Pages

CCNA Chapter 5 Ethernet

Ethernet standards define both the Layer 2 protocols and the Layer 1 technologies.
Ethernet has evolved from a shared media, contention-based data communications technology to today's high bandwidth, full-duplex technology.
It is a family of networking technologies that are defined in the IEEE 802.2 and 802.3 standards.

Ethernet provides unacknowledged connectionless service over a shared media using CSMA/CD as the media access methods. 

Contention based will refer to anything that shares the same electrical bus or the same airspace. Both CSMA/CD and CSMA/CA for wireless will apply to contention based. remember hubs create one big collision domain and as a result you have a half duplex environment which results in only one node being able to transmit at a time. Each node has to listen to the wire before sending a frame. Same applies to wireless medium.


Contention-based:
1) share a broadcast medium (same collision domain)
2) one station transmits at a time
3) collisions exist
4) devices must wait their turn. In wireless, a device must have a RTS/RTC. In CSMA/CD each device listens to the wire, specifically electrical signals. If the wire is free they sent. If the wire is busy they don't sent. if they send at same time, a collision occurs, jam signal and random backoff timers are executed.

Ethernet supports data bandwidths of:
- 10 Mb/s
- 100 Mb/s
- 1000 Mb/s (1 Gb/s)
- 10,000 Mb/s (10 Gb/s)
- 40,000 Mb/s (40 Gb/s)
- 100,000 Mb/s (100 Gb/s)

10BaseT notation meaning
 - The leading number (10 in 10BASE-T) refers to the transmission speed in Mbit/s.
 - BASE
denotes that baseband transmission is used.
 - The T designates twisted pair cable, where the pair of wires for each signal is twisted together to reduce radio frequency interference and crosstalk between pairs. Where there are several standards for the same transmission speed, they are distinguished by a letter or digit following the T, such as TX.

Baseband is type of transmission that is using current to send signal over the wire as digital wave. It can transmit only one signal at a time, due to requirement of the exclusive use of the wire. This type of transmission is allowing only on device to transmit in the network at one time, while other devices need to wait for the end of transmission.
While in some cases baseband supports full-duplexing, in most cases the half-duplexing is used for sending signals upstream and downstream.

Ethernet is using baseband for LANs. If the data is needed to be send to a server, network interface card is making request to use the wire. While the wire is busy, NIC retries its request. When the wire is available, the data is being sent. The process takes milliseconds and is not noticeable by user.

Broadband is using analog signal that is modulated. It is used to transmit cable TV to premises. Broadband is using different frequencies which increases amount of data it can carry at one time. The amount of data is higher 25 times compared to the baseband. Usually broadband is transmitting data in one direction, towards user. If user needs to send data, an individual channel is used for data and special amplifiers are used for data separation. While broadband signal can travel longer distances it is having additional expenses due to the use of extra equipment.


Troubleshooting MAC/ARP

For L2 switches (if no L3 interface)
Switch>sh arp
    (none)

Switch>sh mac-address-table
          Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0010.11d9.7401    DYNAMIC     Fa0/2
   1    0030.f22a.61a9    DYNAMIC     Fa0/1
For L2 switch with L3 interface (vlan interface)
Switch#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.2             0   0030.F22A.61A9  ARPA   Vlan1
Internet  192.168.1.5             -   0000.0C6B.39D0  ARPA   Vlan1
Switch#sh mac-address-table
          Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0010.11d9.7401    DYNAMIC     Fa0/2
   1    0030.f22a.61a9    DYNAMIC     Fa0/1
For L3 Switches or router
SW-4500#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.5.0.10           0   0009.44a3.841a  ARPA   Vlan19
Internet  1.1.1.1                 -   0012.daa3.6a3f  ARPA   GigabitEthernet1/1
SW-4500#sh mac-address-table
Unicast Entries
 vlan   mac address     type        protocols               port
-------+---------------+--------+---------------------+--------------------
   1    0009.44a3.841a   dynamic other                 GigabitEthernet5/1   
   4    0009.4499.201b   dynamic ip                    GigabitEthernet7/22
LLC sublayer 
The Ethernet LLC sublayer handles the communication between the upper layers and the lower layers. This is typically between the networking software and the device hardware.
The LLC sublayer takes the network protocol data, which is typically an IPv4 packet, and adds control information to help deliver the packet to the destination node.
LLC is implemented in software, and its implementation is independent of the hardware. 

MAC sublayer
MAC constitutes the lower sublayer of the data link layer. MAC is implemented by hardware, typically in the computer NIC.

 Ethernet is a contention-based method of networking.
 Recall that a contention-based method, or non-deterministic method, means that any device can try to transmit data across the shared medium whenever it has data to send.
 However, much like if two people try to talk simultaneously, if multiple devices on a single medium attempt to forward data simultaneously, the data will collide resulting in corrupted, unusable data.

CSMA
The CSMA process is used to first detect if the media is carrying a signal. If a carrier signal on the media from another node is detected, it means that another device is transmitting.

It is possible that the CSMA process will fail and two devices will transmit at the same time. This is called a data collision. If this occurs, the data sent by both devices will be corrupted and will need to be resent.

CSMA/Collision Detection
In CSMA/Collision Detection (CSMA/CD), the device monitors the media for the presence of a data signal. If a data signal is absent, indicating that the media is free, the device transmits the data. If signals are then detected that show another device was transmitting at the same time, all devices stop sending and try again later.
Today’s intermediate devices, collisions do not occur and the processes utilized by CSMA/CD are really unnecessary.

CSMA/Collision Avoidance
In CSMA/CA, the device examines the media for the presence of a data signal. If the media is free, the device sends a notification across the media of its intent to use it. The device then sends the data. This method is used by 802.11 wireless networking technologies.

MAC Address
An Ethernet MAC address is a 48-bit binary value expressed as 12 hexadecimal digits (4 bits per hexadecimal digit).

Number conversions:
binary  0000 1010
2^      7654 3210
decimal 0000 8020 = 10(sum)
DECIMAL 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
HEX     0 1 2 3 4 5 6 7 8 9  A  B  C  D  E  F 10 11
he IEEE assigns the vendor first 3-byte (24-bit) code, called the Organizationally Unique Identifier (OUI). 
The MAC address is often referred to as a burned-in address (BIA) because, is burned into ROM (Read-Only Memory) on the NIC.
Note: On modern PC operating systems and NICs, it is possible to change the MAC address in software.
The address formats might be similar to:
00-05-9A-3C-78-00
00:05:9A:3C:78:00
0005.9A3C.7800
Ethernet Types
There are two styles of Ethernet framing:
 - IEEE 802.3 Ethernet standard which has been updated several times to include new technologies,
 - the DIX Ethernet standard which is now referred to Ethernet II.

The most significant difference between the two standards is the addition of a Start Frame Delimiter (SFD) and the change of the Type field to a Length field in the 802.3.
Ethernet II is the Ethernet frame format used in TCP/IP networks.

Both the Ethernet II and IEEE 802.3 standards define the minimum frame size as 64 bytes and the maximum as 1518 bytes. 
This includes all bytes from the Destination MAC Address field through the Frame Check Sequence (FCS) field. The Preamble and Start Frame Delimiter fields are not included when describing the size of a frame.

Any frame less than 64 bytes in length is considered a "collision fragment" or "runt frame" and is automatically discarded by receiving stations.

The IEEE 802.3ac (802.1Q VLAN + 802.1p priority information) standard, released in 1998, extended the maximum allowable frame size to 1522 bytes. 


At the data link layer the frame structure is nearly identical. At the physical layer different versions of Ethernet vary in their method for detecting and placing data on the media.

Ethernet frame
Blue - Ethernet II Frame
Orange - Ethernet II Frame with transmition overhead
1) Start of Frame (Preamble and Start Frame Delimiter Fields)
2) Destination MAC Address Field
3) Source MAC Address Field
4) Length Field (Ethertype): For any IEEE 802.3 standard earlier than 1997 the Length field defines the exact length of the frame's data field. This is used later as part of the FCS to ensure that the message was received properly. Otherwise the purpose of the field is to describe which higher-layer protocol is present. If the two-octet value is equal to or greater than 0x0600 hexadecimal or 1536 decimal, then the contents of the Data field are decoded according to the EtherType protocol indicated. Whereas if the value is equal to or less than 0x05DC hexadecimal or 1500 decimal then the Length field is being used to indicate the use of the IEEE 802.3 frame format. This is how Ethernet II and 802.3 frames are differentiated.
0x0800  - IPv4 Protocol
0x0806  - Address resolution protocol (ARP) 
5) Data Field: This field (46 - 1500 bytes)
6) Frame Check Sequence Field: The Frame Check Sequence (FCS) field (4 bytes) is used to detect errors in a frame. It uses a cyclic redundancy check (CRC).

Type of Ethernet destionations
In Ethernet, different MAC addresses are used for Layer 2 unicast, broadcast, and multicast communications.
A unicast MAC address is the unique address used when a frame is sent from a single transmitting device to a single destination device.

A broadcast packet contains a destination IP address that has all ones (1s) in the host portion. This numbering in the address means that all hosts on that local network (broadcast domain) will receive and process the packet.
On Ethernet networks, the broadcast MAC address is 48 ones displayed as hexadecimal FF-FF-FF-FF-FF-FF.

Multicast addresses allow a source device to send a packet to a group of devices. Devices that belong to a multicast group are assigned a multicast group IP address. The range of IPv4 multicast addresses is 224.0.0.0 to 239.255.255.255.

The multicast MAC address is a special value that begins with 01-00-5E in hexadecimal.
The remaining portion of the multicast MAC address is created by converting the lower 23 bits of the IP multicast group address into 6 hexadecimal characters.

Verify IP Configuration
C:\SC>ipconfig /all
Windows IP Configuration
Ethernet adapter vlan999:
   Description . . . . . . . . . . . : Realtek Virtual Adapter #6
   Physical Address. . . . . . . . . : 06-0A-99-A2-C8-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

ARP
The ARP protocol provides two basic functions:
- Resolving IPv4 addresses to MAC addresses (find MAC from known IP),
- Maintaining a table of mappings (ARP table ro ARP cache).

ARP relies on certain types of Ethernet broadcast messages and Ethernet unicast messages, called ARP requests and ARP replies.

ARP request as shown in the figure. An ARP request is a Layer 2 broadcast to all devices on the Ethernet LAN. The ARP request contains the IP address of the destination host and the broadcast MAC address, FFFF.FFFF.FFFF.

Additionally, static map entries can be entered in an ARP table, but this is rarely done. Static ARP table entries do not expire over time and must be manually removed.

If the destination IPv4 host is not on the local network, the source node needs to deliver the frame to the router interface that is the gateway or next hop used to reach that destination.
The source node will use the MAC address of the gateway as the destination address for frames containing an IPv4 packet addressed to hosts on other networks. 

ARP mechanism
When a node encapsulates a data packet into a frame, it needs the destination MAC address.
 1) check if the destination device is on the local network or on a remote network.
 2) checks the ARP table (not the MAC table) to see if a pair of IP address and MAC address exists for either the destination IP address (if the destination host is on the local network) or the default gateway IP address (if the destination host is on a remote network).
 3) If the match does not exist, it generates an ARP broadcast to seek the IP address to MAC address resolution. Because the destination MAC address is unknown, the ARP request is broadcast with the MAC address FFFF.FFFF.FFFF.
4) Either the destination device (if in local network) or the default gateway (if destination is in remote network) will respond with its MAC address, which enables the sending node to assemble the frame.
5) If no device responds to the ARP request, then the originating node will discard the packet because a frame cannot be created. 


ARP cache
For each device, an ARP cache timer removes ARP entries that have not been used for a specified period of time. The times differ depending on the device and its operating system.
For example, some Windows operating systems store ARP cache entries for 2 minutes. If the entry is used again during that time, the ARP timer for that entry is extended to 10 minutes.

Router#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.10           0   0009.4423.841a  ARPA   Vlan97
Internet  1.1.1.1                 -   0012.caa3.6a3f  ARPA   GigabitEthernet1/1
Internet  85.0.59.24            0   0015.5174.4a88  ARPA   Vlan999
Windows>arp -a
Interface: 172.18.13.68 --- 0x2e
  Internet Address      Physical Address      Type
  172.18.13.61         cc-ef-48-d8-6c-08     dynamic
  172.18.13.62         00-19-99-a2-c8-1f     dynamic
  172.18.13.76         12-22-99-a2-c8-1d     dynamic
  172.18.13.91         ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
ARP Issues
Overhead on the Media
As a broadcast frame, an ARP request is received and processed by every device on the local network.
On a typical business network, these broadcasts would probably have minimal impact on network performance.

Security
In some cases, the use of ARP can lead to a potential security risk. ARP spoofing, or ARP poisoning, is a technique used by an attacker to inject the wrong MAC address association into a network by issuing fake ARP requests. An attacker forges the MAC address of a device and then frames can be sent to the wrong destination.
Manually configuring static ARP associations is one way to prevent ARP spoofing. Authorized MAC addresses can be configured on some network devices to restrict network access to only those devices listed.

Broadcast and security issues related to ARP can be mitigated with modern switches. 

LAN Switches
A Layer 2 LAN switch performs switching and filtering based only on the OSI data link layer (Layer 2) MAC address.
A switch is completely transparent to network protocols and user applications. 
Layer 2 switches depend on routers to pass data between independent IP subnetworks.

A switch determines how to handle incoming data frames by using its MAC address table.
A switch builds its MAC address table by recording the MAC addresses of the nodes connected to each of its ports.

When an incoming data frame is received by a switch and the destination MAC address is not in the table, the switch forwards the frame out all ports, except for the port on which it was received. 

Note: The MAC address table is sometimes referred to as a content addressable memory (CAM) table.

Typically, switch ports used to interconnect two switches have multiple MAC addresses recorded in the MAC address table. 

Duplex
Though transparent to network protocols and user applications, switches can operate in different modes:
Half Duplex communication relies on unidirectional data flow where sending and receiving data are not performed at the same time:
 - CSMA/CD (high probability of collision),
 - Hubs,
 - unidirectional flow,
 - low perfomance.

Full-duplex communication - data flow is bidirectional, so data can be sent and received at the same time:
 - point-to point only,
 - dedicated switch port,
 - requires full-duplex at the both ends,
 - collision free,
 - high performance.
 - the collision detect circuit is disabled.

A Cisco Catalyst switch supports three duplex settings:
 - The full option sets full-duplex mode.
 - The half option sets half-duplex mode.
 - The auto option sets autonegotiation of duplex mode. With autonegotiation enabled, the two ports communicate to decide the best mode of operation.

For Fast Ethernet and 10/100/1000 ports, the default is auto. 
For 100BASE-FX ports, the default is full. 
For 10/100/1000 ports operate in either half- or full-duplex mode when they are set to 10 or 100 Mb/s, but when set to 1,000 Mb/s, they operate only in full-duplex mode.

Auto MDIX
In addition to having the correct duplex setting, it is also necessary to have the correct cable type defined for each port.
Instead, most switch devices now support the mdix auto interface configuration command in the CLI to enable the automatic medium-dependent interface crossover (auto-MDIX) feature. 

The auto-MDIX feature is enabled by default on switches running Cisco IOS Release 12.2(18)SE or later.
For releases between Cisco IOS Release 12.1(14)EA1 and 12.2(18)SE, the auto-MDIX feature is disabled by default.

Forwarding methods
In the past, switches used one of the following forwarding methods for switching data between network ports:
 - Store-and-forward switching (receive entire frame and compute CRC),
 - Cut-through switching (forward frame before it is entirely received)

Cut-through:
The switch buffers just enough of the frame to read the destination MAC address so that it can determine to which port to forward the data.
The switch does not perform any error checking on the frame.

Cut-through switching is faster than store-and-forward switching, but it forwards corrupt frames throughout the network.

There are two variants of cut-through switching:
 - Fast-forward switching (offers the lowest level of latency) - immediately forwards a packet after reading the destination address and is the typical cut-through method of switching.
 - Fragment-free switching - the switch stores the first 64 bytes of the frame before forwarding (most network errors and collisions occur during the first 64 bytes).

Some switches are configured to perform cut-through switching on a per-port basis until a user-defined error threshold is reached and then they automatically change to store-and-forward. When the error rate falls below the threshold, the port automatically changes back to cut-through switching.

Buffers
There are two methods of memory buffering:
 - port-based - frames are stored in queues that are linked to specific incoming and outgoing ports. It is possible for a single frame to delay the transmission of all the frames in memory because of a busy destination port.
 - shared memory - deposits all frames into a common memory buffer that all the ports on the switch share. The frames in the buffer are linked dynamically to the destination port. This allows the packet to be received on one port and then transmitted on another port, without moving it to a different queue.

The number of frames stored in the buffer is restricted by the size of the entire memory buffer and not limited to a single port buffer.
This is especially important to asymmetric switching. Asymmetric switching allows for different data rates on different ports.

Fixed/modular switches
Switch product lines are classified by forwarding rates.
Entry-layer switches have lower forwarding rates than enterprise-layer switches.
Other considerations include whether the device is stackable or non-stackable as well as the thickness of the switch (expressed in number of rack units), and port density, or the number of ports available on a single switch. The port density of a device can vary depending on whether the device is a fixed configuration device or a modular device.

Fixed Configuration Switches - you cannot add features or options to the switch beyond those that originally came with the switch

Modular Switches - typically come with different sized chassis that allow for the installation of different numbers of modular line cards

* The Catalyst 3560 switches have Switch Form-Factor Pluggable (SFP) ports that support a number of SFP transceiver modules:
 - 100BASE-FX (multimode fiber-optic (MMF)) for 2 kilometers (km),
 - 100BASE-ZX (SMF) for 80 km,
 - 1000BASE-LX/LH (SMF/MMF) up to 10/0.550 k,
 - 1000BASE-T (copper wire transceiver),
 - 10G-SR-X (MMF) up to 400 m (supporting extended temperature range),
 - 10G-ER (SMF) up to 40 km,
 - 10G-ZR (SMF) up to 80 km,
 - 10G Twinax (copper wire transceiver) up to 10 m
 - 10G Active Optical up to 10 m (for intra/inter-rack connections)

* 40 Gigabit Ethernet and 100 Gigabit Ethernet modules are supported on high-end Cisco devices, such as the Catalyst 6500, the CRS router, the ASR 9000 series router, and the Nexus 7000 series switch.

Layer3 Switch

A Layer 3 switch, such as the Catalyst 3560, functions similarly to a Layer 2 switch, such as the Catalyst 2960, but instead of using only the Layer 2 MAC address information for forwarding decisions, a Layer 3 switch can also use IP address information:
 - learn which IP addresses are associated with its interfaces,
 - capable of performing Layer 3 routing functions.

CEF
Cisco devices which support Layer 3 switching utilize Cisco Express Forwarding (CEF). This forwarding method is quite complex, but fortunately, like any good technology, is carried out in large part "behind the scenes". Normally very little CEF configuration is required on a Cisco device.
The two main components of CEF operation are the:
 - Forwarding Information Base (FIB),
 - Adjacency tables.

The FIB is conceptually similar to a routing table.
A router uses the routing table to determine best path to a destination network based on the network portion of the destination IP address. With CEF, information previously stored in the route cache is, instead, stored in several data structures for CEF switching. The data structures provide optimized lookup for efficient packet forwarding. A networking device uses the FIB lookup table to make destination-based switching decisions without having to access the route cache.

The FIB is updated when changes occur in the network and contains all routes known at the time.

Adjacency tables maintain Layer 2 next-hop addresses for all FIB entries.

CEF is enabled by default on most Cisco devices that perform Layer 3 switching.

Layer 3 interfaces
Cisco networking devices support a number of distinct types of Layer 3 interfaces. A Layer 3 interface is one that supports forwarding IP packets toward a final destination based on the IP address.
The major types of Layer 3 interfaces are: 
- Switch Virtual Interface (SVI) - Logical interface on a switch associated with a virtual local area network (VLAN). Also known as VLAN-interface.
- Routed Port - Physical port on a Layer 3 switch configured to act as a router port. 
- Layer 3 EtherChannel - Logical interface on a Cisco device associated with a bundle of routed ports.

SVIs must also be configured to allow routing between VLANs.
As stated, SVIs are logical interfaces configured for specific VLANs; to route between two or more VLANs, each VLAN must have a separate SVI enabled.

Routed ports enable (Layer 3) Cisco switches to effectively serve as routers. Each port on such a switch can be configured as a port on an independent IP network.
Layer 3 EtherChannels are used to bundle Layer 3 Ethernet links between Cisco devices in order to aggregate bandwidth, typically on uplinks.
Note: In addition to SVIs and L3 EtherChannels, other logical interfaces on Cisco devices include loopback interfaces and tunnel interfaces.

A switch port can be configured to be a Layer 3 routed port and behave like a regular router interface. Specifically, a routed port:
 - Is not associated with a particular VLAN.
 - Can be configured with a Layer 3 routing protocol.
 - Is a Layer 3 interface only and does not support Layer 2 protocol.
interface fa0/6
no switchport
ip address 192.168.1.5 255.255.255.0
no shutdown
History of Ethernet, and why it is called so
http://www.netevents.tv/video/bob-metcalfe-the-history-of-ethernet