Ethernet Fundamentals (1.3, 2.1, 2.3, 4.4 & 5.5)

Question 1

Ethernet Fundamentals

Answer 1

o Ethernet Fundamentals
▪ In early computer networks, there were many different network technologies competing for a portion of the market share
▪ Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), and others fought for dominance
▪ Currently, Ethernet is dominant for Layer 1
▪ Due to Ethernet’s popularity, it is important to understand the fundamentals of Ethernet

Question 2

Origins of Ethernet (first was coax (10base5, 10base2) / ethernet is now twisted pair / 10BASE-T is UTP)

Answer 2

▪ Was first run over coax cables (10Base5, 10Base2)
▪ Ethernet has changed to using twisted pair cables
▪ 10BASE-T is Unshielded Twisted Pair
● Maximum speed: 10 Mbps
● Maximum distance: 100 meters

Question 3

How should devices access the network?

Answer 3

▪ Deterministic
● Very organized and orderly
● Need an electronic token to transmit
● For example, Token Ring networks

▪ Contention-based

● Very chaotic
● Transmit (almost) whenever you want
● For example, Ethernet networks

Question 4

Carrier Sense Multiple Access/ Collision Detect (CSMA/CD)

Answer 4

▪ Ethernet devices transmit based on a principle called carrier sense multiple access/collision detect (CSMA/CD)
▪ Carrier sense
● Listen to the wire, verify it is not busy
▪ Multiple access
● All devices have access at any time
▪ Collision detect
● If two devices transmit at the same time, a collision occurs
● Back off, wait a random time, and try again

Question 5

Example of CSMA/CD

Answer 5

Question 6

Collision Domains

Answer 6

▪ Comprised of all devices on a shared Ethernet segment (everything on same cable or hub)
▪ Devices operate at half-duplex when connected to a hub (Layer 1 device)
▪ Devices must listen before they transmit to avoid collisions when operating as CSMA/CD

Question 7

Collision Domains with Switches

Answer 7

▪ Ethernet switches increase scalability of the network by creating multiple collision domains
▪ Each port on a switch is a collision domain, no chance of collisions, and increases speed
▪ Switches can operate in full-duplex mode

Question 8

Speed Limitations

Answer 8

▪ Bandwidth is the measure of how many bits the network can transmit in 1-second (bps)
▪ Type of cable determines the bandwidth capacity of the network

Question 9

Distance Limitations

Answer 9

▪ Type of cable determines the distance limitation of the network

Question 10

Network Infrastructure Devices

Question 11

Network Infrastructure

Answer 11

▪ Primary devices used in our networks (devices include a router, and a switch)

▪ Devices they evolved from (bridge and hub)

Question 12

Hub

Answer 12

▪ Layer 1 device used to connect multiple network devices/workstations
▪ Known as multiport repeaters
▪ Three basic types of Ethernet hubs:
● Passive hub
o Repeats signal with no amplification
● Active hub
o Repeats signal with amplification
● Smart hub
o Active hub with enhanced features like SNMP

Question 13

Collision Domains

Answer 13

▪ Multiple network segments connected together by hubs
▪ Hubs (layer 1) were used to connect multiple network segments together
▪ Each LAN segment becomes a separate collision domain

Question 14

Bridges

Answer 14

▪ Bridges analyze source MAC addresses in frames entering the bridge and populate an internal MAC address table

▪ Makes intelligent forwarding decisions based on destination MAC address in the frames

Question 15

Switch

Answer 15

▪ Layer 2 device used to connect multiple network segments together
▪ Essentially a multiport bridge
▪ Switches learn MAC addresses and make forwarding decisions based on them
▪ Switches analyze source MAC addresses in frames entering the switch and populate an internal MAC address table based on them

Question 16

Layer 2 Switch

Answer 16

▪ Each port on a switch represents an individual collision domain
▪ All ports belong to the same broadcast domain

Question 17

Router

Answer 17

▪ Layer 3 device used to connect multiple networks together
▪ Make forwarding decisions based on logical network address information
● Such as using IP addresses (IPv4 or IPv6)
▪ Routers are typically more feature rich and support a broader range of interface types than multilayer switches
▪ Each port is a separate collision domain
▪ Each port is a separate broadcast domain

Question 18

Layer 3 Switch

Answer 18

▪ Layer 3 device used to connect multiple network segments together
▪ Can make Layer 3 routing decisions and interconnect entire networks (like a router), not just network segments (like a switch)

Question 19

Summary of Network Infrastructure

Answer 19

Question 20

Additional Ethernet Features

Answer 20

o Features to enhance network performance, redundancy, security, management, flexibility, and scalability
▪ Common switch features
● Virtual LANs (VLANs)
● Trunking
● Spanning Tree Protocol (STP)
● Link aggregation
● Power over Ethernet
● Port monitoring
● User authentication

Question 21

Link Aggregation (802.3ad)

Answer 21

▪ Congestion can occur when ports all operate at the same speed

▪ Allows for combination of multiple physical connections into a single logical connection

▪ Bandwidth available is increased and the congestion is minimized or prevented

Question 22

Power Over Ethernet (PoE 802.3af, PoE+ 802.3at)

Answer 22

▪ Supplies electrical power over Ethernet
● Requires CAT 5 or higher copper cable
● Provides up to 15.4 watts of power to device

● PoE+ provides up to 25.5 W of power to device
▪ Two device types
● Power Sourcing Equipment (PSE)
● Powered Device (PD)

Question 23

Port Monitoring or Mirroring

Answer 23

▪ Helpful to analyze packet flow over network
● Connect a network sniffer to a hub and it sees all
● But, switches require port monitoring for network analyzer to see all the traffic
▪ Port mirroring makes a copy of all traffic destined for a port and sends it to another port

Question 24

User Authentication (802.1x)

Answer 24

▪ For security purposes, switches can require users to authenticate themselves before gaining access to the network
▪ Once authenticated, a key is generated and shared between the supplicant (device wanting access) and the switch (authenticator)

▪ Authentication server checks the supplicant’s credentials and creates the key
▪ Key is used to encrypt the traffic coming from and being sent to the client

Question 25

Management Access and Authentication

Answer 25

▪ To configure and manage switches, you can use two options:
● SSH
o Remote administration program that allows you to connect to the switch over the network
● Console port
o Allows for local administration of the switch using a separate laptop and a rollover cable (DB-9 to RJ-45)

Question 26

Out-of-band (OOB)

Answer 26

▪ Management involves keeping all network configuration devices on a separate network

Question 27

First-Hop Redundancy

Answer 27

▪ Hot Standby Router Protocol (HSRP) uses virtual IP and MAC addresses to provide a “active router” and a “standby router”
● HSRP is a Cisco-proprietary protocol
● If Active is offline, then standby answers

Question 28

Other First-Hop Redundancy Protocols

Answer 28

▪ Gateway Load Balancing Protocol (GLBP)
● Cisco-proprietary protocol
▪ Virtual Router Redundancy Protocol (VRRP)
● Open-source protocol
▪ Common Address Redundancy Protocol (CARP)
● Open-source protocol

Question 29

MAC Filtering

Answer 29

▪ Permits or denies traffic based on a device’s MAC address to improve security

Question 30

Traffic Filtering

Answer 30

▪ Multilayer switches may permit or deny traffic based on IP addresses or application ports

Question 31

Quality of Service (QoS)

Answer 31

▪ Forwards traffic based on priority markings

Question 32

Spanning Tree Protocol (STP) (802.1D)

Answer 32

o Permits redundant links between switches and prevents traffic loops
o Availability is measured in 9’s
▪ Five 9’s is 99.999% uptime and allows only 5 minutes down per year
o Shortest Path Bridging (SPB) is used for larger network environments instead

o Without STP, MAC Address table corruption can occur

Question 33

Broadcast Storms

Answer 33

▪ If broadcast frame received by both switches, they can forward frames to each other
▪ Multiple copies of frame are forwarded, replicated, and forwarded again until the network is consumed with forwarding many copies of the same initial frame

Question 34

Root and Nonroot Bridges

Answer 34

▪ Root bridge
● Switch elected to act as a reference point for a spanning tree
● Switch with the lowest bridge ID (BID) is elected as the root bridge
● BID is made up of a priority value and a MAC address (with the lowest value considered root)
▪ Nonroot bridge
● All other switches in an STP topology
▪ MAC Address table corruption can occur

Question 35

Root, Designated, and Non-Designated Ports

Answer 35

▪ Root Port
● Every non-root bridge has a single root port
● Port closest to the root bridge in terms of cost
● If costs are equal, lowest port number is chosen
▪ Designated Port
● Every network segment has a designated port
● Port closest to the root bridge in terms of cost
● All ports on root bridge are designated ports
▪ Non-Designated Port
● Ports that block traffic to create loop-free topology

Question 36

Root and Nonroot Bridges

Answer 36

▪ Single root port on non-root bridge
▪ All other ports on non-root bridge are non-designated
▪ All ports on root bridge are designated

Question 37

Port States

Answer 37

▪ Non-designated ports do not forward traffic during normal operation, but do receive bridge protocol data units (BPDUs)

▪ If a link in the topology goes down, the non-designated port detects the failure and determines whether it needs to transition to a forwarding state
▪ To get to the forwarding state, though, it has to transition through four states
▪ Blocking
● BPDUs are received but they are not forwarded
● Used at beginning and on redundant links
▪ Listening
● Populates MAC address table
● Does not forward frames
▪ Learning
● Processes BPDUs
● Switch determines its role in the spanning tree
▪ Forwarding
● Forwards frames for operations
▪ Root and Non-designated port are blocking
▪ Designated ports are forwarding

Question 38

Link Costs

Answer 38

▪ Associated with the speed of a link
▪ Lower the link’s speed, the higher the cost

▪ Long STP is being adopted due to higher link speeds over 10 Gbps
▪ Values range from 2,000,000 for 10-Mbps Ethernet to as little as 2 for 10 Tbps

Question 39

Virtual Local Area Network (VLAN)

Answer 39

o VLANs
▪ Switch ports are in a single broadcast domain
▪ Allow you to break out certain ports to be in different broadcast domains
▪ Before VLANs, you had to use routers to separate departments, functions, or subnets
▪ Allow different logical networks to share the same physical hardware
▪ Provides added security and efficiency

Question 40

Before VLANs

Answer 40

▪ Different switches were required for each LAN for separation

Question 41

VLAN Trunking (802.1q)

Answer 41

▪ Multiple VLANs transmitted over the same physical cable
▪ VLANs are each tagged with 4-byte identifier
● Tag Protocol Identifier (TPI)
● Tag Control Identifier (TCI)
▪ One VLAN is left untagged
● Called the Native VLAN

Question 42

Specialized Network Devices

Question 43

Virtual Private Network (VPN)

Answer 43

▪ Creates a secure VPN or virtual tunnel over an untrusted network like the Internet

Question 44

VPN Concentrator

Answer 44

▪ Virtual private network (VPN) creates a secure, virtual tunnel network over an untrusted network, like the Internet
▪ One of the devices that can terminate VPN tunnels is a VPN concentrator, although firewalls can also perform this function

Question 45

VPN Headend

Answer 45

VPN Headend
▪ A specific type of VPN concentrator used to terminate IPSec VPN tunnels within a router or other device

Question 46

Firewalls

Answer 46

▪ Network security appliance at your boundary
▪ Firewalls can be software or hardware
▪ Stateful firewalls
● Allows traffic that originates from inside the network and go out to the Internet
● Blocks traffic originated from the Internet from getting into the network

Question 47

Next-Generation Firewall (NGFW)

Answer 47

▪ Conducts deep packet inspection at Layer 7
▪ Detects and prevents attacks
▪ Much more powerful than basic stateless or stateful firewalls
▪ Continually connects to cloud resources for latest information on threats

Question 48

Intrusion Detection or Prevention System (IDS/IPS)

Answer 48

▪ IDS recognizes attacks through signatures and anomalies
▪ IPS recognizes and responds
▪ Host or network-based devices

Question 49

Proxy Server

Answer 49

A specialized device that makes requests to an external network on behalf of a client

Question 50

Content Engine/Caching Engine

Answer 50

▪ Dedicated appliance that performs the caching functions of a proxy server

Question 51

Content Switch/Load Balancer

Answer 51

▪ Distributes incoming requests across various servers in a server farm

Question 52

Other devices you may find on your network

Answer 52

o VoIP Phone
▪ A hardware device that connects to your IP network to make a connection to a call manager within your network

o Unified Communications (or Call) Manager
▪ Used to perform the call processing for hardware and software-based IP phones

o Industrial Control System (ICS)
▪ Describes the different types of control systems and associated instrumentation

o Supervisory Control and Data Acquisition (SCADA)
▪ Acquires and transmits data from different systems to a central panel for monitoring and control

o Virtual Network Devices
▪ Major shift in the way data centers are designed, fielded, and operated