TLDRI denne introduksjonsvideoen til kurset om CCNP ENCOR-eksamen, fokuseres det på prinsippene for videresending på Layer 2. Det gis en gjennomgang av OSI-modellen, inkludert hvordan de ulike lagene muliggjør kommunikasjon over nettverk, og forskjellen mellom OSI- og TCP/IP-modellene. Kollisjons- og broadcast-domener blir også forklart; kollisjonsdomener som tidligere var mer vanlige med eldre nettverksteknologier, mens broadcast-domener fortsatt er relevante for dagens nettverksdesign. Videoen beskriver hvordan svitsjer bruker MAC-adressetabeller for videresending av rammer og tilbyr innblikk i hvordan svitsjer lærer og lagrer MAC-adresser. Videre diskuteres forskjellige typer meldinger, inkludert unicast, multicast og broadcast, og hvordan disse håndteres av svitsjer.
- 00:00:06Welcome to Jeremy’s IT Lab.
- 00:00:09This is a complete course for the CCNP ENCOR, Enterprise Core, exam.
- 00:00:14This course will cover all topics you need to know to pass the ENCOR exam.
- 00:00:18In the first section of this course we will look at how packets and frames are forwarded
- 00:00:22over a network.
- 00:00:24In this video we will mainly cover Layer 2 forwarding.
- 00:00:28Much of the information in this video will be review of topics you already studied in
- 00:00:31the CCNA, but we will also cover some new information so make sure to watch this video.
- 00:00:37Here’s what we’ll cover.
- 00:00:39First we will briefly review the OSI model.
- 00:00:42This is, of course, something you should already have learned in your CCNA studies.
- 00:00:46However, I understand that all of the things you learned in the CCNA aren’t necessarily
- 00:00:51fresh in your mind.
- 00:00:53So, throughout the course we will include plenty of short review sections to ensure
- 00:00:57your understanding of the fundamentals is fresh.
- 00:01:00In such review sections, we will also look at additional details that weren’t mentioned
- 00:01:04in the CCNA course.
- 00:01:06Next we will cover collision and broadcast domains.
- 00:01:10These are also two concepts you should already know from the CCNA, but we will review and
- 00:01:15clarify them.
- 00:01:17Then we will review the Layer 2 forwarding process, how switches use information in the
- 00:01:21Layer 2 header to forward frames to the correct destination.
- 00:01:26Finally we will look at the MAC address table in greater detail than we did in the CCNA
- 00:01:31course.
- 00:01:32Note that, although most of the videos in this course will be shorter, this is going
- 00:01:36to be a fairly long video.
- 00:01:38However, much of the information in this video is review from the CCNA so it shouldn’t
- 00:01:44be overwhelming.
- 00:01:45Okay, let’s get started.
- 00:01:47So, here are the 7 layers of the OSI model, from top to bottom: Application, Presentation,
- 00:01:55Session, Transport, Network, Data Link, and Physical.
- 00:01:59Each of these layers describes different functions necessary to allow computers to communicate
- 00:02:03over networks.
- 00:02:04For example, the Physical layer defines physical media such as cables, connectors, and radio
- 00:02:10frequency used for the transmission and reception of raw bits.
- 00:02:15On the other end, the Application layer provides an interface between applications, for example
- 00:02:20a web browser, and the network using Application layer protocols like HTTP.
- 00:02:26The OSI model is very helpful because it provides a reference for us to conceptualize and talk
- 00:02:31about networks.
- 00:02:32However, as you’re probably aware the actual framework we are using in modern networks
- 00:02:37is not OSI, but rather TCP/IP.
- 00:02:43The TCP/IP model shown in the middle of this slide was defined in RFC 1122.
- 00:02:48It differs from the OSI model in that the upper layers 5, 6, and 7 are combined into
- 00:02:54one layer referred to as the Application layer, and the data link and physical layers are
- 00:02:59combined into one layer called the Link layer.
- 00:03:02This is the reference model as defined by RFC 1122.
- 00:03:06However, there have been many different definitions of these layers over the years.
- 00:03:11The model I think is most useful for network engineers is this five layer model, which
- 00:03:16splits up the link layer back into two layers.
- 00:03:20I’m including a 7 in brackets here for the Application layer because we often refer to
- 00:03:25anything above Layer 4 as Layer 7, rather than Layer 5.
- 00:03:29I think that’s a carry over from the OSI model.
- 00:03:32The main purpose of these conceptual models is to help us think about and talk about networks.
- 00:03:38However, I don’t think it’s very useful to be too attached to them.
- 00:03:42Try googling for ‘is ARP Layer 2 or layer 3?’ or ‘is ICMP Layer 3 or Layer 4?’
- 00:03:49You’ll find lots of discussions and arguments online, but personally I don’t think worrying
- 00:03:54about which layer a protocol actually belongs to is very helpful.
- 00:03:58Some protocols don’t necessarily fit neatly into a single layer, and in any case it’s
- 00:04:03more important to understand the protocols themselves than to fit them into a conceptual
- 00:04:08model like TCP/IP.
- 00:04:11With that said, the OSI and TCP/IP models are still great tools to help us understand
- 00:04:16how networks work.
- 00:04:18As I mentioned, there have been many different definitions over the years.
- 00:04:23I took this chart from Wikipedia.
- 00:04:26All of these here are five layer models, and I think a five-layer model is the best and
- 00:04:30also the most common way to think about networks these days.
- 00:04:35Just note that, depending on the author, different names can be used for different layers, for
- 00:04:39example Layer 3 might be called the Internet layer or the Network layer.
- 00:04:44There’s no need to learn or memorize these different versions of the TCP/IP suite, but
- 00:04:49you can check the Wikipedia page if you’re interested.
- 00:04:54Each host on the network runs a ‘network stack’, consisting of the hardware and software
- 00:04:58that allows it to communicate over the network.
- 00:05:02The upper layers prepare some data to send over the network.
- 00:05:05However, for two devices to actually communicate over the network we need more than just this.
- 00:05:10First, a Layer 4 header is added to the data.
- 00:05:14As you know, this is probably a TCP or UDP header.
- 00:05:18This combination of data and Layer 4 header is called a segment.
- 00:05:23Layer 4 of the device on the left wants to send this segment to Layer 4 of the device
- 00:05:28on the right, however it’s not ready yet.
- 00:05:31At Layer 3 another header is added, with information like source and destination IP addresses to
- 00:05:36provide routing.
- 00:05:38This is now called a packet.
- 00:05:40Again, Layer 3 of the left device wants to send this packet to Layer 3 of the right device,
- 00:05:46but it’s still not ready yet.
- 00:05:48At Layer 2 a header and trailer are added.
- 00:05:52Layer 2 allows for addressing within a segment, within a LAN.
- 00:05:56For example, it allows a host to address this message to its default gateway, at Layer 2,
- 00:06:01while still addressing the inside packet to the final destination host at Layer 3.
- 00:06:07As you know, this process of adding headers to the data before sending it over the network
- 00:06:11is called encapsulation.
- 00:06:14And the final frame is now sent over the network.
- 00:06:18The device on the right receives the frame, and at Layer 2 checks the info there.
- 00:06:23For example, it checks if the destination MAC address is its own MAC address.
- 00:06:28If it is, it opens up the package further to check out Layer 3.
- 00:06:32Note that if the destination MAC address is not its own, or not another MAC address it
- 00:06:37is interested in such as the broadcast MAC address, the device would discard the frame
- 00:06:41before looking at Layer 3.
- 00:06:43No point in looking any further inside.
- 00:06:46But in this case it is the correct address, so it checks the Layer 3 info such as destination
- 00:06:51address.
- 00:06:52Again, it is the receiving host’s IP address so the host knows the packet is destined for
- 00:06:57it.
- 00:06:58It then looks inside at the Layer 4 information, and if all is good it removes that too.
- 00:07:03This process of removing headers and trailers from a received frame is called de-encapsulation.
- 00:07:10This diagram shows the process.
- 00:07:13Host A is sending a message to Host B, and there are two routers in between them.
- 00:07:19The application layer of Host A wants to communicate with the application layer of host B. For
- 00:07:24example maybe host A is trying to use HTTP to retrieve a web page from host B. To facilitate
- 00:07:32this communication, the lower layersencapsulate the data like this.
- 00:07:37At Layer 2, the message is now a frame.
- 00:07:40Note that at Layer 2, the message is not destined for Host B, but rather the for first router.
- 00:07:46The destination MAC address is the MAC address of the router.
- 00:07:50The frame is sent over the physical medium and arrives at the router, which notices that
- 00:07:54the frame is destined for the router’s own MAC address.
- 00:07:58It looks further inside and notices that the Layer 3 address is not its own address.
- 00:08:03So, it knows that it has to route the packet, not receive it.
- 00:08:07It uses its routing table to look up the next hop, uses its ARP table to look up the MAC
- 00:08:13address of the next hop and once again encapsulates the packet to make a frameand send it over
- 00:08:18the physical medium to the next router.
- 00:08:22This router goes through the same process as the other router, and once again sends
- 00:08:26its frame over the physical medium to host B. Host B then proceeds to de-encapsulate
- 00:08:31the message like this, and then finally the message from host A’s application layer
- 00:08:36has reached host B’s application layer.
- 00:08:39By the way, don’t worry if you have forgotten the details of forwarding messages at Layer
- 00:08:432 and Layer 3.
- 00:08:45In this video and others we will review those concepts before moving on to more advanced
- 00:08:50topics.
- 00:08:51But I think this diagram gives a good overview of how messages are encapsulated, de-encapsulated
- 00:08:56and re-encapsulated as a message travels over a network.
- 00:09:02The next fundamental topics we will review are collision and broadcast domains, collision
- 00:09:07domains first.
- 00:09:09Early networking technologies like Thinnet, aka 10BASE-2 and Thicknet, aka 10BASE-5 involved
- 00:09:17connecting all devices to the same network cable, which was a coaxial cable, as opposed
- 00:09:21to the current UTP cables we’re all used to now.
- 00:09:24Here’s what a thinnet ethernet cable looks like, and the connector is known as BNC, again
- 00:09:31different than the RJ45 connectors we use today.
- 00:09:34Here’s another picture with a BNC T connector, called ‘T’ because of the shape.
- 00:09:39T connectors like this were used to connect devices to the shared cable.
- 00:09:45Signals sent over the cable are received by all connected devices, here’s a simple illustration.
- 00:09:52The problem with this is that if two hosts attempt to communicate over the network at
- 00:09:56the same time, collisions occur.
- 00:09:59To deal with this, devices use CSMA/CD, Carrier Sense Multiple Access with Collision Detection.
- 00:10:06I covered CSMA/CD in the CCNA, basically when devices detect a collision on the cable each
- 00:10:13device waits a random period of time before attempting to transmit again.
- 00:10:18Communications like this, in which devices can both send and receive data, but can’t
- 00:10:22do both at the same time are called half-duplex.
- 00:10:24Duplex means traffic can go both ways, a device can both send and receive.
- 00:10:31Half means that it can only do one at a time.
- 00:10:35And we use the term collision domain to refer to a network segment where simultaneous data
- 00:10:39transmissions will collide.
- 00:10:41So, when devices were connected together using Thinnet or Thicknet like this, they are all
- 00:10:46in the same collision domain.
- 00:10:48Only one device can transmit at a time.
- 00:10:52Now we’ll look at something you’ll recognize from CCNA studies.
- 00:10:56The Ethernet Hub is a precursor to the Ethernet Switch.
- 00:11:00It serves a similar purpose as a switch, to connect end hosts to the LAN, but hubs function
- 00:11:06like multi-port repeaters: a signal received on one port is repeated out of all other ports.
- 00:11:13Hubs are not Layer 2 aware, they do not look at the destination MAC address of the Ethernet
- 00:11:17header to decide where to forward a frame.
- 00:11:20They just repeat signals out of all ports.
- 00:11:24Hubs also have no ability to buffer frames to forward them later, so when a signal is
- 00:11:28received it is immediately repeated out of all other ports.
- 00:11:32This causes problems, because if two devices connected to a hub send data at the same time
- 00:11:38the hub will attempt to repeat both signals at the same time, resulting in a collision.
- 00:11:43The signals that once carried data become a mess that no device can understand.
- 00:11:48So, like with the previous examples of Thinnet and Thicknet all devices connected to a hub
- 00:11:54are in the same collision domain and must operate in half-duplex, using CSMA/CD to deal
- 00:12:00with collisions.
- 00:12:01Here’s a quick example with four PCs connected to a hub.
- 00:12:06These two PCs send frames at the same time, and the hub repeats each frame out of its
- 00:12:11other ports, resulting in collisions.
- 00:12:14In older, very small networks hubs were viable, but in modern networks you’ll probably never
- 00:12:19see a hub, and that’s a good thing.
- 00:12:22Now we have switches, and switches are more intelligent than hubs, they are Layer 2 aware.
- 00:12:28This means that they look at and understand the Layer 2 information of a frame, such as
- 00:12:32the source and destination MAC addresses, and use that information to learn about where
- 00:12:37devices are connected and forward frames only to the intended destination, whenever possible.
- 00:12:44Another major benefit is that switches have the ability to buffer frames before sending
- 00:12:48them.
- 00:12:49This is the reason that, whereas all devices connected to a hub are in the same collision
- 00:12:54domain, that is not true for switches.
- 00:12:57If a switch receives two broadcast frames at the same time, it will not try to flood
- 00:13:01both out of a single interface at the same time.
- 00:13:04One message will be buffered and then transmitted only after the other frame is sent.
- 00:13:10This means that devices connected to a switch are all in separate collision domains, and
- 00:13:15therefore devices can operate in full-duplex.
- 00:13:18Devices can send and receive traffic at the same time.
- 00:13:21There should be no worry of collisions, unless there is something like a hardware fault or
- 00:13:25misconfiguration causing problems.
- 00:13:28Here’s that same example topology as before, with a switch instead of a hub.
- 00:13:34Two PCs send broadcast frames at the same time, and instead of causing collisions two
- 00:13:39of the interfaces buffer the ‘blue’ broadcast frame and only forward it after forwarding
- 00:13:43the red one.
- 00:13:44So, the switch has broken up the single large collision domain into four smaller ones, greatly
- 00:13:50increasing the efficiency of communications in the LAN.
- 00:13:54Now let’s test your understanding of collision domains, how many collision domains are there
- 00:14:00in this network?
- 00:14:02Now this isn’t a very well-designed network, but we’re just checking if you understand
- 00:14:06how collision domains work.
- 00:14:08Remember, every port on a switch is its own collision domain, and every port on a hub
- 00:14:13is in the same collision domain.
- 00:14:15Also every router port is in its own collision domain.
- 00:14:19Routers operate using Layer 3 logic, they don’t flood frames.
- 00:14:22Now, you may have to pause the video to think about what happens when hubs are connected
- 00:14:26to switches like in this network.
- 00:14:28Anyway, let’s check the answers.
- 00:14:31First, this group of ports here are all in the same collision domain.
- 00:14:36These two hubs will flood frames without any buffer which means that if any two devices
- 00:14:40transmit at the same time, you can expect collisions to occur.
- 00:14:44I said that all switch ports are in their own collision domain, so why are two of this
- 00:14:49switch’s ports in the same collision domain here?
- 00:14:52It’s because they are connected together via hubs, which means they are actually in
- 00:14:56the same collision domain.
- 00:14:59This link here, though, is a separate collision domain, because switches are able to break
- 00:15:03up collision domains, they are more intelligent than hubs.
- 00:15:07This link between the router and other switch is another collision domain, and the other
- 00:15:12interfaces of this switch are in their own collision domains too.
- 00:15:16This switch port here is a unique collision domain too, and this group of links is the
- 00:15:20final collision domain, all in one collision domain because of the hub connecting them
- 00:15:24together.
- 00:15:25So, there are a total of 9 collision domains in this network.
- 00:15:30If you got the answer wrong, don’t worry.
- 00:15:32We’ll do another practice question in the quiz after the video.
- 00:15:37Next we’ll look at broadcast domains.
- 00:15:40A broadcast domain is a logical division of a network in which all nodes can reach each
- 00:15:44other by Layer 2 broadcast.
- 00:15:47Another way to put it is a group of devices which will receive a broadcast frame sent
- 00:15:52by any one of the other devices in that group.
- 00:15:55As you know, all devices connected to a switch are in the same broadcast domain, because
- 00:16:00switches flood broadcast frames.
- 00:16:03If one device sends a broadcast message, all other devices connected to that switch will
- 00:16:08receive it.
- 00:16:09Now, VLANs can be used to divide up broadcast domains on a switch, however we will review
- 00:16:15VLANs in a different section of the course so let’s not cover them now.
- 00:16:18As opposed to switches, each router interface is a unique broadcast domain, because routers
- 00:16:24do not forward Layer 2 broadcast messages.
- 00:16:27So, let’s practice identifying broadcast domains.
- 00:16:31How many are there in the network below?
- 00:16:33Pause the video now if you want to figure it out, now let’s check the answer.
- 00:16:38Here’s one broadcast domain.
- 00:16:40A broadcast frame sent from any one of the interfaces in this group will reach all of
- 00:16:45the others, so they are in one broadcast domain.
- 00:16:49Note that, although I said each interface on a router is a unique broadcast domain,
- 00:16:53these two are actually in the same broadcast domain because they connect to the same switch.
- 00:16:58They will receive each others’ Layer 2 broadcast messages.
- 00:17:01Here’s a second broadcast domain, and this connection between the two routers is a broadcast
- 00:17:06domain too, they will receive each others’ broadcast messages.
- 00:17:11And finally this group of devices is also in a single broadcast domain.
- 00:17:15So, in this network there are four broadcast domains.
- 00:17:20Collision domains are something we don’t really have to think about in modern wired
- 00:17:23networks thanks to switches, but broadcast domains are definitely something you should
- 00:17:27be aware of and trying to minimize through the use of VLANs.
- 00:17:32Now let’s move on to the next topic, Layer 2 forwarding, which refers to the process
- 00:17:38switches use to forward frames within a LAN.
- 00:17:42Switches use information in the Layer 2 header to determine where to forward frames.
- 00:17:47As an aside, although routers operate ‘at layer 3’, they are still Layer 2 aware as
- 00:17:53they must inspect the destination MAC address of frames they receive to check if the frame
- 00:17:58is destined for the router itself, and then use Layer 2 to address frames to the next
- 00:18:03hop device, or to the final destination host if the router is the last one in the path.
- 00:18:09Some CCNA students ask why routers need to encapsulate packets within an Ethernet frame
- 00:18:14even though routers are supposed to operate ‘at Layer 3’, so I just wanted to clear
- 00:18:18that up.
- 00:18:20Routers use Layer 3 information to decide where to forward packets, but that doesn’t
- 00:18:24mean they can ignore Layer 2.
- 00:18:26Back to the topic, there are four main message types to be aware of from a Layer 2 forwarding
- 00:18:31perspective, see if you can guess what they are.
- 00:18:35The first three you should already be aware of.
- 00:18:38Known unicast frames are forwarded to a specific destination host, unknown unicast frames are
- 00:18:43flooded within the VLAN, same for broadcast frames.
- 00:18:47And there is one more message type: multicast, which by default is flooded as well.
- 00:18:52I briefly mentioned multicast from a Layer 3 perspective in my CCNA course, but didn’t
- 00:18:57mention multicast MAC addresses.
- 00:19:00Later in this course we will look at multicast in more detail.
- 00:19:05Before looking at an example of each message type, let’s quickly review how MAC addresses
- 00:19:09are structured.
- 00:19:11MAC addresses are 48 bits in length, however we usually write them in hexadecimal to make
- 00:19:16them more human-readable, resulting in 12 hex digits.
- 00:19:19I have an example MAC address here.
- 00:19:23Why have I colored the first half blue and the second half red?
- 00:19:27The first half, so the first 24 bits or 6 hex digits, is the OUI, organizationally unique
- 00:19:34identifier.
- 00:19:35OUI’s are assigned by the IEEE to organizations, and then only that organization is allowed
- 00:19:41to use that OUI.
- 00:19:43Large organizations, like Cisco, will have multiple different OUIs that they assign to
- 00:19:47their devices.
- 00:19:49This one here, 0cf5.a4, belongs to Cisco.
- 00:19:54Then, the second half of the MAC address, so the last 24 bits or 6 hex digits, is specific
- 00:20:00to the NIC, Network Interface Card, of the device.
- 00:20:04For example, this is the MAC address of my switch’s fastethernet0/1 interface.
- 00:20:11Other MAC addresses used by my switch, for example the MAC addresses of its other interfaces,
- 00:20:16or the system MAC address that identifies the switch in spanning tree protocol, would
- 00:20:20have the same OUI, 0cf5.a4, but a different second half of the MAC address.
- 00:20:28Note that you may see a MAC addresses written like this instead, with a hyphen between every
- 00:20:33other hex digit.
- 00:20:35For example if you view the MAC address of a Windows PC with the ‘ipconfig /all’
- 00:20:40command, it will be displayed like this, whereas Cisco displays MAC addresses like the example
- 00:20:45above.
- 00:20:46Now let’s see how each Layer 2 message type works, and also review how switches dynamically
- 00:20:53build their MAC address table.
- 00:20:55In this network a router and three PCs are connected to SW1, and SW1’s MAC address
- 00:21:00table is currently empty.
- 00:21:02R1 sends a unicast frame.
- 00:21:05The source MAC is R1’s MAC, all A’s, and the destination is PC1’s MAC, all 1’s.
- 00:21:12When the frame arrives at SW1, what happens first?
- 00:21:15SW1 checks the source MAC of the frame, and because it doesn’t have an entry for the
- 00:21:20MAC address yet it dynamically learns R1’s MAC address.
- 00:21:25Because SW1 received a frame from MAC address all A’s on interface G0/0, it knows that
- 00:21:31it can reach that MAC address on that interface in the future.
- 00:21:35However, it doesn’t know how to reach the destination MAC of the frame, all 1’s.
- 00:21:39That’s why this is an unknown unicast frame.
- 00:21:43So what does SW1 do with the frame?
- 00:21:46It floods the frame out of all ports except the port the frame was received on.
- 00:21:51Note that, if some of these ports were in different VLANs the frame would not be flooded
- 00:21:55out of them, but for this example all ports are in VLAN 1.
- 00:22:00Now, PC2 and PC3 see that the destination MAC is not their own, so they drop the frame.
- 00:22:07PC1, on the other hand, is the destination of the frame so it will receive and process
- 00:22:12it.
- 00:22:13Note that, in reality R1 would probably send a broadcast ARP request to learn PC1’s MAC
- 00:22:19address before sending this unicast message, and in that process SW1 would have already
- 00:22:25learned both R1 and PC1’s MAC addresses.
- 00:22:28I’m just using this example to demonstrate how unknown unicast messages are flooded.
- 00:22:33Now let’s say PC1 sends a response to R1’s message.
- 00:22:39The source MAC of the frame is PC1’s, and the destination is R1’s.
- 00:22:44First, SW1 uses the source MAC address field of the frame to dynamically learn PC1’s
- 00:22:50MAC address and add it to the MAC address table.
- 00:22:53Then what does SW1 do with the frame?
- 00:22:56Because it already has an entry for the all A’s MAC address, it simply forwards the
- 00:23:00frame out of the appropriate port.
- 00:23:03Note that switches can only forward frames between ports in the same VLAN.
- 00:23:07In this case both are in VLAN 1, so that is no problem.
- 00:23:11So, there’s actually no difference between unknown and known unicast frames.
- 00:23:15They are both frames destined for a single host.
- 00:23:19The difference is how a switch handles the frame.
- 00:23:22If a switch doesn’t have an entry for the destination in its MAC address table, it floods
- 00:23:26the frame.
- 00:23:28If it does have an entry, it forwards it only out of the appropriate port.
- 00:23:34Next up, broadcast.
- 00:23:36PC2 sends a broadcast frame, source MAC of all 2’s and destination of all F’s, which
- 00:23:41is the broadcast MAC address.
- 00:23:44When SW1 receives this frame, it first adds an entry for PC2’s MAC address in its MAC
- 00:23:50address table.
- 00:23:52Then what does it do with the frame?
- 00:23:53As you already know, it will flood it to all ports in the same VLAN, except the port the
- 00:23:58frame was received on, so it doesn’t flood the frame back out of G0/2.
- 00:24:03Now let’s say PC3 responds to PC2’s broadcast message, this time with a unicast frame destined
- 00:24:11for PC2.
- 00:24:12First, SW1 uses the source MAC field of the frame to add an entry for PC3’s MAC in the
- 00:24:18MAC address table, and what does it do next?
- 00:24:22What kind of frame is this?
- 00:24:23It’s destined for the all 2’s MAC address, and SW1 already has an entry for it in it’s
- 00:24:29MAC address table, so it’s a known unicast frame.
- 00:24:33SW1 just forwards it out of the appropriate port.
- 00:24:38Finally let’s look at what a switch does with a multicast frame.
- 00:24:42Remember, unicast means one to one, broadcast means one to all, and multicast means one
- 00:24:49to many, but not necessarily all.
- 00:24:51So, what will a switch do with a frame destined for a multicast MAC address like this?
- 00:24:57By default, Layer 2 multicast messages will be flooded like a broadcast message.
- 00:25:02You probably have a lot of questions about multicast, but we will cover it in another
- 00:25:07section of the course so let’s leave it at that for now.
- 00:25:11Just know that switches flood multicast frames by default.
- 00:25:16For the last topic, let’s take a closer look at the MAC address table and how you
- 00:25:20can configure it.
- 00:25:22Here is the output of SHOW MAC ADDRESS-TABLE on my Catalyst 2960 switch.
- 00:25:29Notice all of the static entries, as indicated with a type of STATIC.
- 00:25:33I did not statically configure these, but rather they are there by default for various
- 00:25:37purposes.
- 00:25:39For example, this first entry, 0100.0ccc.cccc is a multicast MAC address used for protocols
- 00:25:47such as CDP, VTP, and DTP.
- 00:25:52Notice that under the ‘ports’ column it says CPU.
- 00:25:55This means when a switch receives a frame with this destination MAC, it should send
- 00:26:00it to the CPU for processing.
- 00:26:02Otherwise it would merely flood the frame, and wouldn’t actually look at the information
- 00:26:06inside the, for example, CDP message.
- 00:26:10This next one is used for PVST, Per-VLAN Spanning-Tree, and this one is used for IEEE standard Spanning-Tree
- 00:26:17Protocol.
- 00:26:19All of the other static entries here have similar purposes, they are there to allow
- 00:26:23certain protocols to function, because the switch should actually open up and inspect
- 00:26:27the contents of those protocol’s messages.
- 00:26:30Also, as you may have noticed, the broadcast MAC address is included here, because the
- 00:26:35contents of a broadcast message may be of interest to the switch, so it should send
- 00:26:40the frame to the CPU for processing.
- 00:26:43And at the bottom there are two dynamic entries, one for my home router and the other for my
- 00:26:47PC.
- 00:26:50As you should already be aware, dynamic MAC addresses do not stay in the table permanently.
- 00:26:56The default aging time of a dynamic MAC address is 300 seconds, so 5 minutes.
- 00:27:02If a MAC address isn’t seen by the switch for 5 minutes, meaning if the switch doesn’t
- 00:27:06receive a frame from that MAC address, its dynamic entry will be removed.
- 00:27:12However every time a frame is received from that MAC address, the timer is reset back
- 00:27:16to 5 minutes.
- 00:27:18Typically this 5 minute timer doesn’t cause any issues, but you can, if you want, change
- 00:27:24this setting.
- 00:27:25The command is MAC ADDRESS-TABLE AGING-TIME from global configuration mode.
- 00:27:31Here you can configure the aging time in seconds.
- 00:27:34The minimum is 10 seconds, as indicated by the ‘10 to 1 million’ range, oras I’ve
- 00:27:40highlighted here you can set it to 0 to disable aging entirely.
- 00:27:44Dynamic MAC addresses will never be removed from the MAC address table unless you do it
- 00:27:48manually.
- 00:27:49I decided to configure it as 0, just for demonstration purposes.
- 00:27:54Let me repeat, usually there is no reason the actually change the default timer.
- 00:27:59Note that with the VLAN option of the command, you can actually change the aging time per
- 00:28:03VLAN.
- 00:28:04If you look back up at the output of SHOW MAC ADDRESS-TABLE AGING-TIME, that’s why
- 00:28:08you can see the empty chart with VLAN and aging-time columns.
- 00:28:13I decided to just change the global aging time, not per-VLAN.
- 00:28:18And now the dynamic MAC address aging time is 0.
- 00:28:21My switch will keep dynamic MAC addresses in the MAC address table permanently.
- 00:28:28Another interesting thing is that you can actually disable dynamic MAC address learning
- 00:28:31entirely.
- 00:28:33SHOW MAC ADDRESS-TABLE LEARNING shows us the status of dynamic MAC address learning per
- 00:28:37VLAN.
- 00:28:38As you can see, it’s enabled on all VLANs by default.
- 00:28:41These VLANs shown here are the VLANs that currently exist on my switch.
- 00:28:46To disable learning, use the command NO MAC ADDRESS-TABLE LEARNING VLAN, and then the
- 00:28:52VLAN or VLANs you want to disable it on, for example I disabled it on VLANs 10, 12, 13,
- 00:28:58and 14.
- 00:29:00As you can see, learning has indeed been disabled for MAC addresses in those VLANs.
- 00:29:06To be honest, this is another configuration you probably won’t need to use.
- 00:29:10Perhaps if an attacker is performing a MAC flooding attack, you could disable MAC address
- 00:29:14learning on the target VLAN or VLANs, but even in that case there are probably better
- 00:29:19options.
- 00:29:20Now, typically we leave building the MAC address table up to the switch.
- 00:29:26The dynamic method works fine and is totally hands-off.
- 00:29:29However, in some cases you may want to manually configure a MAC address on a switch, like
- 00:29:35configuring a static route on a router.
- 00:29:38Here you can see the two dynamic MAC addresses in my switch’s table.
- 00:29:42Note that I’m not displaying the default static MAC addresses here since they take
- 00:29:46up too much space.
- 00:29:47Here’s how to configure a static entry in the MAC address table.
- 00:29:52This is the format of the command: MAC ADDRESS-TABLE STATIC, followed by the MAC address, VLAN,
- 00:29:58then the VLAN ID, INTERFACE, and then the interface ID.
- 00:30:03Another option instead of specifying the interface is DROP.
- 00:30:06What does this do?
- 00:30:08It means the switch will drop all traffic for this MAC address.
- 00:30:12In the next lab video we’ll demonstrate this.
- 00:30:14So, here’s the output of SHOW MAC ADDRESS-TABLE after configuring those two static entries.
- 00:30:21Note that, the DROP entry I configured is actually my PC’s MAC address.
- 00:30:25I carelessly entered that command while I was connected to the switch via SSH, and then
- 00:30:30I immediately lost my connection to the switch.
- 00:30:33The switch was dropping all frames destined for my PC.
- 00:30:36So, I had to get my laptop and connect to the switch’s console port, and then delete
- 00:30:40the DROP entry so that my PC could connect again.
- 00:30:44Fortunately this is just my home network, not a work environment!
- 00:30:50Although usually you leave it up to the switch to clear out the MAC address table as necessary
- 00:30:54as dynamic addresses age out, you can also manually clear all or some of the dynamic
- 00:30:59MAC addresses in the table.
- 00:31:02Notice I used the command SHOW MAC ADDRESS-TABLE DYNAMIC to view only dynamic MAC addresses.
- 00:31:08In this example there are two.
- 00:31:11To clear the dynamic MAC addresses, use the command CLEAR MAC ADDRESS-TABLE DYNAMIC, and
- 00:31:17note that this command is done from privileged exec mode, not global config mode.
- 00:31:21I used the question mark to view additional options, and note that you can filter by address,
- 00:31:27to remove only a specific MAC address, by interface to only remove MAC addresses learned
- 00:31:32on a specific interface, or VLAN to only remove MAC addresses learned in a specific VLAN.
- 00:31:38I just decided to remove all dynamic MAC addresses, and as you can see SHOW MAC ADDRESS-TABLE
- 00:31:44DYNAMIC displays nothing.
- 00:31:47Switches only have a certain amount of memory, and it is possible for a switch to learn so
- 00:31:51many MAC addresses that it can’t learn any more.
- 00:31:55At the bottom of the SHOW MAC ADDRESS-TABLE output it does show a MAC address count, 22
- 00:32:00in this case, but there’s a better way.
- 00:32:02SHOW MAC ADDRESS-TABLE COUNT displays the number of dynamic MAC addresses, static MAC
- 00:32:07addresses, and the total, as well as the total MAC address space available on the switch
- 00:32:12at the bottom.
- 00:32:13Note, as I’ve highlighted, that the total in this command displays 2, whereas above
- 00:32:18it displays 22.
- 00:32:20Why is that?
- 00:32:21It’s because all of those static entries that are in the switch by default are not
- 00:32:25included in this count.
- 00:32:26That’s also why SHOW MAC ADDRESS-TABLE COUNT is showing 0 static addresses, even though
- 00:32:31you can see plenty of them above.
- 00:32:35Final point, I just want to show how you can filter the output of the SHOW MAC ADDRESS-TABLE
- 00:32:40command, as we saw with SHOW MAC ADDRESS-TABLE DYNAMIC a couple slides back.
- 00:32:45I’ve highlighted the options you can use to filter the display, such as searching for
- 00:32:49a specific address with the ADDRESS option, or filter by interface, VLAN, etc.
- 00:32:56And if you select an option like DYNAMIC you can then further filter the output by address,
- 00:33:00interface, and VLAN.
- 00:33:02I recommend experimenting with these show commands in the lab to get used to them.
- 00:33:07Here’s a summary of the commands we looked at.
- 00:33:11If you have access to Cisco devices, whether they are hardware or virtual, I recommend
- 00:33:16spending some time in the lab exploring the available commands and trying them out.
- 00:33:21In this video I introduced some commands we didn’t cover in the CCNA, but there are
- 00:33:25still more available and they might be worth checking out.
- 00:33:28And that is true not just for this lesson, but for all future lessons too.
- 00:33:33Labbing is a part of studying that you simply can’t skip, and don’t just lab what I
- 00:33:37teach you in these videos.
- 00:33:39Spend some time experimenting with the other available commands.
- 00:33:43So, here’s what we covered in this video.
- 00:33:47We started with a review of the OSI model, then collision and broadcast domains.
- 00:33:53We also reviewed how Layer 2 forwarding is done using MAC addresses, and finally looked
- 00:33:58at the MAC address table; how to configure it and view it.
- 00:34:02Much of this video was review, but we also looked at a few new things.
- 00:34:06Finally let’s move on to the quiz.
- 00:34:09Here’s quiz question 1.
- 00:34:12How many collision domains are there in the network below?
- 00:34:16Pause now to think about your answer.
- 00:34:23Here are all of the collision domains in this network, 8 in total.
- 00:34:27Fortunately, these days we don’t have to worry much about collision domains in wired
- 00:34:31networks thanks to switches, but still they are important network fundamentals.
- 00:34:35Let’s go to question 2.
- 00:34:40How many broadcast domains are there in the network below?
- 00:34:43Pause the video now to think about your answer.
- 00:34:50Here are the broadcast domains in this network, 7 in total.
- 00:34:54To help you visualize it, these arrows show some example broadcast messages and which
- 00:34:59devices they would reach, indicating the broadcast domains.
- 00:35:03Remember, a broadcast domain is the group of devices that would receive a broadcast
- 00:35:07message sent by one of the group’s members.
- 00:35:10Okay let’s go to question 3.
- 00:35:14Which of the following Ethernet header fields does a switch use to make a forwarding decision?
- 00:35:20Pause the video now to think about your answer.
- 00:35:25Okay, the answer is B, destination MAC address.
- 00:35:31In Layer 2 forwarding, switches don’t look at Layer 3 information, so C and D can be
- 00:35:36ruled out because they mention IP addresses.
- 00:35:39Plus the question mentions the Ethernet header, and IP addresses are not part of the Ethernet
- 00:35:44header.
- 00:35:45As for A, the source MAC address field of Ethernet frames is used to build the switch’s
- 00:35:50MAC address table, but when it comes to actually forwarding a frame it looks at the destination
- 00:35:55MAC address field and makes a forwarding decision, so B is the correct answer.
- 00:36:00Let’s go to question 4.
- 00:36:06Which of the following message types is NOT flooded by a switch?
- 00:36:10Pause the video now to think about your answer.
- 00:36:14Okay, the answer is D, known unicast.
- 00:36:21Broadcast messages are always flooded, multicast messages are flooded by default, and unknown
- 00:36:26unicast messages are flooded because the switch doesn’t yet know the correct port to forward
- 00:36:30the frame out of.
- 00:36:32Known unicast messages are not flooded, because the switch already has an entry for the destination
- 00:36:37in its MAC address table, so it can forward the frame out of the appropriate port.
- 00:36:42Let’s go to question 5.
- 00:36:46Which of the following commands can be use to disable dynamic MAC address aging?
- 00:36:52Pause the video now to think about your answer.
- 00:36:57Okay, the answer is B, MAC ADDRESS-TABLE AGING-TIME 0.
- 00:37:05C and D are not real commands, and what about A?
- 00:37:09Actually, A could be used to return the aging-time setting to default.
- 00:37:14For example, if you used the command MAC ADDRESS-TABLE AGING-TIME 0 to disable MAC address aging,
- 00:37:21command A, NO MAC ADDRESS-TABLE AGING-TIME would remove that command and return it to
- 00:37:27the default setting of 300 seconds.
- 00:37:29Okay, that’s all for the quiz and today’s video.
