WEBVTT 00:00:02.050 --> 00:00:04.540 The role of a switch is to forward traffic 00:00:04.540 --> 00:00:06.760 based on the destination MAC address 00:00:06.760 --> 00:00:08.960 inside of an ethernet frame. 00:00:08.960 --> 00:00:12.910 This means the switch needs to keep an ongoing and active list 00:00:12.910 --> 00:00:15.730 of all of the devices it happens to know about 00:00:15.730 --> 00:00:18.850 based on the MAC address of those devices. 00:00:18.850 --> 00:00:22.240 The switch builds this list by looking at inbound traffic 00:00:22.240 --> 00:00:24.520 and examining the source MAC address, 00:00:24.520 --> 00:00:26.410 and tying that source MAC address 00:00:26.410 --> 00:00:28.750 to a specific physical interface. 00:00:28.750 --> 00:00:30.520 And for switches that are configured 00:00:30.520 --> 00:00:33.100 with spanning tree protocol, or STP, 00:00:33.100 --> 00:00:36.190 they're also responsible for ensuring that a loop does not 00:00:36.190 --> 00:00:38.880 occur on the switch network. 00:00:38.880 --> 00:00:41.460 The process of sending traffic through a switch network 00:00:41.460 --> 00:00:43.780 is the same for every ethernet frame. 00:00:43.780 --> 00:00:45.870 Let's take this scenario where Sam, 00:00:45.870 --> 00:00:48.210 and you can see the MAC address for Sam's device, 00:00:48.210 --> 00:00:51.210 is sending information to the SGC server, 00:00:51.210 --> 00:00:57.240 and you can see the SGC server's MAC address is 1000:5555:5555. 00:00:57.240 --> 00:00:59.880 We have a switch in the middle, and all of our devices 00:00:59.880 --> 00:01:04.200 are plugged into the switch, including Sam and the SGC server. 00:01:04.200 --> 00:01:06.930 Inside of the switch is a MAC address table. 00:01:06.930 --> 00:01:10.050 It lists all the MAC addresses and the interfaces 00:01:10.050 --> 00:01:12.090 where those addresses are connected. 00:01:12.090 --> 00:01:15.570 When Sam sends traffic to the switch with the destination MAC 00:01:15.570 --> 00:01:20.160 address of 1000:5555:5555, the switch 00:01:20.160 --> 00:01:22.410 looks up that address in its table, 00:01:22.410 --> 00:01:26.280 and if one matches one of the entries inside of that table, 00:01:26.280 --> 00:01:29.820 it identifies the output interface for that traffic 00:01:29.820 --> 00:01:32.970 and sends it down that interface to the server 00:01:32.970 --> 00:01:35.130 that has that MAC address. 00:01:35.130 --> 00:01:38.800 If you have multiple switches, it's exactly the same process, 00:01:38.800 --> 00:01:41.610 except it occurs twice, once on the first switch 00:01:41.610 --> 00:01:42.870 and once on the second. 00:01:42.870 --> 00:01:45.300 You can see this is the same configuration where 00:01:45.300 --> 00:01:47.980 Sam is communicating to the SGC server, 00:01:47.980 --> 00:01:50.610 but there is a switch A on one side of the network, 00:01:50.610 --> 00:01:52.530 and a switch B on the other. 00:01:52.530 --> 00:01:55.990 Switch A has a MAC address table specific to the devices plugged 00:01:55.990 --> 00:01:59.340 into Switch A, and Switch B has a completely different 00:01:59.340 --> 00:02:01.710 and unique, MAC address table. 00:02:01.710 --> 00:02:04.950 Sam is going to send traffic again to the SGC server. 00:02:04.950 --> 00:02:10.800 It knows that it's sending this traffic to MAC address 1000:5555:5555. 00:02:10.800 --> 00:02:12.960 As that traffic hits Switch A, Switch A 00:02:12.960 --> 00:02:15.030 refers to its own MAC address table 00:02:15.030 --> 00:02:18.420 and knows that that particular MAC address is located 00:02:18.420 --> 00:02:22.480 on an interface that is a gigabit 0/2 interface, 00:02:22.480 --> 00:02:25.230 and so it sends that traffic out that interface 00:02:25.230 --> 00:02:26.580 to the next switch. 00:02:26.580 --> 00:02:29.040 On that switch, the same lookup process 00:02:29.040 --> 00:02:31.800 occurs, where Switch B will examine the destination 00:02:31.800 --> 00:02:35.220 MAC address, determine that that MAC address is associated 00:02:35.220 --> 00:02:38.280 with the interface fast ethernet 0/5, 00:02:38.280 --> 00:02:42.960 and sends that traffic down that interface to the destination device. 00:02:42.960 --> 00:02:45.350 You can see that building that MAC address table 00:02:45.350 --> 00:02:46.870 is extremely important. 00:02:46.870 --> 00:02:48.900 If we didn't have the MAC address table, the switch 00:02:48.900 --> 00:02:50.970 would not know where to send that traffic. 00:02:50.970 --> 00:02:53.040 In order to build that table, the switch 00:02:53.040 --> 00:02:55.770 is going to examine all incoming traffic 00:02:55.770 --> 00:02:58.590 and make a note of the source MAC address. 00:02:58.590 --> 00:03:00.750 It will then associate that source MAC address 00:03:00.750 --> 00:03:03.510 to a specific interface on the switch. 00:03:03.510 --> 00:03:06.720 So let's take a scenario where we've just powered up a switch, 00:03:06.720 --> 00:03:09.180 it has nothing in the MAC address table, 00:03:09.180 --> 00:03:11.730 and we're going to send information from Sam's computer 00:03:11.730 --> 00:03:13.350 to the SGC server. 00:03:13.350 --> 00:03:15.660 Sam's going to send that traffic to the switch, 00:03:15.660 --> 00:03:18.930 the switch is going to examine the source MAC address, 00:03:18.930 --> 00:03:24.150 and in the case of Sam's device, that's 1000:1111:1111. 00:03:24.150 --> 00:03:26.970 It will then put that MAC address into the MAC address 00:03:26.970 --> 00:03:29.550 table, and it will identify the interface 00:03:29.550 --> 00:03:34.440 where that information was received. In this case, interface F0/1. 00:03:34.440 --> 00:03:38.020 That information is then sent on to the SGC server, 00:03:38.020 --> 00:03:42.000 and then when the SGC server responds to that communication, 00:03:42.000 --> 00:03:44.490 it has a different source MAC address, 00:03:44.490 --> 00:03:47.350 and the process is repeated. Except in this case, 00:03:47.350 --> 00:03:49.650 the switch identifies that MAC address is 00:03:49.650 --> 00:03:53.490 coming from fast ethernet 0/5. 00:03:53.490 --> 00:03:56.580 In that previous example, we were sending information to the SGC 00:03:56.580 --> 00:03:59.610 server, but the SGC server's MAC address 00:03:59.610 --> 00:04:01.680 was not yet in the switch. 00:04:01.680 --> 00:04:04.590 If the switch does not have an entry for that MAC address 00:04:04.590 --> 00:04:07.260 in the table, then it will send that information 00:04:07.260 --> 00:04:09.420 to everyone on the network. 00:04:09.420 --> 00:04:12.000 For example, we'll take Sam sending this information 00:04:12.000 --> 00:04:13.380 to the SGC server. 00:04:13.380 --> 00:04:15.540 You can see in this case, the MAC address table 00:04:15.540 --> 00:04:17.970 has nothing inside of it at the moment. 00:04:17.970 --> 00:04:20.730 The MAC address table will be updated with the source MAC 00:04:20.730 --> 00:04:23.790 address because Sam did send that information to the switch, 00:04:23.790 --> 00:04:27.810 and it did associate that with fast ethernet 0/1, 00:04:27.810 --> 00:04:29.550 But we're sending this information 00:04:29.550 --> 00:04:32.370 to a destination MAC address that's not currently 00:04:32.370 --> 00:04:34.470 listed in the switch's table. 00:04:34.470 --> 00:04:38.460 In that case, it's going to now send that traffic to everybody 00:04:38.460 --> 00:04:40.650 on the network, and effectively flood 00:04:40.650 --> 00:04:44.520 that traffic to all of the other interfaces on that switch. 00:04:44.520 --> 00:04:47.070 If you're familiar with the operation of a hub, 00:04:47.070 --> 00:04:49.830 then you'll notice that this is very similar to the way 00:04:49.830 --> 00:04:51.330 a hub works normally. 00:04:51.330 --> 00:04:53.790 But this traffic being sent to every device 00:04:53.790 --> 00:04:56.520 ensures that at least the destination will 00:04:56.520 --> 00:04:58.470 receive this particular frame. 00:04:58.470 --> 00:05:02.160 And in this example, you can see that the SGC server did indeed 00:05:02.160 --> 00:05:05.280 receive that frame, and when the SGC server responds 00:05:05.280 --> 00:05:08.280 back to Sam with a response, the source MAC address 00:05:08.280 --> 00:05:10.320 will be identified by the switch. 00:05:10.320 --> 00:05:13.380 That information will be added to the MAC address table, 00:05:13.380 --> 00:05:15.830 and the switch will no longer need to flood the traffic 00:05:15.830 --> 00:05:20.010 across all interfaces if communication is occurring between Sam 00:05:20.010 --> 00:05:23.270 and the SGC server again. 00:05:23.270 --> 00:05:26.750 On an IPv4 network, devices are able to obtain 00:05:26.750 --> 00:05:31.190 the MAC address of a remote device using the ARP protocol. 00:05:31.190 --> 00:05:34.430 ARP stands for Address Resolution Protocol. 00:05:34.430 --> 00:05:37.730 ARP will query the network for a specific IP address, 00:05:37.730 --> 00:05:41.660 and that IP address will respond back with its MAC address. 00:05:41.660 --> 00:05:44.450 Your local computer keeps a cache of all of the MAC 00:05:44.450 --> 00:05:46.340 addresses that it currently knows. 00:05:46.340 --> 00:05:48.720 If you wanted to look at the ARP address table on 00:05:48.720 --> 00:05:52.850 your local machine, you can use the command arp-a. 00:05:52.850 --> 00:05:55.800 Let's run the arp-a command on my machine. 00:05:55.800 --> 00:06:00.930 You can see that I have a number of local devices on the 10.1.10 network. 00:06:00.930 --> 00:06:02.640 You can see them all listed here. 00:06:02.640 --> 00:06:06.120 There's also some other devices on my local network, 00:06:06.120 --> 00:06:10.880 including some APIPA addresses and some multicast addresses. 00:06:10.880 --> 00:06:13.610 Let's say that I want to communicate to a switch 00:06:13.610 --> 00:06:15.410 that I have on my network. 00:06:15.410 --> 00:06:19.460 That switch's IP address is 10.1.10.210, 00:06:19.460 --> 00:06:21.440 and you can see in my ARP address table, 00:06:21.440 --> 00:06:24.450 I don't currently have that address in the list. 00:06:24.450 --> 00:06:29.420 So I'm going to perform a ping, and I'm gonna ping 10.1.10.210, 00:06:29.420 --> 00:06:32.990 and I'll get some responses back from that particular device. 00:06:32.990 --> 00:06:37.025 If I now look at my ARP address table with an arp-a, 00:06:37.025 --> 00:06:41.990 you will see that I have a new entry for 10.1.10.210, 00:06:41.990 --> 00:06:46.670 and you'll see that I have a MAC address associated with that IP address. 00:06:46.670 --> 00:06:49.640 When I performed that ping, the first thing that occurred 00:06:49.640 --> 00:06:51.890 was an ARP request made to the network 00:06:51.890 --> 00:06:54.080 to try to find that particular device, 00:06:54.080 --> 00:06:56.330 and I received an ARP response, which 00:06:56.330 --> 00:07:00.050 then allowed me to send traffic to that device directly. 00:07:00.050 --> 00:07:03.170 I captured the ARP communication using Wireshark, 00:07:03.170 --> 00:07:06.680 which is a packet analyzer, and you can download and install 00:07:06.680 --> 00:07:09.920 Wireshark on your own machine to see not only ARPs, 00:07:09.920 --> 00:07:12.770 but all of the network traffic on your system. 00:07:12.770 --> 00:07:15.650 The first frame that I'm sending is from my device, 00:07:15.650 --> 00:07:18.170 and it's sending it out as a broadcast, 00:07:18.170 --> 00:07:22.280 and the ARP itself is requesting the MAC address 00:07:22.280 --> 00:07:25.880 for who has 10.1.10.210. 00:07:25.880 --> 00:07:28.010 You can see the details of the ARP 00:07:28.010 --> 00:07:30.800 that are located further down in the detail. 00:07:30.800 --> 00:07:32.700 You can see the sender MAC address, 00:07:32.700 --> 00:07:34.160 which is my Apple computer. 00:07:34.160 --> 00:07:38.870 You can see my local IP address, which is 10.1.10.249. 00:07:38.870 --> 00:07:41.000 You can see the target MAC address, 00:07:41.000 --> 00:07:43.700 right now we don't know what the MAC address is of the target, 00:07:43.700 --> 00:07:46.950 so it's all zeros, and you can see that I'm requesting the MAC 00:07:46.950 --> 00:07:52.820 address for the device that has the IP address of 10.1.10.210. 00:07:52.820 --> 00:07:55.730 We very quickly get a response from this device, which 00:07:55.730 --> 00:07:58.640 happens to be a Cisco switch, and the response 00:07:58.640 --> 00:08:01.910 from the MAC address is from the Cisco MAC address 00:08:01.910 --> 00:08:06.260 with the sender's IP address, which is 10.1.10.210, 00:08:06.260 --> 00:08:08.390 and the target is the response back 00:08:08.390 --> 00:08:11.750 to my Apple computer and my local IP address. 00:08:11.750 --> 00:08:15.570 You can see in the response that it filled in the sender MAC address, 00:08:15.570 --> 00:08:19.400 so instead of being all zeros, I see this long MAC address 00:08:19.400 --> 00:08:21.440 associated with this IP. 00:08:21.440 --> 00:08:23.900 And if you remember the IP address and MAC 00:08:23.900 --> 00:08:26.240 address in my local ARP cache, it 00:08:26.240 --> 00:08:31.780 matches both of those that were received by this ARP response. 00:08:31.780 --> 00:08:34.570 That ARP process is what we use an IP version 00:08:34.570 --> 00:08:37.270 4 to be able to identify a MAC address, 00:08:37.270 --> 00:08:40.360 but we don't have broadcasts in IPv6. 00:08:40.360 --> 00:08:43.630 There's also a different process for IPv6 00:08:43.630 --> 00:08:47.770 to identify the MAC addresses of devices on your local network. 00:08:47.770 --> 00:08:51.610 In IPv6, we use in NDP, which is Neighbor Discovery 00:08:51.610 --> 00:08:57.280 Protocol, using multicast, specifically with ICMPv6. 00:08:57.280 --> 00:09:00.460 This replaces the ARP function that we would commonly 00:09:00.460 --> 00:09:04.390 see in IPv4 with this Neighbor MAC Discovery. 00:09:04.390 --> 00:09:06.550 This can also be used in conjunction 00:09:06.550 --> 00:09:10.900 with SLAAC, which is Stateless Address Autoconfiguration, 00:09:10.900 --> 00:09:14.200 which allows the system to automatically configure itself 00:09:14.200 --> 00:09:18.250 with an IP address without using a DHCP server. 00:09:18.250 --> 00:09:20.080 Neighbor Discovery Protocol is also 00:09:20.080 --> 00:09:24.610 used to identify any duplicate addresses using DAD, 00:09:24.610 --> 00:09:26.980 or Duplicate Address Detection. 00:09:26.980 --> 00:09:29.170 If you wanted to see the conversation that 00:09:29.170 --> 00:09:32.650 takes place in IPv6, instead of using ARP, 00:09:32.650 --> 00:09:37.930 we send a neighbor solicitation, or NS, on a multicast address, 00:09:37.930 --> 00:09:43.570 and that is the IPv6 multicast that's used for this neighbor solicitation frame. 00:09:43.570 --> 00:09:46.870 The response is sent back from the other side with a neighbor 00:09:46.870 --> 00:09:49.780 advertisement, or NA, and that NA 00:09:49.780 --> 00:09:52.960 includes the MAC address of that local device. 00:09:52.960 --> 00:09:56.030 Although the protocols and the method is slightly different, 00:09:56.030 --> 00:10:01.330 you can see that the process is very similar to the one that occurs in IPv4. 00:10:01.330 --> 00:10:04.300 Not only are we sending data over ethernet networks, 00:10:04.300 --> 00:10:07.180 we can also send power over those networks 00:10:07.180 --> 00:10:11.860 at the same time using Power over Ethernet, or POE. 00:10:11.860 --> 00:10:15.610 This allows us to connect devices such as access points, 00:10:15.610 --> 00:10:18.520 voiceover IP phones, and other devices 00:10:18.520 --> 00:10:21.370 by simply plugging in an ethernet connection. 00:10:21.370 --> 00:10:23.920 You don't have to then plug in a separate power 00:10:23.920 --> 00:10:25.570 connection for that device. 00:10:25.570 --> 00:10:28.120 That power is coming from either the switch, 00:10:28.120 --> 00:10:31.240 or another device that's connected into the network. 00:10:31.240 --> 00:10:34.512 If it's coming from the switch, we call that an Endspan, 00:10:34.512 --> 00:10:37.910 or if it's coming from an injector, like the one you see here, 00:10:37.910 --> 00:10:41.020 which sits in the middle of an existing ethernet connection, 00:10:41.020 --> 00:10:44.080 we refer to that as a Midspan. 00:10:44.080 --> 00:10:47.260 If your ethernet network is a 10 or 100 megabit 00:10:47.260 --> 00:10:51.010 per second connection, then you have some extra wires inside 00:10:51.010 --> 00:10:53.110 of that cable that you could use for power. 00:10:53.110 --> 00:10:56.290 We refer to that as Mode B power over ethernet, 00:10:56.290 --> 00:10:58.990 where you're sending power on the spare pairs. 00:10:58.990 --> 00:11:01.030 But if you're using gigabit connections, 00:11:01.030 --> 00:11:04.660 you're using all of those wires for your gigabit ethernet data. 00:11:04.660 --> 00:11:06.970 And in those cases, we're using Mode A, 00:11:06.970 --> 00:11:11.108 where we're sending power and data over the same wire. 00:11:11.108 --> 00:11:13.400 You'll find there are a number of different power 00:11:13.400 --> 00:11:15.730 over ethernet standards, and these standards 00:11:15.730 --> 00:11:18.460 are being added to and changed all the time. 00:11:18.460 --> 00:11:24.370 Two very common standards are the IEEE 802.3af from 2003. 00:11:24.370 --> 00:11:28.000 We refer to that as the original POE standard, which 00:11:28.000 --> 00:11:32.320 provides 15.4 watts of direct current power, 00:11:32.320 --> 00:11:35.230 with a maximum current of 350 milliamps. 00:11:35.230 --> 00:11:38.290 An update to that standard is what we call POE+. 00:11:38.290 --> 00:11:42.640 This was updated with 802.3at in 2009. 00:11:42.640 --> 00:11:48.040 This also has been incorporated into the existing 802.3 ethernet standard. 00:11:48.040 --> 00:11:50.920 This provides a bit more power on the ethernet network, 00:11:50.920 --> 00:11:57.100 25.5 watts of DC power, with a maximum current of 600 milliamps. 00:11:57.100 --> 00:11:59.490 There are other power over ethernet standards, 00:11:59.490 --> 00:12:01.430 and these are being updated all the time, 00:12:01.430 --> 00:12:04.990 so make sure you check with the ethernet standards from IEEE 00:12:04.990 --> 00:12:09.570 to know exactly what options may be available for you.