1|Pa g e VOL: 1

Basic switching course (I)

LAN
What is Ethernet?
Ethernet Frame
MAC
Unicast,multicast,broadcast
Duplex
What is network hub?
What is Network Bridge?
What is network switch?
Difference between switch and bridge
Collision
Late collision
Collision domain
What is router?
Broadcast domain
CSMA/CD

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

2|Pa g e VOL: 1

Local Area Network (LAN)

The term local area network (LAN) is used to describe a network of devices inside a limited area (in the
same room, building…). A typical SOHO (small office/home office) LAN consist of PCs, printers,
switches, routers, and cabling that connects all these devices together. The following figure shows a
typical LAN:

This type of network is usually capable of achieving a high data transfer rate of (up to 10 Gbps)
at relatively low cost. The twisted-pair cabling is commonly used in LANs for connections
between end user devices and switches, while fiber-optic cabling is used for links between
network devices, such as switches and routers.

Some of the LAN technologies are Ethernet, Token Ring and FDDI. Ethernet is by far the most
popular wired LAN technology. It defines wiring, signaling, connectors, frame formats, protocol
rules, etc. Most modern LANs also support the wireless LAN (WLAN) technology, defined by the
IEEE 802.11 standards. WLANs use radio waves instead of wires or cables for links between
devices.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

3|Pa g e VOL: 1

What is Ethernet?
The term Ethernet refers to an entire family of standards that define wiring, signaling,
connectors, frame formats, protocol rules, etc. Ethernet is standardized by the Institute of
Electrical and Electronics Engineers (IEEE) as the 802.3 standard. The standard defines several
wiring variants, such as coaxial, twisted pair and fiber optic cabling. Coaxial cables are rarely
used anymore, while twisted pair cables are usually used in SOHO environments. Optical fibers
are the most expensive option, but they allow longer cabling distances and greater speeds.

Ethernet uses the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) access
method and supports speeds up to 100 Gbps. It is by far the most popular LAN technology
today.

Ethernet frame
An Ethernet frame starts with a header, which contains the source and destination MAC
addresses, among other data. The middle part of the frame is the actual data. The frame ends
with a field called Frame Check Sequence (FCS).

The Ethernet frame structure is defined in the IEEE 802.3 standard. Here is a graphical
representation of an Ethernet frame and a description of each field in the frame:

 Preamble – informs the receiving system that a frame is starting and enables
synchronisation.
 SFD (Start Frame Delimiter) – signifies that the Destination MAC Address field begins
with the next byte.
 Destination MAC – identifies the receiving system.
 Source MAC – identifies the sending system.
 Type – defines the type of protocol inside the frame, for example IPv4 or IPv6.
 Data and Pad – contains the payload data. Padding data is added to meet the minimum
length requirement for this field (46 bytes).
 FCS (Frame Check Sequence) – contains a 32-bit Cyclic Redundancy Check (CRC) which
allows detection of corrupted data

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

4|Pa g e VOL: 1

MAC address
Ethernet uses MAC (Media Access Control) addresses to uniquely identify a host in an Ethernet
environment. Every Ethernet network interface card (NIC) has a MAC address burned in its
firmware, which is why MAC addresses are sometimes known as hardware addresses.

MAC addresses are 6 Bytes (48 bits) long. Every network card manufacturer gets a universally
unique 3-byte code called the Organizationally Unique Identifier (OUI). Manufacturers agree to
give all NICs a MAC address that begins with the assigned OUI. The manufacturer then assigns a
unique value for the last 3 bytes, which ensures that every MAC address is globaly unique.

In the following picture we can see the structure of a MAC address:

MAC addresses are usually written in the form of 12 hexadecimal digits. For example, this is a
valid MAC address: D8-D3-85-EA-1B-EE. Each hexadecimal character is 4 bits long, so the first
six hexadecimal characters represent the vendor (in this case, Hewlett Packard).

How to find the MAC address of your computer

You can find out the MAC address your computer is using. The process depends on your
operating system:

Windows

Go to the Command Prompt (Start – Programs – Accessories – Command Prompt on Windows

XP, for newer versions of Windows, just type cmd from the Start screen). Once inside the
Command Prompt, type the ipconfig/all command. The MAC address is shown in the Physical
Address field:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

5|Pa g e VOL: 1

Linux

Go to the shell and type the ifconfig command. The MAC address should be listed as HWaddr:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

6|Pa g e VOL: 1

Unicast, multicast, broadcast addresses

Three types of Ethernet addresses exist:

 unicast addresses – represents a single LAN interface. A unicast frame will be sent to a
specific device, not to a group of devices on the LAN.
 multicast addresses – represents a group of devices in a LAN. A frame sent to a
multicast address will be forwarded to a group of devices on the LAN.
 broadcast addresses – represents all device on the LAN. Frames sent to a broadcast
address will be delivered to all devices on the LAN.

The broadcast address has the value of FFFF.FFFF.FFFF (all binary ones). The switch will flood
broadcast frames out all ports except the port that it was received on.

Multicast frames have a value of 1 in the least-significant bit of the first octet of the destination
address. This helps a network switch to distinguish between unicast and multicast addresses.
One example of an Ethernet multicast address would be 01:00:0C:CC:CC:CC, which is an address
used by CDP (Cisco Discovery Protocol).

Half and full duplex

In telecommunication, a duplex communication system is a point-to-point system of two
devices that can communicate with each other in both direction. Two types of
duplex communication systems exist in Ethernet environments:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

7|Pa g e VOL: 1

half-duplex – a port can send data only when it is not receiving data. In other words, it cannot
send and receive data at the same time. Network hubs run in half -duplex mode in order to
prevent collisions. Since hubs are rare in modern LANs, the half -duplex system is not widely
used in Ethernet networks anymore.

full-duplex – all nodes can send and receive on their port at the same time. There are no
collisions in full-duplex mode, but the host NIC and the switch port must support the full-
duplex mode. Full-duplex Ethernet uses two pairs of wires at the same time instead of a single
wire pair like half-duplex.

What is a network hub?

A network hub serves as a connection point for all devices in a LAN. It is basically a multiple -
port repeater because it repeats an electrical signal that comes in one port out all other ports
(except the incoming port). Here is an example 4-port Ethernet hub (source: Wikipedia):

Hubs are OSI Layer 1 devices and have no concept of Ethernet frames or addressing. They have
no way of distinguishing which port a signal should be sent to; instead, an electrical signal is
broadcast to every port. All nodes on the network will receive data, and the data will eventually
reach the correct destination, but with a lot of unnecessary network traffic:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

8|Pa g e VOL: 1

In the picture above you can see that the hub has sent out the receiving signal out all other
ports, except the incoming port.

Modern LANs rarely use hubs; switches are used instead. Hubs have many disadvantages,
including:

 they operate in half-duplex.

 they are prone to collisions.
 each port on a hub is in the same collision domain.
 data is forwarded out all ports and can be captured with a network sniffer.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

9|Pa g e VOL: 1

What is a network bridge?

A network bridge is a device that divides a network into segments. Each segment represent a
separate collision domain, so the number of collisions on the network is reduced. Each collision
domain has its own separate bandwidth, so a bridge also improves the network performance.

A bridge works at the Data link layer (Layer 2) of the OSI model. It inspects incoming traffic and
decide whether to forward it or filter it. Each incoming Ethernet frame is inspected for
destination MAC address. If the bridge determines that the de stination host is on another
segment of the network, it forwards the frame to that segment.

Consider the following example network:

In the picture above we have a network of four computers. The network is divided into
segments by a bridge. Each segment is a separate collision domain with its own bandwidth.
Let’s say that Host A wants to communicate with Host C. Host A will send the frame with the
Host C’s destination MAC address to the bridge. The bridge will inspect the frame and forward
it to the segment of the network Host C is on.

Network bridges offer substantial improvements over network hubs, but they are not widely
used anymore in modern LANs. Switches are commonly used instead.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

10 | P a g e VOL: 1

What is a network switch?

A network switch is a device that connects devices together on a LAN. A switch is essentially a
multiport network bridge and performs the same basic functions as a bridge, but at much faster
speeds and with many additional features. Each port on a switch is in a separate collision
domain and can run in the full duplex mode, which means that hosts connected to a switch port
can transmit to the switch at the same time that the switch transmits to them.

An Ethernet switch usually works at the Data link layer of the OSI model (Layer 2). It manages
the flow of data across a network by inspecting the incoming frame’s destination MAC address
and forwarding the frame only to the host for which the message was intended. Each switch
has a dynamic table (called the MAC address table) that maps MAC addresses to ports. With
this information, a switch can identify which system is sitting on which port and where to send
the received frame.

To better understand how a switch works, consider the following example:

Host A is trying to communicate with Host C and sends a packet with the Host C’s destination
MAC address. The packet arrives at the switch, which looks at the destination MAC address. The
switch then searches that MAC address in its MAC address table. If the MAC address is found,
the switch then forwards the packet only out the port connected to the frame’s destination.
Hosts connected to other ports will not receive the frame.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

11 | P a g e VOL: 1

Differences between a switch and a bridge

Switches are basically multiport bridges. Although both types of devices perform a similar
function, segmenting a LAN into separate collision domains, there are some differences
between them:

 most bridges have only 2 or 4 ports. A switch can have hundreds of ports.
 bridges are software based. Switches are hardware-based and use chips (ASICs) when
making forwarding decisions, which makes them much faster than bridges.
 switches can have multiple spanning-tree instances. Bridges can have only one.
 switches can have multiple broadcast domains (one per VLAN).

Collision
In a half duplex Ethernet network, a collision is the result of two devices on the same Ethernet
network attempting to transmit data at exactly the same time. The network detects the
"collision" of the two transmitted packets and discards them both. Collisions are a natural
occurrence on Ethernets. Ethernet uses Carrier Sense Multiple Access/ Collision Detect
(CSMA/CD) as its method of allowing devices to "take turns" using the signal carrier line.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

12 | P a g e VOL: 1

Late Collision
Late collisions, on the other hand, are not normal and are usually the result of out of spec. cabling or a
malfunctioning adapter. A late collision is defined as any collision that occurs after 512 bits of the frame
have been transmitted.

Late collision can happen in the following event:

- Duplex mismatch (Half – Full / Full – Half)

- Cable length excceded. (UTP 100m)

The following is an outline of a late collision event caused by out of spec. cabling:

Station A, detecting that the wire has been idle for 9.6 microseconds, begins to transmit its data
frame, beginning with the 64 bit preamble. Station A transmits 256 bits of its frame. If the cabling
were in spec and Station B began to transmit, causing a collision, even if Stations A and B were
on the farthest ends of the wire from each other the collision would be detected by station A
before it could transmit its 512th bit. (Stage 1)

Station A continues to transmit bits, and meanwhile, down at the other end of the wire, just
before the electrical signal reaches Station B, Station B detects idle wire for 9.6 microseconds and
begins to transmit. (Stage 2)

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

13 | P a g e VOL: 1

A minute amount of time later, a collision occurs. (Stage 3) Station B, being extremely close to
the collision, detects it first and begins transmitting a 32 bit jam signal.

The collision begins to propagate down the wire towards Station A (Stage 4), followed by the 32
Bit Jam signal generated from Station B.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

14 | P a g e VOL: 1

But because the cabling was out of spec. by the time it gets to Station A, Station A has already
finished transmitting and is no longer listening for collisions! (Stage 5) Station A is co mpletely
unaware that a collision has occurred!

The reason that late collisions are a problem is that once the NIC misses the fact that a collision
has occurred, recovery and retransmission are left to the upper layers and recovery time goes up
drastically. While a NIC will typically recover and retransmit a frame in 2-3 milliseconds, it
typically takes anywhere from 10 to 100 times that long for upper layers.

The other major cause of late collisions is a malfunctioning NIC. If a NIC malfunctions in such a
manner that it is unable to detect that another station is talking, late (and early) collisions will
occur.

Collision domain explained

The term collision domain is used to describe a part of a network where packet collisions can
occur. Packet collisions occur when two devices on a shared network segment send packets
simultaneously. The colliding packets must be discarded and sent again, which reduces network
efficency.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

15 | P a g e VOL: 1

In the picture above you can see a network of seven computers, two hubs, a bridge, a switch, and a
router. The collision domains created by these devices are marked in red. Remember, all devices
connected to the hub are in the same collision domain. Each port on a bridge, a switch or router is in a
seperate collision domain. That is why there are seven collision domains in the network pictured above.

What is a router?
A router is a network device that connects different computer networks by routing packets
from one network to the other. This device is usually connected to two or more different
networks. When a data packet comes to a router port, the router reads the address information
in the packet to determine out which port the packet will be sent. For ex ample, a router
provides you with the internet access by connecting your LAN with the Internet.

A router is considered a Layer 3 device of the OSI model because its primary forwarding
decision is based on the information of the OSI Layer 3 (the destination IP address). If two hosts
from different networks want to communicate with each other, they will need a router
between them. Consider the following example:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

16 | P a g e VOL: 1

We have a network of three computers. Note that each computer is on a different network.
Host A wants to communicate with Host B and sends a packet with Host B’s IP address
(10.0.0.20) to the default gateway (the router). The router receives the packet, compares the
packet’s destination IP address to the entries in its routing table and finds a match . It then
sends the packet out the interface associated with that network. Only Host B will receive the
packet. In fact, Host C will not even be aware that the communication took place.

Broadcast domain explained

The term broadcast domain is used to describe a group of devices on a specific network
segment that can reach each other with Ethernet broadcasts. Broadcasts sent by a device in
one broadcast domain are not forwarded to devices in another broadcast domain. This
improves the performance of the network because not all devices on a network will receive and
process broadcasts.

Routers separate a LAN into multiple broadcast domains (every port on a router is in a different
broadcast domain). Switches (by default) flood Ethernet broadcast frames out all p orts, just like
bridges and hubs. All ports on these devices are in the same broadcast domain.

To better understand the concept of broadcast domains, consider the following example:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

17 | P a g e VOL: 1

In the picture above we have a network of six computers, two hubs, a bridge, a switch, and a
router. The broadcast domains are marked in red. Remember, all devices connected to a hub, a
bridge, and a switch are in the same broadcast domain. Only routers separate the LAN into
multiple broadcast domains. That is why we have four broadcast domains in the network
pictured above.

CSMA/CD explained
Half-duplex Ethernet networks use an algorithm called Carrier Sense Multiple Access with
Collision Detection (CSMA/CD). This algorithm helps devices on the same network segment to
decide when to send packets and what to do in case of collisions. CSMA/CD is commonly used
in networks with repeaters and hubs because these devices run in the half -duplex mode and all
of their ports are in the same collision domain.

Packet collisions occur when packets are transmitted from different host at the same time. To
prevent this, CSMA/CD forces a transmitting station to check for the presence of a digital signal
on the wire. If no other hosts are transmitting packets, the sender begins sending the frame.
The sender also monitors the wire to make sure no other hosts begin transmitting. However, if
another host begins transmitting at the same time and a collision occur, the transmitting host
sends a jam signal that causes all hosts on the network segment to stop sending data. After a
random period of time, hosts retransmit their packets.

Consider the following example:

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985

18 | P a g e VOL: 1

In the picture above we have a network of four hosts connected to a hub. Since hubs work in
the half-duplex mode and each port on a hub is in the same collision domain, packet collisions
can occur and CSMA/CD is used to prevent and detect them. Host A detects that there are no
other signals on the network and decides to send a packet. However, Host B also assumes that
no other station is transmitting and sends a packet as well. A collision occurs and it is detected
by Host A and Host B. The sending stations send a jamming signal telling all hosts on the
segment that a collision occured. After a random period of time, Host A and Host B resend t heir
packets.

CCNA VCE TRAINING Network Academy Hot Line: 09-421096985