CCNP ENCOR // Layer 2 Forwarding // ENCOR 350-401 Complete Course

00:39:23
https://www.youtube.com/watch?v=VNMyGOA_LoY

Ringkasan

TLDRI denne introduksjonsvideoen til kurset om CCNP ENCOR-eksamen, fokuseres det på prinsippene for videresending på Layer 2. Det gis en gjennomgang av OSI-modellen, inkludert hvordan de ulike lagene muliggjør kommunikasjon over nettverk, og forskjellen mellom OSI- og TCP/IP-modellene. Kollisjons- og broadcast-domener blir også forklart; kollisjonsdomener som tidligere var mer vanlige med eldre nettverksteknologier, mens broadcast-domener fortsatt er relevante for dagens nettverksdesign. Videoen beskriver hvordan svitsjer bruker MAC-adressetabeller for videresending av rammer og tilbyr innblikk i hvordan svitsjer lærer og lagrer MAC-adresser. Videre diskuteres forskjellige typer meldinger, inkludert unicast, multicast og broadcast, og hvordan disse håndteres av svitsjer.

Takeaways

  • 📘 Innledning til Layer 2 videresending.
  • 📚 Gjennomgang av OSI-modellen og TCP/IP-modellen.
  • 🔄 Forklaring av kollisjons- og broadcast-domener.
  • 🔍 Detaljert visning av hvordan svitsjer fungerer.
  • 💡 Hvordan MAC-adressetabellen bygges og brukes.
  • 🔎 Forskjeller mellom unicast, multicast og broadcast.
  • 🔧 Praktisk bruk av MAC-adressetabellen.
  • 🎓 Repetisjon av CCNA-kunnskap med nye detaljer.
  • 💭 Betydning av nettverkskjennskap for CCNP.
  • 🔐 Viktigheten av trygge nettverksdesign.

Garis waktu

  • 00:00:00 - 00:05:00

    Kurset dekker alle emner nødvendig for å bestå CCNP ENCOR-eksamenen, inkludert en gjennomgang av OSI-modellen, kollisjons- og utsendelsesdomener, og prosessen med Layer 2 videresending.

  • 00:05:00 - 00:10:00

    Fremgangsmåten for hvordan data emballeres når de sendes over nettverket, kalt innkapsling, beskrives, samt prosessen som heter dekapsling når dataene mottas.

  • 00:10:00 - 00:15:00

    Utforskning av kollisjonsdomener i tidlige nettverksteknologier, hvordan huber fungerer som flerveis repeatere, og hvordan svitsjer forbedrer effektiviteten i kommunikasjon.

  • 00:15:00 - 00:20:00

    Vi diskuterer hvordan svitsjer gir mulighet for full dupleks kommunikasjon, samt analysere antall kollisjonsdomener i forskjellige nettverksoppsett.

  • 00:20:00 - 00:25:00

    Broadcast-domener blir presentert sammen med eksempler på hvordan de kan identifiseres i nettverk, og hvordan svitsjer flommer kringkastinger.

  • 00:25:00 - 00:30:00

    Se på Layer 2 videresending, med vekt på forskjellen mellom unicast, multicast, og broadcast meldinger og hvordan disse er håndtert av svitsjer.

  • 00:30:00 - 00:39:23

    Grundig gjennomgang av MAC adresse-tabellen, dens konfigurasjon og visning av dynamiske og statiske adresser, samt hvordan du manuelt kan rense adressetabellen.

Tampilkan lebih banyak

Peta Pikiran

Video Tanya Jawab

  • Hva er hovedinnholdet i denne videoen?

    Videoen dekker temaer relatert til Layer 2 videresending, inkludert OSI-modellen, kollisjons- og broadcast-domener, og bruken av MAC-adressetabeller.

  • Hva er OSI-modellen?

    OSI-modellen er en referansemodell med syv lag som beskriver funksjoner for å muliggjøre kommunikasjon over et nettverk.

  • Hva er forskjellen mellom OSI-modellen og TCP/IP-modellen?

    OSI-modellen har syv lag, mens TCP/IP-modellen vanligvis har fem lag (der øvre lag er kombinert), og fokuserer mer på protokoller som faktisk brukes i moderne nettverk.

  • Hva er et kollisjonsdomene?

    Et kollisjonsdomene er et nettverkssegment der dataoverføringer kan kollidere, vanlig når enheter deler en felles kommunikasjonsbane.

  • Hvordan fungerer et broadcast-domene?

    Et broadcast-domene er en logisk inndeling av et nettverk der alle tilkoblede enheter kan motta broadcast-meldinger sendte av noen innenfor samme domene.

  • Hva er Layer 2 videresending?

    Layer 2 videresending refererer til prosessen svitsjer bruker for å videresende rammer innen et LAN (Local Area Network) ved å bruke MAC-adresser.

  • Hvordan lærer en svitsj MAC-adresser?

    En svitsj lærer MAC-adresser dynamisk ved å lese kilde-MAC-adresser fra innkommende rammer og lagre dem i en MAC-adressetabell.

  • Hva gjør en svitsj med en kjent unicast-ramme?

    En svitsj videresender en kjent unicast-ramme gjennom den spesifikke porten som er knyttet til måladressen i MAC-adressetabellen.

  • Hva er forskjellen på en unicast, multicast og broadcast-ramme?

    Unicast-rammer er ment for én spesifikk mottaker, multicast-rammer er ment for en gruppemottakere, mens broadcast-rammer er ment for alle noder på nettverket innen et broadcast-domene.

  • Hva er formålet med MAC-adressetabellen i en switch?

    MAC-adressetabellen hjelper svitsjen med å vite hvilke porter som skal brukes for å videresende rammer til bestemte MAC-adresser.

Lihat lebih banyak ringkasan video

Dapatkan akses instan ke ringkasan video YouTube gratis yang didukung oleh AI!
Teks
en
Gulir Otomatis:
  • 00:00:06
    Welcome to Jeremy’s IT Lab.
  • 00:00:09
    This is a complete course for the CCNP ENCOR, Enterprise Core, exam.
  • 00:00:14
    This course will cover all topics you need to know to pass the ENCOR exam.
  • 00:00:18
    In the first section of this course we will look at how packets and frames are forwarded
  • 00:00:22
    over a network.
  • 00:00:24
    In this video we will mainly cover Layer 2 forwarding.
  • 00:00:28
    Much of the information in this video will be review of topics you already studied in
  • 00:00:31
    the CCNA, but we will also cover some new information so make sure to watch this video.
  • 00:00:37
    Here’s what we’ll cover.
  • 00:00:39
    First we will briefly review the OSI model.
  • 00:00:42
    This is, of course, something you should already have learned in your CCNA studies.
  • 00:00:46
    However, I understand that all of the things you learned in the CCNA aren’t necessarily
  • 00:00:51
    fresh in your mind.
  • 00:00:53
    So, throughout the course we will include plenty of short review sections to ensure
  • 00:00:57
    your understanding of the fundamentals is fresh.
  • 00:01:00
    In such review sections, we will also look at additional details that weren’t mentioned
  • 00:01:04
    in the CCNA course.
  • 00:01:06
    Next we will cover collision and broadcast domains.
  • 00:01:10
    These are also two concepts you should already know from the CCNA, but we will review and
  • 00:01:15
    clarify them.
  • 00:01:17
    Then we will review the Layer 2 forwarding process, how switches use information in the
  • 00:01:21
    Layer 2 header to forward frames to the correct destination.
  • 00:01:26
    Finally we will look at the MAC address table in greater detail than we did in the CCNA
  • 00:01:31
    course.
  • 00:01:32
    Note that, although most of the videos in this course will be shorter, this is going
  • 00:01:36
    to be a fairly long video.
  • 00:01:38
    However, much of the information in this video is review from the CCNA so it shouldn’t
  • 00:01:44
    be overwhelming.
  • 00:01:45
    Okay, let’s get started.
  • 00:01:47
    So, here are the 7 layers of the OSI model, from top to bottom: Application, Presentation,
  • 00:01:55
    Session, Transport, Network, Data Link, and Physical.
  • 00:01:59
    Each of these layers describes different functions necessary to allow computers to communicate
  • 00:02:03
    over networks.
  • 00:02:04
    For example, the Physical layer defines physical media such as cables, connectors, and radio
  • 00:02:10
    frequency used for the transmission and reception of raw bits.
  • 00:02:15
    On the other end, the Application layer provides an interface between applications, for example
  • 00:02:20
    a web browser, and the network using Application layer protocols like HTTP.
  • 00:02:26
    The OSI model is very helpful because it provides a reference for us to conceptualize and talk
  • 00:02:31
    about networks.
  • 00:02:32
    However, as you’re probably aware the actual framework we are using in modern networks
  • 00:02:37
    is not OSI, but rather TCP/IP.
  • 00:02:43
    The TCP/IP model shown in the middle of this slide was defined in RFC 1122.
  • 00:02:48
    It differs from the OSI model in that the upper layers 5, 6, and 7 are combined into
  • 00:02:54
    one layer referred to as the Application layer, and the data link and physical layers are
  • 00:02:59
    combined into one layer called the Link layer.
  • 00:03:02
    This is the reference model as defined by RFC 1122.
  • 00:03:06
    However, there have been many different definitions of these layers over the years.
  • 00:03:11
    The model I think is most useful for network engineers is this five layer model, which
  • 00:03:16
    splits up the link layer back into two layers.
  • 00:03:20
    I’m including a 7 in brackets here for the Application layer because we often refer to
  • 00:03:25
    anything above Layer 4 as Layer 7, rather than Layer 5.
  • 00:03:29
    I think that’s a carry over from the OSI model.
  • 00:03:32
    The main purpose of these conceptual models is to help us think about and talk about networks.
  • 00:03:38
    However, I don’t think it’s very useful to be too attached to them.
  • 00:03:42
    Try googling for ‘is ARP Layer 2 or layer 3?’ or ‘is ICMP Layer 3 or Layer 4?’
  • 00:03:49
    You’ll find lots of discussions and arguments online, but personally I don’t think worrying
  • 00:03:54
    about which layer a protocol actually belongs to is very helpful.
  • 00:03:58
    Some protocols don’t necessarily fit neatly into a single layer, and in any case it’s
  • 00:04:03
    more important to understand the protocols themselves than to fit them into a conceptual
  • 00:04:08
    model like TCP/IP.
  • 00:04:11
    With that said, the OSI and TCP/IP models are still great tools to help us understand
  • 00:04:16
    how networks work.
  • 00:04:18
    As I mentioned, there have been many different definitions over the years.
  • 00:04:23
    I took this chart from Wikipedia.
  • 00:04:26
    All of these here are five layer models, and I think a five-layer model is the best and
  • 00:04:30
    also the most common way to think about networks these days.
  • 00:04:35
    Just note that, depending on the author, different names can be used for different layers, for
  • 00:04:39
    example Layer 3 might be called the Internet layer or the Network layer.
  • 00:04:44
    There’s no need to learn or memorize these different versions of the TCP/IP suite, but
  • 00:04:49
    you can check the Wikipedia page if you’re interested.
  • 00:04:54
    Each host on the network runs a ‘network stack’, consisting of the hardware and software
  • 00:04:58
    that allows it to communicate over the network.
  • 00:05:02
    The upper layers prepare some data to send over the network.
  • 00:05:05
    However, for two devices to actually communicate over the network we need more than just this.
  • 00:05:10
    First, a Layer 4 header is added to the data.
  • 00:05:14
    As you know, this is probably a TCP or UDP header.
  • 00:05:18
    This combination of data and Layer 4 header is called a segment.
  • 00:05:23
    Layer 4 of the device on the left wants to send this segment to Layer 4 of the device
  • 00:05:28
    on the right, however it’s not ready yet.
  • 00:05:31
    At Layer 3 another header is added, with information like source and destination IP addresses to
  • 00:05:36
    provide routing.
  • 00:05:38
    This is now called a packet.
  • 00:05:40
    Again, Layer 3 of the left device wants to send this packet to Layer 3 of the right device,
  • 00:05:46
    but it’s still not ready yet.
  • 00:05:48
    At Layer 2 a header and trailer are added.
  • 00:05:52
    Layer 2 allows for addressing within a segment, within a LAN.
  • 00:05:56
    For example, it allows a host to address this message to its default gateway, at Layer 2,
  • 00:06:01
    while still addressing the inside packet to the final destination host at Layer 3.
  • 00:06:07
    As you know, this process of adding headers to the data before sending it over the network
  • 00:06:11
    is called encapsulation.
  • 00:06:14
    And the final frame is now sent over the network.
  • 00:06:18
    The device on the right receives the frame, and at Layer 2 checks the info there.
  • 00:06:23
    For example, it checks if the destination MAC address is its own MAC address.
  • 00:06:28
    If it is, it opens up the package further to check out Layer 3.
  • 00:06:32
    Note that if the destination MAC address is not its own, or not another MAC address it
  • 00:06:37
    is interested in such as the broadcast MAC address, the device would discard the frame
  • 00:06:41
    before looking at Layer 3.
  • 00:06:43
    No point in looking any further inside.
  • 00:06:46
    But in this case it is the correct address, so it checks the Layer 3 info such as destination
  • 00:06:51
    address.
  • 00:06:52
    Again, it is the receiving host’s IP address so the host knows the packet is destined for
  • 00:06:57
    it.
  • 00:06:58
    It then looks inside at the Layer 4 information, and if all is good it removes that too.
  • 00:07:03
    This process of removing headers and trailers from a received frame is called de-encapsulation.
  • 00:07:10
    This diagram shows the process.
  • 00:07:13
    Host A is sending a message to Host B, and there are two routers in between them.
  • 00:07:19
    The application layer of Host A wants to communicate with the application layer of host B. For
  • 00:07:24
    example maybe host A is trying to use HTTP to retrieve a web page from host B. To facilitate
  • 00:07:32
    this communication, the lower layersencapsulate the data like this.
  • 00:07:37
    At Layer 2, the message is now a frame.
  • 00:07:40
    Note that at Layer 2, the message is not destined for Host B, but rather the for first router.
  • 00:07:46
    The destination MAC address is the MAC address of the router.
  • 00:07:50
    The frame is sent over the physical medium and arrives at the router, which notices that
  • 00:07:54
    the frame is destined for the router’s own MAC address.
  • 00:07:58
    It looks further inside and notices that the Layer 3 address is not its own address.
  • 00:08:03
    So, it knows that it has to route the packet, not receive it.
  • 00:08:07
    It uses its routing table to look up the next hop, uses its ARP table to look up the MAC
  • 00:08:13
    address of the next hop and once again encapsulates the packet to make a frameand send it over
  • 00:08:18
    the physical medium to the next router.
  • 00:08:22
    This router goes through the same process as the other router, and once again sends
  • 00:08:26
    its frame over the physical medium to host B. Host B then proceeds to de-encapsulate
  • 00:08:31
    the message like this, and then finally the message from host A’s application layer
  • 00:08:36
    has reached host B’s application layer.
  • 00:08:39
    By the way, don’t worry if you have forgotten the details of forwarding messages at Layer
  • 00:08:43
    2 and Layer 3.
  • 00:08:45
    In this video and others we will review those concepts before moving on to more advanced
  • 00:08:50
    topics.
  • 00:08:51
    But I think this diagram gives a good overview of how messages are encapsulated, de-encapsulated
  • 00:08:56
    and re-encapsulated as a message travels over a network.
  • 00:09:02
    The next fundamental topics we will review are collision and broadcast domains, collision
  • 00:09:07
    domains first.
  • 00:09:09
    Early networking technologies like Thinnet, aka 10BASE-2 and Thicknet, aka 10BASE-5 involved
  • 00:09:17
    connecting all devices to the same network cable, which was a coaxial cable, as opposed
  • 00:09:21
    to the current UTP cables we’re all used to now.
  • 00:09:24
    Here’s what a thinnet ethernet cable looks like, and the connector is known as BNC, again
  • 00:09:31
    different than the RJ45 connectors we use today.
  • 00:09:34
    Here’s another picture with a BNC T connector, called ‘T’ because of the shape.
  • 00:09:39
    T connectors like this were used to connect devices to the shared cable.
  • 00:09:45
    Signals sent over the cable are received by all connected devices, here’s a simple illustration.
  • 00:09:52
    The problem with this is that if two hosts attempt to communicate over the network at
  • 00:09:56
    the same time, collisions occur.
  • 00:09:59
    To deal with this, devices use CSMA/CD, Carrier Sense Multiple Access with Collision Detection.
  • 00:10:06
    I covered CSMA/CD in the CCNA, basically when devices detect a collision on the cable each
  • 00:10:13
    device waits a random period of time before attempting to transmit again.
  • 00:10:18
    Communications like this, in which devices can both send and receive data, but can’t
  • 00:10:22
    do both at the same time are called half-duplex.
  • 00:10:24
    Duplex means traffic can go both ways, a device can both send and receive.
  • 00:10:31
    Half means that it can only do one at a time.
  • 00:10:35
    And we use the term collision domain to refer to a network segment where simultaneous data
  • 00:10:39
    transmissions will collide.
  • 00:10:41
    So, when devices were connected together using Thinnet or Thicknet like this, they are all
  • 00:10:46
    in the same collision domain.
  • 00:10:48
    Only one device can transmit at a time.
  • 00:10:52
    Now we’ll look at something you’ll recognize from CCNA studies.
  • 00:10:56
    The Ethernet Hub is a precursor to the Ethernet Switch.
  • 00:11:00
    It serves a similar purpose as a switch, to connect end hosts to the LAN, but hubs function
  • 00:11:06
    like multi-port repeaters: a signal received on one port is repeated out of all other ports.
  • 00:11:13
    Hubs are not Layer 2 aware, they do not look at the destination MAC address of the Ethernet
  • 00:11:17
    header to decide where to forward a frame.
  • 00:11:20
    They just repeat signals out of all ports.
  • 00:11:24
    Hubs also have no ability to buffer frames to forward them later, so when a signal is
  • 00:11:28
    received it is immediately repeated out of all other ports.
  • 00:11:32
    This causes problems, because if two devices connected to a hub send data at the same time
  • 00:11:38
    the hub will attempt to repeat both signals at the same time, resulting in a collision.
  • 00:11:43
    The signals that once carried data become a mess that no device can understand.
  • 00:11:48
    So, like with the previous examples of Thinnet and Thicknet all devices connected to a hub
  • 00:11:54
    are in the same collision domain and must operate in half-duplex, using CSMA/CD to deal
  • 00:12:00
    with collisions.
  • 00:12:01
    Here’s a quick example with four PCs connected to a hub.
  • 00:12:06
    These two PCs send frames at the same time, and the hub repeats each frame out of its
  • 00:12:11
    other ports, resulting in collisions.
  • 00:12:14
    In older, very small networks hubs were viable, but in modern networks you’ll probably never
  • 00:12:19
    see a hub, and that’s a good thing.
  • 00:12:22
    Now we have switches, and switches are more intelligent than hubs, they are Layer 2 aware.
  • 00:12:28
    This means that they look at and understand the Layer 2 information of a frame, such as
  • 00:12:32
    the source and destination MAC addresses, and use that information to learn about where
  • 00:12:37
    devices are connected and forward frames only to the intended destination, whenever possible.
  • 00:12:44
    Another major benefit is that switches have the ability to buffer frames before sending
  • 00:12:48
    them.
  • 00:12:49
    This is the reason that, whereas all devices connected to a hub are in the same collision
  • 00:12:54
    domain, that is not true for switches.
  • 00:12:57
    If a switch receives two broadcast frames at the same time, it will not try to flood
  • 00:13:01
    both out of a single interface at the same time.
  • 00:13:04
    One message will be buffered and then transmitted only after the other frame is sent.
  • 00:13:10
    This means that devices connected to a switch are all in separate collision domains, and
  • 00:13:15
    therefore devices can operate in full-duplex.
  • 00:13:18
    Devices can send and receive traffic at the same time.
  • 00:13:21
    There should be no worry of collisions, unless there is something like a hardware fault or
  • 00:13:25
    misconfiguration causing problems.
  • 00:13:28
    Here’s that same example topology as before, with a switch instead of a hub.
  • 00:13:34
    Two PCs send broadcast frames at the same time, and instead of causing collisions two
  • 00:13:39
    of the interfaces buffer the ‘blue’ broadcast frame and only forward it after forwarding
  • 00:13:43
    the red one.
  • 00:13:44
    So, the switch has broken up the single large collision domain into four smaller ones, greatly
  • 00:13:50
    increasing the efficiency of communications in the LAN.
  • 00:13:54
    Now let’s test your understanding of collision domains, how many collision domains are there
  • 00:14:00
    in this network?
  • 00:14:02
    Now this isn’t a very well-designed network, but we’re just checking if you understand
  • 00:14:06
    how collision domains work.
  • 00:14:08
    Remember, every port on a switch is its own collision domain, and every port on a hub
  • 00:14:13
    is in the same collision domain.
  • 00:14:15
    Also every router port is in its own collision domain.
  • 00:14:19
    Routers operate using Layer 3 logic, they don’t flood frames.
  • 00:14:22
    Now, you may have to pause the video to think about what happens when hubs are connected
  • 00:14:26
    to switches like in this network.
  • 00:14:28
    Anyway, let’s check the answers.
  • 00:14:31
    First, this group of ports here are all in the same collision domain.
  • 00:14:36
    These two hubs will flood frames without any buffer which means that if any two devices
  • 00:14:40
    transmit at the same time, you can expect collisions to occur.
  • 00:14:44
    I said that all switch ports are in their own collision domain, so why are two of this
  • 00:14:49
    switch’s ports in the same collision domain here?
  • 00:14:52
    It’s because they are connected together via hubs, which means they are actually in
  • 00:14:56
    the same collision domain.
  • 00:14:59
    This link here, though, is a separate collision domain, because switches are able to break
  • 00:15:03
    up collision domains, they are more intelligent than hubs.
  • 00:15:07
    This link between the router and other switch is another collision domain, and the other
  • 00:15:12
    interfaces of this switch are in their own collision domains too.
  • 00:15:16
    This switch port here is a unique collision domain too, and this group of links is the
  • 00:15:20
    final collision domain, all in one collision domain because of the hub connecting them
  • 00:15:24
    together.
  • 00:15:25
    So, there are a total of 9 collision domains in this network.
  • 00:15:30
    If you got the answer wrong, don’t worry.
  • 00:15:32
    We’ll do another practice question in the quiz after the video.
  • 00:15:37
    Next we’ll look at broadcast domains.
  • 00:15:40
    A broadcast domain is a logical division of a network in which all nodes can reach each
  • 00:15:44
    other by Layer 2 broadcast.
  • 00:15:47
    Another way to put it is a group of devices which will receive a broadcast frame sent
  • 00:15:52
    by any one of the other devices in that group.
  • 00:15:55
    As you know, all devices connected to a switch are in the same broadcast domain, because
  • 00:16:00
    switches flood broadcast frames.
  • 00:16:03
    If one device sends a broadcast message, all other devices connected to that switch will
  • 00:16:08
    receive it.
  • 00:16:09
    Now, VLANs can be used to divide up broadcast domains on a switch, however we will review
  • 00:16:15
    VLANs in a different section of the course so let’s not cover them now.
  • 00:16:18
    As opposed to switches, each router interface is a unique broadcast domain, because routers
  • 00:16:24
    do not forward Layer 2 broadcast messages.
  • 00:16:27
    So, let’s practice identifying broadcast domains.
  • 00:16:31
    How many are there in the network below?
  • 00:16:33
    Pause the video now if you want to figure it out, now let’s check the answer.
  • 00:16:38
    Here’s one broadcast domain.
  • 00:16:40
    A broadcast frame sent from any one of the interfaces in this group will reach all of
  • 00:16:45
    the others, so they are in one broadcast domain.
  • 00:16:49
    Note that, although I said each interface on a router is a unique broadcast domain,
  • 00:16:53
    these two are actually in the same broadcast domain because they connect to the same switch.
  • 00:16:58
    They will receive each others’ Layer 2 broadcast messages.
  • 00:17:01
    Here’s a second broadcast domain, and this connection between the two routers is a broadcast
  • 00:17:06
    domain too, they will receive each others’ broadcast messages.
  • 00:17:11
    And finally this group of devices is also in a single broadcast domain.
  • 00:17:15
    So, in this network there are four broadcast domains.
  • 00:17:20
    Collision domains are something we don’t really have to think about in modern wired
  • 00:17:23
    networks thanks to switches, but broadcast domains are definitely something you should
  • 00:17:27
    be aware of and trying to minimize through the use of VLANs.
  • 00:17:32
    Now let’s move on to the next topic, Layer 2 forwarding, which refers to the process
  • 00:17:38
    switches use to forward frames within a LAN.
  • 00:17:42
    Switches use information in the Layer 2 header to determine where to forward frames.
  • 00:17:47
    As an aside, although routers operate ‘at layer 3’, they are still Layer 2 aware as
  • 00:17:53
    they must inspect the destination MAC address of frames they receive to check if the frame
  • 00:17:58
    is destined for the router itself, and then use Layer 2 to address frames to the next
  • 00:18:03
    hop device, or to the final destination host if the router is the last one in the path.
  • 00:18:09
    Some CCNA students ask why routers need to encapsulate packets within an Ethernet frame
  • 00:18:14
    even though routers are supposed to operate ‘at Layer 3’, so I just wanted to clear
  • 00:18:18
    that up.
  • 00:18:20
    Routers use Layer 3 information to decide where to forward packets, but that doesn’t
  • 00:18:24
    mean they can ignore Layer 2.
  • 00:18:26
    Back to the topic, there are four main message types to be aware of from a Layer 2 forwarding
  • 00:18:31
    perspective, see if you can guess what they are.
  • 00:18:35
    The first three you should already be aware of.
  • 00:18:38
    Known unicast frames are forwarded to a specific destination host, unknown unicast frames are
  • 00:18:43
    flooded within the VLAN, same for broadcast frames.
  • 00:18:47
    And there is one more message type: multicast, which by default is flooded as well.
  • 00:18:52
    I briefly mentioned multicast from a Layer 3 perspective in my CCNA course, but didn’t
  • 00:18:57
    mention multicast MAC addresses.
  • 00:19:00
    Later in this course we will look at multicast in more detail.
  • 00:19:05
    Before looking at an example of each message type, let’s quickly review how MAC addresses
  • 00:19:09
    are structured.
  • 00:19:11
    MAC addresses are 48 bits in length, however we usually write them in hexadecimal to make
  • 00:19:16
    them more human-readable, resulting in 12 hex digits.
  • 00:19:19
    I have an example MAC address here.
  • 00:19:23
    Why have I colored the first half blue and the second half red?
  • 00:19:27
    The first half, so the first 24 bits or 6 hex digits, is the OUI, organizationally unique
  • 00:19:34
    identifier.
  • 00:19:35
    OUI’s are assigned by the IEEE to organizations, and then only that organization is allowed
  • 00:19:41
    to use that OUI.
  • 00:19:43
    Large organizations, like Cisco, will have multiple different OUIs that they assign to
  • 00:19:47
    their devices.
  • 00:19:49
    This one here, 0cf5.a4, belongs to Cisco.
  • 00:19:54
    Then, the second half of the MAC address, so the last 24 bits or 6 hex digits, is specific
  • 00:20:00
    to the NIC, Network Interface Card, of the device.
  • 00:20:04
    For example, this is the MAC address of my switch’s fastethernet0/1 interface.
  • 00:20:11
    Other MAC addresses used by my switch, for example the MAC addresses of its other interfaces,
  • 00:20:16
    or the system MAC address that identifies the switch in spanning tree protocol, would
  • 00:20:20
    have the same OUI, 0cf5.a4, but a different second half of the MAC address.
  • 00:20:28
    Note that you may see a MAC addresses written like this instead, with a hyphen between every
  • 00:20:33
    other hex digit.
  • 00:20:35
    For example if you view the MAC address of a Windows PC with the ‘ipconfig /all’
  • 00:20:40
    command, it will be displayed like this, whereas Cisco displays MAC addresses like the example
  • 00:20:45
    above.
  • 00:20:46
    Now let’s see how each Layer 2 message type works, and also review how switches dynamically
  • 00:20:53
    build their MAC address table.
  • 00:20:55
    In this network a router and three PCs are connected to SW1, and SW1’s MAC address
  • 00:21:00
    table is currently empty.
  • 00:21:02
    R1 sends a unicast frame.
  • 00:21:05
    The source MAC is R1’s MAC, all A’s, and the destination is PC1’s MAC, all 1’s.
  • 00:21:12
    When the frame arrives at SW1, what happens first?
  • 00:21:15
    SW1 checks the source MAC of the frame, and because it doesn’t have an entry for the
  • 00:21:20
    MAC address yet it dynamically learns R1’s MAC address.
  • 00:21:25
    Because SW1 received a frame from MAC address all A’s on interface G0/0, it knows that
  • 00:21:31
    it can reach that MAC address on that interface in the future.
  • 00:21:35
    However, it doesn’t know how to reach the destination MAC of the frame, all 1’s.
  • 00:21:39
    That’s why this is an unknown unicast frame.
  • 00:21:43
    So what does SW1 do with the frame?
  • 00:21:46
    It floods the frame out of all ports except the port the frame was received on.
  • 00:21:51
    Note that, if some of these ports were in different VLANs the frame would not be flooded
  • 00:21:55
    out of them, but for this example all ports are in VLAN 1.
  • 00:22:00
    Now, PC2 and PC3 see that the destination MAC is not their own, so they drop the frame.
  • 00:22:07
    PC1, on the other hand, is the destination of the frame so it will receive and process
  • 00:22:12
    it.
  • 00:22:13
    Note that, in reality R1 would probably send a broadcast ARP request to learn PC1’s MAC
  • 00:22:19
    address before sending this unicast message, and in that process SW1 would have already
  • 00:22:25
    learned both R1 and PC1’s MAC addresses.
  • 00:22:28
    I’m just using this example to demonstrate how unknown unicast messages are flooded.
  • 00:22:33
    Now let’s say PC1 sends a response to R1’s message.
  • 00:22:39
    The source MAC of the frame is PC1’s, and the destination is R1’s.
  • 00:22:44
    First, SW1 uses the source MAC address field of the frame to dynamically learn PC1’s
  • 00:22:50
    MAC address and add it to the MAC address table.
  • 00:22:53
    Then what does SW1 do with the frame?
  • 00:22:56
    Because it already has an entry for the all A’s MAC address, it simply forwards the
  • 00:23:00
    frame out of the appropriate port.
  • 00:23:03
    Note that switches can only forward frames between ports in the same VLAN.
  • 00:23:07
    In this case both are in VLAN 1, so that is no problem.
  • 00:23:11
    So, there’s actually no difference between unknown and known unicast frames.
  • 00:23:15
    They are both frames destined for a single host.
  • 00:23:19
    The difference is how a switch handles the frame.
  • 00:23:22
    If a switch doesn’t have an entry for the destination in its MAC address table, it floods
  • 00:23:26
    the frame.
  • 00:23:28
    If it does have an entry, it forwards it only out of the appropriate port.
  • 00:23:34
    Next up, broadcast.
  • 00:23:36
    PC2 sends a broadcast frame, source MAC of all 2’s and destination of all F’s, which
  • 00:23:41
    is the broadcast MAC address.
  • 00:23:44
    When SW1 receives this frame, it first adds an entry for PC2’s MAC address in its MAC
  • 00:23:50
    address table.
  • 00:23:52
    Then what does it do with the frame?
  • 00:23:53
    As you already know, it will flood it to all ports in the same VLAN, except the port the
  • 00:23:58
    frame was received on, so it doesn’t flood the frame back out of G0/2.
  • 00:24:03
    Now let’s say PC3 responds to PC2’s broadcast message, this time with a unicast frame destined
  • 00:24:11
    for PC2.
  • 00:24:12
    First, SW1 uses the source MAC field of the frame to add an entry for PC3’s MAC in the
  • 00:24:18
    MAC address table, and what does it do next?
  • 00:24:22
    What kind of frame is this?
  • 00:24:23
    It’s destined for the all 2’s MAC address, and SW1 already has an entry for it in it’s
  • 00:24:29
    MAC address table, so it’s a known unicast frame.
  • 00:24:33
    SW1 just forwards it out of the appropriate port.
  • 00:24:38
    Finally let’s look at what a switch does with a multicast frame.
  • 00:24:42
    Remember, unicast means one to one, broadcast means one to all, and multicast means one
  • 00:24:49
    to many, but not necessarily all.
  • 00:24:51
    So, what will a switch do with a frame destined for a multicast MAC address like this?
  • 00:24:57
    By default, Layer 2 multicast messages will be flooded like a broadcast message.
  • 00:25:02
    You probably have a lot of questions about multicast, but we will cover it in another
  • 00:25:07
    section of the course so let’s leave it at that for now.
  • 00:25:11
    Just know that switches flood multicast frames by default.
  • 00:25:16
    For the last topic, let’s take a closer look at the MAC address table and how you
  • 00:25:20
    can configure it.
  • 00:25:22
    Here is the output of SHOW MAC ADDRESS-TABLE on my Catalyst 2960 switch.
  • 00:25:29
    Notice all of the static entries, as indicated with a type of STATIC.
  • 00:25:33
    I did not statically configure these, but rather they are there by default for various
  • 00:25:37
    purposes.
  • 00:25:39
    For example, this first entry, 0100.0ccc.cccc is a multicast MAC address used for protocols
  • 00:25:47
    such as CDP, VTP, and DTP.
  • 00:25:52
    Notice that under the ‘ports’ column it says CPU.
  • 00:25:55
    This means when a switch receives a frame with this destination MAC, it should send
  • 00:26:00
    it to the CPU for processing.
  • 00:26:02
    Otherwise it would merely flood the frame, and wouldn’t actually look at the information
  • 00:26:06
    inside the, for example, CDP message.
  • 00:26:10
    This next one is used for PVST, Per-VLAN Spanning-Tree, and this one is used for IEEE standard Spanning-Tree
  • 00:26:17
    Protocol.
  • 00:26:19
    All of the other static entries here have similar purposes, they are there to allow
  • 00:26:23
    certain protocols to function, because the switch should actually open up and inspect
  • 00:26:27
    the contents of those protocol’s messages.
  • 00:26:30
    Also, as you may have noticed, the broadcast MAC address is included here, because the
  • 00:26:35
    contents of a broadcast message may be of interest to the switch, so it should send
  • 00:26:40
    the frame to the CPU for processing.
  • 00:26:43
    And at the bottom there are two dynamic entries, one for my home router and the other for my
  • 00:26:47
    PC.
  • 00:26:50
    As you should already be aware, dynamic MAC addresses do not stay in the table permanently.
  • 00:26:56
    The default aging time of a dynamic MAC address is 300 seconds, so 5 minutes.
  • 00:27:02
    If a MAC address isn’t seen by the switch for 5 minutes, meaning if the switch doesn’t
  • 00:27:06
    receive a frame from that MAC address, its dynamic entry will be removed.
  • 00:27:12
    However every time a frame is received from that MAC address, the timer is reset back
  • 00:27:16
    to 5 minutes.
  • 00:27:18
    Typically this 5 minute timer doesn’t cause any issues, but you can, if you want, change
  • 00:27:24
    this setting.
  • 00:27:25
    The command is MAC ADDRESS-TABLE AGING-TIME from global configuration mode.
  • 00:27:31
    Here you can configure the aging time in seconds.
  • 00:27:34
    The minimum is 10 seconds, as indicated by the ‘10 to 1 million’ range, oras I’ve
  • 00:27:40
    highlighted here you can set it to 0 to disable aging entirely.
  • 00:27:44
    Dynamic MAC addresses will never be removed from the MAC address table unless you do it
  • 00:27:48
    manually.
  • 00:27:49
    I decided to configure it as 0, just for demonstration purposes.
  • 00:27:54
    Let me repeat, usually there is no reason the actually change the default timer.
  • 00:27:59
    Note that with the VLAN option of the command, you can actually change the aging time per
  • 00:28:03
    VLAN.
  • 00:28:04
    If you look back up at the output of SHOW MAC ADDRESS-TABLE AGING-TIME, that’s why
  • 00:28:08
    you can see the empty chart with VLAN and aging-time columns.
  • 00:28:13
    I decided to just change the global aging time, not per-VLAN.
  • 00:28:18
    And now the dynamic MAC address aging time is 0.
  • 00:28:21
    My switch will keep dynamic MAC addresses in the MAC address table permanently.
  • 00:28:28
    Another interesting thing is that you can actually disable dynamic MAC address learning
  • 00:28:31
    entirely.
  • 00:28:33
    SHOW MAC ADDRESS-TABLE LEARNING shows us the status of dynamic MAC address learning per
  • 00:28:37
    VLAN.
  • 00:28:38
    As you can see, it’s enabled on all VLANs by default.
  • 00:28:41
    These VLANs shown here are the VLANs that currently exist on my switch.
  • 00:28:46
    To disable learning, use the command NO MAC ADDRESS-TABLE LEARNING VLAN, and then the
  • 00:28:52
    VLAN or VLANs you want to disable it on, for example I disabled it on VLANs 10, 12, 13,
  • 00:28:58
    and 14.
  • 00:29:00
    As you can see, learning has indeed been disabled for MAC addresses in those VLANs.
  • 00:29:06
    To be honest, this is another configuration you probably won’t need to use.
  • 00:29:10
    Perhaps if an attacker is performing a MAC flooding attack, you could disable MAC address
  • 00:29:14
    learning on the target VLAN or VLANs, but even in that case there are probably better
  • 00:29:19
    options.
  • 00:29:20
    Now, typically we leave building the MAC address table up to the switch.
  • 00:29:26
    The dynamic method works fine and is totally hands-off.
  • 00:29:29
    However, in some cases you may want to manually configure a MAC address on a switch, like
  • 00:29:35
    configuring a static route on a router.
  • 00:29:38
    Here you can see the two dynamic MAC addresses in my switch’s table.
  • 00:29:42
    Note that I’m not displaying the default static MAC addresses here since they take
  • 00:29:46
    up too much space.
  • 00:29:47
    Here’s how to configure a static entry in the MAC address table.
  • 00:29:52
    This is the format of the command: MAC ADDRESS-TABLE STATIC, followed by the MAC address, VLAN,
  • 00:29:58
    then the VLAN ID, INTERFACE, and then the interface ID.
  • 00:30:03
    Another option instead of specifying the interface is DROP.
  • 00:30:06
    What does this do?
  • 00:30:08
    It means the switch will drop all traffic for this MAC address.
  • 00:30:12
    In the next lab video we’ll demonstrate this.
  • 00:30:14
    So, here’s the output of SHOW MAC ADDRESS-TABLE after configuring those two static entries.
  • 00:30:21
    Note that, the DROP entry I configured is actually my PC’s MAC address.
  • 00:30:25
    I carelessly entered that command while I was connected to the switch via SSH, and then
  • 00:30:30
    I immediately lost my connection to the switch.
  • 00:30:33
    The switch was dropping all frames destined for my PC.
  • 00:30:36
    So, I had to get my laptop and connect to the switch’s console port, and then delete
  • 00:30:40
    the DROP entry so that my PC could connect again.
  • 00:30:44
    Fortunately this is just my home network, not a work environment!
  • 00:30:50
    Although usually you leave it up to the switch to clear out the MAC address table as necessary
  • 00:30:54
    as dynamic addresses age out, you can also manually clear all or some of the dynamic
  • 00:30:59
    MAC addresses in the table.
  • 00:31:02
    Notice I used the command SHOW MAC ADDRESS-TABLE DYNAMIC to view only dynamic MAC addresses.
  • 00:31:08
    In this example there are two.
  • 00:31:11
    To clear the dynamic MAC addresses, use the command CLEAR MAC ADDRESS-TABLE DYNAMIC, and
  • 00:31:17
    note that this command is done from privileged exec mode, not global config mode.
  • 00:31:21
    I used the question mark to view additional options, and note that you can filter by address,
  • 00:31:27
    to remove only a specific MAC address, by interface to only remove MAC addresses learned
  • 00:31:32
    on a specific interface, or VLAN to only remove MAC addresses learned in a specific VLAN.
  • 00:31:38
    I just decided to remove all dynamic MAC addresses, and as you can see SHOW MAC ADDRESS-TABLE
  • 00:31:44
    DYNAMIC displays nothing.
  • 00:31:47
    Switches only have a certain amount of memory, and it is possible for a switch to learn so
  • 00:31:51
    many MAC addresses that it can’t learn any more.
  • 00:31:55
    At the bottom of the SHOW MAC ADDRESS-TABLE output it does show a MAC address count, 22
  • 00:32:00
    in this case, but there’s a better way.
  • 00:32:02
    SHOW MAC ADDRESS-TABLE COUNT displays the number of dynamic MAC addresses, static MAC
  • 00:32:07
    addresses, and the total, as well as the total MAC address space available on the switch
  • 00:32:12
    at the bottom.
  • 00:32:13
    Note, as I’ve highlighted, that the total in this command displays 2, whereas above
  • 00:32:18
    it displays 22.
  • 00:32:20
    Why is that?
  • 00:32:21
    It’s because all of those static entries that are in the switch by default are not
  • 00:32:25
    included in this count.
  • 00:32:26
    That’s also why SHOW MAC ADDRESS-TABLE COUNT is showing 0 static addresses, even though
  • 00:32:31
    you can see plenty of them above.
  • 00:32:35
    Final point, I just want to show how you can filter the output of the SHOW MAC ADDRESS-TABLE
  • 00:32:40
    command, as we saw with SHOW MAC ADDRESS-TABLE DYNAMIC a couple slides back.
  • 00:32:45
    I’ve highlighted the options you can use to filter the display, such as searching for
  • 00:32:49
    a specific address with the ADDRESS option, or filter by interface, VLAN, etc.
  • 00:32:56
    And if you select an option like DYNAMIC you can then further filter the output by address,
  • 00:33:00
    interface, and VLAN.
  • 00:33:02
    I recommend experimenting with these show commands in the lab to get used to them.
  • 00:33:07
    Here’s a summary of the commands we looked at.
  • 00:33:11
    If you have access to Cisco devices, whether they are hardware or virtual, I recommend
  • 00:33:16
    spending some time in the lab exploring the available commands and trying them out.
  • 00:33:21
    In this video I introduced some commands we didn’t cover in the CCNA, but there are
  • 00:33:25
    still more available and they might be worth checking out.
  • 00:33:28
    And that is true not just for this lesson, but for all future lessons too.
  • 00:33:33
    Labbing is a part of studying that you simply can’t skip, and don’t just lab what I
  • 00:33:37
    teach you in these videos.
  • 00:33:39
    Spend some time experimenting with the other available commands.
  • 00:33:43
    So, here’s what we covered in this video.
  • 00:33:47
    We started with a review of the OSI model, then collision and broadcast domains.
  • 00:33:53
    We also reviewed how Layer 2 forwarding is done using MAC addresses, and finally looked
  • 00:33:58
    at the MAC address table; how to configure it and view it.
  • 00:34:02
    Much of this video was review, but we also looked at a few new things.
  • 00:34:06
    Finally let’s move on to the quiz.
  • 00:34:09
    Here’s quiz question 1.
  • 00:34:12
    How many collision domains are there in the network below?
  • 00:34:16
    Pause now to think about your answer.
  • 00:34:23
    Here are all of the collision domains in this network, 8 in total.
  • 00:34:27
    Fortunately, these days we don’t have to worry much about collision domains in wired
  • 00:34:31
    networks thanks to switches, but still they are important network fundamentals.
  • 00:34:35
    Let’s go to question 2.
  • 00:34:40
    How many broadcast domains are there in the network below?
  • 00:34:43
    Pause the video now to think about your answer.
  • 00:34:50
    Here are the broadcast domains in this network, 7 in total.
  • 00:34:54
    To help you visualize it, these arrows show some example broadcast messages and which
  • 00:34:59
    devices they would reach, indicating the broadcast domains.
  • 00:35:03
    Remember, a broadcast domain is the group of devices that would receive a broadcast
  • 00:35:07
    message sent by one of the group’s members.
  • 00:35:10
    Okay let’s go to question 3.
  • 00:35:14
    Which of the following Ethernet header fields does a switch use to make a forwarding decision?
  • 00:35:20
    Pause the video now to think about your answer.
  • 00:35:25
    Okay, the answer is B, destination MAC address.
  • 00:35:31
    In Layer 2 forwarding, switches don’t look at Layer 3 information, so C and D can be
  • 00:35:36
    ruled out because they mention IP addresses.
  • 00:35:39
    Plus the question mentions the Ethernet header, and IP addresses are not part of the Ethernet
  • 00:35:44
    header.
  • 00:35:45
    As for A, the source MAC address field of Ethernet frames is used to build the switch’s
  • 00:35:50
    MAC address table, but when it comes to actually forwarding a frame it looks at the destination
  • 00:35:55
    MAC address field and makes a forwarding decision, so B is the correct answer.
  • 00:36:00
    Let’s go to question 4.
  • 00:36:06
    Which of the following message types is NOT flooded by a switch?
  • 00:36:10
    Pause the video now to think about your answer.
  • 00:36:14
    Okay, the answer is D, known unicast.
  • 00:36:21
    Broadcast messages are always flooded, multicast messages are flooded by default, and unknown
  • 00:36:26
    unicast messages are flooded because the switch doesn’t yet know the correct port to forward
  • 00:36:30
    the frame out of.
  • 00:36:32
    Known unicast messages are not flooded, because the switch already has an entry for the destination
  • 00:36:37
    in its MAC address table, so it can forward the frame out of the appropriate port.
  • 00:36:42
    Let’s go to question 5.
  • 00:36:46
    Which of the following commands can be use to disable dynamic MAC address aging?
  • 00:36:52
    Pause the video now to think about your answer.
  • 00:36:57
    Okay, the answer is B, MAC ADDRESS-TABLE AGING-TIME 0.
  • 00:37:05
    C and D are not real commands, and what about A?
  • 00:37:09
    Actually, A could be used to return the aging-time setting to default.
  • 00:37:14
    For example, if you used the command MAC ADDRESS-TABLE AGING-TIME 0 to disable MAC address aging,
  • 00:37:21
    command A, NO MAC ADDRESS-TABLE AGING-TIME would remove that command and return it to
  • 00:37:27
    the default setting of 300 seconds.
  • 00:37:29
    Okay, that’s all for the quiz and today’s video.
Tags
  • Layer 2
  • switch
  • MAC-adresse
  • OSI-modell
  • TCP/IP
  • kollisjonsdomene
  • broadcast-domene
  • enkapsulering
  • videresending
  • nettverksprotokoll