1 00:00:00,000 --> 00:00:01,015 2 00:00:01,015 --> 00:00:02,390 Wouldn't it be awesome to be able 3 00:00:02,390 --> 00:00:06,020 to predict with accuracy things like sporting events, 4 00:00:06,020 --> 00:00:07,970 or how a network's going to behave? 5 00:00:07,970 --> 00:00:09,710 In previous Nuggets, we're taking a look 6 00:00:09,710 --> 00:00:12,560 at how layer 2 switches learn MAC addresses. 7 00:00:12,560 --> 00:00:14,750 We've also identified how ARP operates, 8 00:00:14,750 --> 00:00:17,960 and also how broadcast operate in a layer 2 environment. 9 00:00:17,960 --> 00:00:19,460 So I thought it would be fun for you 10 00:00:19,460 --> 00:00:22,400 and I in this Nugget to leverage that knowledge 11 00:00:22,400 --> 00:00:25,220 and predict what the MAC address table might 12 00:00:25,220 --> 00:00:27,500 look like on a couple of switches 13 00:00:27,500 --> 00:00:29,630 after specific types of traffic have 14 00:00:29,630 --> 00:00:31,680 been sent over the network. 15 00:00:31,680 --> 00:00:33,110 So here is our topology that we've 16 00:00:33,110 --> 00:00:34,616 used in several other Nuggets. 17 00:00:34,616 --> 00:00:36,740 It consists of two switches that are interconnected 18 00:00:36,740 --> 00:00:39,050 with the trunk, six PCs connected 19 00:00:39,050 --> 00:00:42,320 on access ports on those switches to specific VLANs, 20 00:00:42,320 --> 00:00:43,640 as listed right here. 21 00:00:43,640 --> 00:00:47,790 Also the MAC addresses are right here for each of the devices. 22 00:00:47,790 --> 00:00:49,850 And I just put the last four characters 23 00:00:49,850 --> 00:00:51,950 to make it easier to write out and manage. 24 00:00:51,950 --> 00:00:55,130 I've also got the IP address of the layer 3 logical IP address 25 00:00:55,130 --> 00:00:57,710 information for each host written above that host 26 00:00:57,710 --> 00:00:58,244 as well. 27 00:00:58,244 --> 00:00:59,660 And over here on the left I've got 28 00:00:59,660 --> 00:01:02,420 a couple of tables regarding the MAC address tables 29 00:01:02,420 --> 00:01:04,370 that each of these switches has. 30 00:01:04,370 --> 00:01:05,960 And what we get to do is we are going 31 00:01:05,960 --> 00:01:08,840 to start with clean tables, meaning nothing in those MAC 32 00:01:08,840 --> 00:01:14,210 address tables, and also the PCs with no ARP cache entries. 33 00:01:14,210 --> 00:01:17,090 So we'll clean them all so we're from a fresh starting state. 34 00:01:17,090 --> 00:01:19,250 We'll generate some traffic individually. 35 00:01:19,250 --> 00:01:22,010 And then we'll predict what we expect the MAC address 36 00:01:22,010 --> 00:01:24,470 tables to be on the respective switches. 37 00:01:24,470 --> 00:01:27,690 Also, I want to point out that to build this scenario-- 38 00:01:27,690 --> 00:01:29,810 it was not as easy as I had hoped. 39 00:01:29,810 --> 00:01:33,020 Because a normal PC, like a Windows computer or a Linux 40 00:01:33,020 --> 00:01:33,560 box-- 41 00:01:33,560 --> 00:01:36,080 they are spitting out frames of data 42 00:01:36,080 --> 00:01:38,250 all the time for lots of different reasons. 43 00:01:38,250 --> 00:01:41,300 So to get this to be a really clean and steady environment, 44 00:01:41,300 --> 00:01:45,620 I'm using six computers here that do nothing until you 45 00:01:45,620 --> 00:01:47,296 ask them to do something. 46 00:01:47,296 --> 00:01:48,920 So there's no chatter in the background 47 00:01:48,920 --> 00:01:51,590 from any of these PCs that might inadvertently 48 00:01:51,590 --> 00:01:54,770 send a frame into the network and skew our MAC address tables 49 00:01:54,770 --> 00:01:56,664 on either of these switches. 50 00:01:56,664 --> 00:01:58,580 So for our first scenario-- and let's go ahead 51 00:01:58,580 --> 00:02:00,320 and just do this one set of traffic, 52 00:02:00,320 --> 00:02:07,080 a ping request from PC-1 over to PC -2, from here to here. 53 00:02:07,080 --> 00:02:08,820 So let's consider this together. 54 00:02:08,820 --> 00:02:13,400 If PC-1 wants to go ahead and ping 10.100.0.2 on that local 55 00:02:13,400 --> 00:02:14,120 network-- 56 00:02:14,120 --> 00:02:16,400 if it doesn't know the layer 2 address for PC-2, 57 00:02:16,400 --> 00:02:18,710 PC-1 is going to send out an ARP request that's going 58 00:02:18,710 --> 00:02:20,450 to be a layer 2 broadcast. 59 00:02:20,450 --> 00:02:22,800 And that's going to go into the switch here. 60 00:02:22,800 --> 00:02:26,180 And so at that moment, switch 1 on gig 0/1 61 00:02:26,180 --> 00:02:28,520 is going to learn the MAC address of PC-1. 62 00:02:28,520 --> 00:02:31,520 So its MAC address ending in 6801 63 00:02:31,520 --> 00:02:34,310 is going to be learned on gig 0/1, 64 00:02:34,310 --> 00:02:36,957 and that's an access port that is currently in VLAN 100, 65 00:02:36,957 --> 00:02:38,540 so it'll know that that MAC address is 66 00:02:38,540 --> 00:02:40,940 associated with the VLAN 100. 67 00:02:40,940 --> 00:02:44,570 That ARP broadcast is going to go out to gig 0/2, 68 00:02:44,570 --> 00:02:47,090 and it's also going to be sent out the trunk, which 69 00:02:47,090 --> 00:02:49,640 is going to be received over by switch number 2. 70 00:02:49,640 --> 00:02:52,100 And at that moment right there, switch 2 71 00:02:52,100 --> 00:02:55,640 is going to learn about the layer 2 MAC address of PC-1. 72 00:02:55,640 --> 00:02:58,030 So here on the MAC address table for switch 2, 73 00:02:58,030 --> 00:03:01,410 on switch 2's gig 1/0 interface, it 74 00:03:01,410 --> 00:03:05,832 would have learned about the MAC address of PC-1, which is 6801. 75 00:03:05,832 --> 00:03:06,790 And here's my question. 76 00:03:06,790 --> 00:03:08,730 Does switch 2, over this trunk-- 77 00:03:08,730 --> 00:03:11,620 is it going to know what VLAN that frame was associated with? 78 00:03:11,620 --> 00:03:12,605 What do you think? 79 00:03:12,605 --> 00:03:14,850 And if you're saying, oh, yeah, Keith, 80 00:03:14,850 --> 00:03:17,610 we're doing 80.21Q trunking, as we talked about in a previous 81 00:03:17,610 --> 00:03:18,170 Nugget. 82 00:03:18,170 --> 00:03:20,340 And as a result, there'll be a tag indicating 83 00:03:20,340 --> 00:03:21,964 what VLAN that's for. 84 00:03:21,964 --> 00:03:23,130 And you're absolutely right. 85 00:03:23,130 --> 00:03:25,740 And as a result, switch 2 would associate that MAC address 86 00:03:25,740 --> 00:03:27,270 with VLAN 100. 87 00:03:27,270 --> 00:03:30,420 So we have two entries regarding inbound frames on those switch 88 00:03:30,420 --> 00:03:30,962 ports. 89 00:03:30,962 --> 00:03:32,670 And then just to complete the discussion, 90 00:03:32,670 --> 00:03:34,380 that broadcast would be forwarded 91 00:03:34,380 --> 00:03:37,350 out all the other ports associated with VLAN 100, 92 00:03:37,350 --> 00:03:39,010 which would go out here. 93 00:03:39,010 --> 00:03:42,000 So that's our initial broadcast frame from PC-1 94 00:03:42,000 --> 00:03:43,140 and where it goes. 95 00:03:43,140 --> 00:03:45,330 Next we'd want to consider the ARP reply message. 96 00:03:45,330 --> 00:03:47,550 So when PC-2 gets that ARP request, 97 00:03:47,550 --> 00:03:50,220 because it owns the IP address being looked for in that ARP 98 00:03:50,220 --> 00:03:52,080 request, it's going to reply. 99 00:03:52,080 --> 00:03:53,820 And we'll put that response in red. 100 00:03:53,820 --> 00:03:56,900 So the reply is going to go back into the switch. 101 00:03:56,900 --> 00:03:59,130 And at that point, at that moment right there, 102 00:03:59,130 --> 00:04:02,000 switch 1 is going to learn the MAC address of PC-2 103 00:04:02,000 --> 00:04:04,050 on port gig 0/2. 104 00:04:04,050 --> 00:04:07,350 So we have gig 0/2, the MAC address of PC-2, 105 00:04:07,350 --> 00:04:08,510 ending in 6802. 106 00:04:08,510 --> 00:04:11,850 And it's also associated with VLAN 100. 107 00:04:11,850 --> 00:04:14,370 That ARP reply is sent to the specific address 108 00:04:14,370 --> 00:04:16,370 of the requester, which was PC-1. 109 00:04:16,370 --> 00:04:19,170 So the switch, who now knows where the MAC address ending 110 00:04:19,170 --> 00:04:21,540 in 6801 is, would forward that ARP 111 00:04:21,540 --> 00:04:24,840 reply out port gig 0/1 over to PC-1. 112 00:04:24,840 --> 00:04:28,250 And that is just the ARP request and reply. 113 00:04:28,250 --> 00:04:31,220 Next we have the actual ping, the ICMP 114 00:04:31,220 --> 00:04:35,329 ping request and ping responses between PC-1 and PC-2. 115 00:04:35,329 --> 00:04:36,870 And let's use a green color for that. 116 00:04:36,870 --> 00:04:39,770 So the ping request would go from PC-1 into the switch. 117 00:04:39,770 --> 00:04:42,470 The switch already knows about PC-1's MAC address. 118 00:04:42,470 --> 00:04:45,070 And because the layer 2 destination is PC-2, 119 00:04:45,070 --> 00:04:47,120 the switch knows exactly where that host lives, 120 00:04:47,120 --> 00:04:51,150 and it would forward that frame out gig 0/2 to PC-2. 121 00:04:51,150 --> 00:04:52,910 And then the reply to that ping would 122 00:04:52,910 --> 00:04:56,060 go from PC-2 back to PC-1. 123 00:04:56,060 --> 00:04:58,160 So based on all of that traffic, the MAC 124 00:04:58,160 --> 00:05:00,260 address tables on the switches regarding 125 00:05:00,260 --> 00:05:03,420 PCs should look something like this. 126 00:05:03,420 --> 00:05:06,050 There's also some communications that are happening directly 127 00:05:06,050 --> 00:05:07,850 between these two switches, and they also 128 00:05:07,850 --> 00:05:10,967 have MAC addresses on their respective interfaces. 129 00:05:10,967 --> 00:05:13,300 So we might have an additional MAC address from switch 1 130 00:05:13,300 --> 00:05:15,590 that's learned by switch 2 and vice versa. 131 00:05:15,590 --> 00:05:18,050 And those will show up as being an VLAN 1. 132 00:05:18,050 --> 00:05:19,910 We can know that that may happen. 133 00:05:19,910 --> 00:05:22,880 However, our focus for you and I in this exercise 134 00:05:22,880 --> 00:05:25,670 is to take a look at just the MAC addresses regarding 135 00:05:25,670 --> 00:05:28,550 PCs and hosts that these switches are adding 136 00:05:28,550 --> 00:05:30,514 to their MAC address tables. 137 00:05:30,514 --> 00:05:32,180 I am running out of time in this Nugget, 138 00:05:32,180 --> 00:05:35,330 so I'll put some additional scenarios for the other ping 139 00:05:35,330 --> 00:05:37,822 requests in separate individual Nuggets. 140 00:05:37,822 --> 00:05:39,780 And then we can go through them together there. 141 00:05:39,780 --> 00:05:42,890 Meanwhile, I hope this has been informative for you, 142 00:05:42,890 --> 00:05:46,478 and I'd like to thank you for viewing. 143 00:05:46,478 --> 00:05:46,978