Types of Addresses in Internet

• Media Access Control (MAC) addresses in the network

access layer
▫ Associated w/ network interface card (NIC)
▫ 48 bits or 64 bits
• IP addresses for the network layer
▫ 32 bits for IPv4, and 128 bits for IPv6
▫ E.g., 123.4.56.7
• IP addresses + ports for the transport layer
▫ E.g., 123.4.56.7:80
• Domain names for the application/human layer
▫ E.g., www.google.com
 Why?

• Computers need MAC addresses!

If not – We couldn’t use physical layer to send IP packets: w
won't know where a particular IP packet should physically be sen

2
 Translation of Addresses

• Translation between IP addresses and MAC addresses

Address Resolution Protocol (ARP) for IPv4
Neighbor Discovery Protocol (NDP) for IPv6

•Translation between IP addresses and domain names (Domain

Name System (DNS))
 Reqmt of ARP

• IP – Source to Host delivery, may have hops in between

• Delivery to the next hop first

• Uses Services of data link layer, needs to know physical address

of next hop
 ARP Basics
• The Address Resolution Protocol (ARP)
• Usually considered to be a part of the link layer
• The physical layer has (e.g., 6 byte Ethernet)
addresses, while the network layer has independent (4
byte) IP addresses
 What is ARP used for?

•Suppose want to send a packet over an Ethernet.

• We only know the destination's IP address to build the

Ethernet frame we have to know the Ethernet address that the
destination has.

This is what ARP does: Find the hardware address

corresponding to an IP address

6
 LAN

System A System B

Request

Looking for physical address of a

node with IP address 141.23.56.23

a. ARP request is multicast

LAN

System A System B

Reply

The node physical address

is A4:6E:F4:59:83:AB

b. ARP reply is unicast

ARP Packet Format
The ARP packet is encapsulated in data link frame

Type field indicates date carried isa ARP Packet

13
 ARP Walkthrough Pt 1
1. ARP broadcasts an ARP Request packet that
contains the target IP address in an Ethernet frame
with destination address FF:FF:FF:FF:FF:FF (and
source its own Ethernet address)
2. All hosts on the local network read the frame
3. The target host recognises the request for its IP
address
 ARP Walkthrough Pt 2
4. The target sends an ARP Reply packet containing
its own Ethernet address (the other hosts need do
nothing)
5. It knows the source's Ethernet address as read from
the request packet
6. The source gets the reply and reads out the target's
Ethernet address
7. It can now use that Ethernet address to send IP
packets
 DHCP
• A client/server protocol designed to provide the four
pieces of information for a diskless computer or a
computer that is booted for the first time
• The IP address of the computer
• The subnet mask of the computer
• The IP address of a router
• The IP address of a name server
• The DHCP client and server can either be on the same
network or on different networks
 Same Network
• Administrator may put the client and the server on the
same network
 Same Network
• The DHCP server issues a passive open command on UDP port
number 67 and waits for a client
• A booted client issues an active open command on port number
68
• Message is encapsulated in a UDP user datagram, using the
destination port number 67 and the source port number 68
• The client uses all 0 as the source address and all 1 as the
destination address
• Server responds with either a broadcast or a unicast message
using UDP source port number 67 and destination port number 68
• Response can be unicast because the server knows the IP address
of the client
 DIFFERENT Network
• Client can be in one network and the server in another, separated by
several other networks
 DIFFERENT Network
• DHCP request is broadcast because the client does not
know the IP address of the server
• Broadcast IP datagram cannot pass through any router
• A router receiving such a packet discards it
• Need for an intermediary to solve this issue
• One of the hosts (or a router that can be configured to
operate at the application layer) can be used as a relay
• The host in this case is called a relay agent
• The relay agent knows the unicast address of a DHCP
server and listens for broadcast messages on port 67
 DIFFERENT Network
• RELAY AGENT receives this type of packet, it encapsulates
the message in a unicast datagram and sends the request
to the DHCP server
• Packet reaches the DHCP server
• The DHCP server knows the message comes from a relay
agent (the IP address of the relay agent)
• The relay agent, after receiving the reply, sends it to the
DHCP client
 DNS
• DNS stands for Domain Name Service. This service allows us to
access a node by its name. By default, nodes use IP addresses to
identify each other on the network.

• DNS service allows us to map a name to an IP address. When we

access a node by its name, the DNS service translates the name into
the IP address.
• Suppose you want to access the home page of Yahoo's site. For
this, you enter the following address in your web browser.
https://www.yahoo.com

• Your web browser connects the configured DNS server and sends a
request to convert the entered address into the IP address. DNS server
translates the address into the IP address and sends the IP address of
Yahoo's site. Your browser accesses Yahoo's site and displays it on the
viewport. Without DNS service, your browser will not be able to access
Yahoo's site. 22
 Network Address Translation (NAT)

• Original intention for NAT was to slow the depletion of

available IP address space by allowing many private IP
addresses to be represented by some smaller number
of public IP addresses
• NAT comes in really handy when two companies that
have duplicate internal addressing schemes
• when an organization changes its Internet service
provider (ISP) and the networking manager doesn’t
want the hassle of changing the internal address
scheme
Network Address Translation (NAT)
 Network Address Translation (NAT)

• The private network is invisible to the rest of the

Internet; the rest of the Internet sees only the NAT
router with the address 200.24.5.8.
• All of the outgoing packets go through the NAT router,
which replaces the source address in the packet with
the global NAT address.
• All incoming packets also pass through the NAT router,
which replaces the destination address in the packet
(the NAT router global address) with the appropriate
private address
Network Address Translation (NAT)
 Network Address Translation (NAT)

• Static NAT (one-to-one)

• one-to-one mapping between local and global addresses
• Dynamic NAT (many-to-many)
• map an unregistered IP address to a registered IP address
from out of a pool of registered IP addresses
• Overloading (one-to-many)
• overloading really is a form of dynamic NAT that maps
multiple unregistered IP addresses to a single registered IP
address, using different source ports
 IP V6
• An IPv6 address is 128 bits or 16 bytes
• Four times the address length in IPv4

• Even in hexadecimal format, address is very long

• Many of the digits are zeros
• We can abbreviate the address
 IP V6
• Leading zeros of a section can be omitted
• 0074 can be written as 74,
• 000F as F
• 0000 as 0
• Further abbreviation, called zero compression, can be
applied to colon hex notation if there are consecutive
sections consisting of zeros only
 Three Address Types

• Unicast Address
• defines a single interface (computer or
router)
• Anycast Address
• defines a group of computers that all share a
single address
• delivered to only one member of the group,
the most reachable one
 Three Address Types

• Multicast Address
• defines a group of computers
• In anycasting, only one copy of the packet is
sent to one of the members of the group;
• In multicasting each member of the group
receives a copy
• IPv6 does not define broadcasting
 IP V6

• IPv6 is divided into several blocks of varying size

• Most of the blocks are still unassigned and have been
set aside for future use
 IP V6
• Global Unicast Addresses
• The size of this block is 2125 bits
• An address in this block is divided into three
parts:
• global routing prefix (n bits)
• subnet identifier (m bits)
• interface identifier (q bits)
IP V6
VLAN
• A VLAN is a logical grouping of network users and resources
connected to administratively defined ports on a switch
• Ability to create smaller broadcast domains
• Frames broadcast onto the network are only switched between
the ports logically grouped within the same VLAN
VLAN
• Network adds, moves and changes are achieved with ease by
just configuring a port into the appropriate VLAN
• A group of users that need an unusually high level of security
can be put into its own VLAN so that users outside of the VLAN
can’t communicate with them
• As a logical grouping of users by function, VLANs can be
considered independent from their physical or geographic
locations
• VLANs greatly enhance network security
• VLANs increase the number of broadcast domains while
decreasing their size.
VLAN
• Broadcast control
• SECURITY
• Anyone connecting to the physical network could
access the network resources located on that
particular physical LAN.
• Observe any and all traffic
• Join a workgroup by just plugging their workstations
into the existing hub
• VLANS create multiple broadcast groups, you can have
total control over each port and user
VLAN
• Flexibility and Scalability
• Broadcasts sent out from a node in one VLAN won’t
be forwarded to ports configured to belong to a
different VLAN
• Gain the flexibility to add only the users you want into
that broadcast domain regardless of their physical
location
• Faulty broadcasts still happen but affected area is less
• When a VLAN gets too big, you can create more VLANs
to keep the broadcasts from consuming too much
bandwidth
VLAN
• Switches remove physical boundary
• Each switch port is then administratively assigned a VLAN
membership
• Communication between VLANs must go through a layer 3 device.
VLAN MEMBERSHIP
• VLANs are created by a sys admin who proceeds
to assign switch ports to each VLAN
• Static VLANS
• Dynamic VLANS
STATIC VLAN
• Most common way to create a VLAN
• Static VLANs are the most secure
• This security stems from the fact that any switch port
you’ve assigned a VLAN association to, will always
maintain that association unless you change the port
assignment manually
• Pretty easy to set up and supervise
• Works really well in a networking environment
where any user movement within the network
needs to be controlled
DYNAMIC VLAN
• Dynamic VLAN determines a node’s VLAN
assignment automatically
• Using intelligent management software, baseD on
hardware (MAC) addresses, protocols, or even
applications that create dynamic VLANs
• EX- MAC addresses have been entered into a
centralized VLAN management Appl
• VLAN management database can look up the
hardware address and both assign and configure
the switch port
• Management and configuration much easier
because if a user moves
PORTS
• An access port belongs to and carries the traffic of only
one VLAN
• Anything arriving on an access port is simply
assumed to belong to the VLAN assigned to the
port
• trunk ports can carry multiple VLANs at a time
• A trunk link is a 100- or 1000Mbps point-to-point
link between two switches, between a switch and
router, or even between a switch and server, and
it carries the traffic of multiple VLANs—from 1 to
4,094 at a time
• single port part of a whole bunch of different
VLANs at the same time
trunk
FRAME TAGGING
• Need a way for each one to keep track of all the users and frames as
they travel the switch fabric and VLANs
• frame identification method uniquely assigns a
user-defined VLAN ID to each frame
• identify the VLAN ID from the frame tag
• filter table has info of vlans
• If the frame reaches a switch that has another
trunked link, the frame will be forwarded out the
trunk-link port
• Once the frame reaches an exit that’s determined
by the forward/filter table to be an access link
matching the frame’s VLAN ID, the switch will
remove the VLAN identifier
Configuring vlans
• CREATE 3 VLANS
Configuring vlans
• After you create the VLANs that you want, you can use the
show vlan command to check them out
• Assigning Switch Ports to VLANs
Assigning switchports
• setting an access port on S1

• By starting with the switchport mode access command, you’re

telling the switch that this is a non trunking layer 2 port.
• You can then assign a VLAN to the port with the switchport
access command.
Configuring trunk port
• To configure trunking on a FastEthernet port, use the interface
command switchport mode trunk
• trunk configuration on interface fa0/8 as set to trunk
Configuring trunk port
• trunk ports send and receive information from all VLANs by
default remove VLANs from the allowed list to prevent traffic
from certain VLANs from traversing a trunked link
INTER VLAN
• By default, only hosts that are members of the same VLAN can
communicate
• To allow inter-VLAN communication, need a router or a layer 3
switch
• For a 2960 switch
• 2960#config t
• 2960(config)#interface fa0/1
• 2960(config-if)#switchport mode trunk
• VLAN 1: 192.168.10.16/28
• VLAN 2: 192.168.10.32/28
• VLAN 3: 192.168.10.48/28
INTER VLAN
INTER VLAN
• router’s interface is divided into logical interfaces—
one for each VLAN
• set the interface to trunk with the
encapsulation command
• ISR#config t
• ISR(config)#int f0/0.1
• ISR(config-subif)#encapsulation ?
• dot1Q IEEE 802.1Q Virtual LAN
• ISR(config-subif)#encapsulation dot1Q ?
• <1-4094> IEEE 802.1Q VLAN ID
INTER VLAN
• ISR#config t
• ISR(config)#int Fa0/0
• ISR(config-if)#no ip address
• ISR(config-if)#no shutdown
• ISR(config-if)#int f0/0.1
• ISR(config-subif)#encapsulation dot1q 1
• ISR(config-subif)#ip address 192.168.10.17 255.255.255.240
• ISR(config-subif)#int f0/0.2
• ISR(config-subif)#encapsulation dot1q 2
• ISR(config-subif)#ip address 192.168.10.33 255.255.255.240
• ISR(config-subif)#int f0/0.3
• ISR(config-subif)#encapsulation dot1q 3
• ISR(config-subif)#ip address 192.168.10.49 255.255.255.240