Beruflich Dokumente
Kultur Dokumente
I. Foundation Topics
1. Ethernet Layer 1: Wiring, Speed, and Duplex
1. RJ-45 Pinouts and Category 5 Wiring
2. f
3. f
Ethernet Cabling Types
Type of Cable
Pinouts
Straight-through
Crossover
4.
5. Auto-negotiation, Speed, and Duplex
1. HDX = Half Duplex
2. FDX = Full Duplex
3. Switch ports default to auto-negotiate
1. Fast Link Pulses (FLP) used in auto-negotiation for speed however if autonegotiation disabled on one of the endpoints, then speed can be detected
based on the incoming electrical signal.
2. Duplex can only be auto-negotiated, and if statically set on one side while the
other side is using auto duplex will default to half for 10 and 100Mbps,
while 1000Mbps will default to full.
2. CSMA/CD
1. Created to minimize and detect collisions
2. How it works
1. A device with a frame to send listens until the Ethernet is not busy (in other
words, the device cannot sense a carrier signal on the Ethernet segment).
2. When the Ethernet is not busy, the sender begins sending the frame
3. The sender listens to make sure that no collision occurred.
4. If there was a collision, all stations that sent a frame send a jamming signal to
ensure that all stations recognize the collision.
5. After the jamming is complete, each sender of one of the original collided
frames randomizes a timer and waits that long before resending. (Other
stations that did not create the collision do not have to wait to send.)
6. After all timers expire, the original senders can begin again with Step 1.
3. Collision Domains and Switch Buffering
1. Hubs
1. Operate solely at Ethernet Layer 1
2. Repeat (regenerate) electrical signals to improve cabling distances
3. Forward signals received on a port out all other ports (no buffering)
4. Hubs create only a single collision domain while SWITCHES create one
per port.
2. See below; shows SW1 and SW4 configured for a duplex mismatch. SW4
configured with half duplex is getting a lot of collisions and late collisions as
well as deferred frames and output errors.
3. One thing to consider is that collisions should be detected within the first 64
bytes of transmission; however below you will see more late collisions which are
collisions that are detected after the first 64 bytes... this is because one side isn't
playing by CSMA/CD rules and is sending frames via FDX.
4. Below you will notice that CDP carries information about switch and port
settings and will notify you via syslog message there is a duplex mismatch.
7.
4. f
Field
Description
Preamble (DIX)
Type (or Protocol Type) (DIX) 2-byte field that identifies the type of protocol or protocol header that
follows the header. Allows the receiver of the frame to know how to
process a received frame.
Length (802.3)
Describes the length, in bytes, of the data following the Length field,
up to the Ethernet trailer. Allows an Ethernet receiver to predict the
end of the received frame.
DSAP; 1-byte protocol type field. The size limitations, along with
other uses of the low-order bits, required the later addition of SNAP
headers.
Control (802.2)
Organizationally Unique
Identifier (SNAP)
OUI; 3-byte field, generally unused today, providing a place for the
sender of the frame to code the OUI representing the manufacturer of
the Ethernet NIC.
Type (SNAP)
2 byte Type field, using same values as the DIX Type field,
overcoming deficiencies with size and use of the DSAP field.
5.
1. Types of Ethernet Addresses
Three types of Ethernet/MAC Address
Type of Ethernet/MAC Description and Notes
Address
Unicast
Fancy term for an address that represents a single LAN interface. The I/G
bit, the most significant bit in the most significant byte, is set to 0.
Broadcast
An address that means all devices that reside on this LAN right now.
Always a value of hex FFFFFFFFFFFF.
Multicast
A MAC address that implies some subset of all devices currently on the
LAN. By definition, the I/G bit is set to 1.
2.
3. Ethernet Address Formats
4. f
1.
I/G and U/L Bits
Field
Meaning
I/G
Binary 0 means the address is a unicast; Binary 1 means the address is a multicast or
broadcast
U/L
Binary 0 means the address is vendor assigned; Binary 1 means the address has been
administratively assigned, overriding the vendor-assigned address.
5. f
Description
Protocol Type
DSAP
SNAP
Forwards frame out the single interface associated with the destination address
Unknown unicast
Floods frame out all interfaces, except the interface on which the frame was
received
Broadcast
Multicast
4. f
5. f
6. f
7. f
8. SPAN and RSPAN
1. SPAN (Switch Port Analyzer) useful to send all traffic from a source port or VLAN
out a single port.
1. Traffic monitoring for compliance
2. Data Collection
1. All traffic from a voice VLAN send out a port to record all conversations.
2. IDS/IPS
3. Support particular application
2. SPAN Sessions can be sourced from a single or multiple ports, or from a VLAN.
3. Can be on a port on another switch, using RSPAN
1. RSPAN VLAN must be included on the trunk leading to another switch
9.
1. Core Concepts of SPAN and RSPAN
1. In SPAN, you create SPAN source, either ports or VLANs, and the destination port
is also on the same switch
2. In RSPAN, you create same source as SPAN, ports or VLANs. Destination is the
RSPAN VLAN... therefore all traffic can be carried over trunks until it reaches the
destination switch which will take the RSPAN VLAN and output to a RSPAN
destination port.
3. SPAN source port can be any type of port. Source VLAN all ports that are part of
that VLAN are monitored and are dynamically added or removed from the
monitoring when they become or are removed from VLAN membership. Also, a
port configured as a SPAN destination cannot be part of a SPAN source VLAN.
III. What do you do now? What do you think... check out Cisco
documentation on this subject, review, practice etc....