Compute networking sometimes gives new ITers a feeling of confusion and complication when they start learning networking, this post will simply explain it in laymen terms and provide a basic concept and some basic configuration on Cisco productions for reference.
So what is layer 2 communication? What does it provide or allow us to do? What is networking HUB and what can it do? What is the different between network switches? What are LAN and what are VLANs? (This post will explain the ethernet network only)
Layer 2 communication:
What is layer 2 communication?
A layer 2 communication is 2 or more PCs talking (passing frames) within a LAN (broadcast domain, aka layer 2 network) when they are using the same network range (IP address range). We could refer it to a warehouse with people talking together, and everyone within the same warehouse can talk to each other.
One of an example is playing LAN (Local Area Network) games in “Age of Empires 2” with multiple players with multiple computers within a household via a home router (or residential gateway to be more precise). LAN games can be played within a broadcast domain without the require of internet as long as all players are connecting to the same network.
So how do we let 2 or more PCs talk together? Or how do we put people into the same warehouse for talking?
– If we want to allow 2 PCs talk together, we can directly connect them together using a “cross over” cable.
– we could create a “warehouse for PCs” by connecting them to the same a device call HUB or Switch.
So what is this HUB?
HUB is a solution to let more than 2 PCs talking to each others, and allow more PCs to join to the broadcast domain for talking. So we have a way to put the PCs into the “warehouse ” for talking now.
Since HUB is a repeater, it will copy every message within the broadcast domain to every PCs. It means when PC-01 talks to PC-02, PC-03 will be able to listen to the whole conversation even it was not intended to listen to. Plus when PC-01 is talking to PC-02, PC-03 cannot talk to any other PCs. If they talk at the same time, collision will occur, and we call this kind of network connection as a one big collision domain.
Think of it as 2 people within the same warehouse talk, and everyone in the warehouse will be able to hear. And now when one person is talking, every people will have to listen, and they have to wait to talk until the first person is done talking.
So now this solution is giving us another problems, which is the confidential issue and performance issue. Based on this setup, there is an enhancement called “switching”.
Layer 2 switching
How does this “switching” could over come the issue from HUB. The network looks pretty much the same to me as below.
Indeed, the connection and the structure is similar with the HUB, but switch is a whole new level of device. Switch basically is a device with a collection of bridge ports, which also means every port is a collision domain, and when PC-01 is talking to PC-02, PC-03 does not have to wait for PC-01 to finish in order to talks.
So now we could think of it as a warehouse of people will have a partition for talking, and their conversation will only be listened by the intended recipient and no other unintended recipients will be able to sniff. But still everyone in the same warehouse are still in one big broadcast domain even they are within their own collision domain.
Use case with networking switch:
OK, now we know the functionality of the switch, but why do we need one when my home router has 4 switch ports already?
For home routers (or residential gateway), they combine a router, a switch, and a wifi access point into a single box in a very low price to serve a small size network that is under 5 to 10 users. They also have feature that switches do not have called NAT. This NAT feature allows sharing 1 home internet link for more than 1 devices to go onto the internet. (We will describe it in layer 3 post.) They usually come with 4 LAN ports and 1 INTERNET port, like the image below. (But what if we are running out of LAN ports in my home router?)
Therefore we have a solution call switches, the main purpose of a switch is to expend the available ports for network cable connection. For instance, if the residential gateway is running out of the LAN port, connecting the switch to a residential gateway allows more PCs, network printers, or even Xbox and playstation 4 joining together into a broadcast domain. With the switch below, we can connect 20 more devices into a broadcast domain “wirely”.
What is a VLAN and what is the different between LAN and VLAN?
From the previous sample, we understand LAN is a broadcast domain that every PC should be able to talk to each other when they are located in the same network range. But if I want to prevent several PCs that is physically connected to the same switch from talking to each other or separate those PCs into different broadcast domain with the same switch, then VLAN will be a solution.
VLAN stands for Virtual Local Area Network. It means we can apply different LANs within a physical switch.We could take it as a giving a one big warehouse into different rooms. So people within the same warehouse can only talk to people in the same room.
So each vlan is a individual broadcast domain and will not be able to pass traffic between them without the use of routing device.
Let s go for some hands on. I have attached a Cisco packet tracer file for reference. It is at the end of this post. To run the packet tracer lab file, please download a program called Cisco packet tracer from Cisco web sites for learning purpose.
The URL is: https://www.netacad.com/about-networking-academy/packet-tracer/
Sample 01 – a node to node connection between 2 PCs. I have setup the IP address as listed under the icons. This sample does not have anything special except those 2 nodes are using a “cross over” cable for connection. Although the decent computers can be connected via a straight-through cable, the best practice would be using “cross over” for node to node connection, e.g. router to router.
Sample 02 – it is an extend of sample 01. It has one more PC connected to the broadcast domain. In this case, the switch of Cisco 2960 is used with default settings. 3 of the PCs are within the VLAN1 broadcast domain. If we ping from PC-01 to PC-02, it shows that PC-03 cannot listen to those packets from the sniffer in the front.
- at the cisco switch, we can check the vlan and port assignment by using the following commands:
- It shows that Fa0/1 to Fa0/4 are using vlan 1
- PC-01, PC-02, PC-03 is able to ping to each other.
- When ping from PC-01 to PC-02, the sniffer in front of the PC-03 will not be able to listen to it.
Sample 02.1 – it is an extend of sample 01. 3 of the PCs are connected to the HUB. This is to show the behavior of the HUB. If we ping from PC-01 to PC-02, it shows that PC-03 can listen to those packets from the sniffer in the front.
- From the sniffer in front of the PC-03, it shows there are ICMP packets coming into PC-03 sniffer s port.
Sample 03 – This is a sample of using vlan to show the behavior of how vlan works. In this sample, 4 of the PCs are seperated by 2 vlans, even 4 of them are in the same network range, only those within the broadcast domain can reach together.
- At the switch, there are configuration showing f0/1 and f0/2 is using vlan 1 and f0/3 and f0/4 using vlan 2.
- Now, only PC-01 can ping to PC-02, and PC-03 can ping to PC-04 only.
Sample 04 – This is a sample of extending multi vlans (vlans 1 and vlan 2) from Switch1 to Switch2. Both switches are trunk at port G0/24. Now each switch is holding 2 machines at different vlans, and each of them is able to ping to another machines that is in the same broadcast domain.
- PC-01 can ping to PC-02, and PC-03 can ping to PC-04 across both trunked switches.
The attachment is the cisco packet tracer file for the lab above. To run it, please download the file and rename the extension from layer2_lab.doc to layer2_lab.zip, and unzip the pkt file out of it.