5.

1 Ethernet Protocol
5.2 Address Resolution Protocol
5.3 LAN Switches
Ethernet Operation
LLC and MAC Sublayers
Ethernet
 One of the most widely used LAN technologies
 Operates in the data link layer and the physical layer
 Family of networking technologies that are defined in the IEEE 802.2 and 802.3
standards
 Supports data bandwidths of 10, 100, 1000, 10,000, 40,000, and 100,000 Mbps
(100 Gbps)
Ethernet Standards
 Define Layer 2 protocols and Layer 1 technologies
 Two separate sub layers of the data link layer to operate – Logical link control
(LLC) and the MAC sublayers
Ethernet Operation
LLC and MAC Sublayers (cont.)
LLC
 Handles communication between upper and lower layers.
 Takes the network protocol data and adds control information to help deliver
the packet to the destination.
MAC
 Constitutes the lower sublayer of the data link layer.
 Implemented by hardware, typically in the computer NIC.
 Two primary responsibilities:
 Data encapsulation
 Media access control
Ethernet Operation
MAC Sublayer (cont.)
Data encapsulation
 Frame assembly before transmission and frame disassembly upon reception
of a frame.
 MAC layer adds a header and trailer to the network layer PDU.

Provides three primary functions:

 Frame delimiting – Identifies a group of bits that make up a frame,
synchronization between the transmitting and receiving nodes.
 Addressing – Each Ethernet header added in the frame contains the physical
address (MAC address) that enables a frame to be delivered to a destination
node.
 Error detection – Each Ethernet frame contains a trailer with a cyclic
redundancy check (CRC) of the frame contents.
Ethernet Operation
MAC Sublayer (cont.)
MAC
 Responsible for the placement of frames on the media and the removal of
frames from the media
 Communicates directly with the physical layer
 If multiple devices on a single medium attempt to forward data
simultaneously, the data will collide resulting in corrupted, unusable data
 Ethernet provides a method for controlling how the nodes share access
through the use a Carrier Sense Multiple Access (CSMA) technology
Ethernet Operation
Media Access Control
Carrier Sense Multiple Access (CSMA) process
 Used to first detect if the media is carrying a signal
 If no carrier signal is detected, the device transmits its data
 If two devices transmit at the same time - data collision
Ethernet Operation
Media Access Control (cont.)
Ethernet Operation
Media Access Control (cont.)
CSMA is usually implemented in conjunction with a method for resolving media
contention. The two commonly used methods are: CSMA/Collision Detection
and CSMA/Collision Avoidance
CSMA/Collision Detection
• The device monitors the media for the presence of a data signal
• If a data signal is absent, indicating that the media is free, the device
transmits the data
• If signals are then detected that show another device was transmitting at
the same time, all devices stop sending & try again later
• While Ethernet networks are designed with CSMA/CD technology, with
today’s intermediate devices, collisions do not occur and the processes
utilized by CSMA/CD are really unnecessary
• Wireless connections in a LAN environment still have to take collisions into
account
Ethernet Operation
Media Access Control (cont.)
CSMA/Collision Avoidance (CSMA/CA) media access method
• Device examines the media for the presence of data signal - if the media is
free, the device sends a notification across the media of its intent to use it
• The device then sends the data.
• Used by 802.11 wireless networking technologies
Ethernet Operation
MAC Address: Ethernet Identity
 Layer 2 Ethernet MAC
address is a 48-bit binary
value expressed as 12
hexadecimal digits.

 IEEE requires a vendor to

follow these rules:
 Must use that
vendor's assigned
OUI as the first 3
bytes.

 All MAC addresses

with the same OUI
must be assigned a
unique value in the
last 3 bytes.
Ethernet Operation
Frame Processing
 MAC addresses assigned to workstations, servers, printers, switches, and
routers.
 Example MACs:
 00-05-9A-3C-78-00
 00:05:9A:3C:78:00
 0005.9A3C.7800.
 When a device is forwarding a message to an Ethernet network, attaches
header information to the packet, contains the source and destination MAC
address.
 Each NIC views information to see if the destination MAC address in the
frame matches the device’s physical MAC address stored in RAM.
 No match, the device discards the frame.
 Matches the destination MAC of the frame, the NIC passes the frame up the
OSI layers, where the de-encapsulation process takes place.
Ethernet Frame Attributes
Ethernet Encapsulation
 Early versions of
Ethernet were slow at 10
Comparison of 802.3 and Ethernet II Frame Structures and Field Size
Mb/s.
 Now operate at 10 Gb/s
per second and faster.
 Ethernet frame structure
adds headers and
trailers around the Layer
3 PDU to encapsulate
the message being sent.
 Ethernet II is the
Ethernet frame format
used in TCP/IP
networks.
Ethernet Frame Attributes
Ethernet Frame Size

 Ethernet II and IEEE 802.3 standards define the minimum frame size as 64
bytes and the maximum as 1518 bytes
 Less than 64 bytes in length is considered a "collision fragment" or "runt
frame”
 If size of a transmitted frame is less than the minimum or greater than the
maximum, the receiving device drops the frame
 At the physical layer, different versions of Ethernet vary in their method for
detecting and placing data on the media
Ethernet Frame Attributes
Ethernet Frame Size (cont.)

The figure displays the fields contained in the 802.1Q VLAN tag
Ethernet Frame Attributes
Introduction to the Ethernet Frame

Preamble and Start Length/Type Field – Data and Pad

Frame Delimiter Defines the exact Fields –
Fields – length of the frame's Contains the
Used for data field; describes encapsulated
synchronization which protocol is data from a
between the sending implemented. higher layer, an
and receiving IPv4 packet.
devices.
Ethernet Frame Attributes
Introduction to the Ethernet Frame (cont.)

Frame Check Sequence Field

Used to detect errors in a frame with cyclic redundancy check (4
bytes); if calculations match at source and receiver, no error
occurred.
Ethernet MAC
Unicast MAC Address
Ethernet MAC
Broadcast MAC Address
Ethernet MAC
Multicast MAC Address

Multicast MAC address is a Range of IPV4 multicast

special value that begins with addresses is 224.0.0.0 to
01-00-5E in hexadecimal 239.255.255.255
MAC and IP
MAC and IP
MAC Address
 This address does not change
 Similar to the name of a person
 Known as physical address because physically assigned to the host NIC

IP Address
 Similar to the address of a person
 Based on where the host is actually located
 Known as a logical address because assigned logically
 Assigned to each host by a network administrator

Both the physical MAC and logical IP addresses are required for a
computer to communicate just like both the name and address of a
person are required to send a letter.
Ethernet MAC
End-to-End Connectivity, MAC, and IP

IP Packet Encapsulated in an Ethernet Frame

ARP
Introduction to ARP
ARP Purpose
 Sending node needs a way to find the MAC address of the destination for a
given Ethernet link

The ARP protocol provides two basic functions:

 Resolving IPv4 addresses to MAC addresses
 Maintaining a table of mappings
ARP
Introduction to ARP (cont.)
ARP
ARP Functions/Operation
ARP Table
 Used to find the data link layer address that is mapped to the destination
IPv4 address.
 As a node receives frames from the media, it records the source IP and MAC
address as a mapping in the ARP table.

ARP Request
 Layer 2 broadcast to all devices on the Ethernet LAN.
 The node that matches the IP address in the broadcast will reply.
 If no device responds to the ARP request, the packet is dropped
because a frame cannot be created.

Note: Static map entries can be entered in an ARP table, but this is
rarely done.
ARP
ARP Operation
ARP
ARP Operation (cont.)
ARP
ARP Operation (cont.)
ARP
ARP Operation (cont.)
ARP
ARP Functions/Operation (cont.)
ARP
ARP Role in Remote Communication
 If the destination IPv4 host is on the local network, the frame will use
the MAC address of this device as the destination MAC address.

 If the destination IPv4 host is not on the local network, the source
uses the ARP process to determine a MAC address for the router
interface serving as the gateway.

 In the event that the gateway entry is not in the table, an ARP
request is used to retrieve the MAC address associated with the IP
address of the router interface.
ARP
Removing Entries from an ARP Table
 The ARP cache
timer removes ARP
entries that have
not been used for
a specified period
of time.
 Commands may
also be used to
manually remove
all or some of the
entries in the ARP
table.
ARP
ARP Tables on Networking Devices
ARP Issues
How ARP Can Create Problems
ARP Issues
Mitigating ARP Problems
Switching
Switch Port Fundamentals
Layer 2 LAN Switch

 Connects end devices to a central intermediate device on most

Ethernet networks
 Performs switching and filtering based only on the MAC address
 Builds a MAC address table that it uses to make forwarding
decisions
 Depends on routers to pass data between IP subnetworks
Switching
Switch MAC Address Table

1. The switch receives a broadcast frame from PC 1 on Port 1.

2. The switch enters the source MAC address and the switch port that
received the frame into the address table.
3. Because the destination address is a broadcast, the switch floods the
frame to all ports, except the port on which it received the frame.
4. The destination device replies to the broadcast with a unicast frame
addressed to PC 1.
Switching
Switch MAC Address Table (cont.)

5. The switch enters the source MAC address of PC 2 and the port
number of the switch port that received the frame into the address
table. The destination address of the frame and its associated port is
found in the MAC address table.
6. The switch can now forward frames between source and destination
devices without flooding, because it has entries in the address table
that identify the associated ports.
Layer 3 Switching
Layer 2 versus Layer 3 Switching
Layer 3 Switching
Types of Layer 3 Interfaces
The major types of Layer 3 interfaces are:
• Switch Virtual Interface (SVI) – Logical interface on a switch associated with
a virtual local-area network (VLAN).
• Routed Port – Physical port on a Layer 3 switch configured to act as a router
port. Configure routed ports by putting the interface into Layer 3 mode with
the no switchport interface configuration command.
• Layer 3 EtherChannel – Logical interface on a Cisco device associated with
a bundle of routed ports.