ethernet is another example of a multiaccess
architecture.
In an Ethernet LAN, all nodes see all
broadcast and multicast frames.
However, in a nonbroadcast network such as
Frame Relay, nodes cannot see broadcasts of
other nodes unless they are directly
connected by a virtual circuit.
This means that Spoke2 cannot directly see
the broadcasts from Spoke1, because they
are connected using a hub and spoke
topology. 94
 Reachability issues with routing
updates
Net
Split Horizon prohibits routing wor
kX
updates received on an interface
from exiting that same interface.

The Central router must receive the broadcast from Branch A and then
send its own broadcast to Branch B.
In this example, there are problems with routing protocols because of
the split horizon rule.
A full mesh topology with virtual circuits between every site would
solve this problem, but having additional virtual circuits is so costly and
does not scale well.
95
Reachability issues with routing
updates
Net
wor
Split Horizon prohibits routing kX
updates received on an interface
from exiting that same interface.

Split horizon rule reduces the chance of a routing loop with distance vector
routing protocols.
It prevents a routing update received on an interface from being forwarded
through the same interface.
If the Central router learns about Network X from Branch A, that update is
learned via S0/0.
According to the split horizon rule, Central could not update Branch B or Branch
C about Network X.
96
 1. Solution; Disable Split Horizon

To remedy this situation, turn off split horizon for IP

Router(config-if)# no ip split-horizon
Router(config-if)#ip split-horizon

Of course, with split horizon disabled,(already default for main

interfaces with encapsulation frame-relay configured) the protection
it affords against routing loops is lost. (But there is no chance to
loop with hub and spoke topology) 

Split horizon is only an issue with distance vector routing protocols like
RIP, IGRP and EIGRP.
It has no effect on link state routing protocols like OSPF and IS-IS.
97
 2. Solution; Subinterfaces
- Subinterfaces are logical subdivisions
of a physical interface (logically similar
seperate interfaces)
• To enable the forwarding of broadcast
routing updates in a Frame Relay
network, configure the router with
subinterfaces.
• In split-horizon routing environments,
routing updates received on one
subinterface can be sent out on another
subinterface.

With subinterface configuration, each PVC can be configured as a

point-to-point connection.
This allows each subinterface to act similar to seperate physical.
Each subinterface must member of the diffrent NETWORKS.
98
 Frame Relay Subinterfaces.
Each subinterface on
router must member of
S0.1
the diffrent
NETWORKS S0.2
S0

Multipoint subint.

Point-to-point subint.
A key reason for using subinterfaces is to allow distance vector routing protocols to perform properly
in an environment in which split horizon is activated.
There are two types of Frame Relay subinterfaces.
 Point-to-point
 Multipoint
99
 Frame Relay Subinterfaces

Physical interfaces: With a hub and spoke topology Split

Horizon will prevent the hub router from propagating routes
learned from one spoke router to another spoke router.
Point-to-point subinterfaces: Each subinterface is on its
own subnet. Broadcasts and Split Horizon not a problem
because each point-to-point connection is its own subnet.
Multipoint subinterfaces: All participating remote
interfaces would be in the same subnet. Broadcasts and
routing updates are also subject to the Split Horizon Rule and
may pose a problem.

100
 Configuring Frame Relay
Subinterfaces
RTA(config)# interface s0/0
RTA(config-if)# encapsulation frame-relay
RTA(config-if)# no shut
Router(config-if)#interface serial S0/0.1{multipoint|point-to-point}
Router(config-subif)# frame-relay interface-dlci dlci-number

Subinterface can be configured after the physical interface has been configured for Frame Relay
encapsulation
Subinterface numbers can be specified in interface configuration mode or global configuration mode.
Subinterface number can be between 1 and 4294967295.
At this point in the subinterface configuration, either configure a static Frame Relay map or use the
frame-relay interface-dlci command.
The frame-relay interface-dlci command associates the selected subinterface with a DLCI.

101
Configuring Frame Relay Subinterfaces

The “frame-relay interface-dlci” command is required for all

point-to-point subinterfaces.

It is also required for multipoint subinterfaces for which inverse ARP is

enabled.

It is not required for multipoint subinterfaces that are configured with

static frame-relay map. 102
Point-to-point Subinterfaces
Single PVC
S0.1 S0.1= 1.1.1.0/24
S0.2
S0 S0.2= 2.2.2.0/24
Single PVC

A single subinterface is used to establish one PVC connection to

another physical or subinterface on a remote router.
In this case, the interfaces would be:
 Each interface have a single DLCI (point-to-point)
Each point-to-point connection is its own subnet.
In this environment, broadcasts are not a problem because the
routers are point-to-point and acts as a seperate interface.

103
Point-to-point Subinterfaces

With point-to-point subinterfaces you:

Cannot have multiple DLCIs associated with a
single point-to-point subinterface
Cannot use frame-relay map statements
Cannot use Inverse-ARP

104
 Point-to-point Subinterfaces
frame-relay interface-dlci

Point-to-point subinterface configuration, minimum of two commands:

Router(config)# interface Serial0.1 point-to-point

Router(config-subif)#frame-relay interface-dlci dlci-no

Rules:
1. No Frame-Relay map statements can be used with point-to-point
subinterfaces.
2. One and only one DLCI can be associated with a each point-to-point
subinterface
By the way, encapsulation is must be done only at the physical interface:

105
 Point-to-Point Subinterfaces at the
Hub and Spokes
Interface Serial0 (for all routers)
encapsulation frame-relay
no ip address
no shut
HUB
S0.102 S0.103
Hub 172.16.2.1/24 172.16.1.1/24
interface Serial0.102 point-to-point
ip address 172.16.2.1 255.255.255.0 dlci 102 dlci 103
frame-relay interface-dlci 102
!
interface Serial0.103 point-to-point
ip address 172.16.1.1 255.255.255.0 PVC PVC
frame-relay interface-dlci 103 FR Cloud

Spoke1
interface Serial0.201 point-to-point
ip address 172.16.2.2 255.255.255.0 dlci 201 dlci 301
frame-relay interface-dlci 201 S0.301
S0.201 172.16.1.2/24
172.16.2.2/24
Spoke2
interface Serial0.301 point-to-point SPOKE2
ip address 172.16.1.2 255.255.255.0 SPOKE1
frame-relay interface-dlci 301 TWO subnets
106
Multipoint Subinterfaces

Multiple PVC
S0.1 S0.1= 1.1.1.0/24
S0.2
S0 S0.2=2.2.2.0/24
Multiple PVC

Share many of the same characteristics as a physical Frame-Relay

interface

With multipoint subinterface you;

can have multiple DLCIs assigned to it.
can use frame-relay map & interface dlci statements
can use Inverse-ARP

107
Multipoint subinterface at the Hub and
Point-to-Point Subinterfaces at the one Spoke

Interface Serial0 (for all routers)

encapsulation frame-relay
no ip address
no shut
HUB
Hub S0.1 172 .16.10.1/24
interface Serial0.1 multipoint
ip address 172.16.10.1 255.255.255.0 dlci 102 dlci 103
frame-relay interface-dlci 102
frame-relay interface-dlci 103
no ip split-horizon
Spoke1 PVC PVC
interface Serial0.21 point-to-point FR
ip address 172.16.10.2 255.255.255.0
frame-relay interface-dlci 201
Spoke2
interface Serial0 dlci 301
ip address 172.16.10.3 255.255.255.0 dlci 201
encapsulation frame-relay S0.21 S0
172.16.10.2/24 172.16.10.3/24
Notes: Highly scalable solution
Disable Split Horizon on Hub router when
running a distance vector routing protocol. SPOKE1 SPOKE2
--This configuration works similar to our One subnet
108
first configuration example (slide 59 )
109
Summary

 There are three aspects of troubleshooting frame relay:

troubleshooting the link, troubleshooting the mapping from one
router to another, and troubleshooting routing across a frame
relay network.
 Use the show interface serial and show frame-relay lmi
commands to verify Layer 1 and Layer 2 link failures. Use the
show frame-relay map and show frame-relay pvc commands
to test connectivity between routers.
Module Summary

 Site-to-site VPNs secure traffic between intranet and extranet

peers. Remote-access VPNs secure communications from the
telecommuter to the central office.
 PPP can be configured on both asynchronous and synchronous
point-to-point links. PPP supports both PAP and CHAP
authentication.
 Frame Relay interfaces can be either point-to-point or multipoint
interfaces.
 To troubleshoot Frame Relay connections, use the commands
show frame relay lmi, show frame relay pvc, and show frame
relay map.