1 00:00:00,000 --> 00:00:01,460 2 00:00:01,460 --> 00:00:04,490 I'd like you to imagine with me that a device on the network 3 00:00:04,490 --> 00:00:07,730 is doing a ping just to verify basic connectivity 4 00:00:07,730 --> 00:00:10,520 to some other device on the same network. 5 00:00:10,520 --> 00:00:14,470 And let's imagine that it's this device right here, PC-1, 6 00:00:14,470 --> 00:00:17,570 that's doing the pinging over to PC-4. 7 00:00:17,570 --> 00:00:19,760 Also, as part of that ping request, 8 00:00:19,760 --> 00:00:22,370 I have a little Wireshark packet analysis snippet 9 00:00:22,370 --> 00:00:24,390 right here that we can look at as well. 10 00:00:24,390 --> 00:00:27,710 Here it's showing us the layer 2 information with the source 11 00:00:27,710 --> 00:00:30,860 MAC address and the destination MAC address, 12 00:00:30,860 --> 00:00:34,295 which matches up with the MAC addresses of those devices. 13 00:00:34,295 --> 00:00:35,920 And then the protocol behind the scenes 14 00:00:35,920 --> 00:00:37,970 that's being used for a ping request 15 00:00:37,970 --> 00:00:41,940 is ICMP, the Internet Control Message Protocol. 16 00:00:41,940 --> 00:00:43,190 So here's my question for you. 17 00:00:43,190 --> 00:00:47,660 If PC-1 crafted this ICMP echo request, which it did, 18 00:00:47,660 --> 00:00:50,600 how did PC-1 know what the layer 2 address was 19 00:00:50,600 --> 00:00:53,130 of PC-4 on that same network? 20 00:00:53,130 --> 00:00:54,540 And two ideas come to mind. 21 00:00:54,540 --> 00:00:55,720 Number one, it's just magic. 22 00:00:55,720 --> 00:00:56,720 That's the way it works. 23 00:00:56,720 --> 00:00:58,820 Or number two, it's using some type 24 00:00:58,820 --> 00:01:01,430 of a protocol, a set of rules, that 25 00:01:01,430 --> 00:01:04,910 allows it to discover and learn what the layer 2 address is 26 00:01:04,910 --> 00:01:06,360 of PC-4. 27 00:01:06,360 --> 00:01:07,970 And the latter of those two is true. 28 00:01:07,970 --> 00:01:09,440 And the protocol we're going to use 29 00:01:09,440 --> 00:01:11,930 that resolves, or determines, or figures out 30 00:01:11,930 --> 00:01:14,420 what the layer 2 address is of another device 31 00:01:14,420 --> 00:01:16,720 on the same network is called ARP. 32 00:01:16,720 --> 00:01:19,430 It's Address Resolution Protocol. 33 00:01:19,430 --> 00:01:21,800 And here's the basics of how ARP operates. 34 00:01:21,800 --> 00:01:26,090 When PC-1 is getting ready to do a ping request, for example, 35 00:01:26,090 --> 00:01:31,100 to the host at 10.100.0.4, it's true that PC-1 really is going 36 00:01:31,100 --> 00:01:35,040 to need the layer 2 address of PC-4's network interface card 37 00:01:35,040 --> 00:01:38,240 so it can put that destination layer 2 address in the frame 38 00:01:38,240 --> 00:01:39,650 to send the ping request. 39 00:01:39,650 --> 00:01:42,200 So in its preparation for sending that ping request, 40 00:01:42,200 --> 00:01:45,020 it looks at its ARP cache. 41 00:01:45,020 --> 00:01:47,790 Sometimes that's also referred to as an ARP table. 42 00:01:47,790 --> 00:01:50,210 And in the ARP cache, PC-1 is going to look to see 43 00:01:50,210 --> 00:01:54,140 if he's already learned the layer 2 address associated with 44 00:01:54,140 --> 00:01:56,750 that host at 10.100.0.4. 45 00:01:56,750 --> 00:01:59,900 In the event that the ARP cache is empty, or at least doesn't 46 00:01:59,900 --> 00:02:03,110 have the layer 2 address for PC-4 here, 47 00:02:03,110 --> 00:02:07,550 what PC-1 is going to do, it's going to send an ARP request. 48 00:02:07,550 --> 00:02:10,460 And that ARP request is sent from PC-1 49 00:02:10,460 --> 00:02:12,800 as a layer 2 broadcast. 50 00:02:12,800 --> 00:02:15,580 It's like an all-points bulletin that everybody 51 00:02:15,580 --> 00:02:17,930 is going to see who's currently connected to 52 00:02:17,930 --> 00:02:20,300 and working in the same VLAN as PC-1. 53 00:02:20,300 --> 00:02:21,860 In this case, it's VLAN 100. 54 00:02:21,860 --> 00:02:24,380 And then that ARP request is going to say, hey, 55 00:02:24,380 --> 00:02:27,200 I'm looking for the person who owns the IP address 56 00:02:27,200 --> 00:02:28,790 of 10.100.0.4. 57 00:02:28,790 --> 00:02:32,810 And if that's you, please reply back with your layer 2 address. 58 00:02:32,810 --> 00:02:35,535 I need it so I can forward additional frames to you. 59 00:02:35,535 --> 00:02:37,660 And the question I have for you regarding a layer 2 60 00:02:37,660 --> 00:02:40,820 broadcast that's being sent into the switch, what does 61 00:02:40,820 --> 00:02:44,360 a switch do with a layer 2 broadcast? 62 00:02:44,360 --> 00:02:46,070 And we've touched on this at least once 63 00:02:46,070 --> 00:02:48,100 in a previous Nugget. 64 00:02:48,100 --> 00:02:49,910 And if you said, Keith, I got it. 65 00:02:49,910 --> 00:02:52,160 It's going to forward that broadcast 66 00:02:52,160 --> 00:02:56,400 to all other ports that are associated with that same VLAN. 67 00:02:56,400 --> 00:02:58,130 In this case, it would be VLAN 100. 68 00:02:58,130 --> 00:03:00,230 And that's absolutely accurate. 69 00:03:00,230 --> 00:03:02,210 So if we follow that logic, the switch 70 00:03:02,210 --> 00:03:04,400 would forward that broadcast out port 71 00:03:04,400 --> 00:03:07,340 Gig 0/2 because that's part of VLAN 100. 72 00:03:07,340 --> 00:03:10,280 It would take a quick moment and consider Gig 0/3 73 00:03:10,280 --> 00:03:12,380 and say, oops, wrong VLAN. 74 00:03:12,380 --> 00:03:14,260 It wouldn't send it out to PC-3. 75 00:03:14,260 --> 00:03:15,770 So PC-3 wouldn't see it. 76 00:03:15,770 --> 00:03:18,940 But the trunk is supporting VLAN 100, 77 00:03:18,940 --> 00:03:22,550 and so the switch would tag it with an 802.1Q tag 78 00:03:22,550 --> 00:03:25,430 and propagate that broadcast over the trunk link over 79 00:03:25,430 --> 00:03:27,179 to switch 2 who would receive it. 80 00:03:27,179 --> 00:03:28,970 And then switch 2 would continue to forward 81 00:03:28,970 --> 00:03:31,005 that frame to any ports associated 82 00:03:31,005 --> 00:03:31,880 with that same VLAN-- 83 00:03:31,880 --> 00:03:32,590 the VLAN 100. 84 00:03:32,590 --> 00:03:34,340 In this case, we only have one. 85 00:03:34,340 --> 00:03:37,760 So that frame would be forwarded out Gig 1/1. 86 00:03:37,760 --> 00:03:41,780 So the three ports that are associated with VLAN 200, which 87 00:03:41,780 --> 00:03:43,940 are access ports, they would not get 88 00:03:43,940 --> 00:03:46,220 that broadcast sent to those devices 89 00:03:46,220 --> 00:03:49,160 because they're not a member of VLAN 100. 90 00:03:49,160 --> 00:03:51,860 So let's take a closer look at the ARP request, 91 00:03:51,860 --> 00:03:54,690 and we'll go ahead and expand the details down below. 92 00:03:54,690 --> 00:03:56,180 So in this ARP request at layer 2, 93 00:03:56,180 --> 00:03:59,180 it's sourced from the layer 2 address, the physical address, 94 00:03:59,180 --> 00:04:01,550 or MAC address-- whatever you want to refer to it as-- 95 00:04:01,550 --> 00:04:02,840 of PC-1. 96 00:04:02,840 --> 00:04:05,090 And we can focus on those last four characters 97 00:04:05,090 --> 00:04:07,119 as matching PC-1's MAC address. 98 00:04:07,119 --> 00:04:08,660 And then for the destination address, 99 00:04:08,660 --> 00:04:12,830 this is what a layer 2 broadcast looks like in hexadecimal. 100 00:04:12,830 --> 00:04:13,910 It's all f's. 101 00:04:13,910 --> 00:04:15,440 So we have 12 f's. 102 00:04:15,440 --> 00:04:18,649 Each of those f's represents four bits that are on, 103 00:04:18,649 --> 00:04:22,120 which is 48 bits all on. 104 00:04:22,120 --> 00:04:23,870 And so when the switch sees that, it says, 105 00:04:23,870 --> 00:04:25,220 oh, I know what that is. 106 00:04:25,220 --> 00:04:27,440 And then it goes to work to forward that broadcast 107 00:04:27,440 --> 00:04:30,320 to all other ports that are associated with that same VLAN. 108 00:04:30,320 --> 00:04:31,820 And as we take a look at the details 109 00:04:31,820 --> 00:04:33,830 regarding the ARP request itself, 110 00:04:33,830 --> 00:04:36,530 here showing us the sender MAC address and the sender's IP 111 00:04:36,530 --> 00:04:39,470 address, which the PC-1's address, 112 00:04:39,470 --> 00:04:42,017 the layer 2 destination address is the broadcast. 113 00:04:42,017 --> 00:04:43,600 And then it has the target IP address. 114 00:04:43,600 --> 00:04:47,690 So even though every device that's in VLAN 100 will have 115 00:04:47,690 --> 00:04:50,510 an opportunity to look at this ARP request, 116 00:04:50,510 --> 00:04:53,990 only the device that owns and is currently using the IP address 117 00:04:53,990 --> 00:04:57,500 of 10.100.0.4 will do a reply. 118 00:04:57,500 --> 00:04:59,930 And if we take a look at the next packet right here, 119 00:04:59,930 --> 00:05:05,080 this is the response coming back from PC-4 back to PC-1. 120 00:05:05,080 --> 00:05:07,090 And once PC-1 gets that ARP reply, 121 00:05:07,090 --> 00:05:08,890 it's so happy about that information 122 00:05:08,890 --> 00:05:12,820 it's going to go ahead and cache PC-4's layer 2 address 123 00:05:12,820 --> 00:05:16,370 inside of the ARP table, also referred to as an ARP cache. 124 00:05:16,370 --> 00:05:18,190 And the intent there is, if we ever 125 00:05:18,190 --> 00:05:20,440 have to send a frame over to PC-4 again, 126 00:05:20,440 --> 00:05:22,460 I don't have to do the whole ARP request again. 127 00:05:22,460 --> 00:05:24,070 I can just look at my ARP cache. 128 00:05:24,070 --> 00:05:25,680 And if the information is there, I 129 00:05:25,680 --> 00:05:28,330 can simply use it as I create new frames that are destined 130 00:05:28,330 --> 00:05:31,270 or need to go to Mr. PC-4. 131 00:05:31,270 --> 00:05:33,460 I hope this has been informative for you, 132 00:05:33,460 --> 00:05:36,930 and I'd like to thank you for viewing.