Solved: Noob questions about Layer 2 devices

kamikaze762 · ‎09-04-2013

I have been studying some material for the CCENT, and I came across some conceptual ideas that I cannot seem to resolve.

Switches work at layer 2, right? That means that they are concerned with MAC addresses and build tables to resolve incoming frames to a given port on the device... sounds good so far. But they don't interact with the packet-level headers, so how on earth do they know exactly where to send an incoming packet? I assume that the "destination Ethernet address" shown on the diagrams of Ethernet frames is really a MAC address? This would make the frame getting to its destination possible, but I noticed that there seems to be a consequence of the way this works (if correct).

If Switches 1, 2, and 3 are daisy chained, Switch 1 builds a table linking the MAC address of PC1 to port Eth0. Switch 2 builds a table linking Switch 1 to Eth0, and Switch 3 builds a table linking Switch 2 to Eth0. The MAC addresses of PC1 is not stored in Switches 2 and 3, right? So if a frame comes in on Switch 3 intended for PC1, my limited knowledge of protocols tells me that nothing could resolve this path. So do you only get to hop to or from one layer 2 device at a time, or is there some layer 2 protocol that I am missing?

Thanks in advance, and please forgive my limited knowledge if I have asked the wrong questions or made the wrong assumptions.

Pedro Lereno · ‎09-04-2013

Hi Aaron,

Sorry for my english, I will try to explain the most simple way as possible.

...........

Switches work at layer 2, right? That means that they are concerned with MAC addresses and build tables to resolve incoming frames to a given port on the device... sounds good so far. But they don't interact with the packet-level headers, so how on earth do they know exactly where to send an incoming packet?

..........

- Imagine that PC1 wants to communicate with PC2. PC1 and PC2 are on the same vlan (layer 2 domain).

- Pc1 knows the ip address of pc2 but not the mac address, so it sends a layer 2 arp request with the question "Whos has ip2, tell ip1". This frame has source mac1 and destination broadcast (ff:ff:ff:ff:ff:ff), it is flooded to all ports of the switch except the incoming one - at this time all the switches have populated the CAM table with for example: mac1 - fe0/0

- Pc2 answer with an arp reply with destination mac1. at this point the switch knows the destination port of pc1 and learns the port that corresponds to mac2.

The CAM table is the populated:

mac1 - fe0/0

mac2 - fe0/1

- Any following frame between this two hosts the switch knows how to deliver.

--------------------------

If Switches 1, 2, and 3 are daisy chained, Switch 1 builds a table linking the MAC address of PC1 to port Eth0. Switch 2 builds a table linking Switch 1 to Eth0, and Switch 3 builds a table linking Switch 2 to Eth0. The MAC addresses of PC1 is not stored in Switches 2 and 3, right? So if a frame comes in on Switch 3 intended for PC1, my limited knowledge of protocols tells me that nothing could resolve this path. So do you only get to hop to or from one layer 2 device at a time, or is there some layer 2 protocol that I am missing?

------------------------

If are on the same layer 2 domain (vlan) all switches know the mac of pc1 and the mac of pc2.

PC1 -----f0/0 SW1 f0/1 -------------- f0/0 SW2 f0/1 ------------- PC2

CAM SW1

MAC1 - f0/0

MAC2 - f0/1

CAM SW2

MAC1 - f0/0

MAC2 - f0/1

When the switch receives a frame it adds the source mac to the CAM table (usually this has an ageing timer of 5 minutes, before deleted) and if it does not know the destination port it floods to all ports except the incoming one.

I hope this can help.

If anyone find any errors in my answer, please correct me!

Best Regards,

Pedro Lereno

View solution in original post

cadet alain · ‎09-04-2013

Hi,

If PC1 sends a packet to PC2, SW1 strips the frame header and floods the packet with a new frame header right?

No, a L2 switch doesn't change the L2 and L3 headers

Well, if SW1 updated its table with f0/0 MacPC1, would SW2 not update its table with f0/0 MacSW1?

Wouldn't SW2 have to always flood to everything beyond its immediate hops?

The MAC learning is done with the source MAC and so sw2 will see MAC of PC1 in its port connected to SW1

The flooding is done for broadcast frames( like ARP requests), multicast frames and unknown unicast frames( the switch hasn't got a port to MAC mapping for destination MAC), so it is done according to destination MAC

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

Joseph W. Doherty · ‎09-04-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Although the other posters have correctly answered, just want to re-emphasis a L2 switch learns where to direct frames by recording the frame's (source) MAC to the port a frame arrived on.

For example, the first time a frame with source MAC xyz is seen on port 5, the switch now "knows" frames with a destination MAC of xyz should be sent out port 5.

If the switch doesn't "know" a (destination) MAC it sends (replicates) the frame to all its ports except the ingress port (this is known as flooding).

Normally, hosts have two way communication, so once frames are seen from both hosts the switch can direct those (unicast) frames to just those hosts egress ports. However, if there's only one way frame transmission, the switch will continue to flood (replicate) received frames. As this situation negates the principle advantage of a switch, manageable capable switch often will allow you to "hard code" MACs to a port.

So to recap, the switch will learn to assosciate a host's MAC from "seeing" its traffic or this information might be manually entered.

View solution in original post

Pedro Lereno · ‎09-04-2013

Hi Aaron,

Sorry for my english, I will try to explain the most simple way as possible.

...........

Switches work at layer 2, right? That means that they are concerned with MAC addresses and build tables to resolve incoming frames to a given port on the device... sounds good so far. But they don't interact with the packet-level headers, so how on earth do they know exactly where to send an incoming packet?

..........

- Imagine that PC1 wants to communicate with PC2. PC1 and PC2 are on the same vlan (layer 2 domain).

- Pc1 knows the ip address of pc2 but not the mac address, so it sends a layer 2 arp request with the question "Whos has ip2, tell ip1". This frame has source mac1 and destination broadcast (ff:ff:ff:ff:ff:ff), it is flooded to all ports of the switch except the incoming one - at this time all the switches have populated the CAM table with for example: mac1 - fe0/0

- Pc2 answer with an arp reply with destination mac1. at this point the switch knows the destination port of pc1 and learns the port that corresponds to mac2.

The CAM table is the populated:

mac1 - fe0/0

mac2 - fe0/1

- Any following frame between this two hosts the switch knows how to deliver.

--------------------------

If Switches 1, 2, and 3 are daisy chained, Switch 1 builds a table linking the MAC address of PC1 to port Eth0. Switch 2 builds a table linking Switch 1 to Eth0, and Switch 3 builds a table linking Switch 2 to Eth0. The MAC addresses of PC1 is not stored in Switches 2 and 3, right? So if a frame comes in on Switch 3 intended for PC1, my limited knowledge of protocols tells me that nothing could resolve this path. So do you only get to hop to or from one layer 2 device at a time, or is there some layer 2 protocol that I am missing?

------------------------

If are on the same layer 2 domain (vlan) all switches know the mac of pc1 and the mac of pc2.

PC1 -----f0/0 SW1 f0/1 -------------- f0/0 SW2 f0/1 ------------- PC2

CAM SW1

MAC1 - f0/0

MAC2 - f0/1

CAM SW2

MAC1 - f0/0

MAC2 - f0/1

When the switch receives a frame it adds the source mac to the CAM table (usually this has an ageing timer of 5 minutes, before deleted) and if it does not know the destination port it floods to all ports except the incoming one.

I hope this can help.

If anyone find any errors in my answer, please correct me!

Best Regards,

Pedro Lereno

kamikaze762 · ‎09-04-2013

Thanks, Pedro! I think I might possibly understand now. It was the concept of flooding that I was missing. That does bring another question though...

PC1 ---------- f0/0 SW1 f0/1 ---------- f0/0 SW2 f0/1 ----------f0/0 SW3 f0/1 ---------- PC2

If PC1 sends a packet to PC2, SW1 strips the frame header and floods the packet with a new frame header right?

Well, if SW1 updated its table with f0/0 MacPC1, would SW2 not update its table with f0/0 MacSW1?

Wouldn't SW2 have to always flood to everything beyond its immediate hops?

cadet alain · ‎09-04-2013

Hi,

If PC1 sends a packet to PC2, SW1 strips the frame header and floods the packet with a new frame header right?

No, a L2 switch doesn't change the L2 and L3 headers

Well, if SW1 updated its table with f0/0 MacPC1, would SW2 not update its table with f0/0 MacSW1?

Wouldn't SW2 have to always flood to everything beyond its immediate hops?

The MAC learning is done with the source MAC and so sw2 will see MAC of PC1 in its port connected to SW1

The flooding is done for broadcast frames( like ARP requests), multicast frames and unknown unicast frames( the switch hasn't got a port to MAC mapping for destination MAC), so it is done according to destination MAC

Regards

Alain

Don't forget to rate helpful posts.

Joseph W. Doherty · ‎09-04-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Although the other posters have correctly answered, just want to re-emphasis a L2 switch learns where to direct frames by recording the frame's (source) MAC to the port a frame arrived on.

For example, the first time a frame with source MAC xyz is seen on port 5, the switch now "knows" frames with a destination MAC of xyz should be sent out port 5.

If the switch doesn't "know" a (destination) MAC it sends (replicates) the frame to all its ports except the ingress port (this is known as flooding).

Normally, hosts have two way communication, so once frames are seen from both hosts the switch can direct those (unicast) frames to just those hosts egress ports. However, if there's only one way frame transmission, the switch will continue to flood (replicate) received frames. As this situation negates the principle advantage of a switch, manageable capable switch often will allow you to "hard code" MACs to a port.

So to recap, the switch will learn to assosciate a host's MAC from "seeing" its traffic or this information might be manually entered.

kamikaze762 · ‎09-04-2013

Thanks for your help, everyone! I think I was confused on the point that routers strip the layer 2 header and not switches. I am fuzzy on the point of how routers accomplish this now (whether or not the original layer 3 destination ever changes), but I will do the backgroud study to clarify these points before I post more questions. Basically, I need to do more studying on how destination addresses are preserved throughout the layers to get a better grasp. Your contributions are much appreciated, and now I have an area to focus on as I move forward.

Joseph W. Doherty · ‎09-04-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I think I was confused on the point that routers strip the layer 2 header and not switches. I am fuzzy on the point of how routers accomplish this now (whether or not the original layer 3 destination ever changes)

Yes, that's correct, the router will strip the L2 (as it's the destination for the frame - it writes a new frame and places the received packet in it [or multiple frames if necessary]). L3 addresses are (normally - an exception example would be NAT) preserved end-to-end.