Cisco - CCENT/CCNA R&S (100-105) - How Switches Learn & Forward Frames .18

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

with me right in this next section we're gonna pick up the switching overview for those who don't know you can contact me here on YouTube on LinkedIn or Twitter jumping in interest which you know of you so far what we talked about within the land element we've discussed duplex in and the different variations of duplex in along with speed that was discussed in our last video and then prior to that we touched on this concept around collision domains broadcast domains csma/cd and the history of what switchin was and what it's become today and why we need you to evolve from hubs and bridges into switches one of the key parts I want to pull out from the previous videos was I mentioned that a switch allows you to have a different collision domain if you remember previously we said a hub had all its devices connected and all these devices when one sent traffic onto the wire it was electronically broadcasted out all of the supports and this is why hub is sometimes called a repeater and due to this only one wire could be active s given time and it heavily used the csma/cd to help because everything was in the collision domain in the same collision domain when switches came out it had this new concept of memory on each port so as frames were received at mobile times on different ports it was able to sit in this buffer and the CPU or as we previously discussed the ASIC which are specialized chips would actually handle the switching requests and fought the frames to the correct destination and that was instead of sort of layer 1 physical signals it was based on the layer 2 addressing but we didn't go into is how that layer 2 addressing is actually built and how the switch knows Wed send that information so what we do need to know for this section is frames afford based on the MAC address table and I've put a little star here next to frames because hopefully you can see that because I'm using the terminology of a frame we know that the PD the protocol debt unit for frame is at layer 2 in the OSI model so when we talk about frames and switching we're primarily talking about layer 2 there is a video previously in the course that goes into the OSI in more depth and hopefully the thing you've already watched so you have a understanding of the OSI model and we're switching fits into that it is possible for switching to fit into the more upper layers which is layer 3 and layer 4 and there be kind of a multi-layer switch but for now as far as an CCENT is concerned we need to really focus on the layer 2 element of switching with the understanding that there is this possibility of layer 3 so it keeps a list of MAC addresses inside of the cam or mac table so there's a table inside a switch and on one side it has the column of port and on the other side has the MAC address and it have a list of all the ports that are available on the switch providing is learned some kind of MAC address on it so it may say outside port 1 there's MAC address xx outside port - there's MAC address YY outside port free MAC address Z Zed and MAC address said Y outside for this MAC address a B and it will continue to list all the MAC addresses that the switch is we're off here you see I've actually put the same port twice which is port 3 and that's because outside port free is actually where two MAC addresses is where all Z Zed and said why and the reason for that is because if we think about us switching domain let's say we have two switches that are directly connected and off the back of these two switches let's say there's a PC here another PC and then a PC over here this switch will actually see both math addresses of these two PC's as this port and obviously a single MAC address for this port this switch will see this pcs math address out of this port what's key to understand is as the switch learns MAC addresses on particular ports it then populates the table and its responsibilities as frames comes in is to look at the destination and to switch it to the correct interface it doesn't necessarily the next device is the end client as in is the actual PC itself or whether it's simply another switch so a few questions come to mind obviously how is this table built what if a MAC address is received and we're not aware of the destination how does the table keep up to date and these are the sort of questions that we're going to answer on our next slide so I put together four elements that are we're going to dive into in a bit more depth to understand how switches learn where source and destinations are in order to populate this table and once it has this table is able to look at the layer to frame information the destination particular and know which port to send the traffic out on but like I said first of all in order to get that table in East to learn and how does it learn well it learns based on the source MAC address so let's say we have a switch and this switch has let's say three pcs connected into it and on these pcs or on this switch even we've got port one two three and in its can table it has two columns which has port and has Mac as frames come into the switch the switch will look at the source MAC address of the NIC that's sending frames into the switch and remember when we talk about frames we talked about layer - the switch will go I received a frame on port one you look at his MAC address table and even notice that it doesn't have a MAC address for port 1 so because of that it will look at the source and it will populate its table with let's say X X which is the math dress of this device if for example it already knows about MAC address let's say on PC - here connected on port - it's already aware that pc 2 has the MAC address of Y Y then when it receives that frame and it's aware of the source MAC address it uses this opportunity to do something different this switch will refresh the timer it has for that MAC address on that port because this timer will go down and the reason it needs to go down is because as devices are moved changed or no longer being used it needs to free up the cam table because the memory it uses and it needs to ensure that if it devices moved from one location to another it correctly times out so I was able to then forward the traffic out the correct port otherwise what would happen is you're left with some sort of stealth session where a particular switch thinks it's out of a port to reach a device where actually it's reachable out of a different port on a different device now when it goes to actually forwarding the frame the frame could be a variation of things it could be a multicast it could be a broadcast it could be a unicast or something called an unknown unicast and why is it important to know what type of forwarding well ultimately the forwarding is based on the destination so the destination is a multicast broadcast or unicast it affects what the switch performs against that frame when it's received in from a device okay so moving into the forwarding in more detail there are different types of folding the first folding is simply called folding and it's based on if the layer to address is a unicast address and the way the switch would consider it being a unicast address is if the switch knows where the destination lives so we have let's say a switch with three ports and let's say we have pcs on the end of all these ports as this PC generates the frame obviously it's going to have data let's say it's a tcp/ip so there's your layers four to five sorry seven to five there's your layer four days you layer three but in the layer 2 header Ethernet header there's those two fields which is the destination and sauce Mac the sauce will obviously be this guy here and the destination will be this person up here well when this PC builds that frame and he populates with the destination Mac of this person and the source Mac of himself and it goes into the switch the switch will look at its table and avoiding that is able to see within the table the correct port to reach the destination Mac then it's able to unique at that traffic therefore it doesn't need to send traffic out of any other ports so you have a nice clean what we call a unicast communication between these two devices and this is what we call also a standard Ford traffic our next option is to flip the traffic if we have a switch and we have mobile devices off that switch and the PC when it creates its frame inside the Ethernet header it doesn't know the destination instead it can populate it with the or left address and when the switch looks at the destination and sees these all s what that means to the switch is it needs to send the traffic out of all of the interfaces except for the interface it was received on and this is called flooding this switch does this to learn where hosts are in the network there are also other types of flooding that was an example of broadcast you have something called multicast which is beyond the sea sent but if we had let's say two devices out on the wire that needed to receive a particular frame then we know unique ass is one to one and we know broadcast is two or well multicast is one too many so if we wanted to communicate your two devices we would send some sort of mobile casted frame and the last one to know of is a unknown unicast let's say when there's PC built the frame it built its data done it's TCP got his IP and in the ethernet header put the destination and source and it knew the destination MAC of this PC so it's able to fully create this frame as that frame went into the switch the switch may or may not know where this particular MAC address is located and let's say for every reason the PC new that the switch didn't the switch will still need to flood that frame because the switch wouldn't know what port to send it out of and we consider this an unknown unicast because the PC was trying to perform some sort of unique ass with someone else but the switch in the middle was unaware or didn't know where the destination was and therefore had to flood it to everyone now flooding is a key element of actually house which builds its kam table or MAC address table because as the information is flooded to everyone on the switch when the interested host responds to say hey that traffic is for me the switch is able to see the response come back in and because it's able to see the response is able to see the source that's generating the traffic and as we know switches learn based on source address so as the response back to the machine asking the question or flooding the data out is able to now populate the table and there's also the option to discard so there are two main reasons why a switch may discard a packet there's actually a couple if the switch or kam table is full so the CPU or RAM utilization and this depends to because some switches will actually turn into a hub and start sending the traffic out of all its interfaces an attempt to try and deliver the traffic and this also doubles up as a attack that someone can perform on your switch by purposely filling out the cam table by sending in lots of traffic from a different source address the switch will continue to learn until the memory is full and then ultimately start selling traffic out of all the interfaces and when it does the attacker will be sitting on a particular port with something like Wireshark and is able to take that traffic another reason it may discard is one rule of switching is you can't send traffic back out the interface it was received on so if the destination MAC address was YY but the cam table tells the switch that YY is back out the interface the traffic came in on the switch will have no option but to discard that traffic now to put all that into perspective and just put some sort of flowchart around it I've put together a step by step of the actions that a switch takes as it receives a frame so step one is obviously receive a frame and depending on whether it knows the source address or not it performs two actions if it doesn't know about the source address or source MAC that lives on that port it will add it to its cam table and if it doesn't know about the device it will refresh the aged timer because obviously that device is active on the network if after a period of time I think it's about five minutes that device doesn't respond then it will clear the table the next question the switch needs to ask is based on the destination it's a destination a broadcast meaning is to everyone on the network it has the F's in the destination field is it a multicast is it to a bunch of people on the network or is it an unknown unicast meaning for some reason the sending device has populated the MAC address inside the destination field but I as a switch I'm not aware of it so I consider it an unknown unicast if it's any of these types of destinations then my job is to flood the frame I need to send it to everyone except for the port it was received on if it's not a broadcast multicast on unknown unicast then I need to ask myself a second question is the source and destination on the same interface if it is and I need to filter the frame I needed to scard it get rid of it and lastly if it's gone through all of this process then it must be a unicast address and because I don't need to flood it I must know what the correct port is to Ford the traffic therefore I'm able to fold the unique ass to the correct port okay so I've got time for this lesson just to recap what we've learnt we first of all started with the switch no of you we started by having a conversation around the previous videos understanding and ensuring we understand the difference between broadcast main collision domains and why we had to evolve from hub switches and how switches gives us individual collision domains and introduced this concept of memory on the port and what we call the cam table where our MAC addresses are stored we said that unlike hubs which simply repeat the traffic at layer 1 with the electrical signals switches utilize the layer 2 frame and in particular the source and destination MAC address 2 for traffic out of the correct port that it needs to be forded we then delve into how the actual switch creates this table by first of all understanding how switches learn we said as frames come into the network the switch looks at the source MAC address inside that frame and populates its table and depending on where it needs to for the traffic it performs a variety or a different task we then went into understanding multicast and unknown unicast we finished up with a overview of the flow showing the decision process that the switch takes step by step in order to Ford a frame deciding whether the frame should be filtered flooded or simply Ford to the correct destination in our next couple of videos this concept of switching will come more clear when we dive into protocols like the address resolution protocol up because those sought protocols show you really how the switch learns and when we get into actually looking at the switch MAC address table some of these concepts will become more clear I hope this vid has been informative and I like to thank you viewing and if it has been please do like and subscribe

Info

Channel: Ryan Beney

Views: 25,460

Rating: undefined out of 5

Keywords: ccent routing and switching, how switches work, ccna switching, CCENT switching, CCENT switching basics, switching basics, layer 2 switching, layer 2 switching tutorial, switch flooding, switching learning, ccent 100-105, ccna full course, ccna tutorial for beginners, ccna switching videos, ccent switching overview, switch basics, cisco switch basics, network switch basics, how switch works in networking, cisco switch configuration, cisco switch tutorial

Id: IhazbLZkVqY

Channel Id: undefined

Length: 19min 51sec (1191 seconds)

Published: Tue Nov 29 2016