Professional Documents
Culture Documents
Lab Exer 8
Lab Exer 8
ECET515LA
Introduction
Layer 2 Ethernet segments can be connected in parallel using Catalyst 6500 series switches.
Switched Ethernet segment connections are only active for the duration of the packet. For the
By assigning each device (for example, a server) to its own 10-, 100-, or 1000-Mbps collision
domain, Catalyst 6500 series switches tackle congestion problems caused by high-bandwidth
devices and a large number of users. Servers in a correctly designed switched environment gain
full access to the bandwidth since each LAN port connects to a different Ethernet collision
domain.
is an efficient solution. Ethernet is normally used in half-duplex mode, which means that stations
can only receive or transmit data. Two stations can transmit and receive at the same time in full-
duplex mode. The effective Ethernet bandwidth doubles when packets may flow in both
A Catalyst 6500 series switch's LAN ports can connect to a single workstation or server, or to a
hub that connects workstations and servers to the network. All ports on a standard Ethernet hub
link to a common backplane within the hub, and all devices connected to the hub share the
network's bandwidth. The network performance of all other stations connected to the hub is
reduced if two stations initiate a session that consumes a considerable amount of bandwidth.
The switch treats each LAN port as a separate segment to reduce degradation. When stations
connected to various LAN ports need to interact, the switch sends frames at wire speed from one
LAN port to the next, ensuring that each session gets the entire amount of bandwidth. The switch
uses an address table to efficiently exchange frames between LAN ports. When a frame arrives at
the switch, it associates the sender network device's MAC address with the LAN port on which it
was received.
The source address of the frames received is used to generate the address table in Catalyst 6500
series switches. When the switch receives a frame with a destination address that isn't in its
address database, it floods the frame to all LAN ports in the same VLAN save the one where the
frame was received. When the destination station responds, the switch updates the address table
with the relevant source address and port ID. Following that, the switch directs subsequent
frames to a single LAN port rather than flooding all LAN ports.
Without flooding any entries, the address table can store at least 32,000 address entries. If an
address is inactive for a certain amount of seconds, the switch employs an aging method defined
Discussion
The Data Link Layer, or Layer 2, is the second level of the seven-layer OSI reference model for
network protocol architecture. In the TCP/IP network paradigm, Layer 2 corresponds to the link
layer (the lowest layer). Layer 2 is the network layer that allows data to be transferred between
are sent and received between devices connected to the same local area network (LAN). Frames,
like bits, have a specified structure and can be utilized for things like error detection and control
plane activities. Not every frame contains user data. Some frames are used by the network to
govern the data link. At Layer 2, unicast refers to sending frames from a single node to another,
whereas multicast refers to sending traffic from a single node to several nodes, and broadcasting
refers to sending frames to all nodes in a network. A broadcast domain is a logical segment of a
network in which a broadcast can reach all of the network's nodes at Layer 2.
Bridges can be used to connect LAN segments at the frame level. Bridging divides the LAN into
separate broadcast domains, resulting in VLANs, which are logical networks that combine
related devices into separate network segments. The physical location of devices on a LAN has
no bearing on how they are grouped on a VLAN. All devices on an Ethernet LAN are in a single
broadcast domain without bridging or VLANs, and all devices detect all packets on the LAN.
Packet forwarding is the process of nodes in a network sending packets from one network
segment to another. A frame whose origin and destination are both in the same VLAN is only
routed within the local VLAN on a VLAN. A network segment is a section of a computer
network in which all devices use the same physical layer to communicate.
The logical link control (LLC) sublayer is in charge of handling frame traffic and regulating
communications lines.
The MAC sublayer is responsible for controlling protocol access to the physical network
medium. Multiple devices on the same physical link can be uniquely identified by using the
A switch's ports, or interfaces, operate in one of three modes: access, tagged-access, or trunk:
security camera, is connected to an access mode port. A single VLAN is assigned to the port.
Normal Ethernet frames are transmitted over an access port. All ports on a switch are in access
mode by default.
security camera, is connected to a Tagged-Access mode port. A single VLAN is assigned to the
port. Normal Ethernet frames are transmitted over an access port. All ports on a switch are in
access mode by default. Cloud computing, specifically scenarios involving virtual machines or
virtual computers, is supported by tagged-access mode. Because a physical server can contain
several virtual computers, the packets created by that server may comprise an aggregate of
VLAN packets from various virtual machines on that server. When the destination address of a
packet is learnt on a downstream port, tagged-access mode reflects packets back to the physical
server on that downstream port to handle this situation. When the destination has not yet been
determined, packets are also mirrored back to the physical server on the downstream port. As a
result, the third interface mode, tagged access, combines some of the properties of access mode
Trunk mode ports handle traffic for numerous VLANs by multiplexing all of the VLANs' traffic
onto a single physical connection. In most cases, trunk interfaces are used to link switches to
other devices or switches. Frames without VLAN tags are sent across the trunk interface when
native VLAN is enabled. Use native VLAN mode if you have a circumstance where packets are
sent from a device to a switch in access mode and subsequently sent from the switch over a
trunk port. Assign a native VLAN to the single VLAN on the switch's port (which is in access
mode). Those frames will be treated differently than the other tagged packets by the switch's
trunk port.
If a trunk port has three VLANs allocated to it, 10, 20, and 30, with VLAN 10 being the native
VLAN, frames on VLAN 10 leaving the trunk port on the other end will not have an 802.1Q
header (tag). Another native VLAN option exists. For untagged packets, you can have the switch
add and remove tags. To do so, you must first set up the single VLAN as a native VLAN on a port
connected to an edge device. Then, on the port connected to a device, assign a VLAN ID tag to
the single native VLAN. Last but not least, assign the VLAN ID to the trunk port. When the switch
gets an untagged packet, it adds the ID you supplied and broadcasts and receives tagged packets
Reflection
The firewall can be deployed in Layer 2 transparent mode without requiring any changes to the
existing routing infrastructure. The firewall is configured as a Layer 2 switch with numerous
VLAN segments, and it delivers security services to those segments. Bump-in-wire deployment
is made possible by a specific form of Layer 2 transparent mode called secure wire.
When a device's interfaces are defined as Layer 2 interfaces, it functions in transparent mode. If
no physical interfaces are specified as Layer 2 interfaces, the device works in route mode (the
default mode).
Transparent mode for SRX Series devices provides comprehensive security services for Layer 2
switching capabilities. Layer 2 switching can be configured on one or more VLANs on these
SRX Series devices. A VLAN is a collection of logical ports with similar flooding or
broadcasting characteristics. A VLAN, like a virtual LAN, spans one or more ports from various
devices. As a result, the SRX Series device can act as a Layer 2 switch for various VLANs on
The SRX Series device filters packets that pass through it in transparent mode without changing
the source or destination information in the IP packet headers. Because there is no need to alter
the IP settings of routers or protected servers, transparent mode is excellent for safeguarding
All physical ports on the device are assigned to Layer 2 interfaces in transparent mode. Layer 3
communication should not be routed through the device. Security policies can be set between
Layer 2 zones, and Layer 2 zones can be configured to host Layer 2 interfaces. Security policies
Information in Ethernet headers is used to make traffic forwarding decisions in the first
packets entering the switch, intelligent switches may figure out which ports have which end
stations attached. A Layer 2 switch can only forward frames out of ports where it knows the end
station is by using this knowledge and the ability to interpret the Layer 2 headers of all packets.
Frames with unknown destination MAC addresses are flooded out of every port in the switch to
force the recipient to reply for end station addresses that have not yet been learned.
Because the relevantMAC address will be the source address on the reply frame, the switch will
be able to learn it. For local area networks, Layer 2 switching is used in conjunction with Layer 3
routing to permit communication between devices on the same IP subnet. Because the
understand address information and act on it in ways other than those outlined earlier.
Many Layer 2 switches will allow you to implement intelligent services like Quality of Service
(QoS), bandwidth shaping, and VLAN membership based on Layer 2 data. Large layer 2
which can cause network failures. Separating specific clients into various broadcast domains
may also be preferable for security and policy reasons. This is when configuring VLANs comes
in handy. VLANs can be assigned to individual switch ports on a layer 2 switch, which are then
in various layer 3 subnets, and hence in different broadcast domains. By allowing various layer 3
networks to share the same layer 2 infrastructure, VLANs provide more flexibility. There's a
propensity to develop huge Layer 2 topologies and add hundreds of nodes since switches
increase throughput and filtering, but this creates a large broadcast domain. The issue is that all
network devices (computers, printers, switching equipment, and so on) create broadcast and
multicast frames that traverse the whole broadcast domain, competing for bandwidth with data
traffic.
References
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-
2SXF/native/configuration/guide/swcg/layer2.pdf
https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-
map/layer-2-understanding.html
https://cdn.ttgtmedia.com/searchNetworking/downloads/ConSwitchch02.pdf
https://www.oreilly.com/library/view/packet-guide-to/9781449311315/ch04.html