Tag Archives: layer2

Ethernet

Great article with header description:
https://learningnetwork.cisco.com/docs/DOC-26145

https://en.wikipedia.org/wiki/Ethernet_frame

https://en.wikipedia.org/wiki/IEEE_802.1Q

The SNAP is an extension of the 802.2 LLC specified in the IEEE 802 Overview and Architecture document.[2] The 5-octet SNAP header follows the 802.2 LLC header if the destination SAP (DSAP) and the source SAP (SSAP) contain hexadecimal values of AA or AB:

802.2 LLC Header SNAP extension
DSAP SSAP Control OUI Protocol ID
1 octet 1 octet 1 or 2 octets 3 octets 2 octets

The SNAP header consists of a 3-octet IEEE Organizationally Unique Identifier (OUI) followed by a 2-octet protocol ID. If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type (EtherType) field value for the protocol running on top of SNAP; if the OUI is an OUI for a particular organization, the protocol ID is a value assigned by that organization to the protocol running on top of SNAP.
SNAP is usually used with Unnumbered Information 802.2 protocol data units (PDUs), with a control field value of 3, and the LSAP values are usually hexadecimal AA, so the 802.2 LLC header for a SNAP packet is usually AA AA 03; however, SNAP can be used with other PDU types as well.
On Ethernet, the 8 octets occupied by the LLC and SNAP headers reduce the size of the available payload for protocols such as the Internet Protocol to 1492 bytes, compared to the use of the Ethernet II framing; therefore, for protocols that have EtherType values, packets are usually transmitted with Ethernet II headers rather than with LLC and SNAP headers. On other network types, the LLC and SNAP headers are required in order to multiplex different protocols on the link layer, as the MAC layer doesn’t itself have an EtherType field, so there’s no alternative framing that would have a larger available payload.

Private Vlans

  • Promiscuous (“P”) port: Usually connects to a router. This port type is allowed to send and receive L2 frames from any other port on the VLAN
  • Isolated (“I”) port: This type of port is only allowed to communicate with “P”-ports . i.e., they are “stub” port. You commonly see these ports connecting to hosts.
  • Community (“C”) port: Community ports are allowed to talk to their buddies, sharing the same community (group) and to .P.-ports.
  • The Primary VLAN delivers frames downstream from the router (promisc port) to all mapped hosts.
  • The Isolated VLAN transports frames from the stub hosts upstream to the router
  • The Community VLANs allow bi-directional frame exchange withing a single group, in addition to forwarding frames upstream towards “P”-ports.
  • Ethernet MAC address learning and forwarding procedure remain the same, as well as broadcast/multicast flooding procedure within boundaries of primary/secondary VLANs.
Switch# configure terminal
 Switch(config)# vlan 20
 Switch(config-vlan)# private-vlan primary
 Switch(config-vlan)# exit
 Switch(config)# vlan 501
 Switch(config-vlan)# private-vlan isolated
 Switch(config-vlan)# exit
 Switch(config)# vlan 502
 Switch(config-vlan)# private-vlan community
 Switch(config-vlan)# exit
 Switch(config)# vlan 503
 Switch(config-vlan)# private-vlan community
 Switch(config-vlan)# exit
 Switch(config)# vlan 20
 Switch(config-vlan)# private-vlan association 501-503
 Switch(config-vlan)# end
 Switch(config)# show vlan private vlan
 Primary Secondary Type Ports
 ------- --------- ----------------- ------------------------------------------
 20 501 isolated
 20 502 community
 20 503 community
 20 504 non-operational
Switch# configure terminal
 Switch(config)# interface gigatibethernet0/22
 Switch(config-if)# switchport mode private-vlan host
 Switch(config-if)# switchport private-vlan host-association 20 501
 Switch(config-if)# end
Switch# configure terminal
 Switch(config)# interface gigatibethernet0/2
 Switch(config-if)# switchport mode private-vlan promiscuous
 Switch(config-if)# switchport private-vlan mapping 20 add 501-503
 Switch(config-if)# end