Chapter 7: Ethernet and Switching Fundamentals

Learning Objectives

By the end of this chapter, you will be able to: - Understand Ethernet frame structure and operation - Configure basic switching functionality in ContainerLab - Implement MAC address learning and forwarding - Understand collision and broadcast domains - Troubleshoot common switching issues

Ethernet Fundamentals

Ethernet Frame Structure

Ethernet is the most common Layer 2 protocol used in modern networks. Understanding the frame structure is crucial for network troubleshooting and optimization.

Ethernet II Frame Format

|  Preamble  | SFD | Destination MAC | Source MAC | EtherType | Payload | FCS |
|  7 bytes   | 1B  |    6 bytes      |  6 bytes   |  2 bytes  | 46-1500B| 4B  |

Frame Components: - Preamble: 7 bytes of alternating 1s and 0s for synchronization - Start Frame Delimiter (SFD): 1 byte marking frame start - Destination MAC: 6-byte hardware address of receiving device - Source MAC: 6-byte hardware address of sending device - EtherType: 2-byte field indicating upper layer protocol - Payload: 46-1500 bytes of actual data - Frame Check Sequence (FCS): 4-byte error detection field

MAC Address Structure

MAC (Media Access Control) addresses are 48-bit identifiers assigned to network interfaces.

MAC Address Format

Format: XX:XX:XX:XX:XX:XX (hexadecimal)
Example: 00:1B:44:11:3A:B7

Structure:
- First 24 bits: Organizationally Unique Identifier (OUI)
- Last 24 bits: Device-specific identifier

Special Addresses:
- Broadcast: FF:FF:FF:FF:FF:FF
- Multicast: First bit of first octet = 1
- Unicast: First bit of first octet = 0

Switch Operation Fundamentals

MAC Address Learning

Switches learn MAC addresses by examining the source MAC address of incoming frames and associating them with the ingress port.

Learning Process

Frame Reception: Switch receives frame on a port
Source Learning: Records source MAC and ingress port
Destination Lookup: Checks MAC table for destination
Forwarding Decision: Forwards, floods, or filters frame

Creating a Basic Switch Lab

# Basic switching lab
name: basic-switching
prefix: sw

topology:
  nodes:
    switch1:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      mgmt-ipv4: 172.20.20.10
      startup-config: |
        hostname Switch1
        !
        interface GigabitEthernet1/0/1
         description PC1
         switchport mode access
         switchport access vlan 1
         no shutdown
        !
        interface GigabitEthernet1/0/2
         description PC2
         switchport mode access
         switchport access vlan 1
         no shutdown
        !
        interface GigabitEthernet1/0/3
         description PC3
         switchport mode access
         switchport access vlan 1
         no shutdown
        !

    pc1:
      kind: linux
      image: alpine:latest
      mgmt-ipv4: 172.20.20.11
      exec:
        - ip addr add 192.168.1.10/24 dev eth1
        - ip link set eth1 up

    pc2:
      kind: linux
      image: alpine:latest
      mgmt-ipv4: 172.20.20.12
      exec:
        - ip addr add 192.168.1.11/24 dev eth1
        - ip link set eth1 up

    pc3:
      kind: linux
      image: alpine:latest
      mgmt-ipv4: 172.20.20.13
      exec:
        - ip addr add 192.168.1.12/24 dev eth1
        - ip link set eth1 up

  links:
    - endpoints: ["switch1:eth1", "pc1:eth1"]
    - endpoints: ["switch1:eth2", "pc2:eth1"]
    - endpoints: ["switch1:eth3", "pc3:eth1"]

Deploy and test the lab:

# Deploy the lab
containerlab deploy -t basic-switching.yml

# Connect to the switch
docker exec -it clab-sw-switch1 cli

# Check MAC address table (initially empty)
show mac address-table

# Generate traffic from PC1 to PC2
docker exec clab-sw-pc1 ping -c 3 192.168.1.11

# Check MAC address table again (should show learned addresses)
docker exec -it clab-sw-switch1 cli -c "show mac address-table"

MAC Address Table Management

Viewing MAC Address Table

# Cisco IOS commands
show mac address-table
show mac address-table dynamic
show mac address-table interface GigabitEthernet1/0/1
show mac address-table vlan 1

# Arista EOS commands
show mac address-table
show mac address-table dynamic
show mac address-table interface Ethernet1

MAC Address Table Aging

# Configure MAC address aging
startup-config: |
  mac address-table aging-time 300
  !
  interface range GigabitEthernet1/0/1-24
   switchport mode access
   switchport access vlan 1
  !

Frame Forwarding Process

Unicast Frame Forwarding

Known Unicast: Destination MAC in table → Forward to specific port
Unknown Unicast: Destination MAC not in table → Flood to all ports except ingress

Broadcast Frame Handling

Broadcast frames (destination FF:FF:FF:FF:FF:FF) are flooded to all ports in the same VLAN except the ingress port.

Multicast Frame Handling

Multicast frames are typically flooded like broadcasts unless IGMP snooping is configured.

Collision and Broadcast Domains

Collision Domains

A collision domain is a network segment where data collisions can occur. In modern switched networks, each switch port represents a separate collision domain.

Hub vs. Switch Collision Domains

# Simulating hub behavior (single collision domain)
name: collision-domain-demo
topology:
  nodes:
    # Simulate hub with bridge
    hub-sim:
      kind: linux
      image: alpine:latest
      exec:
        - apk add --no-cache bridge-utils
        - brctl addbr br0
        - brctl stp br0 off
        - ip link set br0 up

    pc1:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.1.10/24 dev eth1

    pc2:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.1.11/24 dev eth1

    pc3:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.1.12/24 dev eth1

  links:
    - endpoints: ["hub-sim:eth1", "pc1:eth1"]
    - endpoints: ["hub-sim:eth2", "pc2:eth1"]
    - endpoints: ["hub-sim:eth3", "pc3:eth1"]

Broadcast Domains

A broadcast domain is a network segment where broadcast frames are propagated. VLANs are used to separate broadcast domains.

Single Broadcast Domain

# Single broadcast domain example
name: single-broadcast-domain
topology:
  nodes:
    switch1:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      startup-config: |
        hostname Switch1
        !
        vlan 10
         name USERS
        !
        interface range GigabitEthernet1/0/1-4
         switchport mode access
         switchport access vlan 10
        !

    pc1:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.10.10/24 dev eth1

    pc2:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.10.11/24 dev eth1

    pc3:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.10.12/24 dev eth1

    pc4:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.10.13/24 dev eth1

  links:
    - endpoints: ["switch1:eth1", "pc1:eth1"]
    - endpoints: ["switch1:eth2", "pc2:eth1"]
    - endpoints: ["switch1:eth3", "pc3:eth1"]
    - endpoints: ["switch1:eth4", "pc4:eth1"]

Test broadcast behavior:

# Generate broadcast traffic
docker exec clab-single-broadcast-domain-pc1 ping -b 192.168.10.255

# Monitor traffic on other PCs
docker exec clab-single-broadcast-domain-pc2 tcpdump -i eth1 icmp

Advanced Switching Features

Port Security

Port security limits the number of MAC addresses that can be learned on a switch port.

# Port security configuration
startup-config: |
  interface GigabitEthernet1/0/1
   switchport mode access
   switchport access vlan 10
   switchport port-security
   switchport port-security maximum 1
   switchport port-security violation shutdown
   switchport port-security mac-address sticky
  !

Port Security Violation Actions

Shutdown: Disables the port (default)
Restrict: Drops violating frames, sends SNMP trap
Protect: Drops violating frames silently

Storm Control

Storm control prevents broadcast, multicast, or unicast storms from overwhelming the network.

# Storm control configuration
startup-config: |
  interface GigabitEthernet1/0/1
   storm-control broadcast level 50.00
   storm-control multicast level 50.00
   storm-control action shutdown
  !

Link Aggregation (EtherChannel)

Link aggregation combines multiple physical links into a single logical link for increased bandwidth and redundancy.

# EtherChannel configuration
name: etherchannel-lab
topology:
  nodes:
    switch1:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      startup-config: |
        interface range GigabitEthernet1/0/1-2
         channel-group 1 mode active
         no shutdown
        !
        interface Port-channel1
         switchport mode trunk
         switchport trunk allowed vlan all
        !

    switch2:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      startup-config: |
        interface range GigabitEthernet1/0/1-2
         channel-group 1 mode active
         no shutdown
        !
        interface Port-channel1
         switchport mode trunk
         switchport trunk allowed vlan all
        !

  links:
    - endpoints: ["switch1:eth1", "switch2:eth1"]
    - endpoints: ["switch1:eth2", "switch2:eth2"]

EtherChannel Protocols

LACP (Link Aggregation Control Protocol): IEEE 802.3ad standard
PAgP (Port Aggregation Protocol): Cisco proprietary

# Verify EtherChannel status
show etherchannel summary
show etherchannel port-channel
show lacp neighbor

Switch Configuration Examples

Basic Switch Configuration

# Complete basic switch setup
startup-config: |
  hostname Access-Switch-01
  !
  enable secret cisco123
  !
  username admin privilege 15 secret admin123
  !
  ip domain-name lab.local
  crypto key generate rsa modulus 2048
  !
  line vty 0 15
   login local
   transport input ssh
  !
  interface vlan 1
   ip address 192.168.1.10 255.255.255.0
   no shutdown
  !
  ip default-gateway 192.168.1.1
  !
  interface range GigabitEthernet1/0/1-24
   switchport mode access
   switchport access vlan 1
   spanning-tree portfast
   no shutdown
  !
  interface range GigabitEthernet1/0/25-26
   switchport mode trunk
   switchport trunk allowed vlan all
   no shutdown
  !

Multi-Switch Topology

# Multi-switch campus network
name: campus-switching
topology:
  nodes:
    core-sw1:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      mgmt-ipv4: 172.20.20.10
      startup-config: |
        hostname Core-Switch-1
        !
        vlan 10
         name USERS
        vlan 20
         name SERVERS
        vlan 30
         name MANAGEMENT
        !
        interface GigabitEthernet1/0/1
         switchport mode trunk
         switchport trunk allowed vlan 10,20,30
        !
        interface GigabitEthernet1/0/2
         switchport mode trunk
         switchport trunk allowed vlan 10,20,30
        !

    access-sw1:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      mgmt-ipv4: 172.20.20.11
      startup-config: |
        hostname Access-Switch-1
        !
        vlan 10
         name USERS
        !
        interface GigabitEthernet1/0/1
         switchport mode trunk
         switchport trunk allowed vlan 10
        !
        interface range GigabitEthernet1/0/2-5
         switchport mode access
         switchport access vlan 10
         spanning-tree portfast
        !

    access-sw2:
      kind: cisco_iosxe
      image: cisco/catalyst:latest
      mgmt-ipv4: 172.20.20.12
      startup-config: |
        hostname Access-Switch-2
        !
        vlan 20
         name SERVERS
        !
        interface GigabitEthernet1/0/1
         switchport mode trunk
         switchport trunk allowed vlan 20
        !
        interface range GigabitEthernet1/0/2-5
         switchport mode access
         switchport access vlan 20
        !

    # End devices
    pc1:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.10.10/24 dev eth1

    pc2:
      kind: linux
      image: alpine:latest
      exec:
        - ip addr add 192.168.10.11/24 dev eth1

    server1:
      kind: linux
      image: ubuntu:20.04
      exec:
        - ip addr add 192.168.20.10/24 dev eth1

    server2:
      kind: linux
      image: ubuntu:20.04
      exec:
        - ip addr add 192.168.20.11/24 dev eth1

  links:
    # Core to access switches
    - endpoints: ["core-sw1:eth1", "access-sw1:eth1"]
    - endpoints: ["core-sw1:eth2", "access-sw2:eth1"]

    # End devices to access switches
    - endpoints: ["access-sw1:eth2", "pc1:eth1"]
    - endpoints: ["access-sw1:eth3", "pc2:eth1"]
    - endpoints: ["access-sw2:eth2", "server1:eth1"]
    - endpoints: ["access-sw2:eth3", "server2:eth1"]

Troubleshooting Switching Issues

Common Switching Problems

Duplicate MAC Addresses

# Symptoms
show mac address-table | include <mac-address>

# Causes
# - Virtualization without proper MAC management
# - Cloned network cards
# - Software bugs

# Resolution
clear mac address-table dynamic address <mac-address>

MAC Address Table Overflow

# Check MAC table utilization
show mac address-table count

# Configure MAC table size (if supported)
mac address-table limit vlan 10 maximum 1000

# Implement port security
interface GigabitEthernet1/0/1
 switchport port-security
 switchport port-security maximum 10

Port Security Violations

# Check port security status
show port-security
show port-security interface GigabitEthernet1/0/1

# Clear security violations
clear port-security sticky interface GigabitEthernet1/0/1

Diagnostic Commands

Essential Show Commands

# Interface status
show interfaces status
show interfaces GigabitEthernet1/0/1

# MAC address table
show mac address-table
show mac address-table dynamic
show mac address-table interface GigabitEthernet1/0/1

# Port security
show port-security
show port-security interface GigabitEthernet1/0/1

# EtherChannel
show etherchannel summary
show etherchannel port-channel

# Storm control
show storm-control

Traffic Analysis

# Monitor interface counters
show interfaces GigabitEthernet1/0/1 counters

# Clear counters for baseline
clear counters GigabitEthernet1/0/1

# Monitor in real-time
show interfaces GigabitEthernet1/0/1 | include (input|output) rate

Lab Testing Scenarios

Scenario 1: MAC Learning Verification

#!/bin/bash
# Test MAC address learning

echo "Testing MAC address learning..."

# Clear MAC table
docker exec -it clab-sw-switch1 cli -c "clear mac address-table dynamic"

# Check empty table
echo "Initial MAC table:"
docker exec -it clab-sw-switch1 cli -c "show mac address-table"

# Generate traffic
docker exec clab-sw-pc1 ping -c 1 192.168.1.11

# Check learned addresses
echo "MAC table after traffic:"
docker exec -it clab-sw-switch1 cli -c "show mac address-table"

Scenario 2: Broadcast Domain Testing

#!/bin/bash
# Test broadcast domain behavior

echo "Testing broadcast domain..."

# Start packet capture on PC2
docker exec -d clab-sw-pc2 tcpdump -i eth1 -w /tmp/broadcast-test.pcap

# Generate broadcast from PC1
docker exec clab-sw-pc1 ping -b -c 3 192.168.1.255

# Stop capture and analyze
docker exec clab-sw-pc2 pkill tcpdump
docker exec clab-sw-pc2 tcpdump -r /tmp/broadcast-test.pcap

Scenario 3: Port Security Testing

#!/bin/bash
# Test port security functionality

echo "Testing port security..."

# Configure port security
docker exec -it clab-sw-switch1 cli -c "
configure terminal
interface GigabitEthernet1/0/1
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
end"

# Check port security status
docker exec -it clab-sw-switch1 cli -c "show port-security interface GigabitEthernet1/0/1"

# Simulate violation (would require additional setup)
echo "Port security configured. Test violation scenarios manually."

Performance Optimization

Switch Performance Factors

MAC Table Size: Larger tables support more devices
Switching Capacity: Backplane bandwidth and PPS rates
Buffer Size: Affects burst handling capability
CPU Utilization: Impacts control plane operations

Optimization Techniques

Interface Optimization

startup-config: |
  interface range GigabitEthernet1/0/1-24
   speed 1000
   duplex full
   no negotiation auto
   spanning-tree portfast
  !

Buffer Tuning

startup-config: |
  # Platform-specific buffer tuning
  platform buffer-allocation ratio 70

  # QoS buffer allocation
  mls qos queue-set output 1 buffers 10 15 70 5

Summary

Ethernet and switching form the foundation of modern networks. Understanding frame structure, MAC address learning, and switching operations is crucial for network engineers. ContainerLab provides an excellent platform for experimenting with these concepts in a controlled environment.

Key concepts covered: - Ethernet frame structure and MAC addressing - Switch learning and forwarding processes - Collision and broadcast domain concepts - Advanced switching features like port security and EtherChannel - Troubleshooting methodologies and tools

In the next chapter, we’ll explore VLANs and trunking, which build upon these switching fundamentals to provide network segmentation and scalability.

Review Questions

What are the components of an Ethernet frame and their purposes?
How does a switch learn MAC addresses and make forwarding decisions?
What’s the difference between collision domains and broadcast domains?
How does port security enhance network security?
What are the benefits and considerations of link aggregation?