A more intelligent and robust device that can replace a hub is a layer 2 switch. You've already learned how to navigate in IOS, and provide the switch with a simple configuration. With this lesson we begin a more serious exploration of layer 2 through layer 4 functions starting with Layer 2. This is good enough excuse to brush upon encapsulation/de-encapsulation process, and the structure of the headers.
Enapsulation Process Re-Visited
This is a quick review of encapsulation process I would present to my nine year old son (if he wanted to learn more).
1. Assuming that TCP session is already complete, the application is forming the request (data) which is sent down to the layer 4. Layer 4 process places source and destination port numbers in the header (Pic. 1).
Pic. 1 - Application sends data to the Transport layer.
2. Transport layer sends the segment down to the layer 3 for processing. This payload ends up encapsulated in an IP header with the source and destination IP addresses added in the header (Pic. 2).
3. The layer 3 sends the packet down to the layer 2 (Data-Link) for processing. Layer 2 adds its own header (here the Ethernet header) with the source and the destination MAC addresses (Pic. 3).
Pic. 3 - Internet layer sends packet down to Data-Link layer.
Now, we can see what happens when the bits are sent to the port of the switch to reach the destination computer. Let's bring back the Ethernet header to see what we find in it (Pic. 4).
Pic. 4 - Ethernet Header
In this header there are two pieces of information that switches use to build their mac-address-table (CAM) and make forwarding decisions. Those are: source and destination MAC addresses. And here is how it works.
Pic. 5 - Content Addressable Memory (CAM) initially is empty.
1. PC1 with the source MAC address of 1111.1111.1111 sends the Ethernet frame to the destination MAC address of 3333.3333.3333 (PC3).
2. SW1 receives the frame on port F0/1. It 'reads' the source MAC address and maps it to the receiving port in its CAM (like shown in the Pic. 6).
Switches learn MAC addresses by reading the SOURCE MAC from the INCOMING frames (going towards the switch) only. They do not learn anything when the frame leaves the switch.
Pic. 6 - SW1 learns dynamically 1111.1111.1111 by reading the source MAC address from the incoming frame.
3. SW1 then, reads the destination MAC address and will try to find the outbound port for that destination. Since 3333.3333.3333 has not yet been mapped to any port, the switch will perform flooding (Pic. 7).
Flooding is the act of sending a frame out of all active ports except the port where the frame arrived.
There are few reasons why switch decides to flood a frame:
- Switch does not know where the destination host is = unknown MAC address.
- The destination MAC address is broadcast: FFFF.FFFF.FFFF.
- The destination MAC address is multicast.
4. Computer with MAC address other than 3333.3333.3333 drop the incoming frames. PC3 is the destination of the frame so it further processes it (de-encapsulation). Meanwhile, the SW2 learns the source MAC address on the receiving port F0/12 and maps it in its CAM. Since, as of right now, it does not know where 3333.3333.3333 resides, it also floods the frame (Pic. 8).
Pic. 8 - SW2 is learning 1111.1111.1111 on F0/12 and flooding the frame.
Pic. 9 - Port-to-Port transmission in the reply as all MAC addresses in question have already been learned.
All entries in the CAM table (mac-address-table) have a default aging timer which is 300 seconds (5 minutes). If the host do not refresh those entries by sending frames toward the port, the entries will be removed after 5 minutes. Of course, if the host transmits the frames again the incoming ports will map them again.
Pic. 10 - Content Addressable Memory (CAM) full.
In the next lesson we will look at Cisco Discovery Protocol.In lesson 11, we're going to put all the pieces together to show you the practical applications of what you have learned.