Sunday, May 23, 2010

Switches ( forwarding, flooding, filtering )

____________________________________________

A Cisco switch will do one of three things with an incoming frame:

 -  forward it
 -  flood it
 -  filter it

To make this decision, the switch consults its MAC address table to check if there's an entry for the destination MAC address - but first, the switch will actually check to see if there's an entry for the source MAC address of the frame, because it's that source MAC that the switch will use to actually build the table in the first place!!


We have a hub where host A and B is connected, this hub is connected to switch. Two other systems are connected to the same switch. As soon as we connected the switch connected to the network just now, so it does not know the MAC address of any systems. If we have a router it has a dynamic routing protocol to discover the MAC address of the systems but there NO such dynamic switching protocol.

There is only one way switch can know the MAC address of the systems, i.e. by examining the header of the incoming packet. The MAC address can be statically configured in the switch though.

Suppose we have a packet from Source aa-aa-aa-aa-aa-aa to go to the destination cc-cc-cc-cc-cc-cc. Initial switch does not know any thing about the destination MAC address. So what it will do is, it will make an entry of the source MAC address (aa-aa-aa-aa-aa-aa) in its switch table and will flood the packets. Flooding means it will send the packet out to each of its port except the one it came in from.

This kind of frame is know as "Unknown Unicast Frame". because the information needs to be sent to only one system whose MAC address is unknown. Thus an unkown unicast frame is always flooded.

After the flooding is done host C (cc-cc-cc-cc-cc-cc-cc) sends its own frame, and the switch thus makes an entry in the MAC address table about host C. As switch already know about Host A's MAC address the switch is not going to flood this time, instead it will send (Forward) it to only A. Thus that's how the switch learns the MAC address of all the Hosts on the network dynamically.

Now what happens if the Host A sends a frame to Host B. We have a hub connected in the middle. So here's what happens :


 -  Hub receives the incoming frames
 -  hub duplicates them and sends the frame to all other ports
 -  Host B receives the frame and also the switch receives the frame
 -  When the switch receives the frame it looks into the MAC address table
 -  Switch identifies that source and destination are present on the same port
 -  Switch then fiters the frame (i.e. it kills the frame). Switch never sends a frame back to the same port it came in from.

There are always exception to rules in networking but there is no exception to the rule :
"Switches never send a frame back out the same port it came in on."

Flooding :-
Flooding is performed when the switch has no entry for the frame's destination MAC address. When a frame is flooded, it is sent out every single port on the swtich except the one it came in one. Unknown unicast frames are always flooded.

Forwarding :-
Forwarding is performed when the switch does have an entry for the frame's destination MAC address. Forwarding a frame means the frame is being sent out only one port on the switch.

Filtering :-
Filtering is performed when the switch has an entry for both the source and destination MAC address, and the MAC table indiacates that both addresses are found off the same port.

Broadcasting :- There is one other frame type that is sent out every port on the switch except the one that received it, and that's a broadcast frmae, Broadcast frames are intended for all hosts, and the MAC broadcast address is ff-ff-ff-ff-ff-ff ( or FF-FF-FF-FF-FF-FF, as a MAC address's case does not matter. )
____________________________________________
Posted by at 5 comments:

Switch MAC address tables

____________________________________________
The MAC address table is the table where a switch manages all its MAC addresses. The static MAC addresses are those that are entered in the switch or switch's own MAC addresses while the dynamic MAC address are those that the switch learn by discovering the network hosts ( the systems connected to the switch). On a Cisco switch following are the commands to see a MAC address table.


____________________________________________
Posted by at No comments:

Hubs vs Switches

____________________________________________
With hubs, we've one big collision domain consisting of all connected hosts. When hosts are connected to their own switch ports, they each have their own individual collision domain.

Hubs only allow one device to transmit at a time, resulting in shared bandwidth. Switches allow hosts to transmit simultaneiously.

When one host connected to a hub sends a bradcast, every other host receives that bradcast and there's nothing we can do about it. When a host connected to a switch sends a broadcast, every other host receives it by default - but there is something we can do about that, as you'll see in the VLAN section of this course.

The universal symbol for switch is a box with four arrows in opposite directions. When systems are connected to switch just as shown in the following network diagram each of the system has its own collision domain. So the collision can not occur.

Switches does not break up in broadcast domain. All the systems are in a single broadcast domain. This is by default setting and can be configured in the switch.

Microsegmentation is a term sometimes used in Cisco documentation to describe the "one host, on collision domain" effect of that last bullet point. It's not a term I hear a great deal in the field, and you might not either, but it's a good term to know for Cisco exams.

____________________________________________
Posted by at No comments:

Repeters / Hubs / Bridge

____________________________________________

Repeaters:

With many networking terms, the name is indeed the recipe, and that's very true of a repeater. A repeater's job is to repeat an electrical signal, the form that our data has taken to be sent across a cable. Remember, "it's all ones and zeros!"

The repeater takes an incoming signal and then generates a new, clean copy of that exact signal. This prevented maximum cable lengths from stopping transmissions, and also helped to wanrd off attenuation - the gradual weakeing of an electric signal as it travels.


Hub:

A hub is basically the same as a repeater, but the hub will have more ports. That's the only difference between the two. (Some hubs have greater capabilities than others, but a "basic" hub is simply a multiport repeater.)

Neither hubs nore repeaters have anything to do with the Data Link Layer of the OSI model, nor do they perform any switching at all. Hubs and repeaters are strictly Physical layer devices, and that's where the trouble comes in. For our next example, we'll consider a hub with four PCs connected to it.

To prevent this, a host on a shared Ethernet segment will use CSMA/CD (Carrie Sense Multiple Access with Collision Detection). To review, here's the CSMA/CD process:

 -  A host that wants to send data will first "listen to the wire", meaning that it checks the shared media to see if it's in use.
 -  If the media is in use, the host backs off for a few milliseconds before chcking again.
 -  If the media is not in use, the host sends the data.

If two PCs happen tos end data at the exact same time, the voltage on the wire will actually change, indicating to the hosts that there has been a data collision.

The two PCs that sent the data will generate a  "jan signal", which indicates to the other hosts on the shared media that they should not send data due to a collision.

Those two PCs both invoke a backoff timer, also in milliseconds. When each host's random timer expires, they will each begin the entire process again by listening to the wire. Since the backoff timer value is totally random, it's unlikely the two hosts will have the same problem again.


The above topology is never suggested as it eats up a lot of bandwidth. As each time each system broadcasts some message its highly unlikely that each system needs it, but they all get it.

Bridges:

The bridges were introduced to the networks so that we can make smaller collision domains that results in fewer collisions. Typically a bridge is placed between multiple repeaters and hubs More collision domains does not means that we will have more collisions but as we segment one single network into two there will be fewer collisions The network segments are like logical divisions in physical network.


Bridges do NOT help to lower the number of broadcasts. So we still have one big broadcast domain.
____________________________________________
Posted by at No comments:

Switching

____________________________________________
Switching

 -  Repeaters, Hubs, Bridges
 -  Building the MAC table
 -  "Flood, Filter, or Forward?"
 -  Frame Processing Methods
 -  Virtual LANs
 -  Cisco Three-Layer Switching Model
 -  Introduction to STP
 -  Basic Switch Security
 -  Port Security Defaults, Options, and Configuration
____________________________________________
Posted by at No comments:

Cables overview and WAN cable....

____________________________________________

Cisco routers will use serial cables for connecting using their serial interfaces (typically frame relay). In home labs, you may connect Cisco router seral interfaces directly with a DTE/DCE cable.

Crossover calbes are used to connect two like devices, typically two switches.

Rollover cables are used to connect a laptop's seral port to the router or swithch COnsole port.

Straightthrough cables are used to connect a PC to a switchport.

Watch the cable types and the cable lengths - any cable over 100 meters is cause for alarm.
____________________________________________
Posted by at No comments:

Basics of MAC address ( Media Access Control )

____________________________________________

Ethernet / NIC / Physical / LAN / BIA / MAC Addressing (alieases of MAC address)

MAC address :- short for Media Access Control

The MAC address is used by switches to send frames to the proper destination, as you'll see in the LAN Switching section. The entire MAC address is a 48-bit address that looks  a little something like :
aa-bb-cc-11-22-33

That MAC address actually has two parts, the first being the Organizationally Unique Identifier (OUI). in the ex "aa-bb-cc" is the OUI. The OUI is assigned to hardware vendors by the Institure of Electrical and Electronics Engineers (IEEE). A given OUI is assigned to one and only one vendor.

The second half of the MAC address is a value not yet used by that particular vendor. Looking at the MAC address example given earlier, we now know that:

 -  the OUI is aa-bb-cc
 -  the vendor has not yet used 11-22-33 with that particular OUI, so the vendor is doing so now. If a single vendore like CISCO has two different OUIs assigned, same second half of MAC address can be used for two different OUIs.

The MAC address is sometimes called the physical address because it physically esists on the network card. The address is burned into the card, giving it yet another name - the Burned-In Address (BIA).

As with IP addresses, we have broadcast and multicast MAC addresses. It's a good idea to be able to identify these addresses, and here's how to do it!

The broadcast MAC address is the "all-Fs" address : ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as case does not matter in hexadecimal)

The is a range of multicast MAC addresses, and the first half of a multicast MAC address is always "01-00-5e". The seond half of a multicast MAC address will fall in the range 00-00-00 through 7F-FF-FF. watch out that 1!!!
____________________________________________
Posted by at 1 comment:

Monday, May 3, 2010

Standard Ethernet Cable types

____________________________________________ 
A standard Ethernet cabling type is Category 5 Unshielded Twisted-Pair commonly known as CAT 5 UTP. The connector on the end of a typical Cat5 UTP cable is an RJ-45 connector. This type of connector has a tab on the bottom that snaps into place when the connector is correctly placed into the device. (You can usually hear the "snap" sound, unless you're in a very loud wiring closet !)

The cable will contain separate wires inside, and the endpoints of these wires are referred to as pins. While you now know that bits are sent over these wires, it's important to know that the same set of pins is always used to transmit, and a separate set of pins is always used to receive.

Pins1 and 2 Transmit
Pins 3 and 6 Receive

Crosstalk is caused by the electromagnetic interference mentioned a moment ago. Basically, a signal "crosses over" from one pair of cables to another, causing the signals to become unusable.

NEXT (near - end crosstalk) is a condition generally cause by crossed or crushed pairs of wires. The conductors inside the wires don't even have to be exposed - but if the conductors are too close, the signal traveling on one wire can actually interfere with the signal on another wire. The "near-end" is a relative term, referring to the end of the cable being tested (as opposed to far-end crosstalk, or FEXT)

In a typical RJ-45 connection, the crosstalk is actually at its highest level as data enters the cable.

You may occasionally see the tern PSNEXT. This is short for "Power Sum Near End Cross Talk", and refers to the calculation carried out when a NEXT test is run. When the NEXT results for each pair of wires is added, the result is the PSNEXT value.

In the following exhibit, we've got three separate physical connections:
 -  Cable 1 :- Straight-through cable
 -  Cable 2 :- Crossover calble
 -  Cable 3:- Rollover Cable




 -  A laptop connect to a switch (Cable 3)
Here we need a rollover cable. All eight wires in the cable will "roll over" to another pin at the remote end, with the wire on Pin1 and one end rolling over to Pin 8 at the other end, the wire on Pin 2 a one end rolling over to Pin 7 at the remote end, and so forth.

You may also need an adapter for your rollover cable, since one end of the cable is a DB-9 connector, and few if any of today's laptops have such a port. You probably do have USB ports on your laptop, and you can get an adapter that allows you to connect a rollover cable to your laptop's USB port from just about any cable dealer.

A for the connection to the switch, you need to make sure you connect the RJ-45 connector on the other end of the rollover cable tot the Colsole port of the switch, I'll drive this point home at lease one more time elsewhere in the course....

 -  Two switched connected to each other (Cable 2) :-  we may have occasion to connect two similar devices directly with Ethernet, which can cause a problem since both devices will use the same pair of wires for transmitting data.
It's very common to connect two switches to allow them to send data over that connection, called a trunk. You'll learn all about the particulars of trunking in you CCNA studies, but the first thing we have to do is make sure we have the correct cable!

Here is need a crossover cable. The wire connected to Pin 1 on one side will no longer be connected to Pin 1 on the other, as it was in a straight-through cable. Four wires will "cross over" in a crossover cable :
Local Cable End                       Remote Cable End
Pin 1                                                   Pin 3
Pin 2                                                   Pin 6
Pin 3                                                   Pin 1
Pin 6                                                   Pin 2

 -  A PC connected to a switch (Cable 1) :- here we need a straightthrough cable. A straightthrough cable is used to connect a PC to a switch or hub. In a straight-through cable, the wire connected to Pin1 on one side is connected to Pin 1 on the other, the wire connected to Pin 2 on one side is connected to Pin2 on the other, and so forth.

So physically if we see the connector diagrams, if the colors of the cables are exactly the same its a straigtthrough cable, if 4 colors are changed its a crossover cable, and if all the colors change its a roll over cable.
____________________________________________
Posted by at 2 comments:

Sunday, May 2, 2010

Ethernet Standards

____________________________________________ 
The Ethernet standard you're most likely to be familiar with is 10Base-T, specified by IEEE 802.3. The "T" stands for twisted-pair cable, and the maximum length of a 10Base-T copper cable is 100 meters. The "10" refers to the 10 MegaBits Per Second (MBPS) capacity.

You may be asking "why twist the cable pairs?" Twisting pairs of wires inside the cable cuts down on the possibility of electromagnetic interference, whether that interference comes from another cable or an outside source - elevators are notorious for generating such interference.

In the previous illustrations, we looked at a network with a single coaxial cable and multiple hosts connected to that coax cable. That topology was used by the first Ethernet standards, 10Base5 and 10Base2.

The sole physical components were the Ethernet cards in the computers and coaxial cable, which is the topology we looked at in the previous example. The cable made up a bus that all the connected devices would use. This type of bus is referred to as a shared bus.

Ethernet is considered a logical bus topology.

The ending numbers in the terms "10Base5" and "10Base2" allegedly refer to the limit on the length of the cable, expressed in units of 100 meters. This is true for 10Base5; the limit on the cable length is 500 meters. It's not quite accurate for 10Base2, though; the limit on that cable is 185 meters, NOT 200 meters.

Fast Ethernet: -
Fast Ethernet is defined by IEEE 802.3u, and has a maximum capacity of 100 MBPS. Fast Ethernet copper cables also have a maximum cable length of 100 meters.

Gigabit Ethernet :-
Defined by IEEE 802.3z and 802.ab, Gigabit Ethernet has a maximum capacity of 1000 MBPS, also expressed as 1 GBPS (GigaBits Per Second). The maximum cable length is 100 meters here as well, but we cannot use a regular copper cable for Gigabit Ethernet.

Ethernet runs at 10 MBPS, defined by IEEE802.3, and its copper cable has maximum length of 100 meters. Variations include 10Base-T, 10Base-2, and 10Base-5, with the last two involving a shared cable bus.

Fast Ethernet runs at 100MBPS, is defined by IEEE 802.3u, and its copper cable has a maximum length of 100 meters.

Gigabit Ethernet runs at 1000MBPS (1 GBPS ), is defined by IEEE 802.3z, and also has a 100 meter cable length maximum - but it cannot use copper cabling.
____________________________________________
Posted by at No comments:

CSMA / CD

____________________________________________ 

With each host connected to its own switch port, we no longer have to worry about collisions when hosts send data simultaneously. In the old days of networking, though, that wasn't the case. While you may not see the following physical topology very often in your career, if at all, I'm presenting it here so you know how hosts on a shared Ethernet segment practice CSMA/CD - Carrier Sense Multiple Access with Collision Detection.



___________________________________________
Posted by at 2 comments:

Port Numbers

____________________________________________ 

The port number system works beautifully, but naturally the hosts need to agree on what port is used for a given protocol. In the previous example, if 10.1.1.1 used TCP port 45 for Telnet and 10.1.1.2 used TCP port 55, we'd have some serious problems.

That's why most protocols use the same port number at all times, and these port numbers are referred to as well-known port numbers. All port numbers below 1024 are reserved, well-known port numbers -- but you don't have to memorize 1024 numbers for the exams!

Some Common TCP Ports :
 -  FTP :- File Transfer Protocol - Uses TCP ports 20 and 21
 -  SSH :- Secure Shell - Uses TCP port 22
 -  Telnet uses TCP port 23
 -  HTTP :- HyperText Transfer Protocol - uses TCP port 80
 -  POP3 :- Post Office Protocol 3 - uses TCP port 110
 -  SSL - Secure Socket Layer - uses TCP port 443

Some Common UDP ports:
 -  DHCP :- Dynamic Host Control Protocol - uses UDP ports 67 and 68
 -  TFTP :- Trivial File Transfer Protocol - uses UDP port 69
 -  SNMP :- Simple Network Management Protocol - uses UDP port 161

Protocols using both TCP and UDP ports
 -  DNS :- Domain Name Service - uses UDP and TCP port 53
 -  The port number 24 is reserved in both UDP and TCP for private mail systems. 

With Voice over IP (VoIP) becoming more and more commonplace in today's networks, it couldn't hurt to know that the entire range of UDp ports from 16384 - 32767 are reserved for voice traffic. 

On a CISCO router to see the list of well know ports use the following command :-
R1(config)#access-list 100 permit tcp any any eq ?



____________________________________________
Posted by at No comments:

Socket

____________________________________________ 
A socket may sound like something physical on the PC, but it's not. The socket is simply a combination of IP address and port number. For example, the socket on 10.1.1.2 for port 69 is 10.1.1.2:69. That socket can also be expressed with this format :

(IP address, transport protocol, port number)

That would make the TFTP socket on that PC (10.1.1.2, UDP, 69)

____________________________________________
Posted by at No comments:
Subscribe to: Posts (Atom)