Free CCNA | Ethernet LAN Switching (Part 1) | Day 5 | CCNA 200-301 Complete Course

Welcome to Jeremy’s IT Lab. This is a complete course for the CCNA, including everything you need to pass the exam, all 100% free. Make sure you stay tuned till the end of the video for the quiz to test your knowledge of the material in this video.

Also, remember to download and use the Anki flashcards with the link in the description, which will help you very much in your studies. Let’s get started. This is the fifth lesson, and now we’re going to get more into the details of how data travels through a network.

This time we’ll focus on Ethernet LAN switching. So, if we look at this simple network consisting of a few PCs, a switch, and a router, connected to the Internet, today we’ll be looking at how data moves around between the switches and the end hosts connected to them, and to their router. How data is sent from the router to other networks will be a topic for another video, but let’s start small.

First let’s review. This is a slide from Day 3’s video of describing the physical layer of the OSI model. The physical layer defines physical characteristics of the medium used to transfer data between devices.

For example, voltage levels, maximum transmission distances (like Ethernet UTP cables’ 100 meter limit), physical connectors, cable specifications, etc. Digital bits are converted into electrical (for wired connections) or radio (for wireless connections) signals. All of the information in Day 2’s video (cables, pin layouts, etc.

) is related to the Physical Layer. So, we’ve covered a good amount about the physical layer, learning about copper UTP cables, fiber-optic cables, RJ45 connectors, etc. Let’s also review this slide about Layer 2, the data link layer, from Day 3’s video.

Layer 2 provides node-to-node connectivity and data transfer, for example PC to switch, or switch to router, or router to router, etc. It defines how data is formatted for transmission over a physical medium (for example, copper UTP cables). IT detects and possibly corrects Physical Layer errors.

It uses Layer 2 addressing, which is separate from Layer 3 addressing. Remember, IP addresses are Layer 3 addresses, not Layer 2. Switches operate at Layer 2.

So, in this video we’ll be talking about Ethernet LAN switching, and Ethernet involves Layer 1 and Layer 2 of the OSI model. Since we’ve already covered the Layer 1 Ethernet standards like UTP cables, this video will be about Layer 2. Then, as we continue with this series, we’ll move up the layers of the OSI model, until you get a complete image of how data is sent and received over networks.

Now, let’s talk about what a LAN, or Local Area Network is. There are different ways of defining a LAN, and your understanding of a LAN will become more complete as you learn more and more about networking. But basically, it’s a network contained within a relatively small area, like an office floor, or your home network.

Routers are used to connect separate LANs. Looking at this diagram, how many LANs do you think there are? Well, by the definition I’m using, this green network, consisting of three PCs, one switch, and the router interface they are connected to, is one VLAN.

This red network is also one LAN. Although there are two switches, it is all one LAN. Switches do not separate LANs, but adding more switches can be used to expand an existing LAN.

So these red devices are part of one large LAN. Now, what do you think about the blue devices? There’s the same devices as in the red network, but instead of the switches being connected to each other, they are connected to different router interfaces.

So, that means that they are two separate LANs. one for this switch, it’s end hosts, and their router interface, and one for this switch, it’s end hosts, and the router interface they connect to. So, in this lesson we’ll look at how traffic is sent and received within LANs like these, for example this PC in LAN 2 to another PC in LAN 2.

But, we’ll leave the topic of sending data between LANs for a later video. Here’s one more bit of review. This shows the encapsulation process as data is prepared to be sent over a network.

At the top, the data prepared by the upper layers of the OSI model is simply called data. A layer 4 header is added, and this combination of data and layer 4 header is called a segment. A layer 3 header is added to the segment, and it is now called a packet.

Finally, a Layer 2 header and trailer are added to the packet, and it becomes a frame. Once again, these different stages of preparing data to be forwarded are called ‘protocol data units, or PDUs. For example, the Layer 2 PDU is a frame.

Today we’re going to focus on how switches receive and forward frames, specifically Ethernet frames, since it’s the Layer 2 protocol used in virtually every LAN in existence today. Let’s take a look at the actual contents of this Ethernet header and trailer. So, here’s an Ethernet frame, encapsulating the packet with a header and trailer.

Note that I put the header on the left and the trailer on the right, opposite of the previous slide. Let’s look at the header. Don’t worry, I’ll cover these in more detail, but here’s a quick rundown.

There are five fields in the header. First, the preamble and SFD, which means start frame delimiter. These are used for synchronization and to allow the receiving device to be prepared to receive the rest of the data in the frame.

Next is the destination, the Layer 2 address to which the frame is being sent. Next, there is the source, the Layer 2 address of the device which sent the frame. The final field in the Ethernet header is the type.

It indicates the Layer 3 protocol used in the encapsulated Packet, which is almost always Internet Protocol, or IP, version 4, or IP version 6. However, sometimes this is a length field, indicating the length of the encapsulated data, depending on the version of Ethernet. Now, the Ethernet trailer has only one field.

That’s the FCS, which stands for frame check sequence. It’s used by the receiving device to detect any errors that might have occurred in transmission. Okay, now let’s take a look at these fields in more detail, starting with the preamble and start frame delimiter.

Here are the first two fields, the Preamble and SFD, which I like to think of as a set. Let’s look at the preamble first. It’s 7 bytes long.

How many bits is that? If you remember, there are 8 bits in 1 byte, so, 7 times 8 is equal to. .

. 56 bits. It’s a series of alternating 1s and 0s.

Like this 10101010, which is one byte, seven times. The purpose of this is that it allows devices to synchronize their receiver clocks, to make sure they’re ready to receive the rest of the frame and the data inside. Okay, that’s the preamble, now the SFD.

SFD stands for ‘start frame delimiter’. It’s length is 1 byte, or 8 bits. It’s bit pattern is 10101011, similar to each byte of the preamble but the last bit is a 1, not a 0.

It indicates the end of the preamble and the beginning of the rest of the frame. Now let’s look at the next two fields, the destination and source fields. They indicate the devices sending and receiving the frame, like when you send an email both the destination and source email addresses are included in the email, or when you send a letter in the mail, although that’s getting less and less common these days.

The addresses used in Ethernet are the destination and source ‘MAC addresses’. MAC stands for media access control. The MAC address is a 6-byte, or 48-bit, address of the physical device.

This is separate from a logical address like an IP address, the MAC address is actually assigned to the device when it is made. I’ll talk more about MAC addresses in a few slides, but let’s move on to the remaining fields of the Ethernet frame. The last field of the Ethernet header is the Type or Length field.

It is 2-bytes, or 16-bits, in length. It can be used to represent either the type of the encapsulated packet, or the length of the encapsulated packet. What do I mean by that?

Well, if the value in the field is 1500 or less, that means it is indicating the LENGTH of the encapsulated packet in bytes. For example, if the value in this field is 1,400, it means that the encapsulated packet is 1,400 bytes in length. However, a value of 1,536 or greater in this field indicates the TYPE of the encapsulated packet, which is usually internet protocol version 4 or version 6, and then the length is determined via other methods.

For example, a value of 0x0800, which is written in hexadecimal, and is equal to 2048 in decimal. The 0x in front of 0800 is used to indicate hexadecimal, by the way. I’ll talk more about hexadecimal in a few slides when I talk in detail about MAC addresses.

2048 is greater than 1536, of course, and its used to identify that the encapsulated packet is an IPv4 packet. 0x86DD, which is equal to 34525 in decimal, is used to indicate that the encapsulated packet is an IPv6 packet. Okay, so those are all of the fields in an Ethernet header.

Try to remember the lengths of each field. . .

The preamble is 7 bytes long, the start frame delimiter is 1 byte, the destination is 6 bytes, as is the source, as both are MAC addresses, and the Type, or length, field is 2 bytes. Now let’s take a brief look at the only field of the Ethernet trailer, the FCS, or frame check sequence. The only field of the Ethernet trailer is the FCS, which as I mentioned stands for frame check sequence.

It is 4 bytes, or 32-bits in length. It’s purpose is to detect corrupted data by running a ‘CRC’ algorithm over the received data. CRC means cyclic redundancy check.

Cyclic refers to something called ‘cyclic codes', ‘redundancy’ refers to the fact that these 4 bytes at the end of the message enlarge the message without adding any new information, so they are redundant, and check refers to the fact that is CHECKS, or verifies, the data for errors. Don’t worry about the details of CRC too much, just be aware of the term, and remember that the Ethernet frame’s Frame Check Sequence is a Cyclic Redundancy Check. If you remember that, you should be good for the CCNA.

Feel free to read around on Wikipedia if you’re curious to learn more about Cyclic Redundancy Checks. Okay, now we know all of the fields of an Ethernet frame, both the header and the trailer. Try to recall the length of each field again….

The Preamble is 7 bytes…. The Start-frame delimiter is 1 byte…. The destination is 6 bytes.

. . the source is 6 bytes also.

. . the type, or length, field is 2 bytes.

. . How about the trailer, what’s the length of the frame check sequence?

It is 4 bytes. This brings the total size, including header and trailer, to 26 bytes. So, there’s an overview of each field of an Ethernet frame.

However, the fields I really want to focus on in this video are the source and destination MAC address fields. I mentioned a little bit about MAC addresses, but let’s dig a little deeper. So let’s spend a few slides looking into MAC addresses.

As I mentioned before, a MAC address is a 6-byte, or 48-bit, physical address assigned to the device when it is made. This is different than an IP address, which you assign in the CLI when you configure the device. You might also hear the term ‘burned in address', or BIA, to refer to a MAC address.

This is because the address is ‘burned-in’ to the device as it is made. The MAC address is globally unique, no two devices in the world should have the same MAC address. Although, there are MAC addresses known as ‘locally-unique’ MAC address, which don’t have to be globally unique throughout the world, however in almost all cases MAC addresses are globally unique.

The first 3 bytes of the MAC address are the OUI, which stands for organizationally unique identifier, and it's assigned to the company making the device. So Cisco, for example, will have various OUIs which only Cisco can use, and other makers will have their own OUIs which only they can use. The last 3 bytes, the second half of the address, are unique to the device itself.

MAC addresses are written as a series of 12 hexadecimal characters. For those of you who aren’t sure what hexadecimal is, let’s check it out a little bit. Before explaining hexadecimal, I want to make sure we all understand how the decimal system works.

I don’t mean to insult anyone’s intelligence, I’m sure you all know how to count, but let’s just review the system so we can compare it to hexadecimal. The decimal system uses 10 possible digits, 0,1,2,3,4,5,6,7,8, and 9. So, you start with 0, then 1,2,3,4,5,6,7,8, and 9.

This number 9 here represents 9 1s, or 9 times 1. Then where do you go from here? You have to add another digit, adding a 10s column.

You probably look at this number and just think ‘10’, but really it means 1 value of 10, and 0 values of 1. Then 11, is one 1, and 1 1. Then you increase the ones column to get 12, 13, 14, 15, 16, 17, 18, and 19.

Then you can’t increase the ones column anymore, so you add 1 to the 10s column to get 20, which is 2 tens, and 0 ones. Then 21, 22, etc. all the way to 99.

Now both the 10s column and the 1s column are maxed out. To represent higher numbers, you have to add another column, the 100s column. 100 hundred means 1 value of 100, 0 values of 10, and 0 values of 1.

Then you follow the same process, to get 101, 102, etc all the way to 999. Then once again, you have to add another column, to make 1000. So, that’s how the decimal system works.

Let’s look at hexadecimal. While decimal uses 10 possible digits, hexadecimal uses 16 possible digits. The first 10 are the same as the decimal system, 0,1,2,3,4,5,6,7,8, and 9.

The other 6 are borrowed from the alphabet, A, B, C, D, E, and F. Although these are the same characters as in the alphabet, they represent numbers here. So, hexadecimal A is equivalent to 10 in decimal, B is 11, C is 12, D is 13, E is 14, and F is 15.

Here’s a chart showing some decimal numbers, in black, and their hexadecimal equivalents, in red. We already saw the hexadecimal numbers up to F, which is equal to decimal 15. Notice how the numbers are written after F.

This hexadecimal number looks like 10, but it isn’t 10. The second column in hexadecimal represents 16, so this is 1 sixteen, and 0 1s. So, it’s equivalent to decimal 16.

This number looks like 11, but really it’s 1 16 and 1 1, so it’s equivalent to decimal 17. hexadecimal 1 2 is decimal 18, hexadecimal 1 3 is decimal 19, hexadecimal 1 4 is decimal 20, hexadecimal 1 5 is decimal 21, hexadecimal 1 6 is decimal 22. hexadecimal 1 7 is decimal 23, etc.

Hexadecimal then proceeds 1 8, 1 9, 1 A, 1 B, 1 C, etc. The purpose of all of this is just to give you an introduction to hexadecimal. When we cover internet protocol version 6 in a later lesson, we’ll go more in depth.

For now, if you have a general understanding of what hexadecimal is, that’s good enough. Let’s move on. So here’s a simple network, just three PCs connected to a switch.

Notice the interface names for the switch, F0/1, F0/2, and F0/3. F means fastethernet, so these are 100 megabit per second interfaces. I’ve also written the MAC address for each PC.

You’re probably not going to see any MAC addresses like these, I’ve just simplified them for this demonstration. Notice each MAC address is a series of 12 hexadecimal digits, separated by periods. You may also see periods after every other digit, so for example PC1’s MAC address would be AA dot AA dot AA dot 00 dot 00 dot 01.

But I tend to write them after every fourth character. The OUI, or organizationally unique identifier, which is the first half of the MAC address, is AAAAAA for each device, so we know that these PCs are all from the same maker. The second half of the MAC address of each device, however, is different for each PC, as the second half identifies the device itself.

Now, let’s say PC1 wants to send some data to PC2. Due to lack of space I’ve just written an abbreviated form of the destination and source MAC addresses here. By the way, this kind of frame is called a ‘unicast frame’, a frame destined for a single target, PC2 in this case.

There are other kinds of frames, like broadcast frames, which we’ll learn as we go along. But for now, remember this term, unicast. PC1 sends the frame through it’s network interface card, which is connected to SW1, and SW1 receives the frame.

After SW1 receives the frame, it looks at the source MAC address field of the frame and then uses that information to LEARN where PC1 is. As you can see here, it adds the MAC address AAAA. AA00.

0001 to it’s MAC Address table, and it associates that MAC address with its F0/1 interface. This is known as a ‘dynamically learned’ MAC address, or just ‘dynamic MAC address’, because it wasn’t manually configured on the switch, the switch learned it itself. Every switch will keep a MAC address table like this, and they fill the MAC address table dynamically by looking at the source MAC address of frames it receives.

Since SW1 received a frame from source MAC Address AAAA. AA00. 0001 on it’s F0/1 interface, it knows that I can reach that MAC address on that interface, and adds it to the MAC address table.

This is a very important concept, so I’ll probably repeat it multiple times. This is how switches dynamically learn where each device on the network is, by looking at the source MAC address of the frame. Now, there is one problem.

The destination of the frame is AAAA. AA00. 0002, but SW1 doesn’t know where that is.

This, by the way, is called an ‘unknown unicast’ frame, a frame for which the switch doesn’t have an entry in its MAC Address table. Because the switch doesn’t know how to reach the destination, it has only one option. That is to FLOOD the frame.

Flood means to forward the frame out of ALL of its interfaces, except the one it received the packet on. So, that would look like this. SW1 copies the frame and sends it out its F0/2 and F0/3 interfaces.

It doesn’t send it out of its F0/1 interface, because that’s the interface it received the frame on. So, what happens next? Well, PC3 ignores the packet, because the destination MAC address doesn’t match its own MAC address, it simply drops the packet.

PC2, however, receives the packet, and then processes it normally, up the OSI stack. However, unless PC2 sends a reply of some sort, it stops there. SW1 never receives a packet from PC2, so it can’t learn PC2’s MAC address and use it to populate the MAC address table.

So, let’s say PC1 sends another frame to PC2. Once again, it is received by SW1, and it already knows PC1’s MAC address, so it doesn’t have to add it to the MAC address table again. However, it still doesn’t know where PC2 is, so it once again floods the frame.

PC3 drops the frame, and PC2 receives it and processes it normally. Now, let’s say PC2 then wants to send some data to PC1, maybe a reply to what PC1 sent to PC2. Notice the destination and source addresses of the frame are reversed.

PC2 sends the frame out of its network interface, and SW1 receives it. SW1 looks at the source MAC address of the frame, and then adds it to its MAC address table, associating it with the F0/2 interface. This time, however, it doesn’t flood the frame.

This is known as a KNOWN UNICAST frame, because the destination is already in its MAC address table. Whereas UNKNOWN unicast frames are flooded, known unicast frames are simply forwarded to the destination, like this. And PC1 then processes the frame up the OSI stack, through the de-encapsulation process which we learned about in day 3’s video.

One more point about these dynamic MAC addresses. On Cisco switches, these MAC addresses are removed from the MAC address table after 5 minutes of inactivity. So, if PC1 didn’t send any traffic for over 5 minutes, SW1 would remove the MAC address to clean out the MAC address table.

Of course, if PC1 sent traffic again, SW1 would dynamically learn its MAC address again. Let’s look at another example, this time with two switches. Notice the MAC address table of each switch.

Currently they are empty, so once again we will see the process of MAC address learning and flooding. So, PC1 wants to send some information to PC3. The source MAC address of the packet is aaaa.

aa00. 0001, and the destination is aaaa. aa00.

0003. So, PC1 sends the frame out of its network interface and it arrives at SW1. SW1 learns PC1’s MAC address from the source address field of the frame, and associates it with the interface on which it was received, F0/1.

I’ll just say once more, I’m only writing a short version of the MAC address due to the lack of space here, really the frame and the MAC address table would include the whole MAC address, of course. Once again, a MAC address learned in this way is called a ‘dynamically learned MAC address, or more often, a ‘dynamic’ mac address. Now, SW1 has learned that PC1 can be reached via it’s F0/1 interface, but it still doesn’t know where PC3 is.

Do you remember the name for this kind of frame? It’s called an ‘unknown unicast frame’. And what does a switch do with an unknown unicast frame?

It floods it out all of its ports, except the one it was received on. In this case it will flood the frame out of F0/2 and F0/3, but not F0/1, because it received the frame on F0/1. PC2 drops the frame because the destination MAC Address doesn’t match its own MAC address.

Now, what will SW2 do? Well, the exact same rules apply. Just like SW1 did, it uses the source MAC address field of the frame to dynamically learn PC1’s MAC address and the interface it can use to reach PC1.

Note that, unlike on SW1, PC1 isn’t actually directly connected to the interface SW2 enters in its own MAC address table. However, this is the interface which SW2 will use to reach PC1. That’s the meaning of the interface in the MAC address table, it doesn’t mean the device is directly connected to this interface.

Now, SW2 received a unicast frame, that is a frame destined for a single device, but it doesn’t know how to reach that device, because its not in its MAC address table. One last time, what is this kind of frame called? It’s an unknown unicast frame.

And what does the switch do with it? It floods it out all interfaces, except the one it was received on. So, which interfaces will it send the frame out of?

Well, it received the frame on F0/3, so it won’t be flooded out of that interface, but it will be sent out of all other interfaces, F0/1 and F0/2 in this case. PC4 drops the frame because the destination MAC address doesn’t match its own. PC3, however, receives the frame, as the destination MAC address matches its own MAC address.

Let’s say that PC3 is going to send a reply back to PC1. Notice the destination and source MAC address fields of the frame are reversed. PC3 sends the frame out of its network interface, and it is received by SW2.

SW2 learns PC3’s MAC address, and enters the MAC address and the corresponding interface in its MAC address table. Just so we’re clear, the switch uses the SOURCE MAC ADDRESS field to fill its MAC address table because, if it receives a frame from that source on the interface, it knows that it can reach that MAC address via that interface. So, lets continue.

SW2 already has an entry for the destination MAC Address, aaaa. aa00. 0001, in its MAC address table, so there is no need to flood the frame.

Instead, it is forwarded normally out of the corresponding interface in the MAC address table, which is F0/3. The frame is received by SW1, which adds an entry for PC3’s MAC address in its MAC address table, with the interface F0/3, since that’s where it received the frame. Finally, since SW1 already has an entry for the destination MAC address in its own MAC address table, SW1 forwards the frame out of the corresponding interface, and it reaches its destination, PC1.

Okay, so that was a lot of information. I was actually planning to cover the Ethernet LAN switching topics in a single video, but I’ve decided to split it up into two videos. So, let’s move on to the quiz for today’s video, here’s question 1.

Which field of an Ethernet frame provides receiver clock synchronization? A, preamble. B, SFD.

C, Type. Or D, FCS. Pause the video to think about your answer.

the answer is A, preamble. Lets’ check. The SFD, or Start Frame Delimiter, signifies the end of the Preamble, it is not used to provide receiver clock synchronization.

So B, SFD, is incorrect. The Type field indicates the type of packet encapsulated within the frame. So c, Type, is incorrect.

The FCS, or Frame Check Sequence, is used to detect errors that occurred during transmission. So d, FCS, is incorrect. The preamble is a series of 1s and 0s (or 7 bytes of 10101010) which allows the receiving device to synchronize its receive clock.

So A, Preamble, is the correct answer. Let’s go to question 2. How long is the physical address of a network device?

A, 32 bytes. B, 32 bits. C, 48 bytes.

Or D, 48 bits. Pause the video to think about your answer. the answer is D, 48 bits.

Remember, a byte is equal to 8 bits, so 48 bytes is equal to 384 bits. The MAC address, which is an address assigned to the physical device, is 48 bits, not bytes, long. By the way, an IP address, which we will learn about soon, is 32 bits in length.

Let’s go to question 3. What is the OUI of this MAC address? E8BA.

7011. 2874. A, E8Ba.

B, E8BA. 70. C, 7011.

Or D, E8BA. 7011. Pause the video to think about your answer.

the answer is B, E8BA. 70. The OUI (Organizationally Unique Identifier) is the first half (or 24 bits) of a MAC address.

It is a unique value assigned to the maker of the device. The first half of this MAC address is E8BA. 70, so B is the correct answer.

Let’s go to question 4. Which field of an Ethernet frame does a switch use to populate its MAC address table? A, preamble.

B, length. C, Source MAC Address. Or D, destination MAC address.

Pause the video to think about your answer. the answer is C, Source MAC address. Lets’ check.

The preamble is a series of 1s and 0s (7 bytes of 10101010) which allows the receiving device to synchronize its receive clock. It is not used to populate the MAC address table. So A, preamble, is incorrect.

The Length field indicates the length of the encapsulated packet. It is not used to populate the MAC address table. So b, length, is incorrect.

Although this field does specify a MAC address, it does not help the switch populate its MAC address table. So d, destination MAC address, is incorrect. A switch uses the Source MAC Address field to populate its MAC address table.

It associates the source MAC address with the interface on which the frame was received. This allows the switch to learn how to reach other devices on the network. So C, source MAC Address, is the correct answer.

Let’s go to question 5. What kind of frame does a switch flood out of all interfaces except the one it was received on? A, unknown unicast.

B, known unicast. Or C, allcast. Pause the video to think about your answer.

the answer is A, unknown unicast. Let’s check. A known unicast frame is a frame for which the destination MAC address is already in the switch’s MAC address table.

Since it already knows how to reach the destination, there is no need to flood the frame. So b, known unicast, is incorrect. Allcast is not a type of Ethernet frame.

So c, allcast, is incorrect. An unknown unicast frame is a frame destined for a single host, however the switch doesn’t know how to reach the destination so it floods the frame out of all interfaces except the one it was received on. So A, unknown unicast, is the correct answer.

As usual, there are additional supplementary materials to help you understand and remember what you studied. There is a pre-made deck of Anki flashcards to help you review, check the link in the description. There will be a packet tracer lab, but I’ll leave that for after Part 2 of Ethernet LAN switching, so there won’t be a practice lab for this video specifically.

Good luck with your studies! Thank you for watching. Please subscribe to the channel, like the video, leave a comment, and share the video with anyone else studying for the CCNA.

If you want to leave a tip, check the links in the description. I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the Brave browser. That's all for now.