KEMBAR78
Modulo 1 - Capitulo 5 | PDF | Ip Address | Ethernet
Scribd
Upload
22 views6 pages

Modulo 1 - Capitulo 5

Uploaded by

Gybes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
22 views6 pages

Modulo 1 - Capitulo 5

Uploaded by

Gybes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

CAPITULO 5: ETHERNET LAYER

5.1. Ethernet Protocol

5.1.1. Ethernet Frame Encapsulation


1. Ethernet operates in the data link layer and the physical layer.
2. Ethernet relies on two sublayers of data link layer to operate, the Logical Link Control (LLC) and the MAC.
3. Ethernet LLC sublayer handles the communication between the upper layers and the lower layers.
It is implemented in software, and its implementation is independent of the hardware.
4. MAC sublayer is the lower sublayer of data link layer. Implemented by hardware, typically in the computer NIC.

5.1.2. MAC Sublayer Functions:


1. Data Encapsulation: 1.Frame delimiting 2.Addressing 3.Error detection
2. Media Access Control: Placement of frames on the media and the removal of frames from the media.
This sublayer communicates directly with the physical layer.

5.1.3. Ethernet Frame Fields


1. Minimum Ethernet frame size from Destination MAC address to FCS is 64 bytes and the maximum is 1518 bytes.
2. Frames less than 64 bytes: “collision fragment” or “runt frame” and automatically discarded by receiving stations.
3. Frames greater than 1500 bytes: “jumbo” or “baby giant frames”.
4. If size of transmitted frame is less than the minimum or greater than the maximum, receiving device drops frame.

5.1.4. MAC Addresses and Hexadecimal


1. Ethernet MAC address is a 48-bit binary value expressed as 12 hexadecimal digits (4 bits per hexadecimal digit).
2. Hexadecimal is used to represent Ethernet MAC addresses and IP Version 6 addresses.
3. Hexadecimal is a base sixteen system using the numbers 0 to 9 and the letters A to F.
4. It is easier to express a value as a single hexadecimal digit than as four binary bits.
5. Hexadecimal is usually represented in text by the value preceded by 0x (E.g., 0x73).
5.1.5. MAC Addresses: Ethernet Identity
1. MAC addresses were created to identify the actual source and destination.
2. MAC address rules are established by IEEE.
3. IEEE assigns the vendor a 3-byte (24-bit) code, called the Organizationally Unique Identifier (OUI).
4. IEEE requires a vendor to follow two simple rules:
5. MAC addresses assigned to NIC or other Ethernet device must use vendor’s assigned OUI as the first 3 bytes.
6. MAC addresses with the same OUI must be assigned a unique value in the last 3 bytes.

5.1.6. Frame Processing


1. MAC address is a burned-in address (BIA) meaning the address is encoded into the ROM chip permanently.
2. When the PC starts up, the NIC does is copy the MAC address from ROM to RAM.
3. When a device is forwarding a message to an Ethernet network, it attaches header information to the frame.
The header information contains the source and destination MAC address.

5.1.7. MAC Address Representations


1. Use the ipconfig /all command on a Windows host to identify the MAC address Ethernet adapter.
5.1.8. Unicast MAC Address
1. Unique address used when a frame is sent from a single transmitting device to a single destination device.
2. For a unicast packet to be sent and received a destination IP address must be in the IP packet header and a
corresponding destination MAC address must also be present in the Ethernet frame header.

5.1.9. Broadcast MAC Address


1. Many network protocols, such as DHCP and ARP, use broadcasts.
2. Broadcast packet contains a destination IPv4 address that has all ones (1s) in the host portion indicating that all
hosts on that local network will receive and process the packet.
3. When IPv4 broadcast packet is encapsulated in the Ethernet frame, the destination MAC address is the broadcast
MAC address of FF-FF-FF-FF-FF-FF in hexadecimal (48 ones in binary).

5.1.10. Multicast MAC Address


1. Multicast addresses allow a source device to send a packet to a group of devices.
2. Devices in a multicast group are assigned a multicast group IP address in the range of 224.0.0.0 to
239.255.255.255 (IPv6 multicast addresses begin with FF00::/8).
3. Multicast IP address requires a corresponding multicast MAC address that begins with 01-00-5E in hexadecimal.
5.2. LAN Switches

5.2.1. The MAC Address Table


1. Layer 2 Ethernet SW makes its forwarding decisions based only on the Layer 2 Ethernet MAC addresses.
2. SW is on will have empty MAC address table, not yet learned the MAC addresses for the four attached PCs.
3. MAC address table is sometimes referred to as a content addressable memory (CAM) table.
4. SW dynamically builds the MAC address table.
5. The process to learn the Source MAC Address:
1. Switches examine all incoming frames for new source MAC address information to learn.
2. If the source MAC address is unknown, it is added to the table along with the port number.
3. If the source MAC address does exist, the switch updates the refresh timer for that entry.
4. Ethernet switches keep an entry in the table for 5 minutes.
6. The process to forward the Destination MAC Address:
1. If destination MAC address is broadcast or multicast, frame is also flooded out all ports except the incoming port.
2. If destination MAC address is unicast address, the switch will look for a match in its MAC address table.
3. If destination MAC address is in the table, it will forward the frame out the specified port.
4. If destination MAC address is not in the table (unknown unicast) SW forward frame out all ports except the
incoming port.
5. If destination IP address is in on another network, source MAC address is that of the sending computer.
The destination MAC address is that of the router of 00-0D.

5.2.2. Filtering Frames


1. SW receives frames from different devices, it is able to populate its MAC address table by examining the source
MAC address of every frame.
2. When SW MAC address table contains destination MAC address, it filter the frame and forward out a single port.

5.2.3 Switch Forwarding Methods

5.2.3.1 – Store And Forward


1. SW receives entire frame, computes the CRC, if CRC is valid SW looks up destination address, which determines
outgoing interface.
2. Frame forwarded to correct port

5.2.3.2 – Cut-Through Switching


1. SW buffers just enough of the frame to read the destination MAC address so that it can determine to which port to
forward the data.
2. SW does not perform any error checking on the frame.
3. Two variants of cut-through switching:
1. Fast-forward switching: offers the lowest level of latency. SW immediately forwards a packet after reading the
destination address. This is the most typical form of cut-through switching.
2. Fragment-free switching: SW stores the first 64 bytes of the frame before forwarding.
It is a compromise between store-and-forward and fast-forward switching.

5.2.4. Memory Buffering on Switches


1. L2 SW use memory buffering technique to store frames before forwarding them.
2. Buffering used when destination port is busy due to congestion and SW stores frame until it can be transmitted.
3. Two types of memory buffering techniques:
1. Port-Based Memory: Frames stored in queues that are linked to specific incoming and outgoing ports
Frame is transmitted when all the frames ahead of it have been transmitted
2. Shared Memory: All frames deposited into common buffer which is shared by all ports on SW

5.2.5. Switch Port Settings


1. Full-duplex: Both ends of the connection can send and receive simultaneously.
2. Half-duplex: Only one end of the connection can send at a time.
3. Auto-negotiation: Enables two devices to automatically exchange information about speed and duplex
capabilities and choose the highest performance mode.
4. Duplex mismatch: Cause of performance issues with Ethernet links.
When one port on the link operates at half-duplex while the other port operates at full-duplex.

5.2.6. Auto-MDIX
1. Connections between specific devices such as switch-to-switch, switch-to-router, switch-to-host, and router-to-host
devices, once required the use of specific cable types (crossover or straight-through).
2. Most switch devices now support the automatic medium-dependent interface crossover (auto-MDIX) feature.
This is enabled by default on switches since IOS 12.2(18)SE.
3. When enabled using the mdix auto interface configuration command, the switch detects the type of cable
attached to the port, and configures the interfaces accordingly.
5.3. Address Resolution Protocol

5.3.1. MAC and IP Destination on Same Network


1. There are two primary addresses assigned to a device on an Ethernet LAN:
1. Physical address (the Ethernet MAC address) (L2)
2. Logical address (the IP address) (L3)
2. The Layer 2 Ethernet frame contains:
1. Destination MAC address
2. Source MAC address
3. The Layer 3 IP packet contains:
1. Source IP address
2. Destination IP address

5.3.2. MAC and IP Destination on Remote Network


1. When the destination IP address is on a remote network, destination MAC address will be address of host’s default
gateway.
2. The destination IP address is that of the File Server.
3. The destination MAC address is that of Ethernet interface of Router1.
5.3.3. ARP
1. When a device sends an Ethernet frame, it contains these two addresses:
1. Destination MAC address
2. Source MAC address
2. To determine the destination MAC address, the device uses ARP.
1. ARP provides two basic functions:
1. Resolving IPv4 addresses to MAC addresses
2. Maintaining a table of mappings

5.3.3.1. ARP Functions


1. ARP table (or ARP cache) in its memory (RAM) used to find the MAC address that is mapped to the IPv4 address.
2. Device will search its ARP table for a destination IPv4 address and a corresponding MAC address.
1. If the packet’s destination IPv4 address is on the same network as the source IPv4 address, the device will
search the ARP table for the destination IPv4 address.
2. If the destination IPv4 address is on a different network than the source IPv4 address, the device will search
the ARP table for the IPv4 address of the default gateway.

5.3.3.2. Removing Entries from an ARP Table


1. ARP cache timer removes ARP entries that have not been used for a specified period of time.
2. The times differ depending on the device’s operating system (Windows store ARP cache entries for 2 minutes).
3. Can also manually remove all or some of the entries in the ARP table.

5.3.3.3.ARP Tables
1. Show ip arp and arp –a

5.3.3.4. ARP Issues

5.3.3.4.1. ARP Broadcasts


1. As a broadcast frame, an ARP request is received and processed by every device on the local network.
2. ARP requests can flood the local segment if a large number of devices were to be powered up and all start
accessing network services at the same time.

5.3.3.4.2. ARP Spoofing


1. Attackers can respond to requests and pretend to be providers of services.
2. One type of ARP spoofing attack used by attackers is to reply to an ARP request for the default gateway
3. Enterprise level switches include mitigation techniques known as dynamic ARP inspection (DAI).

You might also like