0:00:02.050,0:00:04.540
The role of a switch[br]is to forward traffic

0:00:04.540,0:00:06.760
based on the[br]destination MAC address

0:00:06.760,0:00:08.960
inside of an ethernet frame.

0:00:08.960,0:00:12.910
This means the switch needs to[br]keep an ongoing and active list

0:00:12.910,0:00:15.730
of all of the devices[br]it happens to know about

0:00:15.730,0:00:18.850
based on the MAC address[br]of those devices.

0:00:18.850,0:00:22.240
The switch builds this list[br]by looking at inbound traffic

0:00:22.240,0:00:24.520
and examining the[br]source MAC address,

0:00:24.520,0:00:26.410
and tying that source MAC address

0:00:26.410,0:00:28.750
to a specific physical interface.

0:00:28.750,0:00:30.520
And for switches[br]that are configured

0:00:30.520,0:00:33.100
with spanning tree[br]protocol, or STP,

0:00:33.100,0:00:36.190
they're also responsible for[br]ensuring that a loop does not

0:00:36.190,0:00:38.880
occur on the switch network.

0:00:38.880,0:00:41.460
The process of sending traffic[br]through a switch network

0:00:41.460,0:00:43.780
is the same for every ethernet frame.

0:00:43.780,0:00:45.870
Let's take this[br]scenario where Sam,

0:00:45.870,0:00:48.210
and you can see the MAC[br]address for Sam's device,

0:00:48.210,0:00:51.210
is sending information[br]to the SGC server,

0:00:51.210,0:00:57.240
and you can see the SGC server's[br]MAC address is 1000:5555:5555.

0:00:57.240,0:00:59.880
We have a switch in the[br]middle, and all of our devices

0:00:59.880,0:01:04.200
are plugged into the switch,[br]including Sam and the SGC server.

0:01:04.200,0:01:06.930
Inside of the switch[br]is a MAC address table.

0:01:06.930,0:01:10.050
It lists all the MAC[br]addresses and the interfaces

0:01:10.050,0:01:12.090
where those addresses are connected.

0:01:12.090,0:01:15.570
When Sam sends traffic to the[br]switch with the destination MAC

0:01:15.570,0:01:20.160
address of[br]1000:5555:5555, the switch

0:01:20.160,0:01:22.410
looks up that address in its table,

0:01:22.410,0:01:26.280
and if one matches one of the[br]entries inside of that table,

0:01:26.280,0:01:29.820
it identifies the output[br]interface for that traffic

0:01:29.820,0:01:32.970
and sends it down that[br]interface to the server

0:01:32.970,0:01:35.130
that has that MAC address.

0:01:35.130,0:01:38.800
If you have multiple switches,[br]it's exactly the same process,

0:01:38.800,0:01:41.610
except it occurs twice,[br]once on the first switch

0:01:41.610,0:01:42.870
and once on the second.

0:01:42.870,0:01:45.300
You can see this is the[br]same configuration where

0:01:45.300,0:01:47.980
Sam is communicating[br]to the SGC server,

0:01:47.980,0:01:50.610
but there is a switch A[br]on one side of the network,

0:01:50.610,0:01:52.530
and a switch B on the other.

0:01:52.530,0:01:55.990
Switch A has a MAC address table[br]specific to the devices plugged

0:01:55.990,0:01:59.340
into Switch A, and Switch B[br]has a completely different

0:01:59.340,0:02:01.710
and unique, MAC address table.

0:02:01.710,0:02:04.950
Sam is going to send traffic[br]again to the SGC server.

0:02:04.950,0:02:10.800
It knows that it's sending this traffic [br]to MAC address 1000:5555:5555.

0:02:10.800,0:02:12.960
As that traffic hits Switch A, Switch A

0:02:12.960,0:02:15.030
refers to its own MAC address table

0:02:15.030,0:02:18.420
and knows that that particular[br]MAC address is located

0:02:18.420,0:02:22.480
on an interface that is[br]a gigabit 0/2 interface,

0:02:22.480,0:02:25.230
and so it sends that[br]traffic out that interface

0:02:25.230,0:02:26.580
to the next switch.

0:02:26.580,0:02:29.040
On that switch, the[br]same lookup process

0:02:29.040,0:02:31.800
occurs, where Switch B will[br]examine the destination

0:02:31.800,0:02:35.220
MAC address, determine that[br]that MAC address is associated

0:02:35.220,0:02:38.280
with the interface fast ethernet 0/5,

0:02:38.280,0:02:42.960
and sends that traffic down that[br]interface to the destination device.

0:02:42.960,0:02:45.350
You can see that building [br]that MAC address table

0:02:45.350,0:02:46.870
is extremely important.

0:02:46.870,0:02:48.900
If we didn't have the MAC [br]address table, the switch

0:02:48.900,0:02:50.970
would not know where to send that traffic.

0:02:50.970,0:02:53.040
In order to build[br]that table, the switch

0:02:53.040,0:02:55.770
is going to examine[br]all incoming traffic

0:02:55.770,0:02:58.590
and make a note of the[br]source MAC address.

0:02:58.590,0:03:00.750
It will then associate[br]that source MAC address

0:03:00.750,0:03:03.510
to a specific interface[br]on the switch.

0:03:03.510,0:03:06.720
So let's take a scenario where[br]we've just powered up a switch,

0:03:06.720,0:03:09.180
it has nothing in the[br]MAC address table,

0:03:09.180,0:03:11.730
and we're going to send[br]information from Sam's computer

0:03:11.730,0:03:13.350
to the SGC server.

0:03:13.350,0:03:15.660
Sam's going to send that[br]traffic to the switch,

0:03:15.660,0:03:18.930
the switch is going to examine[br]the source MAC address,

0:03:18.930,0:03:24.150
and in the case of Sam's[br]device, that's 1000:1111:1111.

0:03:24.150,0:03:26.970
It will then put that MAC[br]address into the MAC address

0:03:26.970,0:03:29.550
table, and it will[br]identify the interface

0:03:29.550,0:03:34.440
where that information was received.[br]In this case, interface F0/1.

0:03:34.440,0:03:38.020
That information is then[br]sent on to the SGC server,

0:03:38.020,0:03:42.000
and then when the SGC server[br]responds to that communication,

0:03:42.000,0:03:44.490
it has a different[br]source MAC address,

0:03:44.490,0:03:47.350
and the process is repeated.[br]Except in this case,

0:03:47.350,0:03:49.650
the switch identifies[br]that MAC address is

0:03:49.650,0:03:53.490
coming from fast ethernet 0/5.

0:03:53.490,0:03:56.580
In that previous example, we [br]were sending information to the SGC

0:03:56.580,0:03:59.610
server, but the SGC [br]server's MAC address

0:03:59.610,0:04:01.680
was not yet in the switch.

0:04:01.680,0:04:04.590
If the switch does not have[br]an entry for that MAC address

0:04:04.590,0:04:07.260
in the table, then it[br]will send that information

0:04:07.260,0:04:09.420
to everyone on the network.

0:04:09.420,0:04:12.000
For example, we'll take Sam[br]sending this information

0:04:12.000,0:04:13.380
to the SGC server.

0:04:13.380,0:04:15.540
You can see in this case,[br]the MAC address table

0:04:15.540,0:04:17.970
has nothing inside[br]of it at the moment.

0:04:17.970,0:04:20.730
The MAC address table will be[br]updated with the source MAC

0:04:20.730,0:04:23.790
address because Sam did send[br]that information to the switch,

0:04:23.790,0:04:27.810
and it did associate that[br]with fast ethernet 0/1,

0:04:27.810,0:04:29.550
But we're sending this information

0:04:29.550,0:04:32.370
to a destination MAC[br]address that's not currently

0:04:32.370,0:04:34.470
listed in the switch's table.

0:04:34.470,0:04:38.460
In that case, it's going to now[br]send that traffic to everybody

0:04:38.460,0:04:40.650
on the network, and[br]effectively flood

0:04:40.650,0:04:44.520
that traffic to all of the[br]other interfaces on that switch.

0:04:44.520,0:04:47.070
If you're familiar with[br]the operation of a hub,

0:04:47.070,0:04:49.830
then you'll notice that this[br]is very similar to the way

0:04:49.830,0:04:51.330
a hub works normally.

0:04:51.330,0:04:53.790
But this traffic being[br]sent to every device

0:04:53.790,0:04:56.520
ensures that at least[br]the destination will

0:04:56.520,0:04:58.470
receive this particular frame.

0:04:58.470,0:05:02.160
And in this example, you can see[br]that the SGC server did indeed

0:05:02.160,0:05:05.280
receive that frame, and[br]when the SGC server responds

0:05:05.280,0:05:08.280
back to Sam with a response,[br]the source MAC address

0:05:08.280,0:05:10.320
will be identified by the switch.

0:05:10.320,0:05:13.380
That information will be added[br]to the MAC address table,

0:05:13.380,0:05:15.830
and the switch will no longer [br]need to flood the traffic

0:05:15.830,0:05:20.010
across all interfaces if communication[br]is occurring between Sam

0:05:20.010,0:05:23.270
and the SGC server again.

0:05:23.270,0:05:26.750
On an IPv4 network,[br]devices are able to obtain

0:05:26.750,0:05:31.190
the MAC address of a remote[br]device using the ARP protocol.

0:05:31.190,0:05:34.430
ARP stands for [br]Address Resolution Protocol.

0:05:34.430,0:05:37.730
ARP will query the network[br]for a specific IP address,

0:05:37.730,0:05:41.660
and that IP address will respond[br]back with its MAC address.

0:05:41.660,0:05:44.450
Your local computer keeps[br]a cache of all of the MAC

0:05:44.450,0:05:46.340
addresses that it currently knows.

0:05:46.340,0:05:48.720
If you wanted to look at [br]the ARP address table on

0:05:48.720,0:05:52.850
your local machine, you [br]can use the command arp-a.

0:05:52.850,0:05:55.800
Let's run the arp-a[br]command on my machine.

0:05:55.800,0:06:00.930
You can see that I have a number[br]of local devices on the 10.1.10 network.

0:06:00.930,0:06:02.640
You can see them all listed here.

0:06:02.640,0:06:06.120
There's also some other[br]devices on my local network,

0:06:06.120,0:06:10.880
including some APIPA addresses[br]and some multicast addresses.

0:06:10.880,0:06:13.610
Let's say that I want to[br]communicate to a switch

0:06:13.610,0:06:15.410
that I have on my network.

0:06:15.410,0:06:19.460
That switch's IP[br]address is 10.1.10.210,

0:06:19.460,0:06:21.440
and you can see in[br]my ARP address table,

0:06:21.440,0:06:24.450
I don't currently have[br]that address in the list.

0:06:24.450,0:06:29.420
So I'm going to perform a ping,[br]and I'm gonna ping 10.1.10.210,

0:06:29.420,0:06:32.990
and I'll get some responses back[br]from that particular device.

0:06:32.990,0:06:37.025
If I now look at my ARP[br]address table with an arp-a,

0:06:37.025,0:06:41.990
you will see that I have a[br]new entry for 10.1.10.210,

0:06:41.990,0:06:46.670
and you'll see that I have a MAC[br]address associated with that IP address.

0:06:46.670,0:06:49.640
When I performed that ping,[br]the first thing that occurred

0:06:49.640,0:06:51.890
was an ARP request[br]made to the network

0:06:51.890,0:06:54.080
to try to find that[br]particular device,

0:06:54.080,0:06:56.330
and I received an[br]ARP response, which

0:06:56.330,0:07:00.050
then allowed me to send traffic[br]to that device directly.

0:07:00.050,0:07:03.170
I captured the ARP[br]communication using Wireshark,

0:07:03.170,0:07:06.680
which is a packet analyzer, and[br]you can download and install

0:07:06.680,0:07:09.920
Wireshark on your own[br]machine to see not only ARPs,

0:07:09.920,0:07:12.770
but all of the network[br]traffic on your system.

0:07:12.770,0:07:15.650
The first frame that I'm[br]sending is from my device,

0:07:15.650,0:07:18.170
and it's sending it[br]out as a broadcast,

0:07:18.170,0:07:22.280
and the ARP itself is[br]requesting the MAC address

0:07:22.280,0:07:25.880
for who has 10.1.10.210.

0:07:25.880,0:07:28.010
You can see the[br]details of the ARP

0:07:28.010,0:07:30.800
that are located further[br]down in the detail.

0:07:30.800,0:07:32.700
You can see the[br]sender MAC address,

0:07:32.700,0:07:34.160
which is my Apple computer.

0:07:34.160,0:07:38.870
You can see my local IP[br]address, which is 10.1.10.249.

0:07:38.870,0:07:41.000
You can see the[br]target MAC address,

0:07:41.000,0:07:43.700
right now we don't know what[br]the MAC address is of the target,

0:07:43.700,0:07:46.950
so it's all zeros, and you can[br]see that I'm requesting the MAC

0:07:46.950,0:07:52.820
address for the device that has[br]the IP address of 10.1.10.210.

0:07:52.820,0:07:55.730
We very quickly get a response[br]from this device, which

0:07:55.730,0:07:58.640
happens to be a Cisco[br]switch, and the response

0:07:58.640,0:08:01.910
from the MAC address is[br]from the Cisco MAC address

0:08:01.910,0:08:06.260
with the sender's IP address,[br]which is 10.1.10.210,

0:08:06.260,0:08:08.390
and the target is the response back

0:08:08.390,0:08:11.750
to my Apple computer[br]and my local IP address.

0:08:11.750,0:08:15.570
You can see in the response[br]that it filled in the sender MAC address,

0:08:15.570,0:08:19.400
so instead of being all zeros,[br]I see this long MAC address

0:08:19.400,0:08:21.440
associated with this IP.

0:08:21.440,0:08:23.900
And if you remember[br]the IP address and MAC

0:08:23.900,0:08:26.240
address in my[br]local ARP cache, it

0:08:26.240,0:08:31.780
matches both of those that were[br]received by this ARP response.

0:08:31.780,0:08:34.570
That ARP process is what[br]we use an IP version

0:08:34.570,0:08:37.270
4 to be able to[br]identify a MAC address,

0:08:37.270,0:08:40.360
but we don't have[br]broadcasts in IPv6.

0:08:40.360,0:08:43.630
There's also a different[br]process for IPv6

0:08:43.630,0:08:47.770
to identify the MAC addresses of[br]devices on your local network.

0:08:47.770,0:08:51.610
In IPv6, we use in NDP,[br]which is Neighbor Discovery

0:08:51.610,0:08:57.280
Protocol, using multicast,[br]specifically with ICMPv6.

0:08:57.280,0:09:00.460
This replaces the ARP function[br]that we would commonly

0:09:00.460,0:09:04.390
see in IPv4 with[br]this Neighbor MAC Discovery.

0:09:04.390,0:09:06.550
This can also be[br]used in conjunction

0:09:06.550,0:09:10.900
with SLAAC, which is Stateless[br]Address Autoconfiguration,

0:09:10.900,0:09:14.200
which allows the system to[br]automatically configure itself

0:09:14.200,0:09:18.250
with an IP address without[br]using a DHCP server.

0:09:18.250,0:09:20.080
Neighbor Discovery Protocol is also

0:09:20.080,0:09:24.610
used to identify any[br]duplicate addresses using DAD,

0:09:24.610,0:09:26.980
or Duplicate Address Detection.

0:09:26.980,0:09:29.170
If you wanted to see[br]the conversation that

0:09:29.170,0:09:32.650
takes place in IPv6,[br]instead of using ARP,

0:09:32.650,0:09:37.930
we send a neighbor solicitation,[br]or NS, on a multicast address,

0:09:37.930,0:09:43.570
and that is the IPv6 multicast that's [br]used for this neighbor solicitation frame.

0:09:43.570,0:09:46.870
The response is sent back from[br]the other side with a neighbor

0:09:46.870,0:09:49.780
advertisement, or NA, and that NA

0:09:49.780,0:09:52.960
includes the MAC address[br]of that local device.

0:09:52.960,0:09:56.030
Although the protocols and the[br]method is slightly different,

0:09:56.030,0:10:01.330
you can see that the process is very [br]similar to the one that occurs in IPv4.

0:10:01.330,0:10:04.300
Not only are we sending[br]data over ethernet networks,

0:10:04.300,0:10:07.180
we can also send power[br]over those networks

0:10:07.180,0:10:11.860
at the same time using[br]Power over Ethernet, or POE.

0:10:11.860,0:10:15.610
This allows us to connect[br]devices such as access points,

0:10:15.610,0:10:18.520
voiceover IP phones,[br]and other devices

0:10:18.520,0:10:21.370
by simply plugging in[br]an ethernet connection.

0:10:21.370,0:10:23.920
You don't have to then[br]plug in a separate power

0:10:23.920,0:10:25.570
connection for that device.

0:10:25.570,0:10:28.120
That power is coming[br]from either the switch,

0:10:28.120,0:10:31.240
or another device that's[br]connected into the network.

0:10:31.240,0:10:34.512
If it's coming from the switch, [br]we call that an Endspan,

0:10:34.512,0:10:37.910
or if it's coming from an injector,[br]like the one you see here,

0:10:37.910,0:10:41.020
which sits in the middle of an[br]existing ethernet connection,

0:10:41.020,0:10:44.080
we refer to that as a Midspan.

0:10:44.080,0:10:47.260
If your ethernet network[br]is a 10 or 100 megabit

0:10:47.260,0:10:51.010
per second connection, then you[br]have some extra wires inside

0:10:51.010,0:10:53.110
of that cable that you[br]could use for power.

0:10:53.110,0:10:56.290
We refer to that as Mode[br]B power over ethernet,

0:10:56.290,0:10:58.990
where you're sending[br]power on the spare pairs.

0:10:58.990,0:11:01.030
But if you're using[br]gigabit connections,

0:11:01.030,0:11:04.660
you're using all of those wires[br]for your gigabit ethernet data.

0:11:04.660,0:11:06.970
And in those cases,[br]we're using Mode A,

0:11:06.970,0:11:11.108
where we're sending power[br]and data over the same wire.

0:11:11.108,0:11:13.400
You'll find there are a[br]number of different power

0:11:13.400,0:11:15.730
over ethernet standards,[br]and these standards

0:11:15.730,0:11:18.460
are being added to and[br]changed all the time.

0:11:18.460,0:11:24.370
Two very common standards are[br]the IEEE 802.3af from 2003.

0:11:24.370,0:11:28.000
We refer to that as the[br]original POE standard, which

0:11:28.000,0:11:32.320
provides 15.4 watts of[br]direct current power,

0:11:32.320,0:11:35.230
with a maximum current[br]of 350 milliamps.

0:11:35.230,0:11:38.290
An update to that standard[br]is what we call POE+.

0:11:38.290,0:11:42.640
This was updated[br]with 802.3at in 2009.

0:11:42.640,0:11:48.040
This also has been incorporated[br]into the existing 802.3 ethernet standard.

0:11:48.040,0:11:50.920
This provides a bit more[br]power on the ethernet network,

0:11:50.920,0:11:57.100
25.5 watts of DC power, with a [br]maximum current of 600 milliamps.

0:11:57.100,0:11:59.490
There are other power[br]over ethernet standards,

0:11:59.490,0:12:01.430
and these are being[br]updated all the time,

0:12:01.430,0:12:04.990
so make sure you check with the[br]ethernet standards from IEEE

0:12:04.990,0:12:09.570
to know exactly what options[br]may be available for you.