Free CCNA | Ethernet LAN Switching (Part 2) | Day 6 | CCNA 200-301 Complete Course

Welcome to Jeremy’s IT Lab. This is a complete course for the CCNA, including everything you need to pass the exam, all 100% free. Make sure you stay tuned till the end of the video for the quiz to test your knowledge of the material in this video.

Also, remember to download and use the Anki flashcards with the link in the description, which will help you very much in your studies. Let’s get started. This is the sixth lesson in the series.

In this lesson we will continue with the same topic as in Day 5, Ethernet LAN switching, but we will go a little deeper to make sure there aren’t any holes in your knowledge. Once again, we’re talking about sending traffic within a LAN, like between these three PCs in this small network here. The topic of how these PCs could send traffic out beyond the router to other networks is for a future lesson, let’s start locally first, with LAN switching.

Before I get started, I want to speak a little bit more on Ethernet frames which we talked about in the last video. The preamble + SFD is usually not considered part of the Ethernet header, although it is sent with every Ethernet frame. So, the Ethernet header consists of these three field, destination, source, and type.

Therefore, the size of the Ethernet header + trailer is 18 bytes, if you don’t include the preamble + SFD Now, there is also a minimum size for an Ethernet frame. The minimum size is 64 bytes, including the encapsulated payload, the packet. 64 bytes minus the 18 bytes of the header equals 46 bytes.

Therefore, the minimum payload size is 46 bytes. Now, what if we send a payload packet that is less than 46 bytes? If the payload is less than 46 bytes, padding bytes are added, and these bytes are all 0s by the way.

For example, if you send a 34-byte packet, 12 bytes of padding will be added. Okay, that’s all I wanted to add. Remember that the Preamble and SFD might not be included as part of the Ethernet header, depending on how you define it, but they are included with every Ethernet frame.

Also, remember the minimum size of the frame, 64 bytes, and that doesnt include the preamble and SFD, by the way. That means that the minimum payload is 46 bytes, and padding will be added if the payload is less than that. Now let’s get started with the main topics for today’s video.

So, here’s the same small network we saw in the previous video. There are a couple changes, however. First, I changed the interfaces from Fastethernet to gigabit ethernet, hence the G0/0, G0/1, and G0/2 for each switch.

Secondly, look at the mac addresses. In the previous video I used AAAA. AA00.

0001, for PC1, or . 0002 for PC2, etc. This time let’s use some more realistic MAC addresses.

Notice once again that the OUI, the first half of the MAC address that identifies the maker of the device, is the same for each PC, 0C2F. B0, so that means that the PCs were all made by the same company. Of course, the second half of each device’s MAC address is unique, since that represents the device itself.

When I refer to these MAC addresses I’ll just use the last 4 digits, to keep things simple. For example, I’ll just say PC1’s MAC address is 9D00, or PC2’s MAC address is 6200. Now, let’s add one more thing to this network topology.

Let’s add some IP addresses. We won’t actually talk about the details of IP addresses in this video, but we’ll need IP addresses to explain something else in this video. So, this number here, 192.

168. 1. 0/24, represents this whole network here.

Then . 1 represents PC1’s IP address. This is just the short version, PC1’s real IP address is 192.

168. 1. 1.

PC2’s IP address is 192. 168. 1.

2, PC3’s IP address is 192. 168. 1.

3, and PC4’s IP address is 192. 168. 1.

4. Now, in the last video I only really showed you part of the picture of how these PCs can communicate within this network. When a device sends some data to another device, it doesn’t just include a source and destination MAC address.

Encapsulated within that frame is an Internet Protocol, known as IP, packet, and that IP packet includes a source and destination IP address. For example, if PC1 wants to send data to PC3, the source IP will be 192. 168.

1. 1 and the destination IP will be 192. 168.

1. 3. The source MAC will be 0C2F.

B011. 9D00, however PC1 doesn’t actually know PC3’s MAC address. When you send data to another computer, you enter the IP address, not the MAC address.

So, the user entered the IP address 192. 168. 1.

3 as the destination, but PC1 has to discover PC3’s MAC address by itself. Remember, these switches are Layer 2 devices, they don’t operate at Layer 3, so they need to use MAC addresses, not IP addresses. So, PC1 wants to send this Ethernet frame to PC3, but first it has to learn PC3’s MAC address.

To do so, it uses something called ARP, the Address Resolution Protocol. Let’s take a look at ARP. ARP stands for Address Resolution Protocol.

It is used to discover the Layer 2 address, meaning the MAC address, of a known Layer 3 address, meaning the IP address. For example, in our example here PC1 knows PC3’s Layer 3 address, 192. 168.

1. 3, but it doesn’t know the Layer 2 address, its MAC address, yet. The ARP process consists of two messages: The ARP request, sent by the device that wants to know the MAC Address of the other device.

And the ARP reply, which is sent to inform the requesting device of the MAC address. In our example, PC1 would send the ARP request, and PC3 would send the ARP reply. The ARP request is sent as a broadcast ethernet frame.

Broadcast means it is sent to all hosts on the network. Because the Layer 2 address of the destination host is unknown, it broadcasts the request and waits for a reply from the correct device. The ARP reply is unicast.

We learned about unicast frames in the last video. A unicast frame is sent to only one host, in this case its the host that sent the ARP request. Let’s take a look at how this works on our network.

Here at the bottom is the original frame that PC1 wants to send to PC3. But first, It has to send this frame. This is an ARP request frame.

The source and destination IP addresses, as well as the source MAC address, are the same. However, look at the destination MAC address. FFFF.

FFFF. FFFF is the broadcast MAC Address. This is the destination MAC address used when a device wants to send ethernet frames to all other devices on the local network.

So, PC1 has prepared the Arp request to be sent. It sends the frame out of its network interface, and it is received by SW1. SW1 then adds PC1’s MAC address to its MAC address table.

When a MAC address is learned in this way, what is it called? It’s called a dynamic mac address, which we learned in the last video. So, since the destination MAC address is all Fs, SW1 broadcasts the frame out of all of its interfaces, except the one it was received on.

This is very much like what a switch does with an unknown unicast frame, which we also learned about last video. It sends the frame out of G0/1 and G0/2, but not G0/0 because it received the frame on that interface. PC2 receives it, but it ignores the frame.

That’s because the destination IP address doesn’t match PC2’s IP address, so it knows that the ARP request is meant for a different PC, so it just ignores the request. Of course, then SW2 learns PC1’s MAC Address and adds it to the MAC address table, associating it with the G0/2 interface since that’s the interface the frame was received on. Since the destination MAC address is the broadcast MAC address, SW2 also sends the frame out of all interfaces, except the one the frame was received on.

So, that means it sends the frame out of G0/0 and G0/1. PC4 ignores the frame, because the destination IP address doesn’t match its own. However, PC3 recognizes that the destination IP addresses does match its own IP address, so it doesn’t ignore the ARP request.

What it does is send the other ARP message I mentioned briefly, the ARP Reply. Here you can see the ARP reply packet. The source IP is PC3’s IP, and the destination is PC1’s IP.

The Source MAC is PC3’s MAC address, and the destination is PC1’s. Although the ARP Request message was a broadcast message, because PC1’s MAC address was used as the source MAC address of the ARP request message, PC3 now knows PC1’s MAC address so it can send the ARP reply directly to PC1, without having to broadcast the frame. PC3 sends the frame out of its network interface, and it is received by SW2.

SW2 learns PC3’s MAC Address and enters it into the MAC address table, associating it with the G0/0 interface. Since this is a unicast frame, and SW2 already has an entry for the destination MAC address in its MAC address table, what kind of frame is this, and what does SW2 do with it? It’s a known unicast frame, and SW2 will simply forward it out of the interface in the MAC address table, it will not flood it like an unknown unicast frame or a broadcast frame.

Because SW2 learned PC1’s MAC address on the G0/2 interface, it will send the frame out of that interface toward SW1. SW1 receives the frame, and since it has already learned PC1’s MAC address on the G0/0 interface, it simply forwards the frame out of the interface, and PC1 finally receives the ARP reply. PC1 will then use that information to add an entry for PC3 to its ARP table, which is used to store these IP address to MAC address associations.

Let’s take a look at an ARP table. This is a screenshot of part of the ARP table from my PC. I use Windows on my PC, but you can use the arp -a command to view the ARP table, whether you run Windows, macOS, or Linux on your computer.

The Internet address column displays IP addresses. The Physical address column displays the MAC addresses that correspond to the IP addresses. If the type column displays static, it means that it is a default entry, it wasn’t actually learned by sending an ARP request.

However, if the type column displays dynamic, that means that the entry was learned by sending an ARP request and receiving an ARP reply. You can see one entry like that here, with an IP address of 192. 168.

0. 1 and its MAC address next to it. That’s the address of my home router, by the way.

My PC used ARP to learn the MAC address of the router. Now let’s take a deeper look at the MAC address table that is kept on these switches, and some additional information. I recreated the same topology in the network emulator software GNS3.

GNS3 is similar to packet tracer in that it allows you to create networks and practice configurations on Cisco devices, but its also different in some key ways. Packet tracer is a network simulator, it’s a piece of software designed to simulate the operation of a real network. GNS3, however, runs actual Cisco IOS software, so these are real Cisco switches running virtually.

However, GNS3 requires you to purchase your own copies of Cisco IOS, so although GNS3 itself is free, using Cisco IOS with GNS3 is not. That’s why I choose to use packet tracer for the lab videos in this series, its totally free, and it lets you practice just about everything you need for the CCNA. I also want to show you GNS3 sometimes in these videos, however, since you’ll probably want to use it later as you progress in your networking studies.

Don’t worry about using GNS3 for now though, unless you really want to try it out. You can get it at gns3. com.

So, here’s our topology, and notice this magnifying glass here. This is a cool feature of GNS3, it integrates with another piece of software called wireshark, and we’ll use it to analyze exactly what traffic passes between PC1 and SW1. I’m going to send a ping from PC1 to PC3.

The process is the same, but let me just run down one more time what happens. Just like our example before, PC1 doesn’t know the destination MAC address, so has to send an ARP request. The ARP request is sent to all other hosts on the network.

PC3 responds to the Arp request, since it’s IP address matches the destination IP address in the ARP request. PC1 then learns the MAC Address of PC3, adds it to its ARP table, and uses that information to add the destination MAC Address to the ping it wants to send. Now, before I move on, you may have heard of ping before, but let me explain how it works.

Ping is something you’re going to be using a lot. It's a network utility that is used to test reachability, for example, to test if two computers can reach each other. It measures the round-trip time, for example the time from PC1 to PC3, then back to PC1.

Much like ARP, ping uses two messages: ICMP Echo request, and ICMP echo reply. Again, this is similar to an ARP request and ARP reply. However, the PC won’t broadcast the ICMP echo request, it is sent to a specific host.

So, it has to know the MAC address of the destination host, which is why ARP must be used first. The command to use ping is ping, followed by the IP address you want to ping to, for example, 192. 168.

1. 3 for PC3 in our network. Let’s take a look at the ping process.

So I’m on PC1 here. Note that this is actually the Cisco IOS CLI. I’m using Cisco routers to simulate PCs, since its easier than setting up virtual PCs to ping in GNS3.

I use the command ping 192. 168. 1.

3, to send an IMCP echo request to PC3. Take a look at this message here. Sending 5, 100-byte ICMP echos to 192.

168. 1. 3.

By default, a ping in Cisco IOS sends 5 ICMP echo requests, and then you should get 5 ICMP echo replies back, and the default size of each ping is 100 bytes. The period indicates a failed ping, and the exclamation points indicate a successful ping. As it says here, success rate is 80 percent, 4 out of 5.

It also shows the round trip time, giving the minimum, average, and maximum time of the 4 successful pings. Now, why did that first ping fail? Well, that’s because of ARP.

PC1 didn’t know the destination MAC address, so it had to use ARP, and in that time the first ping failed. After PC1 learned PC3’s MAC address, however, the pings succeeded. Let’s take a quick look at the arp table here.

The command for windows, macos, and linux was arp -a. However, in Cisco IOS its show arp, from privileged exec mode. Here’s the ARP table.

Notice there is an entry for 192. 168. 1.

1, which is PC1 itself, and then below it 192. 168. 1.

3, which is PC3. This is a screenshot from Wireshark, which I mentioned earlier. Wireshark allows you to perform what are called ‘packet captures’, to analyze the contents of network traffic.

Notice the Protocol column. ARP, followed by ICMP, which is ping. Here’s the first ARP packet.

The source MAC is 0c2f b011 9d00, which is PC1’s MAC. The destination is broadcast, which is all Fs. Look at the info on the end.

Who has 192. 168. 1.

3? tell 192. 168.

1. 1. This describes what purpose of ARP is.

The ARP request is asking which MAC address has an IP address of 192. 168. 1.

3, and to send the reply to itself, 192. 168. 1.

1. Next is the ARP reply. The source address is 0c2f b06a 3900, PC3’s MAC, and the destination is PC1’s MAC.

Look at the info section again here. 192. 168.

1. 3 is at 0c2f b06a 3900, it’s telling PC1 its MAC address. After that there are 4 ICMP echo requests, and 4 ICMP echo replies.

Note that the ICMP echo requests have a source IP of PC1 and destination of PC3, and the ICMP echo replies have a source of PC3 and destination of PC1. I’ll use wireshark at various points throughout this course, but I think you can see how useful it can be in analyzing networks. Okay, hopefully you understand this process a little better now.

Basically, if device A wants to send traffic to device B. which is on the same network, device A first has to use ARP to learn device B’s MAC address, and then it can send traffic to device B. Now, let’s finally take a look at the MAC address table on a Cisco switch.

Here it is. This is the command to view it, show mac SPACE address HYPHEN table. Old versions of Cisco IOS use show mac hyphen address hyphen table, but newer versions got rid of the first hyphen, and now its this, show mac space address hyphen table.

Now let’s look at each section of the MAC address table, before I only showed the MAC address and interface. First is the VLAN. VLAN means VIRTUAL local area network.

We’ll learn about those later, but as is displayed here the default is 1. Next is the MAC address column, you can see PC1 up top and PC3 on the bottom, Next is the type. Remember what I said about dynamic mac addresses?

Well it is displayed in the MAC address table as well. Both of these MAC addresses were learned dynamically, I did not manually configure them on the switch. Finally, ports, which is another word for interface.

So, you can see that this matches the small MAC address table I put here in this diagram earlier. Here’s the entry for PC1, and here’s the entry to PC2. Now, I mentioned in the previous video that these dynamic MAC addresses are removed from the MAC address table after 5 minutes.

This is known as aging. If the switch doesn’t get any traffic from that MAC address for 5 minutes, it will remove the entry from the MAC address table. However, you can also manually remove MAC addresses from the table.

Here I used the show mac address table command and you can see the entries for PC1 and PC3. Then I used the command clear mac address-table dynamic. As you can see, all of the dynamic MAC address have been cleared.

Remember this command clear mac address-table dynamic. Now, if you don’t want to clear all of the mac addresses from the table, you can add some additional options to the command. Once again, I used show mac address-table, and you can see both entries, for PC1 and PC3.

This time I used a different command, clear mac address-table dynamic address, followed by PC1’s MAC address. Then if I use show mac address-table again, only PC3’s MAC address can be seen. Here’s the command once more.

Clear mac address-table dynamic address, then the mac address. Finally, one more option to clear the MAC address table. Again, show mac address-table shows both PC1 and PC3’s MAC addresses.

This time I use the command clear mac address-table dynamic interface gi0/0. This clears all mac address table entries for a specific interface. As you can see, once again PC1’s mac address is removed, because it is connected to the G0/0 interface.

Here’s the command again. Clear mac address-table dynamic interface, and then the interface. Before we move on to the quiz, I want to show you a little more in wireshark, regarding what I said in the beginning of this video about the Ethernet frame.

In this packet capture I sent a 36-byte ping with the command ‘ping 192. 168. 1.

3 SIZE 36’. First, notice the TYPE field down here. As I mentioned in the last video, IPv4’s ethernet type is 0x0800.

The 0x just means that its using hexadecimal, so really its 0800. Next, look at the padding here. Remember, the minimum payload size for an ethernet frame is 46 bytes, and I sent 36 byte pings, so there should be 10 bytes of padding.

These zeroes are hexadecimal zeroes. Each hexadecimal digit is 4 bits, so 2 digits equals 8 bits, or 1 byte. If you count the zeroes, there are 20 zeroes, so that means 10 bytes of padding.

If I zoom out a bit you can also see the padding down here. These ten pairs of zeroes are the 10 bytes of padding added to the 36-byte pings to make them meet the 46-byte payload minimum size. One last thing in wireshark.

This time looking at ARP. Remember, the IPv4 ethernet type is 0800, and the IPv6 ethernet type is 86DD. As you can see here, the ARP ethernet type of 0806.

This indicates that an ARP packet is inside of this ethernet frame. Okay, so we covered a lot of important stuff in this video. We talked about some more details of the ethernet frame, including the minimum size of the ethernet payload, which is 46 bytes.

We talked about ARP, the address resolution protocol. It is used to learn the MAC address of a device, for which you already know the IP address. It uses two messages, an ARP request, which is broadcast to all devices on the local network, and an ARP reply, which is sent to the device which sent the request.

We also looked at the ARP table on a windows device and a Cisco IOS device. We talked about ping, which is used to test reachability in a network. It also uses two messages, ICMP echo request and ICMP echo reply.

Finally, we looked at the MAC address table on a Cisco switch, including how to clear it in a few ways. Let’s move on to the quiz for today’s video. Here’s question 1.

You send a 36-byte ping to another computer and perform a packet capture to analyze the network traffic. You notice a long series of bytes of 00000000 at the end of the Ethernet payload. How can you explain these zeroes?

A, pings are a series of zeroes. B, they are padding bytes. Or C, they are the Ethernet FCS.

Pause the video to think about your answer. the answer is B, they are padding bytes. The ping you sent was 36 bytes, but the minimum Ethernet payload size is 46 bytes, so a series of padding bytes must be added to meet the minimum payload size.

Let’s go to question 2. Which of these messages is sent to all hosts on the local network? A, ARP Requeset.

B, arp reply. C, icmp echo request. Or D, ICMP echo reply.

Pause the video to think about your answer. the answer is a, ARP request. Let’s check.

The ARP reply message is a unicast message sent to the host that sent the ARP request. So b, ARP reply, is incorrect. The ICMP echo request is a unicast message used to test the reachability of another specific host.

The ICMP echo reply is a unicast reply to the request. So C, ICMP echo request, and D, ICMP echo reply, the two messages used in PING, are incorrect. The ARP request message is used to learn the Layer 2 address of a host.

Because the Layer 2 address is not yet known, the message has to be broadcast to all hosts on the local network. So A, ARP request, is the correct answer. Let’s go to question 3.

Which fields are present in the output of the show mac address-table command on a Cisco switch? A, mac address, and ports. B, VLAN, mac address, and ports.

C, VLAN, MAC address, type, and ports. D, Internet address, physical address, and type. Pause the video to think about your answer.

The answer is C, VLAN, MAC address, type, and ports. Let’s take a look. Here’s a screenshot of the MAC address table on a Cisco switch.

Notice the four fields, VLAN, MAC address, type, and ports. So C is the correct answer. By the way, answer D, Internet address, physical address, and type, is the output shown from the arp -a command on my windows PC.

This is part of the ARP table on my PC, not the MAC address table on a Cisco switch. Let’s go to question 4 Which types of frames does a switch send out of all interfaces, except the one the frame was received on? A, broadcast and unknown unicast.

B, broadcast and known unicast. C, known unicast and unknown unicast. Or D, broadcast, unknown unicast, and known unicast.

Pause the video to think about your answer. the answer is A, broadcast and unknown unicast. Let’s check.

Known unicast frames are sent to a single host. Because the switch already has an entry for the destination in its MAC address table, there is no need to flood the frame out all interfaces. So B, C, and D are incorrect because they include known unicast.

Broadcast frames have a destination address of FFFF. FFFF. FFFF and are sent to all hosts on the local network.

Unknown unicast frames are destined for a single host, however the switch doesn’t have an entry for the destination in its MAC address table so it must flood the frame. So A, broadcast and unknown unicast, is the correct answer. Lets’ go to the last question for today’s video.

Which command is used on a Cisco switch to clear all dynamic MAC addresses on a specific interface from the MAC address table? A, clear mac address HYPHEN table interface, interface-id. B, clear mac HYPHEN address HYPHEN table dynamic interface, interface-id.

C, clear mac HYPHEN address table dynamic interface, interface-id. or D, clear mac address HYPHEN table dynamic interface, interface ID. Pause the video to think about your answer.

the answer is D, clear mac address HYPHEN table dynamic interface interface-id. Make sure to spend time doing practice labs in packet tracer to help you remember the commands! That’s all for the quiz.

Once again, there will be supplementary materials to help you study. As always, there will be Anki flash cards to help you remember what you learned. There will also be a packet tracer practice lab to give you some hands-on experience with Cisco devices.

Good luck with your studies. Thank you for watching. Please subscribe to the channel, like the video, leave a comment, and share the video with anyone else studying for the CCNA.

If you want to leave a tip, check the links in the description. I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the Brave browser. That's all for now.