Days 5, 6: Ethernet LAN Switching

CCNA 200-301 Study Guide: Ethernet Switching and ARP

1.0 Ethernet's Role in the LAN: Layer 2 Fundamentals

Ethernet is the foundational technology for modern Local Area Networks (LANs). It defines how devices connect and communicate within a local environment across Layers 1 and 2 of the OSI model.

Layers of Operation

Layer 1 (Physical): Defines cabling (Fiber, UTP), connectors (RJ-45), and electrical/optical signaling.
Layer 2 (Data Link): Establishes media access rules and physical addressing via MAC addresses.

The Function of a Network Switch

Switches are Layer 2 devices that make intelligent forwarding decisions, creating a more efficient network than legacy hubs.

Concept	Definition	Switch Impact
Collision Domain	A network section where packets can collide if sent simultaneously.	Each switch port is a separate collision domain. In full-duplex, collisions are eliminated.
Broadcast Domain	The area where a broadcast frame (sent to all) is propagated.	Switches forward broadcasts out all ports. Only routers (Layer 3) segment broadcast domains.

Duplex Communication Modes

Half-Duplex: One-way communication at a time. Uses CSMA/CD to manage collisions. (Legacy/Hubs).
Full-Duplex: Simultaneous two-way communication. Standard in modern switching; eliminates collisions.

2.0 Anatomy of an Ethernet Frame

The Ethernet frame is the Layer 2 Protocol Data Unit (PDU). The standard Ethernet II frame structure is detailed below:

Field	Size	Description
Preamble	7 Bytes	Alternating 1s and 0s for clock synchronization.
SFD	1 Byte	Start Frame Delimiter; signals the start of the Destination MAC.
Destination MAC	6 Bytes	Address of the recipient. FFFF.FFFF.FFFF indicates a broadcast.
Source MAC	6 Bytes	Address of the sender. Used by switches to learn device locations.
Type / Length	2 Bytes	Value $\ge 1536$ = Type (e.g., 0x0800 for IPv4). Value $\le 1500$ = Length.
Data (Payload)	46–1500 B	Encapsulated Layer 3 packet. Padding added if $< 46$ bytes.
FCS	4 Bytes	Frame Check Sequence; uses CRC to detect transmission errors.

3.0 Understanding MAC Addressing

A Media Access Control (MAC) address is a 48-bit (6-byte) unique physical identifier "burned into" the NIC.

Format: 12 Hexadecimal characters (e.g., 000C.29B0.119D).

MAC Address Structure

OUI (Organizationally Unique Identifier): The first 3 bytes. Assigned by the IEEE to manufacturers (e.g., Cisco, Intel).
NIC Specific: The last 3 bytes. A unique serial number assigned by the manufacturer.

4.0 The Core Logic of an Ethernet Switch

Switches use a MAC Address Table (also known as the CAM Table) to map MAC addresses to physical ports.

A. The Learning Process

Switch receives a frame.
Inspects the Source MAC.
Records the MAC and the incoming port in the table.
Aging: Entries are removed after 300 seconds (default) if no new traffic is seen from that MAC.

B. The Forwarding Process

Decision based on the Destination MAC:

Destination Type	Condition	Action
Known Unicast	MAC is in the table.	Forward out the specific port only.
Unknown Unicast	MAC is NOT in the table.	Flood: Send out all ports except the source.
Broadcast	MAC is FFFF.FFFF.FFFF.	Flood: Send out all ports except the source.
Multicast	MAC starts with 0100.5E.	Flood (unless IGMP Snooping is active).

C. Internal Switching Methods

Store-and-Forward: Receives entire frame, checks CRC (error check), then forwards. Most reliable.
Cut-Through: Forwards as soon as the Destination MAC is read. Fastest, but forwards errors.
Fragment-Free: Buffers the first 64 bytes (where most collisions occur) before forwarding.

5.0 Bridging the Gap: Address Resolution Protocol (ARP)

ARP resolves a known Layer 3 IP address to an unknown Layer 2 MAC address.

ARP Request: A broadcast (FFFF.FFFF.FFFF) asking "Who has IP X.X.X.X?"
ARP Reply: A unicast response from the target device providing its MAC address.
ARP Cache: Devices store these mappings locally to avoid repeated broadcasts.
- Cisco Check: show arp
- Windows Check: arp -a

6.0 Practical Verification (Cisco IOS)

MAC Table Commands

show mac address-table: Displays the CAM table.
clear mac address-table dynamic: Flushes all learned entries.
clear mac address-table dynamic interface [ID]: Flushes entries for a specific port.

Ping Output Symbols

!: Success (ICMP Echo Reply received).
.: Timeout (Commonly seen on the first ping due to ARP resolution delay).
U: Unreachable (Routing error; no path to the destination).

7.0 Synthesis: The Operational Loop

Host A wants to talk to Host B (IP known, MAC unknown).
Host A sends an ARP Request (Broadcast).
Switch learns Host A's MAC and floods the ARP Request.
Host B sends an ARP Reply (Unicast).
Switch learns Host B's MAC and forwards the reply to Host A.
Host A encapsulates the data in a frame and sends it; the Switch performs Known Unicast forwarding.

Revision #1
Created 2026-03-14 19:13:11 UTC by Tony Utter
Updated 2026-03-14 19:13:39 UTC by Tony Utter