Ethernet Fundamentals Topic Notes

Ethernet Standards and Cabling

Category 5 Connectors

[_/su_spoiler]

Category 5 Straight Through Cable

T568A to T568A

T568B to T568B

[_/su_spoiler]

Category 5 Crossover Cable

T568A to T568B

[_/su_spoiler]

Ethernet Standards

[_/su_spoiler]

Cable Types and Distances

[_/su_spoiler]

Other Category Cable Types

[_/su_spoiler]

Carrier Sense Multiple Access / Collision Detection

• Used to deal with and minimise collisions on Ethernet multi-access network
• Defines how sending nodes can detect a collision and retransmit the frame
• Process:
  • A node listens to see if the segment is not busy
    • Node cant detect a carrier signal on the wire (Carrier-Sense)
  • Node sends the frame
  • If there is a collision, all nodes stop sending frames (back-off) and send a jam signal to notify all other nodes a collision has occurred.
  • All sending nodes generate a randomized timer for “back-off” wait time.
  • If any node was preparing to send, they receive the jam signal and wait for the back-off period of time before retrying
  • Nodes try to retransmit the frame after a random time-out period

Speed and Duplex

• Be default Cisco switches use auto-negotiation to determine speed and duplex

• Speed
  • Can sense auto-negotiation speed using Fast Link Pulses (FLP)
    • If auto-negotiation disabled other side, uses incoming electrical signal to determine speed
  • Can be configured manually
    • Command:
      • (config-if)#speed < auto | 10 | 100 | 1000>
• Duplex
  • Detects duplex settings through auto-negotiation only
  • If negotiation disabled, falls back to default setting
    • On Cisco switches default is
      • Half-duplex (HDX) for 10/100 interfaces
      • Full-duplex (FDX) for 1000 interfaces
  • Can only use FDX when collisions can’t occur on wire
    • Only possible when not using shared meduim e.g. Hub
  • Can be configured manually
    • Command:
      • (config-if)#duplex <auto | half | full>

Layer 2 Addressing

Ethernet Frame Headers

Ethernet (DIX) and Revised (1997) 802.3 header

Original 802.3 Ethernet header

802.3 Ethernet and SNAP (Sub-Network Access Protocol) header

• Header Fields

• Preamble (DIX)
  • Provides sync and signal transitions to allow proper clocking of transmitted signal
  • Ends with binary 11
• Preamble and Start of Frame Delimiter
  • Same as DIX preamble
  • 802.3 just renames 8 Bytes DIX to 7 Bytes preamble and 1 Byte SFD
• Type (DIX)
  • Identifies type of protocol that follows the header
  • Allows receiver to know how to process the frame
• Type (SNAP)
  • Uses same value as DIX Type field
  • Used along side DSAP field
• Length
  • Length in bytes of data following length field
• DSAP
  • Destination Service Access Point
  • Protocol type field
    • 2 high-order bits reserved for other purposes
  • 802.2 LLC
• SSAP
  • Source Service Access Point
  • Protocol type field that describes the upper-layer protocol that created the frame
  • Uses same value as Ethernet Protocol Type
    • 802.2 DSAP of 0xAA
• Control
  • Provides a mechanism for connection-orientated or connectionless operation
  • Generally connectionless by modern protocol
  • 0x03 value
• OUI
  • Organizationally Unique Identifier
  • Generally unused
  • Provides a place-holder for the manufacturer of the NIC

[_/su_spoiler]

Ethernet Address Format

•  MAC Address

• MSB = Most Significant Byte
• LSB = Least Significant Byte

• 1st Byte (Most Significant Bit)

•  MSB = Most Significant Bit
• LSB = Least Significant Bit
• I/G = Individual/Group Bit
  • 0 = address is unicast
  • 1 = address is multicast or broadcast
    • Multicast addresses always start with 0x01005E
• U/G = Universal/Local Bit
  • 0 = Vendor assigned
  • 1 = Administratively assigned

[_/su_spoiler]

SPAN, RSPAN and ERSPAN

•  Allows the capture of traffic to send to a network analyzer or sniffer
• 2 different sections:
  • Source of capture
  • Destination to send captured traffic

• Source of traffic
  • Captures traffic on Interface or VLAN
    • If VLAN all ports on that VLAN are monitored
  • Can capture traffic flow
    • Ingress (RX) traffic
    • Egress (TX) traffic
    • Both directions (Default option)
  • Can be any type of port:
    • Access
    • Trunk
      • Can filter specific VLANs being monitored by using filter vlan option
    • Routed
    • Etherchannel
      • Single physical interface
      • Entire EtherChannel logical port

• Destination to send captured traffic:
  • Can be local SPAN or remote SPAN
  • Original port config is overwritten when enabled as a SPAN destination port
    • When the SPAN configuration is removed, the original configuration is restored
  • All traffic manipulation happens before sending to SPAN destination
    • e.g. QoS, ACLs, VACLs
  • Normally ignores control-plan traffic and doesn’t send to SPAN destination
    • e.g. STP, CDP, DTP, etc.
    • Can be configured manually by using command:
      • (config)#monitor session <session id> destination interface <IF> encapsulation replicate
  • Destination can not be part of an EtherChannel
  • Doesn’t support security features
    • e.g. port security, 802.1x, PVLANs, etc.
  • Destination doesn’t run control-plane protocols
    • e.g. STP, CDP, etc.
  • Up to 64 destination ports can be configured
    • Layer 2 or Layer 3 destainations
  • SPAN destination can capture ingress traffic from destination port
    • Can capture untagged traffic and set to specific VLAN
      • Command:
        • (config)#monitor session <session id> destination interface <IF> ingress vlan <vlan-id>

SPAN

• Switch Port Analyzer
• Operates on a single device only
• Destination has to be a local port on the switch

• Source Commands:
  • (config)#monitor session <session id> source [interface | vlan] <IF/VLAN> [tx | rx | both]
  • (config)#monitor session <session id> filter vlan <vlan id(s)>
    • Enables VLAN filtering if source is VLAN
• Destination Commands:
  • (config)#monitor session <session id> destination interface <IF>
  • (config)#monitor session <session id> destination interface <IF> encapsulation replicate

[_/su_spoiler]

RSPAN

• Remote Switch Port Analyzer

• Same principle and configuration as SPAN
• Destination port is on remote switch
• Need to configure a dedicated RSPAN VLAN and send on trunk between switches
• Session IDs on each switch do not need to match

• RSPAN Source Switch Commands:
  • (config)#vlan <vlan-id>
  • (config-vlan)#remote span
  • (config)#monitor session <session id> source [interface | vlan] <IF/VLAN> [tx | rx | both]
  • (config)#monitor session <session id> destination remote vlan <RSPAN VLAN>

• RSPAN Destination Switch Commands:
  • (config)#vlan <vlan-id>
  • (config-vlan)#remote span
  • (config)#monitor session <session-id> source remote vlan <vlan-id>
  • (config)#monitor session <session id> destination interface <IF>

[_/su_spoiler]

ERSPAN

• Encapsulated Remote Switch Port Analyzer
• Cisco proprietary
• Same principle as RSPAN
• SPAN traffic encapsulated within GRE and forwarded to remote destination instead of using VLAN
• Supports traffic capture on interfaces or VLANs
• IP address and origin IP address used as destination and source of the GRE wrapper
• ERSAN ID matches the SPAN flows
• Can use QoS to mark SPAN traffic
• Can separate traffic out into VRF
• Only supported on:
  • Catalyst 6500
  • 7200
  • Nexus 7k
  • ASR 1000

• ERSPAN Souce Device Commands:
  • (config)#monitor session <session id> type erspan-source
  • (config-mon-erspan-src)#source interface <IF> [tx | rx | both]
  • (config-mon-erspan-src)#no shutdown
  • (config-mon-erspan-src)#destination
  • (config-mon-erspan-src-dst)#erspan-id <erspan-id>
  • (config-mon-erspan-src-dst)#ip address <ip address>
  • (config-mon-erspan-src-dst)#origin ip address <ip address>

• ERSPAN Destination Device Commands:
  • (config)#monitor session <session-id> type erspan-destination
  • (config-mon-erspan-dst)#destination interface <IF>
  • (config-mon-erspan-dst)#no shutdown
  • (config-mon-erspan-dst)#source
  • (config-mon-erspan-dst-src)#erspan-id <erspan-id>
  • (config-mon-erspan-dst-src)#ip address <ip address>

[_/su_spoiler]

SPAN Troubleshooting Commands

• #show monitor session all - Displays information on all created SPAN sessions
• #show monitor session <session id> [detail] - Displays [detailed] information on specific SPAN session
• #show monitor session erspan-destination [detail] - Displays [detailed] information on ERSPAN destination
• #show monitor session erspan-source [detail] - Displays [detailed] information on ERSPAN source
• #show monitor session local - Only shows local SPAN sessions
• #show monitor session remote - Only shows remote SPAN sessions
• #show monitor session range <range> - Displays information on a range of SPAN sessions
• #show vlan remote-span - Displays information about Remote SPAN VLANs

[_/su_spoiler]

Smartport Macros

• Allows you to create a macro and apply to a range of interfaces
• Defines a set of common configuration commands on interfaces
• Procedure:
  • Define an interface range including macro name, where to apply to macro
    • Command:
      • (config)#define interface-range <macro-name> <interface range>
  • Define the macro interface configuration
    • Commands:
      • (config)#interface range macro <macro-name>
      • (config-if)# <commands to apply to macro>
  • Display Smartport macros that currently exist ion switch
    • Command:
      • #show parser macro [brief]
      • #show parser macro name <macro-name>