ITL - Internet Teaching Laboratory

Data Link Layer

Ethernet (MAC) Addresses

Asante AH2072 Hub

A single ethernet address is associated with the hub. That address can be determined from the console. The menu option

     g      General Information

Cisco 2900

The command

     switch# show interfaces

     switch# show interfaces fastethernet 0/1

Cisco 4000/7000/7010

The command

     router# show interfaces

     router# show interfaces ethernet 0/0

3COM LANplex and CoreBuilder 2500/3500

The console option

     ethernet / detail / all

will show the ethernet addresses of all the ports.

Non-Ethernet Links

Some interfaces (e.g. fddi) imply a particular link protocol. Other interfaces (e.g.hssi and fsip serial interfaces) can support a range of link protocols, but default to a particular protocol (serial interfaces default to hdlc). It is not necessary to specify the link protocol for these interfaces, but you can. You should refer to the Cisco IOS documentation for a list of possible link protocols.

Point-to-Point Protocol (PPP)

Although PPP is usually used when two computers are connected through their serial ports using modems, it can also be used without the modems. A rolled cable connecting the serial ports of two computers will substitute for the modems.

To get a PPP connection between two computers, PPP must be started in passive mode on one computer (so that it waits for data from the other end and doesn't simply terminate) and in active mode on the other computer. A command that starts ppp in passive mode is "pppd device speed local passive ipaddr:" where "device" is either /dev/ttyS0 or /dev/ttyS1 to select the particular serial port, "speed" is the baud rate of the port, "local" indicates that no modem signals are to be used, and "ipaddr:" specifies the IP address to be assigned to this end of the connection. For example, if two computers have their S0 serial ports connected, the following command will start ppp in passive mode and give the local interface the address 10.0.0.1:

     [Linux prompt]# pppd /dev/ttyS0 9600 local passive 10.0.0.1:

     [Linux prompt]# pppd /dev/ttyS0 9600 local 10.0.0.2:

The communication exchanged by the two computers running ppp can be observed by connecting the serial ports of those computers to the serial ports of a third computer and running the utility "sereal" on that computer. Click here for information on interpreting the PPP packets.

Transparent Bridging

Cisco 2900

The Cisco 2900 performs transparent bridging by default.

From EXEC mode the command

     switch# show mac-address-table

displays information in the forwarding tables for the ports.

Entries in the port address table can be "dynamic", "secure", or "static". Usually dynamic entries are a result of incoming packets, but they can also be added manually. Dynamic entries age.

To add a dynamic entry, from global configuration mode use the command "mac-address-table dynamic a i vlan v" where "a" is the MAC address, "i" is the interface to which that address is to be forwarded, and 'v" is the vlan (which defaults to 1 if not specified). For example:

     switch(config)# mac-address-table dynamic 0000.1122.3344 fastEthernet 0/3

To remove a dynamic entry from the port address table, from global configuration mode use the command "no mac-address-table dynamic a" where "a" is the MAC address. For example:

     switch(config)# no mac-address-table dynamic 0000.1122.3344

To remove all dynamic entries from the port address table, from EXEC mode use the command "clear mac-address-table dynamic" For example:

     switch# clear mac-address-table dynamic

The time a dynamic ethernet address remains in the port address table is called the "aging time". The aging time is set from global configuration mode with the command "mac-address-table aging-time s" where "s" is the aging time in seconds. For example:

     switch(config)# mac-address-table aging-time 300

A "secure" port address table entry is a manually entered unicast address that is forwarded to only one port per vlan. Secure entries do not age.

To add a secure entry, from global configuration mode use the command "mac-address-table secure a i vlan v" where "a" is the MAC address, "i" is the interface to which that address is to be forwarded, and 'v" is the vlan (which defaults to 1 if not specified). For example:

     switch(config)# mac-address-table secure 0000.1122.3344 fastEthernet 0/3

To remove a secure entry from the port address table, from global configuration mode use the command "no mac-address-table secure a vlan v" where "a" is the MAC address and "v" is the vlan (which defaults to 1 if not specified). For example:

     switch(config)# no mac-address-table secure 0000.1122.3344

To remove all secure entries from the port address table, from EXEC mode use the command "clear mac-address-table secure". For example:

     switch# clear mac-address-table secure

A "static" port address table entry is a manually entered unicast or multicast address that is retained when the switch restarts. Static entries do not age. A static entry relates a port on whcih an address is recieved and another port on which the packet is forwarded. This is different from a "secure" entry. A secure entry specified the port to which a packet is forwarded regardless of the port on which the address is received. "static" entries can specify different forwarding ports for different ports on which the address is received. The structure of the commands for managing "static" entries is similar to that for "secure" except that when an entry is added two interfaces must be specified. The details of the commands can be obtained using help available on the switch.

To clear all entries from the port address table, from EXEC mode use the command "clear mac-address-table". For example:

     switch# clear mac-address-table

Cisco 4000/7000/7010

One or more ethernet ports can be grouped into a "bridge group". The ports in a bridge group behave as if they are part of a bridge independent of any other bridge group. For bridging to be possible, either IP routing must be disabled from global configuration mode using the command:

     router(config)# no ip routing

or concurrent routing and bridging must be enabled from global configuration mode using the command:

     router(config)# bridge crb

It is necessary both to define a bridge group and to include ports in it. In defining a bridge group you must specify a protocol. The one you should use is "ieee". You create a bridge group from global configuration mode using the command "bridge b protocol p" where "b" is the number of the bridge group number and "p" is the protocol (e.g. ieee).

     router(config)# bridge 1 protocol ieee

     router(config-if)# bridge-group 1

Here is an example, starting in user mode, of a sequence of commands to permit ethernet ports 0/0 and 0/1 and fddi port 3/0 to perform bridging:

     router> enable
     router# configure terminal
     router(config)# no ip routing
     router(config)# bridge 1 protocol ieee
     router(config)# interface ethernet 0/0
     router(config-if)# bridge-group 1
     router(config-if)# interface ethernet 0/1
     router(config-if)# bridge-group 1
     router(config-if)# interface fddi 3/0
     router(config-if)# bridge-group 1

From EXEC mode the command

     router# show bridge group

     router# show bridge

     router(config)# bridge 1 address 0000:1234:abcd forward ethernet 0/0

     router(config)# no bridge 1 address 0000:1234:abcd

     router(config)# clear bridge

     router(config)# bridge 1 aging-time 300

3COM LANplex and CoreBuilder 2500/3500

The following console menu options allow you to manage and examine the bridge ports:

     bridge / port / address / list - show both dynamic and static ethernet addresses associated with each port
     bridge / port / address / add - add a static ethernet address to a port
     bridge / port / address / remove - remove a static ethernet address from a port
     bridge / port / address / flushAll - remove all ethernet address entries, both static and dynamic
     bridge / port / address / flushDynamic - remove all dynamic ethernet address entries only
     bridge / port / address / freeze - change all dynamic ethernet address entries to static entries

The time a dynamic ethernet address remains in the port address table is called the "aging time". The aging time is set by the console menu option:

     bridge / agingTime

VLANs

A vlan is a mechanism for partitioning a switch so that some groups of ports behave independently of others. Each group of ports is a vlan and forwards packets only to other ports inf its own vlan. Each vlan should instantiate its own spanning tree protocol.

When two switches, each with vlans in use, are connected, the packets that pass between the two switches must be encapsulated so that packets from a particular vlan on the originating switch can be passed only to ports of the same vlan on the destination switch. There are different protocols for encapsulating packets with the vlan information. These include:

• IEEE 802.1Q - a standard protocol
• Inter-Switch Link (ISL), a Cisco protocol
• IEEE 902.10 - an old standard protocol

Information about vlans is stored in a database kept in memory. This database is called the VTP database in Cisco documentation, but since there will be little discussion of VTP in this manual it will be referred to as the "vlan database". When the switch boots, the vlan database is initialized from the contents of the file "vlan.dat" in flash memory. Since vlan information is not stored in the running configuration, changes to the vlan database cannot be undone by reverting to the startup configuration (e.g. by simply rebooting the switch), but must be explicitly removed from the vlan database. This can be done by reversing every individual vlan change, but this is tedious and prone to errors. The simplest way to remove changes to the vlan database is to delete the file from which the database is initialized and to reload the switch. This restores the database to its default configuration, which is the configuration it should have when students first use the switch. To delete the flash file vlan.dat use the "delete" command from EXEC mode:

     switch# delete flash:vlan.dat

VTP (VLAN Trunk Protocol) is a mechanism whereby switches that are physically connected can exchange information about their VLANs and thereby maintain some consistency among them. There are three VTP modes for the switch:

• server - This is the default mode and you will probably not need to change it. In this mode the switch advertises its vlan state to other switches, it reconfigures itself when it receives VTP advertisements from other switches, and it allows changes to the vlan configuration.
• client - In this mode the switch does not advertise its vlan state to other switches, but it reconfigures itself when it receives VTP advertisements from other switches. It does not allow changes to the vlan configuration.
• transparent - In this mode VTP is effectively disabled. The switch does not advertise its vlan state to other switches (although it does forward advertisements), it does not reconfigure itself when it receives VTP advertisements from other switches, and it allows changes to the vlan configuration.

     switch# show vtp status

     switch# vlan database
     switch(vlan)# vtp transparent

     switch# show vlan

• enter vlan database mode

  To enter vlan database mode, from EXEC mode issue the command "vlan database". The prompt will change to reflect the new mode.

       switch# vlan database
       switch(vlan)# 
  

• create the new vlan if it does not already exist

  The add an ethernet vlan to the database, from vlan database mode issue the command "vlan v name n" where "v" is the vlan number and "n" is a name for the vlan. The name is optional. If no name is specified, the vlan number is appended to the word "vlan" to create a name. For example, to create vlan 2 (with default name "vlan0002"):

       switch(vlan)# vlan 2
  

• add the port to the new vlan

  Ports have a membership mode in a vlan. The important modes are

  • "static-access" - In this mode a port belongs to only one vlan.
  • "multi-VLAN" - in this mode a port can belong to more than one vlan. The port should be connected to a router, not to another switch.
  • "trunk" - in this mode the port encapsulates a packet with its vlan number so that when it arrives at the other end of the connection the vlan number can be determined and the packet can be sent to the appropriate vlan. This mode is useful when a port is connected to another switch and there is more than one vlan in use on the switch.

  If any ports are in "multi" mode, then no ports can be in "trunk" mode.

  To assign a static-access port to a vlan, from interface configuration mode issue the command "switchport mode access" followed by "switchport access vlan v" where "v" is the vlan number of the vlan. A static access port can be in only one vlan, so if when it is assigned to a vlan it is deassigned to its previous vlan. For example, to add port 9 to vlan 2:

       switch#interface fastEthernet 0/9
       switch(config-if)# switchport mode access
       switch(config-if)# switchport access vlan 2
  

  To assign a multi-VLAN port to a vlan, from interface configuration mode issue the command "switchport mode multi" followed by "switchport multi vlan v1 v2 ... vn" where "v1 v2 ... vn" is a list of vlan numbers. For example, to add port 13 to vlans 2, 3, and 6:

       switch#interface fastEthernet 0/13
       switch(config-if)# switchport mode multi
       switch(config-if)# switchport multi vlan 2 3 6
  

  To make a trunk port, from interface configuration mode issue the command "switchport mode trunk" followed by "switchport trunk encapsulation e" where "e" is the protocol used to encapsulate vlan packets on the trunk. The encapsulations available include Inter-Switch Link (isl), a Cisco protocol, and 802.1Q (dot1q), a non-proprietary standard protocol. For example, to use port 23 for trunking:

       switch#interface fastEthernet 0/23
       switch(config-if)# switchport mode trunk
       switch(config-if)# switchport trunk encapsulation dot1q
  

  Here is a more complete example that creates vlan 2 and adds ports 9 and 10 to it, and which also uses port 23 as a trunk to another switch:

  
  
  
       switch#vlan
       switch(vlan)#vlan 2
       switch(vlan)#exit
       switch#configure terminal
       switch(config)#interface fastEthernet 0/9
       switch(config-if)# switchport mode access
       switch(config-if)# switchport access vlan 2
       switch(config)#interface fastEthernet 0/10
       switch(config-if)# switchport mode access
       switch(config-if)# switchport access vlan 2
       switch(config-if)#interface fastEthernet 0/23
       switch(config-if)# switchport mode trunk
       switch(config-if)# switchport trunk encapsulation dot1q
       switch(config-if)# ^Z
       switch#show vlan
  

  To see what ports are trunking, display the running configuration:

       switch#show running-config
  

  When a vlan is deleted, the static access ports that are assigned to that vlan are not automatically reassigned to vlan 1. Individual ports can be reassigned to vlan 1 by using the "switchport" command for each port as described above. To delete the vlan use the "no" form of the "vlan" command. For example, to delete vlan 2:

       switch# vlan database
       switch(vlan)# no vlan 2
  

  When you are performing experiments using trunks and VLANs, you should avoid using VLAN 1. VLAN 1, by default, is the "native VLAN". The native VLAN does not participate in the trunk protocols. That is, packets from a port in VLAN 1 are not encapsulated on the trunk, Instead they are transferred to the adjacent switch as if the ports that connect the switches were not trunking.

  Cisco 4000/7000/7010

  In version 11.1 of the Cisco IOS, which is the last that can be run on the Cisco routers in the lab, bridge groups serve the same function as vlans. Each bridge group behaves independently of other bridge groups and runs its own instance of spanning tree protocol.

  IEEE 802.1Q protocol for vlan trunks between switches is not supported. Inter-Switch Link protocol is supported only on 100BaseTX/FX fast ethernet interfaces. For other interfaces (e.g. any lan intercaces such as ethernet, and any HDLC serial interface) only IEEE 802.10 is available.

  The steps for implementing trunking between lans are:

  • On the router at each end of the trunk connection, for the port that is used for the trunk, specify a subinterface. The port must not have an interface that is part of a bridge group. From interface confguration mode use the command "interface slot/port.subinterface_number".
  • Specify the IEEE 802.10 Security Date Exchange (SDE) Security Association ID (SAID). This number is used to demultiplex the encapsulated packets when they are recevied. From subinterface configuration mode use the command "encapsulation sde s" where "s" is the SAID number.
  • Associate the subinterface with an existing bridge group (this associates the SAID with the bridge group).
  For example, if bridge group 1 is to be associated with SAID 42 on subinterface 7 for ethernet port 0/5, then the sequence of commands would be:

       router(config)#interface ethernet 0/5.7
       router(config-if)#encapsulation sde 42
       router(config-if)#bridge-group 1
  

  The ports and subinterface numbers on the two ends of the trunk connection can be different. For a given SAID the associated bridge group at one end of the connection is matched with the associated bridge group at the other end of the connection. Thus for the example above, if on another router the following commands were used:

       router(config)#interface ethernet 0/0.9
       router(config-if)#encapsulation sde 42
       router(config-if)#bridge-group 3
  

  and if ethernet port 0/5 on the first router is connected to ethernet port 0/0 on the second, then bridge group 1 on the first router and bridge group 3 on the second constitute one combined vlan.

  ############ To be completed. This does not work as described.

  3COM LANplex and CoreBuilder 2500

  There is no support for vlans.

  3COM CoreBuilder /3500

  ############ To be completed.

  Spanning Tree

  Cisco 2900

  Spanning tree protocol (STP) is enabled by default. Each vlan has its own instance of STP. To disable STP for a vlan, from global configuration mode use the command "no spanning-tree vlan v" where "v" is a list of vlans (which defaults to 1 if not specified). For example, to disable spanning tree on vlan 1:

       switch(config-if)# no spanning-tree
  

  To enable STP for a vlan, from global configuration mode use the command "spanning-tree vlan v" where "v" is a list of vlans (which defaults to 1 if not specified). For example, to enable spanning tree on vlan 1:

       switch(config)# spanning-tree
  

  and to enable spanning tree on vlan 2:

       switch(config)# spanning-tree vlan 2
  

  To disable STP on a specific port, from interface configuration mode use the command "no spanning-tree vlan v" where "v" is a list of vlans (which defaults to 1 if not specified). For example:

       switch(config-if)# no spanning-tree
  

  To enable STP on a specific port, from interface configuration mode use the command "no spanning-tree vlan v" where "v" is a list of vlans (which defaults to 1 if not specified). For example:

       switch(config-if)# spanning-tree
  

  To set the bridge priority, from global configuration mode use the command "spanning-tree vlan v priority n" where "v" is the vlan (which defaults to 1 if not specified) and "n" is the priority:

       switch(config)# spanning-tree priority 1000
  

  To set the max age, from global configuration mode use the command "spanning-tree vlan v max-age s" where "v" is the vlan (which defaults to 1 if not specified) and "s" is time in seconds:

       switch(config)# spanning-tree max-age 30
  

  To set the hello time, from global configuration mode use the command "spanning-tree vlan v hello-time s" where "v" is the vlan (which defaults to 1 if not specified) and "s" is the time in seconds:

       switch(config)# spanning-tree hello-time 2
  

  To set the forward delay, from global configuration mode use the command "spanning-tree vlan v forward-time s" where "v" is the vlan (which defaults to 1 if not specified) and "s" is the time in seconds:

       switch(config)# spanning-tree forward-time 20
  

  To set the priority of a port, from interface configuration mode use the command "spanning-tree vlan v port-priority n" where "v" is the vlan (which defaults to 1 if not specified) and "n" is the priority:

       switch(config-if)# spanning-tree port-priority 100
  

  To set the cost of a port, from interface configuration mode use the command "spanning-tree vlan v cost n" where "v" is the vlan (which defaults to 1 if not specified) and "n" is the cost:

       switch(config-if)# spanning-tree cost 1000
  

  To show the current spanning tree parameters, from EXEC mode use the command "show spanning-tree":

       switch# show spanning-tree
  

  Cisco 4000/7000/7010

  Spanning tree protocol is enabled by default. To disable it on a specific port, from interface configuration mode use the command "bridge-group b spanning-disabled" where "b" is the bridge group number:

       router(config-if)# bridge-group 1 spanning-disabled
  

  To re-eneble it use the command ""no bridge-group b spanning-disabled".

  To set the bridge priority, from global configuration mode use the command "bridge b priority n" where "b" is the bridge group number and "n" is the priority:

       router(config)# bridge 1 priority 1000
  

  To set the max age, from global configuration mode use the command "bridge b max-age s" where "b" is the bridge group number and "s" is time in seconds:

       router(config)# bridge 1 max-age 30
  

  To set the hello time, from global configuration mode use the command "bridge b hello-time s" where "b" is the bridge group number and "s" is the time in seconds:

       router(config)# bridge 1 hello-time 2
  

  To set the forward delay, from global configuration mode use the command "bridge b forward-time s" where "b" is the bridge group number and "s" is the time in seconds:

       router(config)# bridge 1 forward-time 20
  

  To set the priority of a port, from interface configuration mode use the command "bridge-group b priority n" where "b" is the bridge group number and "n" is the priority:

       router(config-if)# bridge-group 1 priority 100
  

  To set the cost of a port, from interface configuration mode use the command "bridge-group b path-cost n" where "b" is the bridge group number and "n" is the cost:

       router(config-if)# bridge-group 1 path-cost 1000
  

  To show the current spanning tree parameters, from enable mode use the command "show spanning-tree":

       router# show spanning-tree
  

  3COM LANplex and CoreBuilder 2500/3500

  The following console menu options allow you to manage and examine the bridge spanning tree parameters:

       bridge / stpState - enable or disable the spanning tree protocol for the entire bridge
       bridge / stpPriority - set the priority for the bridge (the prefix for the bridge ID)
       bridge / stpMaxAge - set the age greater than which configuration information for a port is discarded
       bridge / stpHelloTime - set the period between configuration messages sent out the root bridge
       bridge / stpForwardDelay - set the time spend in transition between blocking and forwarding
       bridge / stpGroupAddress - set the ethernet address used by the bridge for exchanging configuration messages
  
       bridge / port / summary - show, among other things, the state of the port (e.g. forwarding, blocking, etc.)
       bridge / port / detail - show, among other things, the state of the port (e.g. forwarding, blocking, etc.),
                                the current designated bridge, the current root port, etc.
       bridge / port / stpCost - set the cost of the port for spanning tree calculations
       bridge / port / stpPriority - set the priority for the port (the prefix for the port ID)
  

  Packet Analysis

  With transparent bridging in effect, unicast packets are generally forwarded only to the one bridge port associated with the destination ethernet address. If a protocol analyzer is connected to a different bridge port it will not receive most of the packets passing through the bridge. There are two alternatives:

  • Connect the port(s) you want to monitor to a hub and connect the protocol analyzer to that hub.
  • Designate a port on the bridge to be an analyzer port, associate that port with the port(s) you wish to monitor, and connect the protocol analyzer to the analyzer port.

  Since access to the bridges that control the private network is restricted, the last port (port 24) on each of the Cisco 2900's that control the private network has been configured as an analyzer port.

  Cisco 2900

  To cause a port to monitor traffic on another port, from interface configuration mode for the analyzing port and issue the command "port monitor i" where "i" is the interface of the port whose traffic is to be monitored (e.g. fastEthernet 0/1) or a vlan to be monitored (e.g. vlan 1). If "i" is omitted then all other ports will be monitored. For example, you might choose the convention that you will use the last port as the analyzing port. In this case you want to use port 24 to monitor all traffic on the switch. You would use:

      switch#configure terminal
      switch(config)#interface fastEthernet 0/24
      switch(config-if)#port monitor
  

  You can see the status of port monitoring by issuing the command "show port monitor" in EXEC mode.

      switch#show port monitor
  

  You disable port monitoring by on a port using the "no" form of the "port monitor" command..

  Cisco /4000/7000/7010

  ############ To be completed.

  3COM LANplex and CoreBuilder 2500/3500

  The following console menu options allow you to manage the analyzer ports:

       analyzer / display - show the ports used for analysis and the ports they are observing
       analyzer / add - designate a port to be connected to a protocol analyzer and used for packet analysis
       analyzer / remove - remove a port from those connected to a protocol analyzer and used for packet analysis
       analyzer / start - specify a port to be monitored by an analyzer port
       analyzer / stop - remove a port from those to be monitored by an analyzer port
  

  Exercises

  Ethernet

  1. Using ethereal to capture packets on eth0, determine whether ethernet, 802.3, or both are in use the campus network.

     If there are ethernet packets, determine how many different protocols are present.

     If there are 802.3 packets, determine what SAP values are present. In particulavr,

     • Are there cases where DSAP and SSAP are different?
     • Are there cases where SNAP is used?
     • If SNAP is used, what vendor protocols are present? Is the vendor associated with the SNAP protocol the same as the vendor associated with the interface that originated the packet?

     Transparent Bridging

  2. Connect two computers through a switch. Call the computers A and B.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • Use the send program to send one packet from A with the contents "00112233445500778899aabb00ff". What should now be in the port address list?
     • Send one packet from B with the contents "00778899aabb001122334455". What should now be in the port address list?

  3. Connect two computers through a switch. Call the computers A and B.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • Use the send program to send one packet from A with the contents "00112233445500778899aabb00ff". What should now be in the port address list?
     • Send another packet from A with the contents "00778899aabb00112233445500ff". What should now be in the port address list?
     • Send another packet from A with the contents "0022446688aa00113355779900ff". What should now be in the port address list?

  4. Connect two computers through a switch (you should perform these experiments separately with each model of switch). Call the computers A and B.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • Use the send program to send one packet from A with the contents "00112233445500778899aabb00ff". What should now be in the port address list?
     • Send one packet from B with the contents "00778899aabb00112233445500ff". What should now be in the port address list?
     • Now move A's connection to a different port on the bridge. Again send one packet from B with contents "00778899aabb00112233445500ff". Will it arrive? What should now be in the port address list?
     • Again send one packet from A with contents "00112233445500778899aabb00ff". Will it arrive? What should now be in the port address list?
     • Again send one packet from B with contents "00778899aabb00112233445500ff". Will it arrive? What should now be in the port address list?

  5. Connect two computers through a switch using eth2 on both computers (you should perform these experiments separately with each model of switch). Call the computers A and B. Make sure the IP addresses on the computers are different but in the same network (e.g. 192.168.0.1 and 192.168.0.2). Verify that a packet transmitted by computer A using ping can be seen by ethereal running on B, and vice versa. Continue to monitor arriving packets on both computers. Now select one of the switches and connect A and B through ports on that switch.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • From A ping B. What should now be in the port address list?
     • Move A's connection to a different port on that switch. Again from A ping B. Will the ping be successful? What should now be in the port address list?
     • Repeat the above experiment, but this time move B's connection to a different port on the switch.

  6. Connect two computers through a switch. Call the computers A and B.
     • Using the console menus change the aging time for port addresses to 10 seconds.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • From A use the send program to send a packet to B containing "00112233445500778899aabb00ff". What should now be in the port address list?
     • Wait 10 seconds and again examine the port address list? What should be in the list?
     • Restore the default aging time when you are done.

  7. Connect two computers through a switch (you should perform these experiments separately with each model of switch). Call the computers A and B.
     • Using the console menus change the aging time for port addresses to 10 seconds.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • From A use the send program to send a packet to B containing "00112233445500778899aabb00ff". What should now be in the port address list?
     • Using the console menus make all dynamic addresses into static addresses. What should be in the list?
     • Confirm that the connection between A and B still works.
     • Wait 10 seconds and again examine the port address list? What should be in the list?
     • Move the connection of one of the computers to a different port on the switch.
     • Send the same packet as above from A ping B. Will the packet arrive? What should now be in the port address list?
     • Restore the default aging time when you are done.

  8. Connect two computers through a switch. Call the computers A and B.
     • Using the console menus list the switch port addresses. If there are any entries flush them.
     • Use the send program to send one packet from A with the contents "00112233445500778899aabb00ff". What should now be in the port address list? Was the packet received?
     • Send one packet from B with the contents "00778899aabb01112233445500ff". What should now be in the port address list? Was the packet received?
     • Send one packet from B with the contents "00778899aabb02112233445500ff". What should now be in the port address list? Was the packet received?
     • Send one packet from B with the contents "00778899aabb03112233445500ff". What should now be in the port address list? Was the packet received?
     • What is it about the address that affects the behavior of the switch?

  9. Connect three computers using a hub. Using ifconfig change the MAC address of the interface on one of the computers so that the interfaces on two of the computers have the same MAC address. What should be the consequence?

  10. Connect three computers using a switch. Using ifconfig change the MAC address of the interface on one of the computers so that the interfaces on two of the computers have the same MAC address. What should be the consequence?

      VLANs

  11. Set up one new vlan on a switch and assign at least three ports to it. Connect three computers to those ports and verify that any two of the computers can communicate with each other using unicast packets, and that broadcast packets from any of the computers can be seen by all of the others on that vlan.

  12. Set up two new vlans on a switch and assign at least two ports to each. Connect four computers to those ports and verify that two computers on the same vlan can communicate with each other, but that even broadcast packets from a computers on one vlan cannot be seen by a computer on another vlan.

  13. Select two switches - switch A and switch B. Use only ports in vlan 2 on both switches. Connect a port on switch A to a port on switch B using a crossover cable. Connect two computers - computer 1 and computer 2 - to ports on switch A and one computer - computer 3 - to a port on switch B.
      • If computer 1 sends a unicast packet to computer 2, will it be observable at computer 3 (using ethereal)?
      • If computer 1 sends a broadcast packet, will it be observable at computer 3?
      • If computer 1 sends a unicast packet to computer 3, will it arrive?

  14. Select two switches - switch A and switch B. Use only ports in vlan 2 on both switches. Connect a port on switch A to a port on switch B using a crossover cable. Change the ports for this connection so it is a trunk connection. Connect two computers - computer 1 and computer 2 - to ports on switch A and one computer - computer 3 - to a port on switch B.
      • If computer 1 sends a unicast packet to computer 2, will it be observable at computer 3 (using ethereal)?
      • If computer 1 sends a broadcast packet, will it be observable at computer 3?
      • If computer 1 sends a unicast packet to computer 3, will it arrive?

  15. Set up two switches and four computers as shown below.

      

      • If computer A pings computer C, will the ping be successful?
      • If computer A pings computer C, will the packet be detected on computers B or D if they are running ethereal in promiscuous mode?
      • If computer A pings computer D, will the ping be successful?
      • If computer A pings computer D, will the packet be detected on computers B or C if they are running ethereal in promiscuous mode?

  16. Set up two switches and four computers as shown below.

      

      • If computer A pings computer C, will the ping be successful?
      • If computer A pings computer C, will the packet be detected on computers B or D if they are running ethereal in promiscuous mode?
      • If computer A pings computer D, will the ping be successful?
      • If computer A pings computer D, will the packet be detected on computers B or C if they are running ethereal in promiscuous mode?

  17. Set up two switches as shown below.

      

      • Will there be a problem because of a loop?

      Spanning Tree

  18. Choose two bridges (i.e. switches). Make sure spanning tree is disabled. Use ethereal to watch the packets on each of two LANs. Connect the LANs with redundant bridges as follows.

      

      • If there is no activity on either LAN, what will happen when the second redundant bridge is connected?
      • What will happen if a single packet is then introduced on one of the LANs?

  19. Choose one bridge (i.e. switch). Make sure spanning tree is disabled. Connect the bridge to a LAN as follows shown below. Monitor the packets on the LAN using ethereal. Enable spanning tree.

      

      What packets do you expect to see?

  20. Choose two bridges (i.e. switches). Make sure spanning tree is enabled. Examine the spanning tree parameters of each bridge. Use ethereal to watch the packets on each of the LANs. Connect the LANs with redundant bridges as follows.

      

      Let the system come to equilibrium.

      • Which will be the root bridge?
      • Which will be the root port for the other bridge?
      • Which is the designated bridge on each LAN?
      • What do you expect the state of each port to be?
      • What packets do you expect to see on each LAN before the spanning tree comes to equilibrium and after it comes to equilibrium?

  21. Choose two bridges (i.e. switches). For each of the following configurations the solid lines represent the spanning tree and the dashed lines the ports that are in the blocking state. For each of the configurations below find spanning tree parameters that result in the spanning tree shown.

      

  22. Choose three bridges (i.e. switches). Make sure spanning tree is enabled. Examine the spanning tree parameters of each bridge. Use ethereal to watch the packets on each of the LANs. Connect the LANs with redundant bridges as follows.

      

      Let the system come to equilibrium.

      • Which will be the root bridge?
      • Which will be the root port for the other bridge?
      • Which is the designated bridge on each LAN?
      • What do you expect the state of each port to be?
      • What packets do you expect to see on each LAN before the spanning tree comes to equilibrium and after it comes to equilibrium?

  23. Choose three bridges (i.e. switches). For each of the following configurations the solid lines represent the spanning tree and the dashed lines the ports that are in the blocking state. For each of the configurations below find spanning tree parameters that result in the spanning tree shown.

      

  24. Choose three bridges (i.e. switches). Make sure spanning tree is enabled. Examine the spanning tree parameters of each bridge. Use ethereal to watch the packets on each of the LANs. Connect the LANs with redundant bridges as follows.

      

      Let the system come to equilibrium.

      • Which will be the root bridge?
      • Which will be the root port for the other bridge?
      • Which is the designated bridge on each LAN?
      • What do you expect the state of each port to be?
      • What packets do you expect to see on each LAN before the spanning tree comes to equilibrium and after it comes to equilibrium?

  25. Choose two bridges (i.e. switches). Connect them to two LANs as shown below. Use ethereal to watch the packets on each of the LANs. On bridge B1 enable spanning tree, and on bridge B2 disable spanning tree.

      

      • What packets do you expect to see on each LAN?
      • For bridge B1, what spanning tree configuration will the bridge settle into?

  26. Choose two bridges (i.e. switches). Disable spanning tree on both bridges. Connect them to two LANs as shown below. Using the console port on each bridge monitor the changes in the state of the ports. Use ethereal to watch the packets on each of the LANs. Enable spanning tree on both bridges.

      

      • What states do you expect the ports to be in as the spanning tree is developing and after it has reached equilibrium?
      • Disconnect one port from the root bridge. How will this affect the states of the ports and the packets seen on both LANs?

  27. Choose three bridges (i.e. switches). Disable spanning tree on all bridges. Connect them to three LANs as shown below. Using the console port on each bridge monitor the changes in the state of the ports. Use ethereal to watch the packets on each of the LANs. Enable spanning tree on all bridges.

      

      • What states do you expect the ports to be in as the spanning tree is developing and after it has reached equilibrium?
      • Disconnect both ports from the root bridge. How will this affect the states of the ports and the packets seen on all LANs?
      • Reconnect both ports of the bridge you previously disconnected. How will this affect the states of the ports and the packets seen on all LANs?

  28. Choose two bridges (i.e. switches). Enable spanning tree on both bridges. Connect them to two LANs as shown below. Using the console port on each bridge monitor the changes in the state of the ports. Use ethereal to watch the packets on each of the LANs.

      

      • Set the max age to the smallest possible value. What affect does this have if you disconnect the root bridge and reconnect it?
      • Set the max age to the largest possible value. What affect does this have if you disconnect the root bridge and reconnect it?
      • Return the max age to its default value. Set the hello time to its smallest possible value. What affect does this have if you disconnect the root bridge and reconnect it?
      • Set the hello time to its largest possible value. What affect does this have if you disconnect the root bridge and reconnect it?
      • Return the hello time to its default value. Set the forward delay to its smallest possible value. What affect does this have if you disconnect the root bridge and reconnect it?
      • Set the forward delay to its largest possible value. What affect does this have if you disconnect the root bridge and reconnect it?

      Other

  29. Determine whether the eth0 interfaces of the computers in the lab are on the same LAN.

  ---

  | Sonoma State University | CS Department | Computer and Engineering Science | Internet Teaching Laboratory | Lab Manual Table of Contents |