Friday, March 27, 2009

Share your experience with us!

Lets share the CCNA experience !!!

Hey, this section is meant for sharing your CCNA experience. You may discuss the training you undertook, study method you adopted, & the materials you have used . I'll start with my own journey -I've been studying for my CCNA exam for a 6 months period.I'll give you a short description about everything I used during my studies:

- I used Cisco Curriculum Exploration v4, and it has great method to teach you the fundamentals of Networking. it includes flash, and alot of diagram to help the explanation.

- I've watched Jeremy-CBT Nuggets videos, and Chris Bryant-TrainSignal videos. IMO, Jeremy explains the material in more funny way, less boring. but Chris Bryant starting with you from scratch and building the fundamentals. I liked more TrainSignal product, although it was much more boring than CBT.
- CiscoPress ICND1+ICND2 FEB 2008 Edition, those books are really nice, but they are assuming you got some fundamentals knowledge in networking. they are explaining the more complex concepts better than the others.
- Sybex Todd's Lamle 6th Edition, I think you all know this book. Great book, explains the material very good. Although CiscoPress got some concepts that were more clear to me in their books than Todd's.

- Packet Tracer v5 (Cisco). This is one of the best tools you can ask for. This program actually lets you simulate an exam oriented networking environment, if you are like me, and you got no Cisco switches / routers to build your study network then packet tracer is something to grab!!!


NOTE: I'm against brain-dumps. dumps can't help you study or understand the concepts and acquire knowledge that you need for passing the CCNA and as a matter of fact any other certification. The exam isn't about who has a better memorizing skills, so don't use dumps instead study books . Don't waste your time on dumps. FIRST read the books, DO ALOT OF LABS, and then, only then go over any exam enviornment program you come acrss, if you wish to use them.

I found it easier to first watch a video, and then read the books chapter. That made it easier for me to read, since the videos would serve the purpose of a summary. After every chapter you're done with, use Packet Tracer to make up LABs and see how it really works!

PT has a great simulation mode that gives you the option to see the process step-by-step! use it, its awesome and very beneficial! Then, go over your book questions at the end of each chapter. Mark the questions you answered wrong, and review them. If you want, you can take notes while watching the videos.. for later reference - very helpful.

This process should take you atleast 6 weeks, no way it will be shorter. Using dumps is something that you should know ,i do not encourage using dumps as study material you may use if like it,as a testing material.

Remember CCNA exam will test you in 3 things :
1) Concepts
2) Configuration
3) Troubleshooting

Study & practice hard, nail the concepts, and you should clear the exam!


Read more...
Posted by Chen at 1:05 AM Comments

Thursday, March 26, 2009

STP Process: Step-by-step

STP or spanning tree protocol is used to prevent switching loops. STP will determine the most desirable path, and place that port in Forwarding mode ( to forward the traffic), while other less-desirable path ports will be in Blocking mode.

Redundancy is very important in networking, they are good because they help to prevent a complete failure of a network in case one of the links goes down.

STP allows a network design to include redundant links to provide automatic backup paths if an active link fails, while removing the danger of switching loops, or the need for manual intervention enabling these backup links.



** LAB Included!

Before we start, lets cover the STP terminology:

- Root Bridge (Switch): This is the switch with the best (smallest) BID or lowest MAC address . The root bridge becomes a key parameter when considering all other network decisions, like which port will be in BLOCKING mode and which will be in FORWARDING mode.

- BID (Bridge ID): Each bridge has a unique identifier (ID) and a configurable priority number (32768 is the default priority on Cisco switches) the bridge ID is combination of the priority and the MAC address of a switch. This is how STP tracks all the switches in the network. BID of a Switch looks as follows: PRIORITY.MAC-ADDRESS; 32768.AAAA:AAAA:AAA1

- Non root Bridges: Those are all the bridges that are not elected as the root bridge.

- BPDU: Those are special data frames the switches use to exchange STP information (BID, Cost to root) with other switches in the network for the selection of the root bridge and the port roles (root port, designated port, blocking port).

There are three types of BPDUs:

* Configuration BPDU (CBPDU), used for STP computation.

* Topology Change Notification (TCN) BPDU, used to announce changes in the network topology.

* Topology Change Notification Acknowledgment (TCA).

BPUD's are sent every 2 seconds by default, and they are used to track the network topology for any topology change.

STP Port modes:

- Blocking: User Frames aren't forwarded through that port; BPDU's are accepted; those ports used as backup paths, and they might go into forwarding mode if the other designated links in use were to fail.

- Listening: User Frames aren't forwarded through that state; MAC-address-table is NOT built yet; BPDUs are accpeted and the switch gathers new information regarding other switches in the topology.

- Learning: User Frames aren't forwarded yet but they are accepted by the switch to build the CAM table.The switch in this state tries to learn which mac address belongs to what port.

- Forwarding: User Frames are SENT and RECEIVED; STP still monitors incoming BPDUs that would indicate it change the mode to the blocking state to prevent a loop.

OK. Now let's have some fun.

I'll demonstrate the Root Bridge election process, then how Root ports are elected and last, how Designated / Blocking ports are decided.


- Root Bridge & Root ports election:

The switches exchange BPDUs, and each of the switches compare its own BID with the received BPDU. The bridge with the lowest priority will be elected as the root bridge. If the priority is equal on all the switches, the switch with the lowest MAC address will be elected. (Remeber how BIDs look like? - priority.MAC-ADDRESS, so if priority is equal, the MAC is used as tie-breaker!)

- After the Root bridge election, each of the switches in the network needs to choose its path to the root bridge. STP uses the term 'cost' to determine the speeds of the links. Lower cost - faster link, more bandwith!

The port with the shortest path to the root bridge (lowest cost to the root bridge) is elected as the ROOT PORT. If the switch has a directly connected to the root bridge, the cost to root value will be 0.

- If a switch has multiple links to the root bridge, and their costs are equal, the neighbors BID is used as the tie-breaker. The neighbor with the lower advertising BID is elected to be the shortest path to the root (and that port role is ROOT PORT).

- If redundancy is used, and multiple links are connected to the same switch, and costs are equal (MAC will be equal too because we are connecting to the same switch!) - the lowest interface priority is used as the root port. and if that's equal too, the lowest physical interface port will be elected as root port.

I'll demonstrate it now:

Root port process:

- Elect ROOT switch -> The switches exchanging BPDUs with each other, deciding which one of them will be the Root for that network. I've changed the priority of S1 to 24576 so it would be the Root bridge of our topology.

S1(config)#spanning-tree vlan 1 priority 24576. After that, I've changed the priority of S3 to 28672 so it will be the Root bridge in-case S1 falls. S3(config)#spanning-tree vlan 1 priority 28672




- Choose Root ports on every single switch -> Each one of the switches, determine its shortest path to the Root, and that port becomes the Root port. Since every switch is directly connected to the Root, and the speed of the links is equal, that connected port becomes the Root port.

- Choose Designated ports on every segment -> Now the switches needs to agree which of the NON-Root ports will be placed in blocking mode to prevent loops. On each segment (S2 -> S3, S3 -> S4 links) the switches compare their Cost to Root, since all the switches directly connected to the Root, their Costs are equal. So, now they are comparing their BIDs. Remember I changed S3's priority? so that it would be lower than the defaut? S3 BID is lower than both switches BID, so S3 places its ports in Designanted role and those ports are Forwarding traffic regulary. S2 & S4 switches both places their connected ports to S3 to Blocking role, and those ports are Blocking aby traffic except BPDUs. Now our STP enviornment is converged.


Here are the notes I took to my self to remember this whole thing about Root port election:

- Choose the path with the lowest cost to the root bridge, If equal --> Choose the neighboring switch with the lowest BID, If equal -->
that means multiple links go through the same switch, so choose the port with the lowest priority, If equal --> pick the lowest physical interface as the root port.

- Designated & Blocking ports:
After the root ports are set, each networking segment gotta have 1 port in FWD, and 1 port in BLK mode (to prevent loops!)
The designated port of a segment is decided upon which switch is closer to the root bridge? (has lower cost to Root..)

In our topology example:

S2, S3 and S4 has equal cost to the root bridge. that actually means in STP terms that none of them is actually closer to the root than the other. So in that case, they are comparing their BIDs with each other (for each link ofcourse, S2 and S3 and S3 and S4. since there is no link between S2 and S4 - there will be no comparison between those two!)
Because S3 priority is the lowest, S3 ports will be in DP role and S2 & S4 ports goes into BLK mode.

* the cost to the root is equal, you can already guess, the decision will be made upon the lower BID. The switch with the lower BID will be the DP (Designated port..) for this link.

* Once STP is converged, each NONROOT switch MUST have only ONE Root port, and each segment between 2 nonroot switches have 1 Designated port, and the other side of the link will be in BLK mode. This is a great rule to remember.

* STP root bridge ports will be ALL in Designated role and FWD state. And NON of the root ports will be in "Root" role!


** LAB for practicing is available @ STPLab.rar

** STP Questions is available @ http://ccna.certify.googlepages.com/stpquestions
Read more...
Posted by Chen at 3:55 PM Comments
Labels:

Sunday, March 22, 2009

QuestionPack Series #1


This exam pack covers Basic OSI & RIP questions.

We are starting today our QuestionPack series! bundled questions that were made by our staff, to help you nail the concepts! We will keep this series updated, so expect a pack like this every week or two.


The first pack contains 15 questions, answers included at the button.

Those questions were written by US, and were made for you to see if you understand the concepts. Good luck..



Questions related to Understanding how packets transverse in a network article.
1. Refer to the exhibit.

1. When a packet is sent from PC0 to PC1, with what credentials would the packet be RECEIVED by PC1?

A. Source IP: 10.0.0.2, Source MAC: aaaa:aaaa:aa10 -- Destination IP: 20.0.0.2, Destionation MAC: bbbb:bbbb:bb20
B. Source IP: 10.0.0.1, Source MAC: rrrr:rrrr:rr20 -- Destination IP: 20.0.0.2, Destionation MAC: bbbb:bbbb:bb20
C. Source IP: 10.0.0.2, Source MAC: rrrr:rrrr:rr20 -- Destination IP: 20.0.0.2, Destionation MAC: bbbb:bbbb:bb20
D: Source IP: 10.0.0.2, Source MAC: oooo:oooo:oo30 -- Destination IP: 20.0.0.2, Destionation MAC: rrrr:rrrr:rr20


2. When the packet is LEAVING PC0, What would be the packet and frame information?

A. Source IP: 10.0.0.2, Source MAC: aaaa:aaaa:aa10 -- Destination IP: 10.0.0.1, Destionation MAC: oooo:oooo:oo10
B. Source IP: 10.0.0.2, Source MAC: aaaa:aaaa:aa10 -- Destination IP: 20.0.0.2, Destionation MAC: oooo:oooo:oo10
C. Source IP: 10.0.0.2, Source MAC: aaaa:aaaa:aa10 -- Destination IP: 30.0.0.2, Destionation MAC: rrrr:rrrr:rr30
D. Source IP: 10.0.0.2, Source MAC: aaaa:aaaa:aa10 -- Destination IP: 20.0.0.2, Destionation MAC: bbbb:bbbb:bb20

3. When the packets are received on Router0's E0/0 interface, through what process they go?

A. The router changes the destination MAC and IP to PC1's information
B. The router passes the packet unchanged to Router1 and Router1 forwards it to PC1 as it was originated
C. The router change only the destionation IP to PC1's 20.0.0.2
D. The router changes only the destionation MAC to PC1's bbbb:bbbb:bb20
E. The router changes only the destionation MAC to Router1's E0/1 interface rrrr:rrrr:rr30

4. PC1 wants to reply back to PC0 ping, how would the packet be sent back from PC1 to PC0?

A. Source IP: 20.0.0.2, Source MAC: bbbb:bbbb:bb20 -- Destination IP: 20.0.0.1, Destionation MAC: rrrr:rrrr:rr20
B. Source IP: 20.0.0.2, Source MAC: bbbb:bbbb:bb20 -- Destination IP: 10.0.0.2, Destionation MAC: rrrr:rrrr:rr20
A. Source IP: 20.0.0.2, Source MAC: bbbb:bbbb:bb20 -- Destination IP: 10.0.0.2, Destionation MAC: rrrr:rrrr:rr30
A. Source IP: 20.0.0.2, Source MAC: bbbb:bbbb:bb20 -- Destination IP: 10.0.0.1, Destionation MAC: oooo:oooo:oo30

5. When a packet is received by a router , and no route for the destination is found in the routing table, the router will:

A. Discard the packet
B. Will send it back through the port it was received, notifying that the destination is unreachable
C. Will forward it to the default-gateway, if there is one.

D.None of the above

6. When a switch is receiving a frame, what is the first thing the switch does?

A. Checking the destionation MAC address to forward the frame as soon as possible.
B. Buffering the frame, checking for errors, and forward it through the outbound interface
C. Learning the source MAC address and inserting it to its MAC-address-table
D. Checking the destination MAC address, and if there is no entry for the destination, the switch floods the frame
E. If the destination MAC is broadcast (all ff's) the switch forwards the frame out all the interfaces including the originate interface of the frame

7. How does the ROUTER build its routing table ?

A. From directly connected networks
B. From manually configured static networks
C. From routing protocols
D. All of the above are correct.

8. What is the right order of encapsulation as the data travels from layer 7 to layer 1?

A. Bits, frame, packet, segment
B. Segment, frame, packet, bits
C. Frame, packet, segment, bits
D. Segment, packet, frame, bits

Section2 :: Questions from RIP Concepts you gotta know article

9. This appear in the routing table of CCNA-R2:

R 100.0.0.0 [120/12] via 192.168.1.1, 00:00:16, FastEthernet0/1

This means (Choose 2):

A. The router is running RIP, and the destination network is directly connected to the next router.
B. The router is running RIP, and the destination network can be reachable through FastEthernet0/1
C. The destination network is 120 hops away.
D. The destination network is 12 hops away.

10. This appear in the routing table of CCNA-R2:

R 100.0.0.0 [120/1] via 192.168.1.1, 00:01:02, FastEthernet0/1

What can we tell from the information above?

A. The route 100.0.0.0 is 1 hop away through FastEthernet0/1
B. 192.168.1.0 is directly connected network
C. 192.168.1.1 MUST be a switch
D. Probably there is a problem with the destination network

11. Refering to the exhibit



What is the MOST correct statement?

A. RIP is running
B. RIPv2 is running
C. RIPv1 is running
D. The links going to appear as 'possible down' in 2:41 min

12. Refering to the exhibit





What is the reason route 100.0.0.0/8 appears as possibly down?

A. The router didn't receive any updates for 180 seconds
B. FastEthernet0/0 is shutted down on the local router
C. 192.168.1.1 got disconnected from FastEthernet0/0 interface
D. The router didn't receive any updates for 30 seconds

12.2 By default, how long will it take to drop this route?

A. Another 30 seconds
B. Another 60 seconds
C. Another 90 seconds
D. Another 50 seconds
E. The link won't get dropped automatically, it needs to be done manually

13. What are the advantages of RIPv2 (Choose three) ?

A. It supports authentication
B. Its easier to install than RIPv1
C. It supports VLSM / CIDR
D. It is broadcasting RIP updates
E. It is multicasting RIP updates

14. This appear in the routing table of CCNA-R2:

R 100.0.0.0 [120/16] via 192.168.1.1, 00:00:03, FastEthernet0/1

What can you tell about this route?

A. It was learned using RIP protocol
B. It received the last routing update 3 seconds ago
C. The route won't be routable due to the metric value
D. The next update should be received in 3 seconds
E. It is routable through FastEthernet0/1, on the next hop 192.168.1.1






ANSWERS:
1. C
2. B
3. E
4. B
5. C
6. C
7. A+B+C
8. D
9. B+D
10. D
11. A
12. A
12.2 B
13. A+C+E
14. C

** Hurry? You can download those questions here - Question_Pack_v1



Read more...
Posted by Chen at 4:27 PM Comments
Labels:

Saturday, March 21, 2009

Understanding the Routing Information Protocol ( RIP)

• RIP is a dynamic routing protocol, Its a protocol that advertise the routes you arespecifying with the network command, and populate them to the routing tables of other routers in your network.

• RIP is a Distance-Vector protocol. It uses uses a single routing metric (hop count) to measure the distance between the source and a destination network.Every router between the source network and destination network is considered as 1 hop count.

• RIP uses AD (Administrative distance) of 120.

• RIP has 2 versions, RIPv1 and RIPv2.




** LABS included!


Comparing the advantages and disadvantages of RIP:

Advantages:
- RIP is very easy to implement, and is the prefered routing protocol across small LANs.
- The RIP process is simple, therefore it doesn't consume much of the router resources.

Disadvantages:
- RIPv1 is a classful routing protocol. therefore it doesn't send the subnet mask in its routing updates.
- RIPv1 and v2 has maximum hop count of 15. IT means that , if a packet has to go through more than 15 routers, it is NOT possible with RIP. because after 15 hops, the packet is discarded (16 hops specify the network is not reachable).
- RIP has very, very slow convergence time in network terms. (you will see how slow that is when compared to other routing protocols like EIGRP & OSPF
- RIP doesn't really have a mechanism to detect routing loops.

Issues with RIP
The main issue with RIP is routing loops.Which are averted using techniques like : Maximum hop count,Split-Horizon,Route-poisoning,Poison reverse and RIP timers.

Split-horizon

RIP prevents the routing-loops to occur by implementing the split-horizon rule. The idea is to prevent a router from advertising a route back out of the interface which it was learned from. If router B learns about a route from A ,it will forward this advertisement to C but not A.





Example:

CCNA-R1 advertise the route 100.0.0.0 to CCNA-R2 (marked by Blue arrows), R2 adds the new route entry to its routing table, and send an update to all its neighbors with the new change.



Now, when CCNA-R2 sends an update to CCNA-R1 (through int fa0/0), it will include all its RIP enabled networks and routes besides the routes that was learned on the interface fa0/0! That means, CCNA-R2 will advertise only the networks 101.0.0.0, 102.0.0.0 and 192.168.1.0, and without split-horizon rule it may send R1's 100.0.0.0 network back to it.

Route poisoning

In route poisoning, when CCNA-R1 detects the 100.0.0.0 as down ,it will add /16 as a metric and wait for its update timer to expire to send this information about a networking being down with (/16 as metric) to all its neighbour.This will help other routers see this network as unreachable and will avoid any router from sending a packet to this network which is down.

Poison reverse

It is the process of breaking the split-horizon rule to indicate to other routers that a route is no longer reachable and should be removed from their routing tables.When a route is detected as invalid ( through an advertisment from a neighbour router), the router starts to advertise the route to all routers (including the router it received the route information about the dead network from) with a metric of 16 (also called infinity metric) which means that route is not-reachable. Other routers in the network update their routing-table, and the invalid route appears as "possibly down".





This mechanism prevents from routers from updating each other with invalid route enteries.

The Timers of RIP:

This is a part most of us get confused. ok so we know what the update timer is for, but what about invalid and hold-down?and why do we need to wait an extra 60 secs (240 seconds total) before a route is flushed from the routing table?

Ok so, the timers work like this:

* Timers by default are: update 30, invalid 180, hold-down 180, flushed 240.

* when an update packet is received, the route timer is being reset. RIP counters are presenting the time that the last update packet has been received, so the timers are increasing and not decreasing.

* so when you see the counter go above 30 - that means something goes wrong. When everything goes well, you should not see the RIP counter go above 29, because it suppose to receive an update every 30 seconds,if it doesn't, the counter keeps increasing til it gets to 180 seconds (the invalid timer). then, the router decides that something is wrong here, and mark the route as invalid. The status of the route is changed to "possibly down",and the router starts to advertise that route with a metric of 16 (infinity), thats how the router informs its neighbors that the link is invalid.

The route is retained in the table for a period of time (60 secs by default) and not flushed immedietly, so that the neighbors can be notified about the route being dropped.

Last, there is the flush-timer. the flush timer is how long it takes til the route is completely dropped from the routing table - the next step after the "possibly down" status. If it takes 180 seconds for a route to become invalid, it will take 60 seconds more for the route to be completely dropped from the table.

So again, as long as your counter is under 30, everything works fine. If the counter goes above 30, there is a problem.. if it gets to 180, it gets invalid (appears in the routing table as possibly-down). and after 240 seconds, only the route is completely flushed from the routing table.

The differences between RIPv1 and RIPv2:

- v1 doesn't support VLSM / CIDR .. v2 supports both
- v1 doesn't support authentication .. v2 has an authentication option
- v1 broadcast its routing updates .. v2 multicast them to 224.0.0.9

** Get the LABs for practice - RIP Labs

** Practice questions available! - CCNA-QAn1
Read more...
Posted by Chen at 6:57 PM Comments
Labels:

Thursday, March 19, 2009

Understanding how packets transverse in a network

One of the first things you have to know on your way to CCNA is what really happens inside a network,how packets transverse e.t.c. I won’t talk a lot about the OSI model and layers, there are plenty of articles about that - but I'll focus on the last 3 layers: Network, Data link and Physical layer.





** LAB included!



As your data goes down in the OSI model layers in PC-0, from the application layer to the transport layer it arrives at the 3rd layer the NETWORK layer. The network layer takes the transport layer SEGMENT (that’s how the data called after it passes at the transport layer) and encapsulates that segment with a header and it becomes a PACKET.



The packet header includes, information that is relative to the Layer 3 (Routers and Layer 3 Switches) devices. Layer 2 devices (Switches, Bridges) have nothing to do with that information.





The packet header includes many options that aren't really relative to your CCNA studies, so I'll not cover them all and stick to those that are related to the CCNA course.

  • Version: the version of the IP, currently we are using v4 while v6 is being implemented too.
  • Total length: This field includes the length of the IP datagram, included the IP header.
  • TTL (Time to Live): this field indicates how many hops a data packet should be transmitted across the network before it is discarded. Each successful route by a router, decrease this value by 1. When it gets to 0, the packet is discarded.
  • Protocol: These fields specify which protocol is used in the segment. TCP identified by the number 6, UDP is 17.
  • Destination IP address: This is the destination IP address of the packet. (the IP of the receiving host). It is used by the Layer 3 device to route the packet to its particular destination, and assure that only the destination device receives that packet.
  • Source IP address: the opposite of the destination IP. This field holds the IP of the sending device, so when the receiving host would want to reply it will know to whom it should send the packet.
  • Data: this field carries the data that being sent in the packet.

Then, after all the IP packet fields are filled, the packet moves down to Layer 2 - the Data Link layer and being encapsulated by ARPA protocol and becomes a FRAME. The frame is used to transmit files on the local LAN or between two nodes in physical address environment. The frame includes source and destination MAC addresses - a MAC address is the PHYSICAL ADDRESS (hard coded) of a device. It is a unique address for each device in Ethernet network! The frame also has a FCS trailer, that's for error-detection.

After that, the Data Link layer passes the FRAME to the PHYSICAL layer, there the frame is translated into bits - 0's and 1's - and being transmitted over the cable.That was a brief overview of the process, to make it easier for you.


Now what is happening when a packet is received on a ROUTER?

  • The router collects the streaming bits and reassemble them, that's make a FRAME. Then, the FRAME is given to the Layer2.

  • The router then checks the DEST. MAC address in the frame, if the frame DEST. MAC address is the MAC address of the receiving interface, router actually STRIPS the Layer2 encapsulation - and we are left with the PACKET which contains layer 3 details, and that is handed over to Layer3.
  • The router looks at the DEST. IP address in the PACKET, and then looking for a route for it in its ROUTING TABLE. If the router finds a route entry for the destination route, it forwards it out of the right interface. Else, it will discard the packet.

Now what is happening when a packet is received on a SWITCH?


Well switches doesn't really receives packets, they receives FRAMES. The switch reassembles the bits into FRAME. Now, this is how a switch handles FRAMES:

  • The switch actually first CHECK THE SOURCE MAC ADDRESS of the frame! Why it does that? That's how switches build their MAC address table. If the switch has the source MAC of the frame in its table, it goes to step 2. else, it adds the SOURCE MAC address with the RECEIVED port on the switch to its MAC address table.

  • Then, the switch checks the DEST. MAC address and looks if it fits to one of its MAC address table entry. If its finds a fit, the switch will FORWARD the frame - it will send the frame out the specific port. If it has not found a match in its MAC table, that frame actually called "unknown unicast frame" - and what the switch does with those kind of frames is FLOODING it out ALL OF ITS PORTS except the port it received it. (The originator of the frame).

Note: The switch doesn't even get to the point of a PACKET. Switches DON’T check or modify a packet! They mess only with the FRAME itself!

Switches also DON’T change the Source & Destination of the MAC ADDRESSES! What switches actually do is receiving a frame, checking where it supposes to be forwarded, and forward it AS IT IS to the right destination depending upon its internet table called as the CAM ( content addressable memory ) table.

For routers, routers just CHECK the IP addresses in the packet. PACKETS source & destination addresses are not being CHANGED / MODIFIED by the router, the router is only a station on the way of the packet!

But what routers do is CHANGING the SOURCE & DESTINATION of the MAC addresses in the FRAME!

MAC addresses are used to forward frames over a local LAN. Now if a packet arrived on the router, that means it needs to be forwarded to other local LAN, so it is outside of the LAN of the originator of the packet. So, the router change's the SOURCE MAC address to its FORWARDING port MAC address, and the DESTINATION MAC address is changed to the next station along the way! (It might be another router or the destination device)

Let's illustrate a way packet goes from PC 0 to PC1.



Let’s say PC0 sends traffic to PC1. PC0 will look for the MAC address of PC1 in its mac-address table. (I'll not get into the ARP process here, so let’s assume ARP process already done).

PC0 will send the packet as follows: SOURCE IP - 10.0.0.2, DESTINATION IP - 20.0.0.2
And regarding the MAC address in the frame, what would it be? - SOURCE MAC - aaaa:aaaa:aa10, and DESTINATION MAC - oooo:oooo:oo10 !

Next, the router receives the packet on its E0/0 interface, it compares the destination mac address in the frame to its own mac address of the interface that received the frame, and it founds a match. That means this frame destinated to him, so it will decapsulate the frame and forwards the packet to the layer3 process.

At layer 3, the router will look at the destination IP address of the packet. Then it will look for a match for it in its routing table. It will find one, thru the network 30.0.0.0! So, the router will encapsulate the packet into frame again, but this time with that MAC information:

Source MAC - oooo:oooo:oo30
Destination MAC - rrrr:rrrr:rr30

You got the point? The MAC addresses are used to forward traffic across a LAN, and IP is used across different LANs and WANs!

R1 will do the same process as R0 did, and will forward out this packet thru its E0/0 interface right to the destination! So,

Source MAC address is - rrrr:rrrr:rr30
Destination MAC address is - bbbb:bbbb:bb20.

To sum it all up: Note that the IP's remained the same through the whole process! The packet at PC1 still has the same source and destination IP addresses in it. The MAC addresses are always changed when crossing through devices, except switches!!!

** Get the LAB and start practicing! - Packet LAB
Read more...
Posted by Chen at 12:50 AM Comments
Labels: , ,
Subscribe to: Posts (Atom)