Networking: LANs, Topologies, Ethernet

Questions and Answers

What is the primary purpose of an Ethernet switch?

• To convert analog signals to digital signals.
• To amplify network signals.
• To block unauthorized network access.
• To filter and forward data packets intelligently. (correct)

A LAN is a computer network that spans a large geographical area

False (B)

At which layer of the OSI model does a hub operate?

• Layer 2 (Data Link Layer)
• Layer 1 (Physical Layer) (correct)
• Layer 4 (Transport Layer)
• Layer 3 (Network Layer)

A ______ address is a hardware address that uniquely identifies each node of a network.

MAC

The logical topology describes the physical layout of devices on a network.

False (B)

What does CSMA/CD stand for?

Carrier Sense Multiple Access/Collision Detection (B)

Which media access method does original Ethernet employ?

Contention-based (D)

Ethernet Layer 1 is sufficient to describe a LAN technology.

False (B)

Which IEEE standard defines the LLC sublayer?

IEEE 802.2 (B)

What is the primary function of the LLC sublayer in the Data Link Layer?

Interfacing between upper and lower layers. (B)

The MAC sublayer primarily deals with hardware implementation for media access control.

True (A)

Which of the following is a responsibility of the MAC sublayer?

Data encapsulation (B)

In data encapsulation, the ______ provides start-of-frame and end-of-frame bits for transmission.

frame delimiting

What is the underlying logical topology for original Ethernet?

Bus topology (B)

In hub-based Ethernet, full-duplex communication is standard.

False (B)

In hub-based Ethernet, how is data transmitted?

Data is transmitted to all connected devices. (C)

What is the primary characteristic of switch-based Ethernet regarding data transmission?

Data is first broadcast, then sent via unicast/multicast as needed. (C)

Collisions are a common occurrence in modern switch-based Ethernet networks.

False (B)

What action do devices take immediately after detecting a collision in a CSMA/CD network?

send a jamming signal

What is the purpose of the 'backoff algorithm' in CSMA/CD?

To reduce the likelihood of repeated collisions by introducing random delays. (A)

Apart from the Preamble field, what is the minimum size of an Ethernet frame (in bytes)?

64

What is the maximum size of the data field in an Ethernet frame (excluding headers and trailers)?

1500 bytes (B)

The first 6 HEX digits of a MAC address identify the ______ or vendor.

manufacturer

What uniquely identifies the interface serial number in a MAC address?

The last 6 HEX digits (A)

MAC addresses are hierarchical and can be used for routing packets across different networks.

False (B)

In Ethernet, what is the purpose of a unicast MAC address?

to send a frame to a specific device (B)

The broadcast MAC address in Ethernet is represented in hexadecimal as ______.

FF-FF-FF-FF-FF-FF

What is the range of IPv4 multicast addresses?

224.0.0.0 to 239.255.255.255 (A)

An Ethernet switch operates at Layer 3 of the OSI model.

False (B)

What does an Ethernet switch use to make forwarding decisions?

MAC addresses (C)

When the source MAC address does not exist in the MAC address table, the switch ______ it to the table along with the incoming port number.

adds

What action does a switch take when the destination MAC address is not found in its MAC address table?

The switch forwards the frame out all ports except the incoming port. (B)

What is the function of the Address Resolution Protocol (ARP)?

To resolve IP addresses to MAC addresses. (A)

An ARP Reply contains the IP address of the destination device.

False (B)

An Ethernet frame has a source MAC address of 00-1A-2B-3C-4D-5E and a destination MAC address of FF-FF-FF-FF-FF-FF. What type of communication is this?

Broadcast (C)

What is a 'burned-in address' (BIA) in the context of Ethernet MAC addresses?

permanently assigned mac address

A device on an Ethernet network sends out an ARP request. What is the destination MAC address in this ARP request frame?

The broadcast MAC address (FF-FF-FF-FF-FF-FF). (C)

Auto-MDIX technology eliminates the need for crossover cables in modern Ethernet networks.

True (A)

In cut-through switching, a switch forwards a frame after reading a minimal portion of it, specifically the ______ address.

destination

A network administrator notices excessive ARP broadcasts on the LAN. Which of the following is a potential consequence of this issue?

Reduction in network performance. (D)

Match the following Ethernet standards with their corresponding maximum bandwidth:

10BASE-T = 10 Mbps Fast Ethernet (100BASE-T) = 100 Mbps Gigabit Ethernet = 1000 Mbps (1 Gbps) 10-Gigabit Ethernet = 10,000 Mbps (10 Gbps)

In relation to network security explain what an ARP spoofing attack exploits.

lack of arp validation

Which of the following scenarios would MOST likely lead to ARP spoofing?

An attacker responds to ARP requests with a falsified MAC address. (D)

Flashcards

What is a LAN?

A network limited typically to a building or campus.

What is Physical Topology?

The arrangement of devices in a network, focusing on physical connections.

What is Logical Topology?

Describes how data passes through the network media, regardless of the physical layout.

What is a Hub?

A Layer 1 device that connects devices, broadcasting data to all connected devices.

What is a Switch?

A Layer 2 device that filters and forwards data based on MAC addresses.

What is a MAC address?

A unique identifier for a network interface; a device's physical address.

What is Ethernet?

A widely used wired LAN standard for connecting devices, operating at the data link layer.

What is CSMA/CD?

A media access method used in early Ethernet networks to manage collisions.

What does the Ethernet Standard cover?

Includes data link layer protocols and physical layer technologies.

What is the LLC sublayer?

The sublayer responsible for interfacing between networking software and hardware.

What is the MAC sublayer?

Handles media access control methods and functions with physical layer.

What is Data Encapsulation?

Adding headers and trailers to packets for transmission.

What is Thicknet/Thinnet?

A multi-access bus network, which used coaxial cable to connect computers.

What is the Star topology?

Devices are connected through a central hub, the most common topology

What is hub-based Ethernet?

Uses a hub; prone to collisions; half-duplex communication.

What is switch-based Ethernet?

Uses a switch; reduces collisions; often full-duplex communication.

How does CSMA/CD work?

Each device listens before transmitting; if a collision occurs, a jamming signal is sent.

What is an Ethernet II frame?

The Ethernet frame format used in TCP/IP networks, which has a minimum size of 64 bytes and a maximum of 1518 bytes.

What is the Preamble Field for?

Used for synchronization between sender and receiver.

What is the Destination MAC Address Field?

Serves as the identifier for the intended recipient.

What is the Length/Type Field?

Indicates length of data or describes higher-layer protocol.

What is the Frame Check Sequence Field?

Consist of CRC is used to detect errors.

What represents the manu/vendor?

The first 6 HEX digits represents the manufacturer or vendor of NIC.

What is the Burned-in Address (BIA)?

Hardware address permanently encoded on a network interface card (NIC).

What is Unicast MAC address?

Used for Layer 2 (Data link) communications.

What is Ethernet Broadcast?

The process of sending a frame from one host to all hosts.

What Broadcast MAC address?

MAC address of FF-FF-FF-FF-FF-FF.

What is Ethernet Multicast?

Sending a frame to a specific group of hosts.

Devices in multicast group?

Devices that belong to a multicast group are assigned a special multicast group IP address.

What is an Ethernet switch?

A Layer 2 device that uses MAC addresses to forward data.

What does the Ethernet Switch consult?

Consults a MAC address table (RAM) , unlike broadcast, to make forwarding decisions.

How does the switch addresses?

Builds the MAC address table by examining the source MAC address of frames received on a port.

How a frame forwards?

A lookup to MAC table is performed based on record matched for a MAC table.

What is Store-and-Forward?

A switch receives the entire frame, computes the CRC, and looks up the destination address

What is Cut-Through?

The switch forwards the frame before it is entirely received; minimum destination address read.

What is Auto-MDIX?

Detects the cable type, straight or crossover, automatically configuring interface to match.

What is ARP (Address Resolution Protocol)?

Used to discover local MAC addresses using destination IP.

How does the Sender?

The sending host will broadcast the ARP Request message to the entire LAN.

Information stored?

Mapping between IP and MAC addresses is stored in an ARP table.

Study Notes

Basic Terms

• A LAN is a computer network spanning a relatively small area
• Physical topology refers to the physical layout or arrangement of devices on a network
• Logical topology describes how data passes through the media from one device to the next, independent of the physical topology
• A hub is a Layer 1 device used to connect devices in a network and broadcasts incoming packets to all connected devices
• A switch is a Layer 2 device used to filter and forward data and initially broadcasts, then uses unicast or multicast as needed
• A MAC address is a unique hardware address (physical address) that identifies each node on a network

Ethernet Protocols Overview

• Ethernet is the most widely used wired LAN technology and standard and is implemented as a physical bus or star with a logical bus topology
• It uses CSMA/CD for media access in a CSMA/CD network
• Ethernet typically uses coaxial cables and special grades of twisted pair wires
• Variations of Ethernet include 10 Mbps (10BASE-T), 100 Mbps (100BASE-T, Fast Ethernet), 1000 Mbps (Gigabit Ethernet), and 10,000 Mbps (10-Gigabit Ethernet)
• The Ethernet standard covers Data Link Layer Protocols and Physical Layer Technologies
• Ethernet is defined by data link layer and physical layer protocols

Physical and Data Link Layers

• At Layer 1, Ethernet involves bit streams, encoding, signaling and placing signals on media, as well as various network topologies and hardware specifications
• Ethernet Layer 1 alone is not sufficient to describe a LAN technology

Data Link Layer

• The LLC sublayer (IEEE802.2) interfaces with upper and lower layers, which include networking software and device hardware
• The LLC sublayer adds control information and assists in creating frames from packets for the lower layers
• In the context of a computer, the LLC can be considered the driver software for the NIC.

MAC Sublayer (IEEE802.3)

• The MAC sublayer deals with media access control methods and functions within the Physical Layer
• Media Access Control (MAC) is implemented by hardware, typically in the Network Interface Card (NIC)
• The two primary responsibilities of the Ethernet MAC sublayer are data encapsulation and media access control

Data Encapsulation

• Data encapsulation involves adding a header and trailer to the packet
• The three processes involved are:
  • Frame delimiting (boundaries) that provides start-of-frame and end-of-frame bits to create a frame for transmission
  • Addressing by including the MAC address in the header
  • Error detection by including a CRC value in the FCS field for error checking

Media Access Control

• Media access control governs putting/retrieving frames on the media, controlling the placement/retrieval of frames
• This sublayer communicates directly with the physical layer.
• The underlying logical topology for original Ethernet is multi-access bus topology
• All nodes share a single transmission medium in a contention-based (non-deterministic) network using CSMA/CD

Brief History of Ethernet

• The first version of Ethernet used coaxial cable to connect computers, known as Thicknet (10BASE5) and Thinnet (10BASE2), and had a speed of 10 Mbps
• Later, coaxial cables were replaced with twisted pair and fiber optic links, along with hubs and switches
• Hub-based Ethernet and Switch-based Ethernet emerged
• The physical topology changed to a star topology from a bus topology
• Data rates increased from 10 Mbps to 1000 Mbps (10Base-T, Fast Ethernet, Gigabit Ethernet)

Hub-based Ethernet (Legacy Ethernet)

• In hub-based Ethernet, devices are connected using a hub
• Its transmission mode is Half-duplex communication
• The hub broadcasts data to everyone, and only the intended receiver accepts the data by examining the MAC address
• Collisions are possible, handled using CSMA/CD

Switch-based Ethernet

• In switch-based Ethernet, devices are connected using a switch
• The transmission mode is Full-duplex communication
• The switch first broadcasts data, then learns the receiver before using unicast / multicast as needed
• Collisions do not occur

CSMA/CD

• CSMA/CD was extensively used in early Ethernet technology or LANs
• It is no longer used in modern Ethernet networks designed with switches and full-duplex connections
• To transmit, each host listens on the media
• If a signal from another device is present, it will wait for a specific amount of time and listen again
• If no signal is present, the host transmits
• If two devices transmit at the same time, it leads to a collision
• Both devices detect the collision and send out a jamming signal
• The jamming signal is detected by all devices, signaling that a collision has occurred
• The jamming signal causes each device to invoke a backoff algorithm, waiting a random amount of time before returning to listening mode, preventing repeated collisions

Ethernet Frame

• Ethernet II is the Ethernet frame format used in TCP/IP networks
• The Ethernet standard frame has a minimum frame size of 64 bytes and a maximum of 1518 bytes
• If the size of a transmitted frame is not within the range, the receiver drops the frame
• Undersized frames are referred to as "collision fragments" or "runt frames", while oversized ones are "jumbo" or "baby giant frames"

Revised IEEE 802.3 (Ethernet II) Frame Fields

• Preamble and Start Frame Delimiter Fields (8 bytes are used for synchronization between the sender and receiver and to get the attention of the receiver (a frame is coming)
• Destination MAC Address Field (6 bytes) serves as the identifier for the intended recipient
• Source MAC Address Field (6 bytes) identifies the original sender
• Length / Type Field (2 bytes) indicates the length of the Data Field or describes which higher-layer protocol is present
• Data Field (46 - 1500 bytes) contains the encapsulated data (Packet) from a higher layer, such as the Network Layer
• Frame Check Sequence Field (4 bytes) consists of CRC is used to detect errors in a frame

Ethernet MAC Address

• The Ethernet MAC address is a 48-bit physical address represented in 12 HEX digits
• The first 6 HEX digits identify the manufacturer or vendor
• The remaining 6 HEX digits comprise the interface serial number, which is unique to each device
• The MAC address is also known as a burned-in address (BIA) because it is permanently burned into ROM (Read-Only Memory) on the NIC
• MAC addresses are non-hierarchical.
• They have no meaning outside the local network media.
• MAC addresses are used only in local networks
• A Network (IP) Address is required (by the Router) to forward packets to other destination networks

Ethernet Unicast, Broadcast and Multicast

• Ethernet uses different MAC addresses for Layer 2 unicast, broadcast, and multicast communications
• The Ethernet Unicast process refers to sending a frame from one host to an individual host
• For a unicast packet to be sent and received, a destination IP address must be in the IP packet header, paired with a corresponding destination MAC address in the Ethernet frame header
• The IP address and MAC address combine to deliver data to one specific destination host
• The Ethernet Broadcast process is sending a frame from one host to ALL hosts in the network
• A broadcast packet contains a destination IP address with all ones (1s) in the host portion with a broadcast MAC address of 48 ones (1s) displayed as hexadecimal FF-FF-FF-FF-FF-FF
• Ethernet Multicast is the process of sending a packet from one host to a SELECTED group of hosts
• Devices belonging to a multicast group are assigned a special multicast group IP address between 224.0.0.0 to 239.255.255.255
• The multicast MAC address is a special value that begins with 01-00-5E in hexadecimal, with the rest coming from converting the lower 24 bits of the IP multicast group address into 6 hexadecimal characters in the format 01-00-5E-xx-xx-xx

LAN Switches

• An Ethernet switch is a Layer 2 device that uses MAC addresses to make forwarding decisions
• Unlike a hub, which broadcasts frames, an Ethernet switch consults a MAC address table (stored in RAM) to make a forwarding decision for each frame

Learning and Forwarding MAC Addresses

• The switch dynamically builds the MAC address table by examining the source MAC address of the frames received on a port
• If the source MAC address doesn't exist, it is added to the table along with the incoming port number
• If it exists, the switch updates the refresh timer for that entry
• When forwarding a frame, the switch looks for a matched record in its MAC address table
• The switch will forward the frame out of the specified port if the destination MAC address is in the table
• Otherwise, the switch will forward the frame out of all ports except the incoming port if the destination MAC address is not in the table

Frame Forwarding Methods on Cisco Switches

• Store-and-forward switches receive the entire frame and computes the CRC
• The switch looks up the destination address to determine the outgoing interface if the CRC is valid, the frame is forwarded
• Cut-through switches forward the frame before it is entirely received with the destination address of the frame being read before the frame can be forwarded

Auto-MDIX

• Connections between devices like switch-to-switch and router-to-host used to require specific cable types
• Most switch devices now support the automatic medium-dependent interface crossover (auto-MDIX) feature that detects the cable type attached to a port and configures the interfaces
• Auto-MDIX is enabled by default on switches since IOS 12.2(18)SE and can be enabled using the "mdix auto" interface configuration command

Address Resolution Protocol (ARP)

• When a host wants to send a frame to another host on the same LAN, the source host must know both the physical and logical addresses of the destination host
• To determine the destination MAC address, the device uses Address Resolution Protocol (ARP) to discover the MAC address of any host on the same local network
• The mapping between the IP and the MAC address will be stored in ARP table in the source host once the MAC address is obtained
• The sending host will broadcast the ARP Request message (which contains the IP address of the destination device) to the entire LAN
• Every device on the LAN will examine the ARP Request to see if it contains its own IP address
• Only the device with the IP address contained in the ARP Request responds with an ARP Reply
• The ARP Reply includes the MAC address associated with the IP address in the ARP Request

ARP Issues

• ARP requests are received and processed by every device on the local network which can cause excessive ARP broadcasts which can reduce performance
• Attackers can respond to requests and pretend to provide services performing ARP spoofing