Module 6: Data Link Layer engineering organizations:

Institute for Electrical and Electronic Engineers

(IEEE).
Purpose of the Data Link Layer
International Telecommunications Union (ITU).
Data Link Layer International Organizations for Standardization
The Data Link layer is responsible for (ISO).
communications between end-device network American National Standards Institute (ANSI).
interface cards.
It allows upper layer protocols to access the Topologies
physical layer media and encapsulates Layer 3
packets (IPv4 and IPv6) into Layer 2 Frames. Physical and Logical Topologies
It also performs error detection and rejects The topology of a network is the arrangement and

corrupts frames. relationship of the network devices and the

interconnections between them.

IEEE 802 LAN/MAN Data Link

Sublayers There are two types of topologies used when
describing networks:
IEEE 802 LAN/MAN standards are specific to the
-​ Physical topology – shows physical
type of network (Ethernet, WLAN, WPAN, etc).
connections and how devices are
The Data Link Layer consists of two sublayers.
interconnected.
-​ LLC sublayer communicates between the
-​ Logical topology – identifies the virtual
networking software(upper layers) and the
connections between devices using device
device hardware at the lower layers.
interfaces and IP addressing schemes.
-​ MAC sublayer is responsible for data
encapsulation and media access control.
WAN Topologies
There are three common physical WAN
topologies:
-​ Point-to-point – the simplest and most
common WAN topology. Consists of a
permanent link between two endpoints.
-​ Hub and spoke – similar to a star topology
where a central site interconnects branch
sites through point-to-point links.
-​ Mesh – provides high availability but requires
every end system to be connected to every
Providing Access to Media
other end system.
Packets exchanged between nodes may
experience numerous data link layers and media
transitions.
Point-to-Point WAN Topology
Physical point-to-point topologies directly connect
At each hop along the path, a router performs four two nodes.
basic Layer 2 functions: The nodes may not share the media with other
-​ Accepts a frame from the network medium. hosts.
-​ De-encapsulates the frame to expose the Because all frames on the media can only travel
encapsulated packet. to or from the two nodes, Point-to-Point WAN
-​ Re-encapsulates the packet into a new protocols can be very simple.
frame.
-​ Forwards the new frame on the medium of
the next network segment.

Data Link Layer Standards

Data link layer protocols are defined by
LAN Topologies Contention-Based Access –
End devices on LANs are typically interconnected CSMA/CD
using a star or extended star topology. Star and
Used by legacy Ethernet LANs.
extended star topologies are easy to install, very
Operates in half-duplex mode where only one
scalable and easy to troubleshoot.
device sends or receives at a time.
Uses a collision detection process to govern when
Early Ethernet and Legacy Token Ring
a device can send and what happens if multiple
technologies provide two additional topologies:
devices send at the same time.
-​ Bus – All end systems chained together and
terminated on each end.
CSMA/CD collision detection process:
-​ Ring – Each end system is connected to its
Devices transmitting simultaneously will result in a
respective neighbors to form a ring.
signal collision on the shared media.
Devices detect the collision.
Devices wait a random period of time and
retransmit data.

Example is when using mobile data,, it will be

automatically turned off for calling(og)

Contention-Based Access –
CSMA/CA
Used by IEEE 802.11 WLANs.
Operates in half-duplex mode where only one
Half and Full Duplex Communication device sends or receives at a time.
Uses a collision avoidance process to govern
Half-duplex communication (Walkie-Talkie)
when a device can send and what happens if
Only allows one device to send or receive at a
multiple devices send at the same time.
time on a shared medium.
Used on WLANs and legacy bus topologies with
CSMA/CA collision avoidance process:
Ethernet hubs.
When transmitting, devices also include the time
Full-duplex communication (Phone)
duration needed for the transmission.
Allows both devices to simultaneously transmit
Other devices on the shared medium receive the
and receive on a shared medium.
time duration information and know how long the
Ethernet switches operate in full-duplex mode.
medium will be unavailable.

Access Control Methods

Contention-based access
Data Link Frame
All nodes operating in half-duplex, competing for The Frame
use of the medium. Examples are: Data is encapsulated by the data link layer with a
-​ Carrier sense multiple access with collision header and a trailer to form a frame.
detection (CSMA/CD) as used on legacy A data link frame has three parts:
bus-topology Ethernet. -​ Header
-​ Carrier sense multiple access with collision -​ Data
avoidance (CSMA/CA) as used on Wireless -​ Trailer
LANs. The fields of the header and trailer vary according
to data link layer protocol.
Controlled access
Deterministic access where each node has its The amount of control information carried with in
own time on the medium. the frame varies according to access control
Used on legacy networks such as Token Ring and information and logical topology.
ARCNET.
Frame Fields Module 7: Ethernet
Switching

Ethernet Frames
Ethernet Encapsulation
Ethernet operates in the data link layer and the
physical layer.
Field Description It is a family of networking technologies defined in
the IEEE 802.2 and 802.3 standards.
Frame Start and Stop Identifies beginning
and end of frame

Addressing Indicates source and

destination nodes

Type Identifies
encapsulated Layer 3
protocol

Control Identifies flow control

services

Data Contains the frame Mnemonic for 7 Layers

payload Please ​​ Physical
Do ​ ​ Data Link
Error Detection Used for determine
Not ​ ​ Network
transmission errors
Throw ​ ​ Transport
Sausage ​ Session
Pizza ​ ​ Presentation
Layer 2 Addresses Away ​ ​ Application

Also referred to as a physical address. Data Link Sublayers

Contained in the frame header.
Used only for local delivery of a frame on the link. The 802 LAN/MAN standards, including Ethernet,

Updated by each device that forwards the frame. use two separate sublayers of the data link layer
to operate:
-​ LLC Sublayer: (IEEE 802.2)
Places information in the frame to identify
which network layer protocol is used for the
frame.
-​ MAC Sublayer: (IEEE 802.3, 802.11, or
802.15)
Responsible for data encapsulation and
LAN and WAN Frames media access control, and provides data link
layer addressing.
The logical topology and physical media
determine the data link protocol used:
-​ Ethernet
-​ 802.11 Wireless
-​ Point-to-Point (PPP)
-​ High-Level Data Link Control (HDLC)
-​ Frame-Relay
Each protocol performs media access control for
specified logical topologies.
MAC Sublayer Ethernet MAC Address
MAC sublayer is responsible for data MAC Address and Hexadecimal
encapsulation and accessing the media. An Ethernet MAC address consists of a 48-bit
binary value, expressed using 12 hexadecimal
Data Encapsulation values.
IEEE 802.3 data encapsulation includes the Given that 8 bits (one byte) is a common binary
following: grouping, binary 00000000 to 11111111 can be
-​ Ethernet frame - This is the internal structure represented in hexadecimal as the range 00 to FF.
of the Ethernet frame. When using hexadecimal, leading zeroes are
-​ Ethernet Addressing - The Ethernet frame always displayed to complete the 8-bit
includes both a source and destination MAC representation. For example the binary value 0000
address to deliver the Ethernet frame from 1010 is represented in hexadecimal as 0A.
Ethernet NIC to Ethernet NIC on the same Hexadecimal numbers are often represented by
LAN. the value preceded by 0x (e.g., 0x73) to
The Ethernet frame includes a frame check distinguish between decimal and hexadecimal
sequence (FCS) trailer used for error detection. values in documentation.
Hexadecimal may also be represented by a
subscript 16, or the hex number followed by an H
Media Access
(e.g., 73H).
The IEEE 802.3 MAC sublayer includes the
specifications for different Ethernet
communications standards over various types of
Ethernet MAC Address
In an Ethernet LAN, every network device is
media including copper and fiber.
connected to the same, shared media. MAC
Legacy Ethernet using a bus topology or hubs, is
addressing provides a method for device
a shared, half-duplex medium. Ethernet over a
identification at the data link layer of the OSI
half-duplex medium uses a contention-based
model.
access method, carrier sense multiple
An Ethernet MAC address is a 48-bit address
access/collision detection (CSMA/CD).
expressed using 12 hexadecimal digits. Because
Ethernet LANs of today use switches that operate
a byte equals 8 bits, we can also say that a MAC
in full-duplex. Full-duplex communications with
address is 6 bytes in length.
Ethernet switches do not require access control
All MAC addresses must be unique to the
through CSMA/CD.
Ethernet device or Ethernet interface. To ensure
this, all vendors that sell Ethernet devices must
Ethernet Frame Fields
register with the IEEE to obtain a unique 6
The Ethernet frame size is >64 bytes and <1518 hexadecimal (i.e., 24-bit or 3-byte) code called the
bytes. The preamble field is not included when organizationally unique identifier (OUI).
describing the size of the frame. An Ethernet MAC address consists of a 6
Any frame less than 64 bytes in length is hexadecimal vendor OUI code followed by a 6
considered a “collision fragment” or “runt frame” hexadecimal vendor-assigned value.
and is automatically discarded.
Frames with more than 1500 bytes of data are
considered “jumbo” or “baby giant frames”.
Jumbo frames are usually supported by most Fast
Ethernet and Gigabit Ethernet switches and NICs.
Frame Processing
If the size of a transmitted frame is less than the When a device is forwarding a message to an
minimum, or greater than the maximum, the Ethernet network, the Ethernet header include a
receiving device drops the frame. Source MAC address and a Destination MAC
Dropped frames; result of collisions or other address.
unwanted signals. They are considered invalid. When a NIC receives an Ethernet frame, it
examines the destination MAC address to see if it
matches the physical MAC address that is stored
in RAM. If there is no match, the device discards destination IPv4 address that has all ones
the frame. If there is a match, it passes the frame (1s) in the host portion. This numbering in
up the OSI layers, where the de-encapsulation the address means that all hosts on that local
process takes place. network (broadcast domain) will receive and
Note: Ethernet NICs - accept frames if the process the packet.
destination MAC address is a broadcast or a == Figure – MAC ADDRESS sl. Unicast MAC
multicast group of which the host is a member. Address==
Any device that is the source or destination of an
Ethernet frame, will have an Ethernet NIC and a Multicast MAC Address
MAC address. This includes workstations, An Ethernet multicast frame is received and
servers, printers, mobile devices, and routers. processed by a group of devices that belong to
the same multicast group.
Unicast MAC Address There is a destination MAC address of 01-00-5E
when the encapsulated data is an IPv4 multicast
In Ethernet, different MAC addresses are used for
packet and a destination MAC address of 33-33
Layer 2 unicast, broadcast, and multicast
when the encapsulated data is an IPv6 multicast
communications.
packet.
A unicast MAC address is the unique address that
There are other reserved multicast destination
is used when a frame is sent from a single
MAC addresses for when the encapsulated data is
transmitting device to a single destination device.
not IP, such as Spanning Tree Protocol (STP).
Address Resolution Protocol (ARP) is a process
It is flooded out all Ethernet switch ports except
that a source host uses to determine the
the incoming port, unless the switch is configured
destination MAC address associated with an IPv4.
for multicast snooping. It is not forwarded by a
Neighbor Discovery (ND) is a process that a
router, unless the router is configured to route
source host uses to determine the destination
multicast packets.
MAC address associated with an IPv6 address.
Because multicast addresses represent a group of
Note: The source MAC address must always be a
addresses (sometimes called a host group), they
unicast
can only be used as the destination of a packet.
The source will always be a unicast address.
As with the unicast and broadcast addresses, the
multicast IP address requires a corresponding
multicast MAC address.
== Figure – MAC ADDRESS sl. Unicast MAC
Address==

The MAC Address Table

Switch Fundamentals
Figure – MAC ADDRESS A Layer 2 Ethernet switch uses Layer 2 MAC
addresses to make forwarding decisions. It is
Broadcast MAC Address completely unaware of the data (protocol) being
carried in the data portion of the frame, such as an
An Ethernet broadcast frame is received and
IPv4 packet, an ARP message, or an IPv6 ND
processed by every device on the Ethernet LAN.
packet. The switch makes its forwarding decisions
The features are as follows:
based solely on the Layer 2 Ethernet MAC
-​ It has a destination MAC address of
addresses.
FF-FF-FF-FF-FF-FF in hexadecimal (48
ones in binary).
An Ethernet switch examines its MAC address
-​ It is flooded out all Ethernet switch ports
table to make a forwarding decision for each
except the incoming port. It is not forwarded
frame, unlike legacy Ethernet hubs that repeat bits
by a router.
out all ports except the incoming port.
-​ If the encapsulated data is an IPv4 broadcast
When a switch is turned on, the MAC address
packet, this means the packet contains a
table is empty
Note: The MAC address table is sometimes
referred to as a content addressable memory
(CAM) table.

Switch Learning and Forwarding

Examine the Source MAC Address (Learn)
Every frame that enters a switch is checked for
new information to learn. It does this by examining
the source MAC address of the frame and the port
number where the frame entered the switch. If the
source MAC address does not exist, it is added to
the table along with the incoming port number. If
the source MAC address does exist, the switch
Switch Speeds and Forwarding
updates the refresh timer for that entry. By default, Methods
most Ethernet switches keep an entry in the table
for 5 minutes.
Frame Forwarding Methods on Cisco

Note: If the source MAC address does exist in the

Switches
table but on a different port, the switch treats this Switches use one of the following forwarding
as a new entry. The entry is replaced using the methods for switching data between network
same MAC address but with the more current port ports:
number. Store-and-forward switching - This frame
forwarding method receives the entire frame and
computes the CRC. If the CRC is valid, the switch
Find the Destination MAC Address (Forward)
looks up the destination address, which
If the destination MAC address is a unicast
determines the outgoing interface. Then the frame
address, the switch will look for a match between
is forwarded out of the correct port.
the destination MAC address of the frame and an
Cut-through switching - This frame forwarding
entry in its MAC address table. If the destination
method forwards the frame before it is entirely
MAC address is in the table, it will forward the
received. At a minimum, the destination address
frame out the specified port. If the destination
of the frame must be read before the frame can be
MAC address is not in the table, the switch will do
forwarded.
an unknown unicast, forward the frame out all
ports except the incoming port.
A big advantage of store-and-forward switching is
Note: If the destination MAC address is a
that it determines if a frame has errors before
broadcast or a multicast, the frame is also flooded
propagating the frame. When an error is detected
out all ports except the incoming port.
in a frame, the switch discards the frame.
Discarding frames with errors reduces the amount
Filtering Frames of bandwidth consumed by corrupt data.
As a switch receives frames from different
Store-and-forward switching is required for quality
devices, it is able to populate its MAC address
of service (QoS) analysis on converged networks
table by examining the source MAC address of
where frame classification for traffic prioritization is
every frame. When the MAC address table of the
necessary. For example, voice over IP (VoIP) data
switch contains the destination MAC address, it is
streams need to have priority over web-browsing
able to filter the frame and forward out a single
traffic.
port.

Cut-Through Switching
In cut-through switching, the switch acts upon the
data as soon as it is received, even if the
transmission is not complete. The switch buffers
just enough of the frame to read the destination
MAC address so that it can determine to which
port it should forward out the data. The switch
destination ports.
does not perform any error checking on the frame.
There are two variants of cut-through switching: Shared memory •Deposits all frames
Fast-forward switching - Offers the lowest level of into a common
latency by immediately forwarding a packet after memory buffer shared
reading the destination address. Because by all switch ports and
fast-forward switching starts forwarding before the the amount of buffer
entire packet has been received, there may be memory required by a
times when packets are relayed with errors. The port is dynamically
destination NIC discards the faulty packet upon allocated.
receipt. Fast-forward switching is the typical •The frames in the
cut-through method of switching. buffer are dynamically
Fragment-free switching - A compromise between linked to the
the high latency and high integrity of destination port
store-and-forward switching and the low latency enabling a packet to
and reduced integrity of fast-forward switching, the be received on one
switch stores and performs an error check on the port and then
first 64 bytes of the frame before forwarding. transmitted on another
Because most network errors and collisions occur port, without moving it
during the first 64 bytes, this ensures that a to a different queue.
collision has not occurred before forwarding the
frame.
Shared memory buffering also results in larger
frames that can be transmitted with fewer dropped
Memory Buffering on Switches frames. This is important with asymmetric
switching which allows for different data rates on
An Ethernet switch may use a buffering technique
different ports. Therefore, more bandwidth can be
to store frames before forwarding them or when
dedicated to certain ports (e.g., server port).
the destination port is busy because of
congestion.

Method Description
Duplex and Speed Settings
Port-based memory •Frames are stored in
Two of the most basic settings on a switch are the
queues that are linked
bandwidth (“speed”) and duplex settings for each
to specific incoming
individual switch port. It is critical that the duplex
and outgoing ports.
and bandwidth settings match between the switch
•A frame is
port and the connected devices.
transmitted to the
outgoing port only
There are two types of duplex settings used for
when all the frames
communications on an Ethernet network:
ahead in the queue
Full-duplex - Both ends of the connection can
have been
send and receive simultaneously.
successfully
Half-duplex - Only one end of the connection can
transmitted.
send at a time.
•It is possible for a
single frame to delay
Autonegotiation is an optional function found on
the transmission of all
most Ethernet switches and NICs. It enables two
the frames in memory
devices to automatically negotiate the best speed
because of a busy
and duplex capabilities.
destination port.
•This delay occurs
Note: Gigabit Ethernet ports only operate in
even if the other
full-duplex.
frames could be
transmitted to open
Duplex mismatch is one of the most common
causes of performance issues on 10/100 Mbps
Ethernet links. It occurs when one port on the link
operates at half-duplex while the other port
operates at full-duplex.
This can occur when one or both ports on a link
are reset, and the autonegotiation process does
not result in both link partners having the same
configuration.
It also can occur when users reconfigure one side
of a link and forget to reconfigure the other. Both
sides of a link should have autonegotiation on, or
both sides should have it off. Best practice is to
configure both Ethernet switch ports as
full-duplex.

Auto-MDIX
Connections between devices once required the
use of either a crossover or straight-through cable.
The type of cable required depended on the type
of interconnecting devices.
Note: A direct connection between a router and a
host requires a cross-over connection.

Most switch devices now support the automatic

medium-dependent interface crossover
(auto-MDIX) feature. When enabled, the switch
automatically detects the type of cable attached to
the port and configures the interfaces accordingly.
The auto-MDIX feature is enabled by default on
switches running Cisco IOS Release 12.2(18)SE
or later. However, the feature could be disabled.
For this reason, you should always use the correct
cable type and not rely on the auto-MDIX feature.
Auto-MDIX can be re-enabled using the mdix auto
interface configuration command.
Module 8: Network Layer If there is a need for connection-oriented traffic,
then another protocol will handle this (typically
TCP at the transport layer).

Network Layer Characteristics

The Network Layer

Provides services to allow end devices to
exchange data
IP version 4 (IPv4) and IP version 6 (IPv6) are the Best Effort
principle network layer communication protocols.
IP is Best Effort
The network layer performs four basic operations:
IP will not guarantee delivery of the packet.
Addressing end devices
IP has reduced overhead since there is no
Encapsulation
mechanism to resend data that is not received.
Routing
IP does not expect acknowledgments.
De-encapsulation
IP does not know if the other device is operational
or if it received the packet.
IP Encapsulation
IP encapsulates the transport layer segment.
IP can use either an IPv4 or IPv6 packet and not
impact the layer 4 segment.
IP packet will be examined by all layer 3 devices
as it traverses the network.
The IP addressing does not change from source
to destination.
Note: NAT will change addressing, but will be
discussed in a later module.
Media Independent
IP is unreliable:
It cannot manage or fix undelivered or corrupt
packets.
IP cannot retransmit after an error.
IP cannot realign out of sequence packets.
IP must rely on other protocols for these functions.
IP is media Independent:
IP does not concern itself with the type of frame
required at the data link layer or the media type at
Characteristics of IP
the physical layer.
IP is meant to have low overhead and may be IP can be sent over any media type: copper, fiber,
described as: or wireless.
Connectionless
Best Effort
Media Independent

Connectionless
IP is Connectionless
IP does not establish a connection with the
destination before sending the packet.
There is no control information needed
(synchronizations, acknowledgments, etc.).
The destination will receive the packet when it
The network layer will establish the Maximum
arrives, but no pre-notifications are sent by IP.
Transmission Unit (MTU).
Network layer receives this from control
Function Description
information sent by the data link layer.
The network then establishes the MTU size. Version This will be for v4,
Fragmentation is when Layer 3 splits the IPv4 as opposed to v6, a
packet into smaller units. 4 bit field= 0100
Fragmenting causes latency.
IPv6 does not fragment packets. Differentiated Used for QoS:
Example: Router goes from Ethernet to a slow Services DiffServ – DS field
WAN with a smaller MTU or the older IntServ
– ToS or Type of
IPv4 Packet Service

IPv4 Packet Header Header Checksum Detect corruption in

the IPv4 header
IPv4 is the primary communication protocol for the
network layer. Time to Live (TTL) Layer 3 hop count.
The network header has many purposes: When it becomes
It ensures the packet is sent in the correct zero the router will
direction (to the destination).
discard the packet.
It contains information for network layer
processing in various fields. Protocol I.D.s next level
The information in the header is used by all layer protocol: ICMP,
3 devices that handle the packet TCP, UDP, etc.

IPv4 Packet Header Fields Source IPv4 32 bit source

Address address
The IPv4 network header characteristics:
It is in binary. Destination IPV4 32 bit destination
Contains several fields of information Address address
Diagram is read from left to right, 4 bytes per line
The two most important fields are the source and
destination.

Protocols may have may have one or more IPv6 Packets

functions.
Limitations of IPv4
IPv4 has three major limitations:
IPv4 address depletion – We have basically run
out of IPv4 addressing.
Lack of end-to-end connectivity – To make IPv4
survive this long, private addressing and NAT
were created. This ended direct communications
with public addressing.
Increased network complexity – NAT was meant
as temporary solution and creates issues on the
network as a side effect of manipulating the
network headers addressing. NAT causes latency
and troubleshooting issues.

IPv6 Overview
IPv6 was developed by Internet Engineering Task
Significant fields in the IPv4 header
Force (IETF).
as opposed to v4, a
IPv6 overcomes the limitations of IPv4.
4 bit field= 0110
Improvements that IPv6 provides:
Increased address space – based on 128 bit Traffic Class Used for QoS:
address, not 32 bits Equivalent to
Improved packet handling – simplified header with
DiffServ – DS field
fewer fields
Eliminates the need for NAT – since there is a Flow Label Informs device to
huge amount of addressing, there is no need to handle identical flow
use private addressing internally and be mapped labels the same
to a shared public address
way, 20 bit field

Payload Length This 16-bit field

indicates the length
of the data portion
or payload of the
IPv6 packet

Next Header I.D.s next level

protocol: ICMP,
TCP, UDP, etc.

Hop Limit Replaces TTL field

Layer 3 hop count
IPv4 Packet Header Fields in the
IPv6 Packet Header Source IPv4 128 bit source
Address address
The IPv6 header is simplified, but not smaller.
The header is fixed at 40 Bytes or octets long. Destination IPV4 128 bit destination
Several IPv4 fields were removed to improve Address address
performance.
Some IPv4 fields were removed to improve
performance:
Flag IPv6 packet may also contain extension headers
Fragment Offset (EH).
Header Checksum EH headers characteristics:
provide optional network layer information
are optional
are placed between IPv6 header and the payload
may be used for fragmentation, security, mobility
support, etc.

Note: Unlike IPv4, routers do not fragment IPv6

packets.

Know what the ip byts means

IPv6 Packet Header How a Host Routes

Significant fields in the IPv4 header: Host Forwarding Decision

Packets are always created at the source.
Function Description
Each host devices creates their own routing table.
A host can send packets to the following:
Version This will be for v6,
Itself – 127.0.0.1 (IPv4), ::1 (IPv6)
Local Hosts – destination is on the same LAN
Remote Hosts – devices are not on the same LAN

Host Routing Tables

On Windows, route print or netstat -r to display
The Source device determines whether the the PC routing table
destination is local or remote Three sections displayed by these two
Method of determination: commands:
IPv4 – Source uses its own IP address and Interface List – all potential interfaces and MAC
Subnet mask, along with the destination IP addressing
address IPv4 Routing Table
IPv6 – Source uses the network address and IPv6 Routing Table
prefix advertised by the local router
Local traffic is dumped out the host interface to be
handled by an intermediary device.
Remote traffic is forwarded directly to the default
gateway on the LAN.

Default Gateway
A router or layer 3 switch can be a
default-gateway.
Features of a default gateway (DGW):
It must have an IP address in the same range as
the rest of the LAN.
It can accept data from the LAN and is capable of
Introduction to Routing
forwarding traffic off of the LAN.
It can route to other networks.
Router Packet Forwarding Decision
If a device has no default gateway or a bad default What happens when the router receives the frame
gateway, its traffic will not be able to leave the from the host device?
LAN.

A Host Routes to the Default

Gateway
The host will know the default gateway (DGW)
either statically or through DHCP in IPv4.
IPv6 sends the DGW through a router solicitation
(RS) or can be configured manually.
A DGW is static route which will be a last resort
route in the routing table.
All device on the LAN will need the DGW of the
router if they intend to send traffic remotely.
 Dynamic Routing
Dynamic Routes Automatically:
Discover remote networks
Maintain up-to-date information
Choose the best path to the destination
Find new best paths when there is a topology
change
Dynamic routing can also share static default
routes with the other routers.

IP Router Routing Table

There three types of routes in a router’s routing
table:
Directly Connected – These routes are
automatically added by the router, provided the
interface is active and has addressing.
Remote – These are the routes the router does
not have a direct connection and may be learned:
Manually – with a static route
Dynamically – by using a routing protocol to have
the routers share their information with each other
Default Route – this forwards all traffic to a
specific direction when there is not a match in the
routing table
Introduction to an IPv4 Routing Table
The show ip route command shows the following
route sources:
L - Directly connected local interface IP address
C – Directly connected network
S – Static route was manually configured by an
Static Routing administrator

Static Route Characteristics: O – OSPF

Must be configured manually D – EIGRP

Must be adjusted manually by the administrator This command shows types of routes:

when there is a change in the topology Directly Connected – C and L

Good for small non-redundant networks Remote Routes – O, D, etc.

Often used in conjunction with a dynamic routing Default Routes – S*

protocol for configuring a default route

Module 8: Network Layer IP has reduced overhead since there is no
mechanism to resend data that is not received.
IP does not expect acknowledgments.
Network Layer Characteristics
IP does not know if the other device is operational
or if it received the packet.
The Network Layer
Provides services to allow end devices to Media Independent
exchange data
IP version 4 (IPv4) and IP version 6 (IPv6) are the IP is unreliable:

principle network layer communication protocols. It cannot manage or fix undelivered or corrupt

The network layer performs four basic operations: packets.

Addressing end devices IP cannot retransmit after an error.

Encapsulation IP cannot realign out of sequence packets.

Routing IP must rely on other protocols for these functions.

De-encapsulation IP is media Independent:

IP does not concern itself with the type of frame
required at the data link layer or the media type at
IP Encapsulation
the physical layer.
IP encapsulates the transport layer segment. IP can be sent over any media type: copper, fiber,
IP can use either an IPv4 or IPv6 packet and not or wireless.​
impact the layer 4 segment. The network layer will establish the Maximum
IP packet will be examined by all layer 3 devices Transmission Unit (MTU).
as it traverses the network. Network layer receives this from control
The IP addressing does not change from source information sent by the data link layer.
to destination. The network then establishes the MTU size.
Note: NAT will change addressing, but will be Fragmentation is when Layer 3 splits the IPv4
discussed in a later module. packet into smaller units.
Fragmenting causes latency.
Characteristic of IP IPv6 does not fragment packets.
Example: Router goes from Ethernet to a slow
IP is meant to have low overhead and may be
WAN with a smaller MTU
described as:
Connectionless
Best Effort
IPv4 Packet
Media Independent
IPv4 Packet Header
IPv4 is the primary communication protocol for the
Connectionless network layer.
The network header has many purposes:
IP is Connectionless
It ensures the packet is sent in the correct
IP does not establish a connection with the
direction (to the destination).
destination before sending the packet.
It contains information for network layer
There is no control information needed
processing in various fields.
(synchronizations, acknowledgments, etc.).
The information in the header is used by all layer
The destination will receive the packet when it
3 devices that handle the packet
arrives, but no pre-notifications are sent by IP.
If there is a need for connection-oriented traffic,
then another protocol will handle this (typically
IPv4 Packet Header Fields
TCP at the transport layer). The IPv4 network header characteristics:
It is in binary.
Best Effort Contains several fields of information
Diagram is read from left to right, 4 bytes per line
IP is Best Effort
The two most important fields are the source and
IP will not guarantee delivery of the packet.
destination.
 out of IPv4 addressing.
Protocols may have may have one or more Lack of end-to-end connectivity – To make IPv4
functions. survive this long, private addressing and NAT
were created. This ended direct communications
with public addressing.
Increased network complexity – NAT was meant
as temporary solution and creates issues on the
network as a side effect of manipulating the
network headers addressing. NAT causes latency
and troubleshooting issues.

IPv6 Overview
IPv6 was developed by Internet Engineering Task
Force (IETF).
IPv6 overcomes the limitations of IPv4.
Improvements that IPv6 provides:
Increased address space – based on 128 bit
Significant fields in the IPv4 header:
address, not 32 bits
Improved packet handling – simplified header with
Function Description
fewer fields

Version This will be for v4, as Eliminates the need for NAT – since there is a

opposed to v6, a 4 bit huge amount of addressing, there is no need to

field= 0100 use private addressing internally and be mapped

to a shared public address
Differentiated Services Used for QoS:
DiffServ – DS field or
IPv4 Packet Header Fields in the
the older IntServ –
ToS or Type of IPv6 Packet Header
Service The IPv6 header is simplified, but not smaller.
The header is fixed at 40 Bytes or octets long.
Header Checksum Detect corruption in
Several IPv4 fields were removed to improve
the IPv4 header
performance.
Time to Live (TTL) Layer 3 hop count. Some IPv4 fields were removed to improve
When it becomes zero performance:
the router will discard Flag
the packet. Fragment Offset
Header Checksum​
Protocol I.D.s next level
protocol: ICMP, TCP,
UDP, etc.

Source IPv4 Address 32 bit source address

Destination IPV4 32 bit destination

Address address

IPv6 Packets
IPv6 Packet Header
Limitations of IPv4
Significant fields in the IPv4 header:
IPv4 has three major limitations:
IPv4 address depletion – We have basically run
 The Source device determines whether the
Function Description
destination is local or remote
Version This will be for v6, as Method of determination:
opposed to v4, a 4 bit IPv4 – Source uses its own IP address and
field= 0110 Subnet mask, along with the destination IP
address
Traffic Class Used for QoS:
IPv6 – Source uses the network address and
Equivalent to DiffServ
prefix advertised by the local router
– DS field
Local traffic is dumped out the host interface to be
Flow Label Informs device to handled by an intermediary device.
handle identical flow Remote traffic is forwarded directly to the default
labels the same way, gateway on the LAN.
20 bit field
Default Gateway
Payload Length This 16-bit field
indicates the length of A router or layer 3 switch can be a
the data portion or default-gateway.
payload of the IPv6 Features of a default gateway (DGW):
packet It must have an IP address in the same range as
the rest of the LAN.
Next Header I.D.s next level
It can accept data from the LAN and is capable of
protocol: ICMP, TCP,
forwarding traffic off of the LAN.
UDP, etc.
It can route to other networks.

Hop Limit Replaces TTL field If a device has no default gateway or a bad default

Layer 3 hop count gateway, its traffic will not be able to leave the
LAN.
Source IPv4 Address 128 bit source
address A Host Routes to the Default
Destination IPV4 128 bit destination Gateway
Address address
The host will know the default gateway (DGW)
IPv6 packet may also contain extension headers either statically or through DHCP in IPv4.
(EH). IPv6 sends the DGW through a router solicitation
EH headers characteristics: (RS) or can be configured manually.
provide optional network layer information A DGW is static route which will be a last resort
are optional route in the routing table.
are placed between IPv6 header and the payload All device on the LAN will need the DGW of the
may be used for fragmentation, security, mobility router if they intend to send traffic remotely.
support, etc.

Host Routing Tables

Note: Unlike IPv4, routers do not fragment IPv6
packets. On Windows, route print or netstat -r to display
the PC routing table
Three sections displayed by these two

How a Host Routes commands:

Interface List – all potential interfaces and MAC
addressing
Host Forwarding Decision
IPv4 Routing Table
Packets are always created at the source. IPv6 Routing Table
Each host devices creates their own routing table.
A host can send packets to the following:
Itself – 127.0.0.1 (IPv4), ::1 (IPv6)
Local Hosts – destination is on the same LAN
Remote Hosts – devices are not on the same LAN
Introduction to Routing Discover remote networks
Maintain up-to-date information
Router Packet Forwarding Decision Choose the best path to the destination
Find new best paths when there is a topology
What happens when the router receives the frame
change
from the host device?
Dynamic routing can also share static default
routes with the other routers.

Introduction to an IPv4 Routing Table

The show ip route command shows the following
route sources:
L - Directly connected local interface IP address
C – Directly connected network
S – Static route was manually configured by an
administrator
O – OSPF
D – EIGRP
This command shows types of routes:
Directly Connected – C and L
Remote Routes – O, D, etc.
Default Routes – S*

IP Router Routing Table

There three types of routes in a router’s routing
table:
Directly Connected – These routes are
automatically added by the router, provided the
interface is active and has addressing.
Remote – These are the routes the router does
not have a direct connection and may be learned:
Manually – with a static route
Dynamically – by using a routing protocol to have
the routers share their information with each other
Default Route – this forwards all traffic to a
specific direction when there is not a match in the
routing table

Static Routing
Static Route Characteristics:
Must be configured manually
Must be adjusted manually by the administrator
when there is a change in the topology
Good for small non-redundant networks
Often used in conjunction with a dynamic routing
protocol for configuring a default route

Dynamic Routing
Dynamic Routes Automatically:
Module 9: Address ARP

Resolution ARP Overview

A device uses ARP to determine the destination
MAC address of a local device when it knows its
Mac and IP IPv4 address.

Destination on Same Network ARP provides two basic functions:

There are two primary addresses assigned to a Resolving IPv4 addresses to MAC addresses

device on an Ethernet LAN: Maintaining an ARP table of IPv4 to MAC address

Layer 2 physical address (the MAC address) – mappings

Used for NIC to NIC communications on the same

Ethernet network. ARP Functions
Layer 3 logical address (the IP address) – Used to
To send a frame, a device will search its ARP
send the packet from the source device to the
table for a destination IPv4 address and a
destination device.
corresponding MAC address.
Layer 2 addresses are used to deliver frames from
If the packet’s destination IPv4 address is on the
one NIC to another NIC on the same network. If a
same network, the device will search the ARP
destination IP address is on the same network,
table for the destination IPv4 address.
the destination MAC address will be that of the
If the destination IPv4 address is on a different
destination device.
network, the device will search the ARP table for
the IPv4 address of the default gateway.
MAC - Ports unique address, not given
If the device locates the IPv4 address, its
IP - Admin input, given
corresponding MAC address is used as the
destination MAC address in the frame.
If there is no ARP table entry is found, then the
device sends an ARP request.

Removing Entries from an ARP Table

Entries in the ARP table are not permanent and
Destination on Different Network are removed when an ARP cache timer expires
after a specified period of time.
When the destination IP address is on a remote
The duration of the ARP cache timer differs
network, the destination MAC address is that of
depending on the operating system.
the default gateway.
ARP table entries can also be removed manually
ARP is used by IPv4 to associate the IPv4
by the administrator.
address of a device with the MAC address of the
device NIC.
ARP Tables on Networking Devices
ICMPv6 is used by IPv6 to associate the IPv6
address of a device with the MAC address of the The show ip arp command displays the ARP table
device NIC. on a Cisco router.
The arp –a command displays the ARP table on a
Windows 10 PC.

IPv6 - Neighbour Discover

ARP Issues – ARP Broadcasting and
ARP Spoofing
ARP requests are received and processed by
every device on the local network.
Excessive ARP broadcasts can cause some
reduction in performance.
ARP replies can be spoofed by a threat actor to
perform an ARP poisoning attack.
Enterprise level switches include mitigation
techniques to protect against ARP attacks.

Copper Cabling

IPv6 Neighbor Discovery Messages

IPv6 Neighbor Discovery (ND) protocol provides:
Address resolution
Router discovery
Redirection services
ICMPv6 Neighbor Solicitation (NS) and Neighbor
Advertisement (NA) messages are used for
device-to-device messaging such as address
resolution.
ICMTPv6 Router Solicitation (RS) and Router
Advertisement (RA) messages are used for
messaging between devices and routers for router
discovery.
ICMPv6 redirect messages are used by routers for
better next-hop selection.

IPv6 Neighbor Discovery – Address

Resolution
IPv6 devices use ND to resolve the MAC address
of a known IPv6 address.
ICMPv6 Neighbor Solicitation messages are sent
using special Ethernet and IPv6 multicast
addresses. ​
Module 10: Basic Router
Configuration

Configure Initial Router Settings

Basic Router Configuration Steps

Verify Interface Configuration

To verify interface configuration use the show ip
interface brief and show ipv6 interface brief
commands shown here:​

Basic Router Configuration Example

Configure Verification Commands

The table summarizes show commands used to
verify interface configuration.​

Commands Description
Configure Interfaces
show ip interface Displays all interfaces,

Configure Router Interfaces brief their IP addresses,

show ipv6 and their current
Configuring a router interface includes issuing the interface brief status.
following commands:​
show ip route Displays the contents
show ipv6 route of the IP routing tables
stored in RAM.
It is a good practice to use the description
show interfaces Displays statistics for
command to add information about the network
all interfaces on the
connected to the interface.
device. Only displays
The no shutdown command activates the
the IPv4 addressing
interface.
information.

show ip Displays the IPv4

Configure Router Interfaces Example interfaces statistics for all
interfaces on a router.
The commands to configure interface G0/0/0 on
R1 are shown here:​ show ipv6 Displays the IPv6
interfaces statistics for all
interfaces on a router.

View status of all interfaces with the show ip

interface brief and show ipv6 interface brief
commands, shown here:
Display the contents of the IP routing tables with
the show ip route and show ipv6 route commands
as shown here:

Configure the Default Gateway

Default Gateway on a Host

The default gateway is used when a host sends a
packet to a device on another network.
The default gateway address is generally the
router interface address attached to the local
Display statistics for all interfaces with the show network of the host.
interfaces command, as shown here: To reach PC3, PC1 addresses a packet with the
IPv4 address of PC3, but forwards the packet to
its default gateway, the G0/0/0 interface of R1.

Display IPv4 statistics for router interfaces with the

show ip interface command, as shown here:

Note: The IP address of the host and the router

interface must be in the same network.

Default Gateway on a Switch

A switch must have a default gateway address
configured to remotely manage the switch from
another network.
Display IPv6 statistics for router interfaces with the
To configure an IPv4 default gateway on a switch,
show ipv6 interface command shown here:
use the ip default-gateway ip-address global
configuration command.
SUMMARY M6-M10 communications.
A Layer 2 Ethernet switch makes its forwarding
decisions based solely on the Layer 2 Ethernet
M6
MAC addresses.
The data link layer of the OSI model (Layer 2)
The switch dynamically builds the MAC address
prepares network data for the physical network.
table by examining the source MAC address of
The data link layer is responsible for network
the frames received on a port.
interface card (NIC) to network interface card
The switch forwards frames by searching for a
communications.
match between the destination MAC address in
The IEEE 802 LAN/MAN data link layer consists
the frame and an entry in the MAC address table.
of the following two sublayers: LLC and MAC.
Switches use one of the following forwarding
The two types of topologies used in LAN and
methods for switching data between network
WAN networks are physical and logical.
ports: store-and-forward switching or cut-through
Three common types of physical WAN topologies
switching. Two variants of cut-through switching
are: point-to-point, hub and spoke, and mesh.
are fast-forward and fragment-free.
Half-duplex communications exchange data in
Two methods of memory buffering are port-based
one direction at a time. Full-duplex sends and
memory and shared memory.
receives data simultaneously.
There are two types of duplex settings used for
In contention-based multi-access networks, all
communications on an Ethernet network:
nodes are operating in half-duplex.
full-duplex and half-duplex.
Examples of contention-based access methods
include: CSMA/CD for bus-topology Ethernet
LANs and CSMA/CA for WLANs.
The data link frame has three basic parts: header, M8
data, and trailer. IP is connectionless, best effort, and media
Frame fields include: frame start and stop independent.
indicator flags, addressing, type, control, data, and IP does not guarantee packet delivery.
error detection. IPv4 packet header consists of fields containing
Data link addresses are also known as physical information about the packet.
addresses. IPv6 overcomes IPv4 lack of end-to-end
Data link addresses are only used for link local connectivity and increased network complexity.
delivery of frames. A device will determine if a destination is itself,
another local host, and a remote host.
A default gateway is router that is part of the LAN
M7
and will be used as a door to other networks.
Ethernet operates in the data link layer and the
The routing table contains a list of all known
physical layer. Ethernet standards define both the
network addresses (prefixes) and where to
Layer 2 protocols and the Layer 1 technologies.
forward the packet.
Ethernet uses the LLC and MAC sublayers of the
The router uses longest subnet mask or prefix
data link layer to operate.
match.
The Ethernet frame fields are: preamble and start
The routing table has three types of route entries:
frame delimiter, destination MAC address, source
directly connected networks, remote networks,
MAC address, EtherType, data, and FCS.
and a default route.
MAC addressing provides a method for device
identification at the data link layer of the OSI
model. M9
An Ethernet MAC address is a 48-bit address Layer 2 physical addresses (i.e., Ethernet MAC
expressed using 12 hexadecimal digits, or 6 addresses) are used to deliver the data link frame
bytes. with the encapsulated IP packet from one NIC to
When a device is forwarding a message to an another NIC on the same network.
Ethernet network, the Ethernet header includes If the destination IP address is on the same
the source and destination MAC addresses. In network, the destination MAC address will be that
Ethernet, different MAC addresses are used for of the destination device.
Layer 2 unicast, broadcast, and multicast When the destination IP address (IPv4 or IPv6) is
on a remote network, the destination MAC
address will be the address of the host default
gateway (i.e., the router interface).
An IPv4 device uses ARP to determine the
destination MAC address of a local device when it
knows its IPv4 address.
ARP provides two basic functions: resolving IPv4
addresses to MAC addresses and maintaining a
table of IPv4 to MAC address mappings.
After the ARP reply is received, the device will add
the IPv4 address and the corresponding MAC
address to its ARP table.
For each device, an ARP cache timer removes
ARP entries that have not been used for a
specified period of time.
IPv6 does not use ARP, it uses the ND protocol to
resolve MAC addresses.
An IPv6 device uses ICMPv6 Neighbor Discovery
to determine the destination MAC address of a
local device when it knows its IPv6 address.