Chapter 5
Reading Organizer
After completion of this chapter, you should be able to:








Describe the operation of the Ethernet sublayers.
Identify the major fields of the Ethernet frame.
Describe the purpose and characteristics of the Ethernet MAC address.
Describe the purpose of ARP.
Explain how ARP requests impact network and host performance.
Explain basic switching concepts.
Compare fixed configuration and modular switches.
Configure a Layer 3 switch.
5.1 Ethernet Protocol
1. Ethernet operates at what OSI layers?
a. data link layer
b. physical layer
2. Ethernet is defined by which IEEE standards?
a. 802.2
b. 802.3
3. What is the purpose of the LLC sublayer?
The Ethernet LLC sublayer handles the communication between the upper layers and the lower
layers
4. What is the purpose of the MAC sublayer?
MAC constitutes the lower sublayer of the data link layer.
5. What are the Ethernet MAC sublayer’s two primary responsibilities?
a. Data encapsulation
b. Media access control
6. Data encapsulation provides three primary functions. These are:
a. Frame Delimiting
b. Addressing
c. Error Detection
7. The two primary functions of Media Access Control are:
a. Control of frame placement on and off the media
b. Media recovery
8. Explain how CSMA/Collision Detection operates.
In CSMA/Collision Detection (CSMA/CD), the device monitors the media for the presence of a
data signal. If a data signal is absent, indicating that the media is free, the device transmits the
data. If signals are then detected that show another device was transmitting at the same time,
all devices stop sending and try again later.
9. Explain how CSMA/Collision Avoidance operates.
In CSMA/CA, the device examines the media for the presence of a data signal. If the media is
free, the device sends a notification across the media of its intent to use it. The device then
sends the data. This method is used by 802.11 wireless networking technologies.
10. Why were MAC addresses created?
To prevent the excessive overhead involved in the processing of every frame, a unique identifier
called a MAC address was created to identify the actual source and destination nodes within an
Ethernet network.
11. The IEEE requires vendors to follow two simple rules. These are:
a. All MAC addresses assigned to a NIC or other Ethernet device must use that vendor's assigned
OUI as the first 3 bytes.
b. All MAC addresses with the same OUI must be assigned a unique value (vendor code or serial
number) in the last 3 bytes.
12. What does BIA stand for?
Burned-in address
13. Descriptions of the MAC and LLC sublayers are provided in the table. Place a check in the MAC or
LLC fields to match the descriptions to the correct sublayer.
2
14. What are the minimum and the maximum frame sizes as defined by Ethernet II and IEEE802.3?
Minimum:
Maximum:
___64 bytes_____
___1518 bytes___
15. Explain what a "collision fragment" or "runt frame" is and what happens to it on the network.
Any frame less than 64 bytes in length is automatically discarded by receiving stations.
16. What happens to frames that are larger than the maximum size?
It is discarded
17. Label the primary fields in an Ethernet frame.
7
1
6
6
2
46 t0 1500
4
Preamble
Start of
Frame
Delimiter
Destination
MAC
Address
Source MAC
Address
Length
802.2
Header and
Data
Frame
Check
Sequence
18. Write in the correct Ethernet frame field name with its description.
19. Convert the decimal number 15 to hexadecimal and show the two different ways it can be correctly
represented in text.
a. 0x0F
b. 0FH
20. On a Windows host, what command can be used to identify the MAC address of an Ethernet
adapter?
ipconfig /all
21. What is a unicast MAC address?
It is the unique address used when a frame is sent from a single transmitting device to a single
destination device.
22. On Ethernet networks, how is the broadcast MAC address displayed in hexadecimal?
FF-FF-FF-FF-FF-FF.
23. How are multicast addresses different than unicast or broadcast addresses?
They allow a source device to send a packet to a group of devices.
4
24. What is the IPv4 address range for multicast addresses?
224.0.0.0 to 239.255.255.255.
5.2 Address Resolution Protocol
25. What are the two basic functions of the ARP protocol?
a. Resolving IPv4 addresses to MAC addresses
b. Maintaining a table of mappings
26. There are two ways that a device can gather MAC addresses. Explain both.
a. One way is to monitor the traffic that occurs on the local network segment. As a node
receives frames from the media, it can record the source IP and MAC address as a mapping in
the ARP table. As frames are transmitted on the network, the device populates the ARP table
with address pairs.
b. Another way a device can get an address pair is to send an ARP request. An ARP request is a
Layer 2 broadcast to all devices on the Ethernet LAN. The ARP request contains the IP address of
the destination host and the broadcast MAC address, FFFF.FFFF.FFFF.
27. Entries in the ARP table are time stamped. What does this mean?
If a device does not receive a frame from a particular device by the time the time stamp expires,
the entry for this device is removed from the ARP table.
28. What happens if no device responds to the ARP request?
The packet is dropped because a frame cannot be created.
29. If the destination IPv4 host is on the local network, the frame will use the MAC address of this
device as the destination MAC address. If the destination IPv4 host is not on the local network, what
happens?
The source node needs to deliver the frame to the router interface that is the gateway or next
hop used to reach that destination. The source node will use the MAC address of the gateway as
the destination address for frames containing an IPv4 packet addressed to hosts on other
networks.
30. What command is used on a Cisco router to display the ARP table?
Show ip arp
31. What command is used in Windows 7 to display the ARP table?
arp -a
32. List and explain two potential issues with ARP.
a. Overhead on the Media –
As a broadcast frame, an ARP request is received and processed by every device on the local
network. If a large number of devices were to be powered up and all start accessing network
services at the same time, there could be some reduction in performance for a short period of
time
b. Security –
ARP spoofing, or ARP poisoning, is a technique used by an attacker to inject the wrong MAC
address association into a network by issuing fake ARP requests. An attacker forges the MAC
address of a device and then frames can be sent to the wrong destination.
5.3 LAN Switches
33. Number in sequence, the following steps a switch takes to build its MAC address table and correctly
forward frames.
____5____ The switch enters the source MAC address of the device replying to host 1 and
switch port it is connected to.
____2____ The switch enters the source MAC address and the switch port that received the
frame in to the MAC table.
____1____ A switch receives a broadcast frame from host 1.
____3____ The switch floods the broadcast frame out all ports except the port from it was
received from.
____6____ The switch can now forward messages between the two devices without flooding
the network because it has recorded the MAC addresses and associated switch ports in its MAC
address table.
____4____ The destination device replies tot eh broadcast with a unicast frame addressed to
host 1.
34. The MAC address table is sometimes referred to as a what?
Content addressable memory (CAM) table.
35. What is half duplex communication?
6
Half-duplex communication relies on unidirectional data flow where sending and receiving data
are not performed at the same time.
36. What is full duplex communication?
In full-duplex communication, data flow is bidirectional, so data can be sent and received at the
same time
37. List and explain the three duplex settings supported by a Cisco Catalyst switch.
a. Full option –
sets full-duplex mode.
b. Half option –
sets half-duplex mode.
c. Auto option –
sets autonegotiation of duplex mode. With autonegotiation enabled, the two ports
communicate to decide the best mode of operation.
38. What duplex setting is required when using 1000Mb/s speeds?
Full duplex
39. Explain in detail what the Auto-MDIX feature does.
When the auto-MDIX feature is enabled, the switch detects the required cable type for copper
Ethernet connections and configures the interfaces accordingly. Therefore, you can use either a
crossover or a straight-through cable for connections to a copper 10/100/1000 port on the
switch, regardless of the type of device on the other end of the connection.
40. List and explain the two types of switch packet forwarding methods.
a. Store-and-forward switching –
The switch receives the frame, it stores the data in buffers until the complete frame has been
received. During the storage process, the switch analyzes the frame for information about its
destination. In this process, the switch also performs an error check using the Cyclic
Redundancy Check (CRC) trailer portion of the Ethernet frame.
b. Cut-through –
A cut-through switch forwards the frame before it is entirely received. At a minimum, the
destination address of the frame must be read before the frame can be forwarded.
41. List and explain the two variants of cut-through switching.
a. Fast-forward switching –
Fast-forward switching offers the lowest level of latency. Fast-forward switching immediately
forwards a packet after reading the destination address. Because fast-forward switching starts
forwarding before the entire packet has been received, there may be times when packets are
relayed with errors.
b. Fragment-free switching –
In fragment-free switching, the switch stores the first 64 bytes of the frame before forwarding.
Fragment-free switching can be viewed as a compromise between store-and-forward switching
and fast-forward switching. The reason fragment-free switching stores only the first 64 bytes of
the frame is that most network errors and collisions occur during the first 64 bytes.
42. Descriptions of switch frame forwarding methods are provided in the table. Check in the Store-andForward or Cut-Through fields to match the methods to the descriptions.
8
43. Fill in the blanks.
44. List and explain the two methods of memory buffering.
a. Port-based Memory Buffering –
In port-based memory buffering, frames are stored in queues that are linked to specific
incoming and outgoing ports.
b. Shared Memory Buffering –
Shared memory buffering deposits all frames into a common memory buffer that all the ports
on the switch share.
45.
46.
47.
10
48.
49. Explain the differences between fixed configuration switches and modular switches.
a. Fixed configuration switches –
Features and options are limited to those that originally come with the switch.
b. Modular switches –
The chassis accepts line cards that contain the ports.
50. Explain how a layer 2 switch operates.
A Layer 2 LAN switch performs switching and filtering based only on the OSI data link layer
(Layer 2) MAC address and depends upon routers to pass data between independent IP
subnetworks
51. Explain how a layer 3 switch differs from a layer 2 switch.
Instead of using only the Layer 2 MAC address information for forwarding decisions, a Layer 3
switch can also use IP address information.
52. Cisco devices which support Layer 3 switching utilize what Cisco forwarding method?
Cisco Express Forwarding (CEF).
53. What are the two main components of CEF operation?
a. Forwarding Information Base (FIB)
b. Adjacency tables
54. List and describe the major types of Layer 3 interfaces.
a. Switch Virtual Interface (SVI) –
Logical interface on a switch associated with a virtual local area network (VLAN).
b. Routed Port –
Physical port on a Layer 3 switch configured to act as a router port.
c. Layer 3 EtherChannel –
Logical interface on a Cisco device associated with a bundle of routed ports.
55. A switch port can be configured to be a Layer 3 routed port and behave like a regular router
interface. What is needed to accomplish this?
a. The no switchport command
b. Assign an IP address to the port
12