Vous êtes sur la page 1sur 8


Ethernet Basics

Auto-MDIX (automatic medium-dependent interface crossover) detects the wrong cable and causes the switch to swap the pair it uses for transmitting and receiving, which solves the cabling problem. (As of publication, this feature is not supported on all Cisco switch models.) By default, each Cisco switch port uses Ethernet auto-negotiation to determine the speed and duplex setting (half or full). The switches can also set their duplex setting with the duplex interface subcommand, and their speed withyou guessed itthe speed interface subcommand. Cisco switches (and many other devices) can sense the speed using the Fast Link Pulses (FLP) of the auto-negotiation process. However, if auto-negotiation is disabled on either end of the cable, the switch detects the speed anyway based on the incoming electrical signal.

The original Ethernet specifications defined the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) algorithm to deal with the inevitable collisions. CSMA/CD minimizes the number of collisions, but when they occur, CSMA/CD defines how the sending stations can recognize the collisions and retransmit the frame. The following list outlines the steps in the CSMA/CD process: 1. A device with a frame to send listens until the Ethernet is not busy (in other words, the device cannot sense a carrier signal on the Ethernet segment).

2. When the Ethernet is not busy, the sender begins sending the frame. 3. The sender listens to make sure that no collision occurred. 4. If there was a collision, all stations that sent a frame send a jamming signal to ensure that all stations recognize the collision. 5. After the jamming is complete, each sender of one of the original collided frames randomizes a timer and waits that long before resending. (Other stations that did not create the collision do not have to wait to send.) 6. After all timers expire, the original senders can begin again with Step 1.

Collision Domains and Switch Buffering

A collision domain is a set of devices that can send frames that collide with frames sent by another device in that same set of devices. By definition of the term, Ethernet hubs: Operate solely at Ethernet Layer 1 Repeat (regenerate) electrical signals to improve cabling distances Forward signals received on a port out all other ports (no buffering) As a result of a hubs logic, a hub creates a single collision domain. Switches, however, create a different collision domain per switch port.

Switches have the same cabling and signal regeneration benefits as hubs, but switches do a lot moreincluding sometimes reducing or even eliminating collisions by buffering frames. When switches receive multiple frames on different switch ports, they store the frames in memory buffers to prevent collisions. The only devices that could create a collision are the switch port and the one connected deviceand they each have a separate twisted pair on which to transmit. Because collisions cannot occur, such segments can use full-duplex logic. When a switch port connects to a hub, it needs to operate in HDX mode(Loopback Circuitry), because collisions might occur due to the logic used by the hub.

Ethernet Layer 2: Framing and Addressing

Types of Ethernet Addresses

Ethernet Address Formats

The IEEE intends for unicast addresses to be unique in the universe by administering the assignment of MAC addresses. The IEEE assigns each vendor a code to use as the first 3 bytes of its MAC addresses; that first half of the addresses is called the Organizationally Unique Identifier (OUI). The IEEE expects each manufacturer to use its OUI for the first 3 bytes of the MAC assigned to any Ethernet product created by that vendor. The vendor then assigns a unique value in the low-order 3 bytes for each Ethernet card that it manufactures thereby ensuring global uniqueness of MAC addresses.

Two most significant bits in an Ethernet address: The Individual/Group (I/G) bit The Universal/Local (U/L) bit

Switching and Bridging Logic


Cisco Catalyst switches support a method of directing all traffic from a source port or source VLAN to a single port. This feature, called SPAN (for Switch Port Analyzer) in the Cisco documentation and sometimes referred to as session monitoring because of the commands used to configure it, is useful for many applications. These include monitoring traffic for compliance reasons, data collection purposes, or to support a particular application. SPAN sessions can be sourced from a port or ports, or from a VLAN. This provides great flexibility in collecting or monitoring traffic from a particular source device or an entire VLAN.

The destination port for a SPAN session can be on the local switch, as in SPAN operation. Or it can be a port on another switch in the network. This mode is known as Remote SPAN, or RSPAN. In RSPAN, a specific VLAN must be configured across the entire switching path from the source port or VLAN to the RSPAN destination port. This requires that the RSPAN VLAN be included in any trunks in that path, too.

Restrictions and Conditions

Destination ports in SPAN and RSPAN have multiple restrictions. The key restrictions include the following: When you configure a destination port, its original configuration is overwritten. If the SPAN configuration is removed, the original configuration on that port is restored. When you configure a destination port, the port is removed from any EtherChannel bundle if it were part of one. If it were a routed port, the SPAN destination configuration overrides the routed port configuration. Destination ports do not support port security, 802.1x authentication, or private VLANs. In general, SPAN/RSPAN and 802.1x are incompatible. Destination ports do not support any Layer 2 protocols, including CDP, Spanning Tree, VTP, DTP, and so on.

Basic SPAN Configuration

1. To mirror traffic sent or received from interface fa0/12 to interface fa0/24. All traffic sent or received on fa0/12 is sent to fa0/24. This configuration is typical of a basic traffic monitoring application.

2. We configure a switch to send the following traffic to interface fa0/24, preserving the encapsulation from the sources: Received on interface fa0/18 Sent on interface fa0/9 Sent and received on interface fa0/19 (which is a trunk) We also filter (remove) VLANs 1, 2, 3, and 229 from the traffic coming from the fa0/19 trunk port.

RSPAN Configuration
1. We configure two switches, IDF-SYR1 and IDF-SYR2, to send traffic to RSPAN VLAN 199, which is delivered to port fa0/24 on switch MDF-SYR9 as follows: From IDF-SYR1, all traffic received on VLANs 6668 From IDF-SYR2, all traffic received on VLAN 9 From IDF-SYR2, all traffic sent and received on VLAN 11 Note that all three switches use a different session ID, which is permissible in RSPAN. The only limitation on session numbering is that the session number must be 1 to 66.


Switches forward frames when necessary, and do not forward when there is no need to do so, thus reducing overhead. To accomplish this, switches perform three actions: Learn MAC addresses by examining the source MAC address of each received frame Decide when to forward a frame or when to filter (not forward) a frame, based on the destination MAC address Create a loop-free environment with other bridges by using the Spanning Tree Protocol

Switch Internal Process