Module 6: Data Link Layer Data Link Layer Standards

Data link layer protocols are defined by engineering

Purpose of the Data Link Layer
organizations:
Data Link Layer Institute for Electrical and Electronic Engineers
The Data Link layer is responsible for (IEEE).
communications between end-device network International Telecommunications Union (ITU).
interface cards. International Organizations for Standardization
It allows upper layer protocols to access the (ISO).
physical layer media and encapsulates Layer 3 American National Standards Institute (ANSI).
packets (IPv4 and IPv6) into Layer 2 Frames.
It also performs error detection and rejects Topologies
corrupts frames.
Physical and Logical Topologies
The topology of a network is the arrangement and
IEEE 802 LAN/MAN Data Link Sublayers
relationship of the network devices and the
IEEE 802 LAN/MAN standards are specific to the
interconnections between them.
type of network (Ethernet, WLAN, WPAN, etc).
The Data Link Layer consists of two sublayers.
There are two types of topologies used when
-​ LLC sublayer communicates between the
describing networks:
networking software(upper layers) and the
-​ Physical topology – shows physical
device hardware at the lower layers.
connections and how devices are
-​ MAC sublayer is responsible for data
interconnected.
encapsulation and media access control.
-​ Logical topology – identifies the virtual
connections between devices using device
interfaces and IP addressing schemes.

WAN Topologies

There are three common physical WAN

topologies:
-​ Point-to-point – the simplest and most
common WAN topology. Consists of a
permanent link between two endpoints.
Providing Access to Media -​ Hub and spoke – similar to a star topology
Packets exchanged between nodes may experience where a central site interconnects branch sites
numerous data link layers and media transitions. through point-to-point links.
At each hop along the path, a router performs four -​ Mesh – provides high availability but requires
basic Layer 2 functions: every end system to be connected to every
-​ Accepts a frame from the network medium. other end system.
-​ De-encapsulates the frame to expose the
encapsulated packet.
-​ Re-encapsulates the packet into a new frame.
-​ Forwards the new frame on the medium of the
next network segment.
Point-to-Point WAN Topology Full-duplex communication (Phone)

Physical point-to-point topologies directly Allows both devices to simultaneously transmit and

connect two nodes. receive on a shared medium.

The nodes may not share the media with other Ethernet switches operate in full-duplex mode.

hosts.
Because all frames on the media can only travel to Access Control Methods
or from the two nodes, Point-to-Point WAN protocols Contention-based access
can be very simple. All nodes operating in half-duplex, competing for
use of the medium. Examples are:
-​ Carrier sense multiple access with collision
detection (CSMA/CD) as used on legacy
bus-topology Ethernet.
-​ Carrier sense multiple access with collision
LAN Topologies avoidance (CSMA/CA) as used on Wireless

End devices on LANs are typically interconnected LANs.

using a star or extended star topology. Star and

extended star topologies are easy to install, very Controlled access

scalable and easy to troubleshoot. Deterministic access where each node has its own
time on the medium.

Early Ethernet and Legacy Token Ring Used on legacy networks such as Token Ring and

technologies provide two additional topologies: ARCNET.

-​ Bus – All end systems chained together and

terminated on each end. Contention-Based Access – CSMA/CD
-​ Ring – Each end system is connected to its Used by legacy Ethernet LANs.
respective neighbors to form a ring. Operates in half-duplex mode where only one
device sends or receives at a time.
Uses a collision detection process to govern when a
device can send and what happens if multiple
devices send at the same time.

CSMA/CD collision detection process:

Devices transmitting simultaneously will result in a
signal collision on the shared media.
Devices detect the collision.
Devices wait a random period of time and retransmit
data.
Half and Full Duplex Communication
Example is when using mobile data,, it will be
Half-duplex communication (Walkie-Talkie) automatically turned off for calling(og)
Only allows one device to send or receive at a time
on a shared medium.
Used on WLANs and legacy bus topologies with
Ethernet hubs.
​
end of frame
Contention-Based Access – CSMA/CA
Addressing Indicates source and
Used by IEEE 802.11 WLANs.
destination nodes
Operates in half-duplex mode where only one
device sends or receives at a time. Type Identifies encapsulated
Uses a collision avoidance process to govern when Layer 3 protocol
a device can send and what happens if multiple
devices send at the same time. Control Identifies flow control
services
CSMA/CA collision avoidance process:
Data Contains the frame
When transmitting, devices also include the time
payload
duration needed for the transmission.
Other devices on the shared medium receive the Error Detection Used for determine
time duration information and know how long the transmission errors
medium will be unavailable.

Data Link Frame

Layer 2 Addresses
The Frame
Also referred to as a physical address.
Data is encapsulated by the data link layer with a
Contained in the frame header.
header and a trailer to form a frame.
Used only for local delivery of a frame on the link.
A data link frame has three parts:
Updated by each device that forwards the frame.
-​ Header
-​ Data
-​ Trailer
The fields of the header and trailer vary according to
data link layer protocol.

The amount of control information carried with in the

frame varies according to access control information
and logical topology. LAN and WAN Frames

The logical topology and physical media determine

Frame Fields
the data link protocol used:
-​ Ethernet
-​ 802.11 Wireless
-​ Point-to-Point (PPP)
-​ High-Level Data Link Control (HDLC)
-​ Frame-Relay
Each protocol performs media access control for
specified logical topologies.
Field Description

Frame Start and Stop Identifies beginning and

Module 7: Ethernet MAC Sublayer

Switching MAC sublayer is responsible for data encapsulation

and accessing the media.
Ethernet Frames
Ethernet Encapsulation Data Encapsulation
Ethernet operates in the data link layer and the IEEE 802.3 data encapsulation includes the
physical layer. following:
It is a family of networking technologies defined in -​ Ethernet frame - This is the internal structure
the IEEE 802.2 and 802.3 standards. of the Ethernet frame.
-​ Ethernet Addressing - The Ethernet frame
includes both a source and destination MAC
Mnemonic for 7 Layers
address to deliver the Ethernet frame from
Please ​​ Physical
Ethernet NIC to Ethernet NIC on the same
Do ​ ​ Data Link
LAN.
Not ​ ​ Network
The Ethernet frame includes a frame check
Throw ​​ Transport
sequence (FCS) trailer used for error detection.
Sausage ​ Session
Pizza ​ ​ Presentation
Away ​ ​ Application Media Access
The IEEE 802.3 MAC sublayer includes the
Data Link Sublayers
specifications for different Ethernet communications
The 802 LAN/MAN standards, including Ethernet, standards over various types of media including
use two separate sublayers of the data link layer to copper and fiber.
operate: Legacy Ethernet using a bus topology or hubs, is a
-​ LLC Sublayer: (IEEE 802.2) shared, half-duplex medium. Ethernet over a
Places information in the frame to identify half-duplex medium uses a contention-based
which network layer protocol is used for the access method, carrier sense multiple
frame. access/collision detection (CSMA/CD).
-​ MAC Sublayer: (IEEE 802.3, 802.11, or Ethernet LANs of today use switches that operate in
802.15) full-duplex. Full-duplex communications with
Responsible for data encapsulation and media Ethernet switches do not require access control
access control, and provides data link layer through CSMA/CD.
addressing.

Ethernet Frame Fields

The Ethernet frame size is >64 bytes and <1518

bytes. The preamble field is not included when
describing the size of the frame.
Any frame less than 64 bytes in length is
considered a “collision fragment” or “runt frame” and
is automatically discarded.
Frames with more than 1500 bytes of data are
considered “jumbo” or “baby giant frames”.
Jumbo frames are usually supported by most Fast register with the IEEE to obtain a unique 6
Ethernet and Gigabit Ethernet switches and NICs. hexadecimal (i.e., 24-bit or 3-byte) code called the
organizationally unique identifier (OUI).
If the size of a transmitted frame is less than the An Ethernet MAC address consists of a 6
minimum, or greater than the maximum, the hexadecimal vendor OUI code followed by a 6
receiving device drops the frame. hexadecimal vendor-assigned value.
Dropped frames; result of collisions or other
unwanted signals. They are considered invalid.

Ethernet MAC Address

Frame Processing
MAC Address and Hexadecimal When a device is forwarding a message to an
An Ethernet MAC address consists of a 48-bit Ethernet network, the Ethernet header include a
binary value, expressed using 12 hexadecimal Source MAC address and a Destination MAC
values. address.
Given that 8 bits (one byte) is a common binary When a NIC receives an Ethernet frame, it
grouping, binary 00000000 to 11111111 can be examines the destination MAC address to see if it
represented in hexadecimal as the range 00 to FF. matches the physical MAC address that is stored in
When using hexadecimal, leading zeroes are RAM. If there is no match, the device discards the
always displayed to complete the 8-bit frame. If there is a match, it passes the frame up
representation. For example the binary value 0000 the OSI layers, where the de-encapsulation process
1010 is represented in hexadecimal as 0A. takes place.
Hexadecimal numbers are often represented by the Note: Ethernet NICs - accept frames if the
value preceded by 0x (e.g., 0x73) to distinguish destination MAC address is a broadcast or a
between decimal and hexadecimal values in multicast group of which the host is a member.
documentation. Any device that is the source or destination of
Hexadecimal may also be represented by a an Ethernet frame, will have an Ethernet NIC and a
subscript 16, or the hex number followed by an H MAC address. This includes workstations, servers,
(e.g., 73H). printers, mobile devices, and routers.

Ethernet MAC Address Unicast MAC Address

In an Ethernet LAN, every network device is
In Ethernet, different MAC addresses are used for
connected to the same, shared media. MAC
Layer 2 unicast, broadcast, and multicast
addressing provides a method for device
communications.
identification at the data link layer of the OSI model.
A unicast MAC address is the unique address that
An Ethernet MAC address is a 48-bit address
is used when a frame is sent from a single
expressed using 12 hexadecimal digits. Because a
transmitting device to a single destination device.
byte equals 8 bits, we can also say that a MAC
Address Resolution Protocol (ARP) is a process
address is 6 bytes in length.
that a source host uses to determine the destination
All MAC addresses must be unique to the
MAC address associated with an IPv4. Neighbor
Ethernet device or Ethernet interface. To ensure
Discovery (ND) is a process that a source host
this, all vendors that sell Ethernet devices must
uses to determine the destination MAC address packet and a destination MAC address of 33-33
associated with an IPv6 address. when the encapsulated data is an IPv6 multicast
Note: The source MAC address must always be a packet.
unicast There are other reserved multicast destination
MAC addresses for when the encapsulated data
is not IP, such as Spanning Tree Protocol (STP).
It is flooded out all Ethernet switch ports except
the incoming port, unless the switch is
configured for multicast snooping.
It is not forwarded by a router, unless the router
is configured to route multicast packets.
Because multicast addresses represent a group
of addresses (sometimes called a host group),
they can only be used as the destination of a

Figure – MAC ADDRESS packet.

The source will always be a unicast address.

Broadcast MAC Address As with the unicast and broadcast addresses, the
multicast IP address requires a corresponding
An Ethernet broadcast frame is received and multicast MAC address.
processed by every device on the Ethernet LAN. == Figure – MAC ADDRESS sl. Unicast MAC
The features are as follows: Address==
-​ It has a destination MAC address of
FF-FF-FF-FF-FF-FF in hexadecimal (48 ones
The MAC Address Table
in binary).
-​ It is flooded out all Ethernet switch ports except Switch Fundamentals
the incoming port. It is not forwarded by a A Layer 2 Ethernet switch uses Layer 2 MAC
router. addresses to make forwarding decisions.​
-​ If the encapsulated data is an IPv4 It is completely unaware of the data (protocol) being
broadcast packet, this means the packet carried in the data portion of the frame, such as an
contains a destination IPv4 address that has all IPv4 packet, an ARP message, or an IPv6 ND
ones (1s) in the host portion. This numbering in packet.​
the address means that all hosts on that local The switch makes its forwarding decisions based
network (broadcast domain) will receive and solely on the Layer 2 Ethernet MAC addresses.
process the packet. An Ethernet switch examines its MAC address
== Figure – MAC ADDRESS sl. Unicast MAC table to make a forwarding decision for each
Address== frame, unlike legacy Ethernet hubs that repeat bits
out all ports except the incoming port.​

Multicast MAC Address When a switch is turned on, the MAC address

An Ethernet multicast frame is received and table is empty.​

processed by a group of devices that belong to Note: The MAC address table is sometimes

the same multicast group. referred to as a content addressable memory (CAM)

There is a destination MAC address of 01-00-5E table

when the encapsulated data is an IPv4 multicast

Switch Learning and Forwarding
Examine the Source MAC Address (Learn)
Every frame that enters a switch is checked for new
information to learn. It does this by examining the
source MAC address of the frame and the port
number where the frame entered the switch. If the
source MAC address does not exist, it is added to
the table along with the incoming port number. If the
source MAC address does exist, the switch
updates the refresh timer for that entry. By default,
most Ethernet switches keep an entry in the table
for 5 minutes.
Switch Speeds and Forwarding
Note: If the source MAC address does exist in the
Methods
table but on a different port, the switch treats this as
a new entry. The entry is replaced using the same Frame Forwarding Methods on Cisco
MAC address but with the more current port
Switches
number.
Switches use one of the following forwarding
methods for switching data between network ports:
Find the Destination MAC Address (Forward) -​ Store-and-forward switching - This frame
If the destination MAC address is a unicast forwarding method receives the entire frame
address, the switch will look for a match between and computes the CRC. If the CRC is valid, the
the destination MAC address of the frame and an switch looks up the destination address, which
entry in its MAC address table. If the destination determines the outgoing interface. Then the
MAC address is in the table, it will forward the frame is forwarded out of the correct port.
frame out the specified port. If the destination MAC -​ Cut-through switching - This frame
address is not in the table, the switch will do an forwarding method forwards the frame before it
unknown unicast, forward the frame out all ports is entirely received. At a minimum, the
except the incoming port. destination address of the frame must be read
Note: If the destination MAC address is a broadcast before the frame can be forwarded.
or a multicast, the frame is also flooded out all ports A big advantage of store-and-forward switching
except the incoming port. is that it determines if a frame has errors before
propagating the frame. When an error is detected in
Filtering Frames a frame, the switch discards the frame. Discarding
As a switch receives frames from different frames with errors reduces the amount of bandwidth
devices, it populates its MAC address table by consumed by corrupt data.
examining the source MAC address of every Store-and-forward switching is required for
frame. quality of service (QoS) analysis on converged
When the MAC address table contains the networks where frame classification for traffic
destination MAC address, the switch is able to prioritization is necessary. For example, voice over
filter the frame and forward it out a single port. IP (VoIP) data streams need to have priority over
web-browsing traffic.
Cut-Through Switching
been successfully transmitted.
In cut-through switching, the switch acts upon the •It is possible for a single frame to
data as soon as it is received, even if the delay the transmission of all the
transmission is not complete. The switch buffers just frames in memory because of a
enough of the frame to read the destination MAC busy destination port.
address so that it can determine to which port it •This delay occurs even if the other
should forward out the data. The switch does not frames could be transmitted to
perform any error checking on the frame. open destination ports.
There are two variants of cut-through switching:
-​ Fast-forward switching - Offers the lowest Shared •Deposits all frames into a common

level of latency by immediately forwarding a memory memory buffer shared by all switch

packet after reading the destination address. ports and the amount of buffer

Because fast-forward switching starts memory required by a port is

forwarding before the entire packet has been dynamically allocated.

received, there may be times when packets are •The frames in the buffer are

relayed with errors. The destination NIC dynamically linked to the

discards the faulty packet upon receipt. destination port enabling a packet

Fast-forward switching is the typical to be received on one port and then

cut-through method of switching. transmitted on another port, without

-​ Fragment-free switching - A compromise moving it to a different queue.

between the high latency and high integrity of Shared memory buffering also results in larger
store-and-forward switching and the low frames that can be transmitted with fewer dropped
latency and reduced integrity of fast-forward frames. This is important with asymmetric switching
switching, the switch stores and performs an which allows for different data rates on different
error check on the first 64 bytes of the frame ports. Therefore, more bandwidth can be dedicated
before forwarding. Because most network to certain ports (e.g., server port).
errors and collisions occur during the first 64
bytes, this ensures that a collision has not Duplex and Speed Settings
occurred before forwarding the frame.
Two of the most basic settings on a switch are the
bandwidth (“speed”) and duplex settings for
Memory Buffering on Switches
each individual switch port. It is critical that the
An Ethernet switch may use a buffering technique to duplex and bandwidth settings match between the
store frames before forwarding them or when the switch port and the connected devices.
destination port is busy because of congestion.

Method Description There are two types of duplex settings used for
communications on an Ethernet network:
Port-based •Frames are stored in queues that -​ Full-duplex - Both ends of the connection can
memory are linked to specific incoming and send and receive simultaneously.
outgoing ports. -​ Half-duplex - Only one end of the connection
•A frame is transmitted to the can send at a time.
outgoing port only when all the
frames ahead in the queue have Autonegotiation is an optional function found on
most Ethernet switches and NICs. It enables two later. However, the feature could be disabled. For
devices to automatically negotiate the best speed this reason, you should always use the correct cable
and duplex capabilities. type and not rely on the auto-MDIX feature.
Auto-MDIX can be re-enabled using the mdix auto
Note: Gigabit Ethernet ports only operate in interface configuration command.
full-duplex.

Module 8: Network Layer

Duplex mismatch is one of the most common
causes of performance issues on 10/100 Mbps Network Layer Characteristics
Ethernet links. It occurs when one port on the link
operates at half-duplex while the other port operates The Network Layer
at full-duplex.
Provides services to allow end devices to exchange
This can occur when one or both ports on a link are
data
reset, and the autonegotiation process does not
IP version 4 (IPv4) and IP version 6 (IPv6) are the
result in both link partners having the same
principle network layer communication protocols.
configuration.
The network layer performs four basic operations:
It also can occur when users reconfigure one side of
-​ Addressing end devices
a link and forget to reconfigure the other. Both sides
-​ Encapsulation
of a link should have autonegotiation on, or both
-​ Routing
sides should have it off. Best practice is to configure
-​ De-encapsulation
both Ethernet switch ports as full-duplex.

IP Encapsulation

-​ IP encapsulates the transport layer segment.

-​ IP can use either an IPv4 or IPv6 packet and
not impact the layer 4 segment.
Auto-MDIX -​ IP packet will be examined by all layer 3
devices as it traverses the network.
Connections between devices once required the use
-​ The IP addressing does not change from
of either a crossover or straight-through cable. The
source to destination.
type of cable required depended on the type of
Note: NAT will change addressing, but will be
interconnecting devices.
discussed in a later module.
Note: A direct connection between a router and a
host requires a cross-over connection.
Characteristics of IP

Most switch devices now support the automatic IP is meant to have low overhead and may be
medium-dependent interface crossover described as:
(auto-MDIX) feature. When enabled, the switch -​ Connectionless
automatically detects the type of cable attached to -​ Best Effort
the port and configures the interfaces accordingly. -​ Media Independent
The auto-MDIX feature is enabled by default on
switches running Cisco IOS Release 12.2(18)SE or
Connectionless Fragmenting introduces latency.

-​ IP does not establish a connection with the IPv6 does not perform packet fragmentation.

destination before sending the packet. Example: Router goes from Ethernet to a slow WAN

-​ There is no control information needed with a smaller MTU.

(synchronizations, acknowledgments, etc.).

-​ The destination will receive the packet when it IPv4 Packet
arrives, but no pre-notifications are sent by IP.
-​ If there is a need for connection-oriented traffic, IPv4 Packet Header
then another protocol will handle this (typically IPv4 is the primary communication protocol for the
TCP at the transport layer). network layer.
The network header has many purposes:
Best Effort It ensures the packet is sent in the correct direction

-​ IP will not guarantee delivery of the packet. (to the destination).

-​ IP has reduced overhead since there is no It contains information for network layer processing

mechanism to resend data that is not received. in various fields.

-​ IP does not expect acknowledgments. The information in the header is used by all layer 3

-​ IP does not know if the other device is devices that handle the packet

operational or if it received the packet.

IPv4 Packet Header Fields
Media Independent The IPv4 network header characteristics:

-​ IP is unreliable: -​ It is in binary.

-​ It cannot manage or fix undelivered or corrupt -​ Contains several fields of information

packets. -​ Diagram is read from left to right, 4 bytes per

-​ IP cannot retransmit after an error. line

-​ IP cannot realign out of sequence packets. -​ The two most important fields are the source

-​ IP must rely on other protocols for these and destination.

functions.
IP does not concern itself with the type of frame Protocols may have may have one or more

required at the data link layer or the media type at functions.

the physical layer.

IP can be sent over any media type: copper,
fiber, or wireless. Significant fields in the IPv4 header

Function Description
The network layer establishes the Maximum
Transmission Unit (MTU). Version This will be for v4, as

Network layer receives MTU information from opposed to v6, a 4 bit field=
control data sent by the data link layer. 0100
The network uses this information to determine
Differentiated Used for QoS: DiffServ –
the MTU size.
Fragmentation is when Layer 3 splits an IPv4 Services DS field or the older IntServ
packet into smaller units. – ToS or Type of Service
 address, not 32 bits
Header Detect corruption in the
-​ Improved packet handling – simplified header
Checksum IPv4 header
with fewer fields

Time to Live Layer 3 hop count. When it -​ Eliminates the need for NAT – since there is a
huge amount of addressing, there is no need to
(TTL) becomes zero the router
use private addressing internally and be
will discard the packet.
mapped to a shared public address

Protocol I.D.s next level protocol:

ICMP, TCP, UDP, etc.

Source IPv4 32 bit source address

Address

Destination 32 bit destination address

IPV4 Address

IPv6 Packets
IPv4 Packet Header Fields in the IPv6
Limitations of IPv4IPv6 Overview
Packet Header
IPv4 has three major limitations:
The IPv6 header is simplified, but not smaller.
-​ IPv4 address depletion – We have basically
The header is fixed at 40 Bytes or octets long.
run out of IPv4 addressing.
Several IPv4 fields were removed to improve
-​ Lack of end-to-end connectivity – To make
performance.
IPv4 survive this long, private addressing and
Some IPv4 fields were removed to improve
NAT were created. This ended direct
performance:
communications with public addressing.
-​ Flag
-​ Increased network complexity – NAT was
-​ Fragment Offset
meant as temporary solution and creates
-​ Header Checksum
issues on the network as a side effect of
manipulating the network headers addressing.
IPv6 Packet Header
NAT causes latency and troubleshooting
issues. Significant fields in the IPv4 header:

Function Description

Version This will be for v6, as

IPv6 was developed by Internet Engineering
Task Force (IETF). opposed to v4, a 4 bit field=

IPv6 overcomes the limitations of IPv4. 0110

Improvements that IPv6 provides:
Traffic Class Used for QoS: Equivalent
-​ Increased address space – based on 128 bit
 How a Host Routes
to DiffServ – DS field

Host Forwarding Decision

Flow Label Informs device to handle
identical flow labels the Packets are always created at the source.

same way, 20 bit field Each host devices creates their own routing table.
A host can send packets to the following:
Payload This 16-bit field indicates -​ Itself – 127.0.0.1 (IPv4), ::1 (IPv6)
Length the length of the data -​ Local Hosts – destination is on the same LAN
portion or payload of the -​ Remote Hosts – devices are not on the same

IPv6 packet LAN

Next Header I.D.s next level protocol:

The Source device determines whether the
ICMP, TCP, UDP, etc.
destination is local or remote
Hop Limit Replaces TTL field Layer 3 Method of determination:

hop count -​ IPv4 – Source uses its own IP address and

Subnet mask, along with the destination IP
Source IPv4 128 bit source address address
Address -​ IPv6 – Source uses the network address and
prefix advertised by the local router
Destination 128 bit destination address Local traffic is dumped out the host interface to be
IPV4 Address handled by an intermediary device.
Remote traffic is forwarded directly to the
default gateway on the LAN.

IPv6 packet may also contain extension headers Default Gateway

(EH).
A router or layer 3 switch can be a
EH headers characteristics:
default-gateway.
-​ provide optional network layer information
Features of a default gateway (DGW):
-​ are optional
-​ It must have an IP address in the same range
-​ are placed between IPv6 header and the
as the rest of the LAN.
payload
-​ It can accept data from the LAN and is capable
-​ may be used for fragmentation, security,
of forwarding traffic off of the LAN.
mobility support, etc.
-​ It can route to other networks.
-​ If a device has no default gateway or a bad
Note: Unlike IPv4, routers do not fragment IPv6
default gateway, its traffic will not be able to
packets.
leave the LAN.
Know what the ip byts means
A Host Routes to the Default Gateway

The host learns the default gateway (DGW)

either by manual setup (static) or automatically
through DHCP in IPv4.
In IPv6, the DGW is shared by the router using a
router solicitation (RS) or can also be set manually.
A DGW acts as a static route and is used as a
last resort when there’s no specific route in the
routing table.
Every device on the LAN needs the DGW
address of the router to send data outside the
local network.

Host Routing Tables

IP Router Routing Table
On Windows, route print or netstat -r to display the
PC routing table There three types of routes in a router’s routing

Three sections displayed by these two commands: table:

Interface List – all potential interfaces and MAC -​ Directly Connected – These routes are

addressing automatically added by the router, provided the

IPv4 Routing Table interface is active and has addressing.

IPv6 Routing Table -​ Remote – These are the routes the router
does not have a direct connection and may be
learned:
-​ Manually – with a static route
-​ Dynamically – by using a routing protocol to
have the routers share their information with
each other
-​ Default Route – this forwards all traffic to a
specific direction when there is not a match in
the routing table

Introduction to Routing

Router Packet Forwarding Decision Static Routing

What happens when the router receives the frame Static Route Characteristics:
from the host device? -​ Must be configured manually
-​ Must be adjusted manually by the administrator
when there is a change in the topology
-​ Good for small non-redundant networks
-​ Often used in conjunction with a dynamic
routing protocol for configuring a default route
 Introduction to an IPv4 Routing Table

The show ip route command shows the following

route sources:
L - Directly connected local interface IP address
C – Directly connected network
S – Static route was manually configured by an
administrator
O – OSPF
D – EIGRP
This command shows types of routes:
Directly Connected – C and L
Remote Routes – O, D, etc.
Default Routes – S*

Dynamic Routing

Dynamic Routes Automatically:

-​ Discover remote networks
-​ Maintain up-to-date information
-​ Choose the best path to the destination
-​ Find new best paths when there is a topology
change
Dynamic routing can also share static default routes
with the other routers.

Module 9: Address
Resolution

Mac and IP

Destination on Same Network

There are two primary addresses assigned to a

device on an Ethernet LAN:
-​ Layer 2 physical address (the MAC address)
– Used for NIC to NIC communications on the
same Ethernet network.
-​ Layer 3 logical address (the IP address) –
Used to send the packet from the source
device to the destination device.

Layer 2 addresses are used to deliver frames from

one NIC to another NIC on the same network. If a same network, the device will search the ARP table
destination IP address is on the same network, the for the destination IPv4 address.
destination MAC address will be that of the If the destination IPv4 address is on a different
destination device. network, the device will search the ARP table for
the IPv4 address of the default gateway.
MAC - Ports unique address, not given If the device locates the IPv4 address, its
IP - Admin input, given corresponding MAC address is used as the
destination MAC address in the frame.
If there is no ARP table entry is found, then the
device sends an ARP request.

Removing Entries from an ARP Table

Entries in the ARP table are not permanent and are

removed when an ARP cache timer expires after a
Destination on Different Network specified period of time.
When the destination IP address is on a remote The duration of the ARP cache timer differs
network, the destination MAC address is that of the depending on the operating system.
default gateway. ARP table entries can also be removed manually by
ARP is used by IPv4 to associate the IPv4 address the administrator.
of a device with the MAC address of the device NIC.
ICMPv6 is used by IPv6 to associate the IPv6 ARP Tables on Networking Devices
address of a device with the MAC address of the
The show ip arp command displays the ARP table
device NIC.
on a Cisco router.
The arp –a command displays the ARP table on a
ARP Windows 10 PC.

ARP Overview

A device uses ARP to determine the destination

MAC address of a local device when it knows its
IPv4 address.

ARP Issues – ARP Broadcasting and ARP

ARP provides two basic functions:
Spoofing
-​ Resolving IPv4 addresses to MAC addresses
-​ Maintaining an ARP table of IPv4 to MAC ARP requests are received and processed by every
address mappings device on the local network.
Excessive ARP broadcasts can cause some
ARP Functions reduction in performance.
ARP replies can be spoofed by a threat actor to
To send a frame, a device will search its ARP table
perform an ARP poisoning attack.
for a destination IPv4 address and a corresponding
Enterprise level switches include mitigation
MAC address.
techniques to protect against ARP attacks.
If the packet’s destination IPv4 address is on the
Copper Cabling Module 10: Basic Router
IPv6 Neighbor Discovery Messages Configuration
IPv6 Neighbor Discovery (ND) protocol provides:
-​ Address resolution Configure Initial Router Settings
-​ Router discovery
-​ Redirection services Basic Router Configuration Steps
ICMPv6 Neighbor Solicitation (NS) and Neighbor
Advertisement (NA) messages are used for
device-to-device messaging such as address
resolution.
ICMTPv6 Router Solicitation (RS) and Router
Advertisement (RA) messages are used for
messaging between devices and routers for router
discovery.
ICMPv6 redirect messages are used by routers for Basic Router Configuration Example
better next-hop selection.

IPv6 Neighbor Discovery – Address

Resolution

IPv6 devices use ND to resolve the MAC address of

a known IPv6 address.
ICMPv6 Neighbor Solicitation messages are sent
using special Ethernet and IPv6 multicast
addresses. ​ Configure Interfaces

Configure Router Interfaces

Configuring a router interface includes issuing the

following commands:​

It is a good practice to use the description command

to add information about the network connected to
the interface.
The no shutdown command activates the interface.
Configure Router Interfaces Example
show interfaces Displays statistics for
The commands to configure interface G0/0/0 on R1 all interfaces on the
are shown here:​ device. Only displays
the IPv4 addressing
information.

show ip Displays the IPv4

interfaces statistics for all
interfaces on a router.

show ipv6 Displays the IPv6

interfaces statistics for all
interfaces on a router.

View status of all interfaces with the show ip

interface brief and show ipv6 interface brief
commands, shown here:

Verify Interface Configuration

To verify interface configuration use the show ip

interface brief and show ipv6 interface brief
commands shown here:​
Display the contents of the IP routing tables with the
show ip route and show ipv6 route commands as
shown here:

Configure Verification Commands

The table summarizes show commands used to

verify interface configuration.

Commands Description
Display statistics for all interfaces with the show
show ip interface Displays all interfaces,
interfaces command, as shown here:
brief their IP addresses, and
show ipv6 their current status.
interface brief

show ip route Displays the contents

show ipv6 route of the IP routing tables
stored in RAM.
 The default gateway address is generally the router
interface address attached to the local network of
the host.
To reach PC3, PC1 addresses a packet with the
IPv4 address of PC3, but forwards the packet to its
default gateway, the G0/0/0 interface of R1.

Display IPv4 statistics for router interfaces with the

show ip interface command, as shown here:

Note: The IP address of the host and the router

interface must be in the same network.

Default Gateway on a Switch

Display IPv6 statistics for router interfaces with the
A switch must have a default gateway address
show ipv6 interface command shown here:
configured to remotely manage the switch from
another network.
To configure an IPv4 default gateway on a switch,
use the ip default-gateway ip-address global
configuration command.

ip default-gateway <ip-address>

Configure the Default Gateway

Default Gateway on a Host

The default gateway is used when a host sends a

packet to a device on another network.
SUMMARY M6-M10 MAC addressing provides a method for device
identification at the data link layer of the OSI model.
An Ethernet MAC address is a 48-bit address
M6 expressed using 12 hexadecimal digits, or 6 bytes.
The data link layer of the OSI model (Layer 2) When a device is forwarding a message to an
prepares network data for the physical network. Ethernet network, the Ethernet header includes the
The data link layer is responsible for network source and destination MAC addresses. In Ethernet,
interface card (NIC) to network interface card different MAC addresses are used for Layer 2
communications. unicast, broadcast, and multicast communications.
The IEEE 802 LAN/MAN data link layer consists of A Layer 2 Ethernet switch makes its forwarding
the following two sublayers: LLC and MAC. decisions based solely on the Layer 2 Ethernet MAC
The two types of topologies used in LAN and WAN addresses.
networks are physical and logical. The switch dynamically builds the MAC address
Three common types of physical WAN topologies table by examining the source MAC address of the
are: point-to-point, hub and spoke, and mesh. frames received on a port.
Half-duplex communications exchange data in one The switch forwards frames by searching for a
direction at a time. Full-duplex sends and receives match between the destination MAC address in the
data simultaneously. frame and an entry in the MAC address table.
In contention-based multi-access networks, all Switches use one of the following forwarding
nodes are operating in half-duplex. methods for switching data between network ports:
Examples of contention-based access methods store-and-forward switching or cut-through
include: CSMA/CD for bus-topology Ethernet LANs switching. Two variants of cut-through switching are
and CSMA/CA for WLANs. fast-forward and fragment-free.
The data link frame has three basic parts: header, Two methods of memory buffering are port-based
data, and trailer. memory and shared memory.
Frame fields include: frame start and stop indicator There are two types of duplex settings used for
flags, addressing, type, control, data, and error communications on an Ethernet network: full-duplex
detection. and half-duplex.
Data link addresses are also known as physical
addresses.
Data link addresses are only used for link local
delivery of frames. M8
IP is connectionless, best effort, and media
independent.
M7 IP does not guarantee packet delivery.
Ethernet operates in the data link layer and the IPv4 packet header consists of fields containing
physical layer. Ethernet standards define both the information about the packet.
Layer 2 protocols and the Layer 1 technologies. IPv6 overcomes IPv4 lack of end-to-end connectivity
Ethernet uses the LLC and MAC sublayers of the and increased network complexity.
data link layer to operate. A device will determine if a destination is itself,
The Ethernet frame fields are: preamble and start another local host, and a remote host.
frame delimiter, destination MAC address, source A default gateway is router that is part of the LAN
MAC address, EtherType, data, and FCS. and will be used as a door to other networks.
The routing table contains a list of all known network The tasks that should be completed when
addresses (prefixes) and where to forward the configuring initial settings on a router.
packet. Configure the device name.
The router uses longest subnet mask or prefix Secure privileged EXEC mode.
match. Secure user EXEC mode.
The routing table has three types of route entries: Secure remote Telnet / SSH access.
directly connected networks, remote networks, and Secure all passwords in the config file.
a default route. Provide legal notification.
Save the configuration.
For routers to be reachable, the router interfaces
M9
must be configured.
Layer 2 physical addresses (i.e., Ethernet MAC
Using the no shutdown command activates the
addresses) are used to deliver the data link frame
interface. The interface must also be connected to
with the encapsulated IP packet from one NIC to
another device, such as a switch or a router, for the
another NIC on the same network.
physical layer to be active. There are several
If the destination IP address is on the same network,
commands that can be used to verify interface
the destination MAC address will be that of the
configuration including the show ip interface brief
destination device.
and show ipv6 interface brief, the show ip route and
When the destination IP address (IPv4 or IPv6) is on
show ipv6 route, as well as show interfaces, show ip
a remote network, the destination MAC address will
interface and show ipv6 interface.
be the address of the host default gateway (i.e., the
For an end device to reach other networks, a default
router interface).
gateway must be configured.
An IPv4 device uses ARP to determine the
The IP address of the host device and the router
destination MAC address of a local device when it
interface address must be in the same network.
knows its IPv4 address.
A switch must have a default gateway address
ARP provides two basic functions: resolving IPv4
configured to remotely manage the switch from
addresses to MAC addresses and maintaining a
another network.
table of IPv4 to MAC address mappings.
To configure an IPv4 default gateway on a switch,
After the ARP reply is received, the device will add
use the ip default-gateway ip-address global
the IPv4 address and the corresponding MAC
configuration command.
address to its ARP table.
For each device, an ARP cache timer removes ARP
entries that have not been used for a specified
period of time.
IPv6 does not use ARP, it uses the ND protocol to
resolve MAC addresses.
An IPv6 device uses ICMPv6 Neighbor Discovery to
determine the destination MAC address of a local
device when it knows its IPv6 address.

M10