This chapter ensures that you are ready for questions related to these topics in the Network Fundamentals section of the CCNA 200-301 exam blueprint from Cisco Systems. Remember that this is just a portion of the Network Fundamentals section. The other chapters in Part I, “Network Fundamentals,” also provide information pertinent to the Network Fundamentals section.
This chapter covers the following essential terms and components:
▸ Ethernet switching
▸ MAC learning
▸ MAC aging
▸ Frame switching
▸ Frame flooding
▸ MAC address table
▸ Ethernet frame format
CramSaver
If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!
1. What specific field of an Ethernet frame does a switch learn from inbound frames and then record in a database?
_________
2. What is the name of the process that occurs when a MAC address that is no longer communicating on the network is removed from the switch database?
_________
3. What happens when a frame enters a switch, and the destination MAC address is known by the switch?
_________
4. What happens when a frame enters a switch, and the destination MAC address is not known by the switch?
_________
5. What Ethernet frame field is 2 bytes in length and is used to determine the protocol carried within the frame’s Data field?
_________
Answers
1. The switch learns and records the source MAC address.
2. This process of removing stale MAC addresses is termed aging, or aging out.
3. When the destination MAC address is known by a switch, the switch can intelligently forward the information out the correct port, filtering the traffic from all other ports.
4. Frame flooding occurs when the destination MAC address is unknown; in this process, the frame is sent out all ports (for the same VLAN) except the port on which the frame entered.
5. The Length/Type field is 2 bytes in length and permits the signaling of the upper-layer protocol encapsulated in the frame. For example, 0x0800 indicates an IPv4 packet.
Figure 9.1 and the list that follows provide the context for the discussion of several fundamental Ethernet switching concepts that you must review for the CCNA 200-301 exam:
▸ MAC learning and MAC aging: One of the responsibilities of a switch is to learn MAC addresses. The switch transparently observes incoming frames. It records the source MAC addresses of these frames in its MAC address table. It also associates the specific port with a source MAC address. The source MAC address is unique for each connected device. Based on this information, the switch can make intelligent frame forwarding (switching) decisions. Notice that a host system could be turned off or moved at any point. As a result, a switch must also age MAC addresses and remove them from the table after they have not been seen for some duration.
In Figure 9.1, it will not take long before all four systems send some traffic. Keep in mind that many protocols broadcast information periodically. When these frames enter the switch, it records the source MAC address and port information in its MAC address table.
ExamAlert
You can manipulate the aging of MAC addresses on a Cisco switch. Depending on the model of the switch, the range of time you can set is from 0 to 1,000,000 seconds. The default on most Cisco switches is 300 seconds. You can even disable MAC address aging on some switches.
▸ Frame switching: Along with building a MAC address table (mapping MAC addresses to ports), a switch also forwards (switches) frames intelligently from port to port. This is sort of the opposite of how a Layer 1 hub works. The hub takes in a frame and always forwards that frame out all other ports. In a hub-based network, every port is part of the same collision domain. A switch is too smart for that. If its MAC address table is fully populated for all ports, it filters the frame from being forwarded out ports unnecessarily. It forwards the frame to the correct port, based on the destination MAC address. Using Figure 9.1 as an example, if D1 sends a unicast frame destined for D4, the switch examines the MAC address table, finds the destination MAC address in that table, and forwards the frame out only the port connecting to D4.
▸ Frame flooding: What happens when a frame has a destination address that is not in the MAC address table? The frame is flooded out all ports other than the port on which the frame was received. This is called unknown unicast flooding, and it also happens when the destination MAC address in the frame is the broadcast address (ffff.ffff.ffff).
▸ MAC address table: Obviously, the MAC address table is a critical component in a switch today. It really is the brains of the operation. It contains the MAC address–to–port mappings that allow the switch to work its network magic. Example 9.1 shows how easy it is to examine the MAC address table of a Cisco switch.
Switch# show mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 e213.5864.ab8f DYNAMIC Gi0/0 1 fa16.3ee3.7d71 DYNAMIC Gi1/0
ExamAlert
Note that a switch dynamically learns MAC address entries by default. You can also program a switch with static MAC address entries.
Remember that a switch learns based on source MAC information but then switches frames from port to port, based on the destination MAC information. Switches typically use one of three switching methods to forward frames:
▸ Store-and-forward: This means the LAN switch copies each complete frame into the switch memory buffers and computes the cyclic redundancy check (CRC) checksum over the frame’s data and compares the calculated value with the value carried within the FCS field for detecting any errors before forwarding the frame. Store-and-forward adds some delay for each frame, but it guarantees that any frames forwarded out of the switch are error free.
▸ Cut-through: As soon as the LAN switch copies into its memory just the destination MAC address, which is located in the first 6 bytes of the frame following the preamble, the switch looks up the destination MAC address in its switching table, determines the outgoing interface port, and starts forwarding the frame on to its destination through the designated switch port. The key point here is that the switch starts forwarding the first bits of the frame before having received the entire frame on the inbound port. In reality, cut-through tries to minimize the number of received bits before starting to copy the frame onto the outgoing port.
▸ Fragment-free: This works like cut-through switching with the exception that a switch in fragment-free mode stores the first 64 bytes of the frame before forwarding. Fragment-free switching can be viewed as a compromise between store-and-forward switching and cut-through switching. Note that many errors (such as collisions and runts) can be detected in the first 64 bytes of the frame. Fragment-free works best when forwarding frames received on an Ethernet segment where collisions might occur. Unlike cut-through, it only adds delay in the network shown in Figure 9.1 but does not protect against transmission errors.
Finally, please remember that Port LEDs on a switch indicate the health status of ports (when in port status mode). Blinking green indicates that the port is sending and receiving data. Alternating green and amber indicates errors on the link. Amber indicates that a port is blocked by Spanning Tree Protocol.
CramQuiz
1. What is the default aging time for MAC address entries on a typical Cisco switch?
A. 60 seconds
B. 120 seconds
C. 300 seconds
D. 1200 seconds
2. If the MAC address fa16.3ee3.7d71 exists in the MAC address table of a switch and is associated with the port gi0/1, which statement is true?
A. Traffic with source MAC address fa16.3ee3.7d71 entering the switch is forwarded out port gi0/1.
B. Traffic with source MAC address fa16.3ee3.7d71 entering the switch resets the aging timer.
C. Traffic with destination MAC address fa16.3ee3.7d72 entering the switch is forwarded out port gi0/1.
D. Traffic with destination MAC address fa16.3ee3.7d71 entering the switch is flooded.
3. What happens to a frame with destination MAC address ffff.ffff.ffff?
A. The frame is dropped.
B. The frame is forwarded out the gi0/0 port only.
C. The frame is buffered.
D. The frame is flooded out all ports except for the port on which the frame entered the switch.
4. Which statement about an Ethernet switch is true?
A. The switch must use dynamic learning only.
B. The switch records the destination MAC address from received frames.
C. The switch drops broadcast frames by default.
D. The MAC address aging process can be disabled.
CramQuiz Answers
1. C is correct. The default aging time on most Cisco switches is 300 seconds.
2. B is correct. The aging timer is reset when traffic enters the switch with a known source MAC address.
3. D is correct. Notice that the MAC address shown is the broadcast MAC address. This triggers switch flooding behavior.
4. D is correct. It is possible to disable the switch aging process by setting the aging time to 0.
CramSaver
1. What is the first field of the common Ethernet frame format in use today?
_________
2. What is the last field of the common Ethernet frame format in use today?
_________
3. What is the job of the SFD field in an Ethernet frame?
_________
Figure 9.2 shows the most common Ethernet frame format.
Here is information you should know regarding this format:
▸ The fields before the Data and Pad field are collectively termed the header.
▸ The field after the Data and Pad field is known as the trailer.
▸ The Preamble field is 7 bytes in length. It is simply a pattern of alternating 1 and 0 bits that allows devices on the network to easily synchronize their receiver clocks.
▸ The Start Frame Delimiter (SFD) field is 1 byte in length. It also has a simple job: It marks the end of the Preamble field and indicates the beginning of the Destination MAC field.
▸ The Destination MAC field is 6 bytes in length and is used to store the frame’s destination MAC address.
▸ The Source MAC address field is also 6 bytes in length. It stores the appropriate source MAC address.
▸ The Length/Type field is 2 bytes in length and identifies the protocol carried in the frame. For example, this field might indicate an IPv4 or IPv6 payload in a network. You might often see this field described as Ether Type instead of just Type (as I prefer).
▸ The Data and Pad field ranges from 46 to 1500 bytes. The padding might exist so that the field can meet the minimum length requirement of 46 bytes. Of course, the data portion represents the actual data being sent from a higher layer of the OSI model. Some Cisco switches have the capability to support larger-than-default frames. These frame sizes include Baby Giants (from 1502 up to 1600 bytes) and Jumbo frames (from 1601 up to 9216 bytes), depending on the switch model.
▸ The Frame Check Sequence (FCS) field is 4 bytes in length and holds the result of the cyclic redundancy check calculation on the frame’s fields (except with the Preamble, SFD, and FCS fields). The purpose of this field is to determine whether the frame experienced transmission errors in its journey through the network.
CramQuiz
1. What field of the Ethernet frame ensures that the frame was not damaged in transit?
A. SFD
B. Type
C. FCS
D. Preamble
2. What field of the Ethernet frame indicates whether IPv4 or IPv6 is in use?
A. SFD
B. Type
C. FCS
D. Preamble
3. What is the default MTU of the Data and Pad field of the Ethernet frame?
A. 1200
B. 900
C. 1500
D. 1600
CramQuiz Answers
1. C is correct. The Frame Check Sequence field determines whether an error occurred during the transmission of the frame.
2. B is correct. The Type field indicates the protocol being carried in the frame’s Data field.
3. C is correct. The default MTU for Ethernet is 1500 bytes.
1. When a frame enters a Cisco switch, what field does the switch learn from?
A. Preamble
B. FCS
C. Source MAC
D. Destination MAC
2. What is the name of the database that stores address information in a Cisco switch?
A. MAC address table
B. Routing table
C. Interface table
D. Buffer table
3. What command allows you to view the addresses learned by a Cisco switch?
A. show mac-address-table
B. show mac address-table
C. show addresses
D. show mac addresses
4. Why might padding be used in an Ethernet frame?
A. To bring the entire length of the frame to 1500 bytes
B. To bring the length of the Data field to 46 bytes
C. To bring the length of the FCS field to 64 bytes
D. To bring the length of the SFD field to 1 byte
5. If a switch has five workstations attached, how many collision domains are created?
A. 1
B. 0
C. 5
D. 6
1. C is correct. The switch examines and learns the source MAC addresses of incoming frames.
2. A is correct. The database is termed the MAC address table.
3. B is correct. The command is show mac address-table.
4. B is correct. Padding might be used in the Data and Pad field in order to bring it to the required minimum length of 46 bytes.
5. C is correct. Each of the five workstations connected to a switch is in its own collision domain.
Layer 2 Addressing & Forwarding
https://www.youtube.com/watch?v=JogWpd2w1Mg&t=1053s
The Ethernet Frame Format - In Less than 60 Seconds
https://www.youtube.com/watch?v=clHBnmUckzg
Ethernet: The Definitive Guide, 2nd edition
by Joann Zimmerman, Charles E. Spurgeon, O’Reilly Media, Inc., 2014
Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, 2nd edition
by Radia Perlman, Addison-Wesley Professional, 1999
3.142.124.252