Dirty Question

spacenoxx

A 24 Port Cisco Catalyst switch is configured with 2 VLANs. Port 1-12 are configured in VLAN2 and 13-24 are configured in VLAN4. The Switch does not have Layer 3 capabilities. How will the switch handle a frame with Source MAC address in VLAN2 and a Destination MAC in VLAN4? (Select the best answer)

A. The Switch will flood the frame out of all ports in VLAN2, except for the port on which the frame was received.

B. The Switch will discard the frame.

C. The Switch will forward the frame to destination MAC Address.

D. The Switch will flood the frame out all of the ports in VLAN4.


I mean seriously. What do you answer to this? A or B?

gbdavidx

probably answer B would be my guess, since there is no routing it has no place to go since its on a seperate VLAN, seems like a trick question if there is no vlan 2 configured at all, it only mentions vlan 1 and vlan 4 with only 24 possible route destinations

spacenoxx

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

My bad. There is no VLAN1..just VLAN2 and VLAN4. Still the question remains..

RynoR

The Answer is A, it is a bit tricky - the switch will forward the frame out ALL ports except the recieving port. The frame will reach it's destination i.e the device in vlan 4 however the packet will be dropped due to no L3 capabilities.

EDIT: Sorry totaly wrong here. frames will be flooded out all ports in VLAN 2 only,

EdTheLad

[ REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST
A is correct, the src mac address being in Vlan 2, tells us that the frame will arrive in vlan 2 on the switch. The switch will check vlan 2 database for the destination mac, since it is unknown the switch will perform an unknown unicast flood out all ports in "VLAN2" except the receiving port. The frame will never reach it's destination as frames cannot be forwarded between different vlans. Even with a router on the vlan this frame would be useless, the originating device needs to send frames to a mac in vlan 2 i.e. the default gateway would have a dst mac in vlan 2.

The question is, how did the originating device in vlan 2 learn the dst mac address for the device in vlan 4?

Gngogh

if the swith does not have layer 3 capabilities.. we know that there is no communications between vlans
so what happen when a swith receive a frame and it doesnt know where to send it. it will flood all ports except the port on which the frame was received.

so the answer is A.

EdTheLad

Gngogh wrote: »

if the swith does not have layer 3 capabilities..

It doesn't matter if the switch has layer 3 capabilities or not, the behavior will be the same, it will be flooded.

Vask3n

Like others have mentioned, I think the logic here is as follows:

The switch receives a frame sourced from a MAC address in VLAN 2 and destined to some other MAC address (let's say we don't even know it's on VLAN 4- the switch just knows it's received a frame that is destined to a MAC it does not know about)

Since it does not know this destination MAC, it will perform a flooding out all ports except the one that sourced the data.

Since we know switches only perform CAM flooding to ports on the same VLAN, this makes A the best answer.

In shorter terms- the switch receives data destined to a MAC that is not in the CAM table for VLAN 2 and therefore floods the frame. The frame only gets flooded out all ports in VLAN 2 since that is the default behavior of CAM flooding.

davenull

EdTheLad wrote: »

The question is, how did the originating device in vlan 2 learn the dst mac address for the device in vlan 4?

That is a very valid question.

gorebrush

Answer is A, flooded out all ports in VLAN2.

It won't have the destination MAC address for the destination in the TCAM for VLAN2 hence floods to all ports out VLAN2.

It can't reference the one in VLAN4 - they are logically seperated.

clarson

it shouldn't have a mac address in vlan 4. the sending device should know vlan 4 is a differnet network and send the packet with the destination mac address as it's default gateway. but the destination ip address should be for vlan 4 which the gateway would route or drop.
if the switch didn't have the gateways mac address it would flood vlan 2's ports to get a response But, vlan 4's mac address shouldn't be there. unless someone was manufacturing packets to be that way.

spacenoxx

EdTheLad wrote: »

A is correct, the src mac address being in Vlan 2, tells us that the frame will arrive in vlan 2 on the switch. The switch will check vlan 2 database for the destination mac, since it is unknown the switch will perform an unknown unicast flood out all ports in "VLAN2" except the receiving port. The frame will never reach it's destination as frames cannot be forwarded between different vlans. Even with a router on the vlan this frame would be useless, the originating device needs to send frames to a mac in vlan 2 i.e. the default gateway would have a dst mac in vlan 2.

The question is, how did the originating device in vlan 2 learn the dst mac address for the device in vlan 4?

That was exactly my question in the practice test and I chose B as that would imply that the switch already has the MAC of the destination in its CAM table in which case it should drop.

I cant practically think of a real world scenario where a PC already knows the MAC address of a Host in different VLAN while the switch has no clue. Try imagining that..

The answer is A which is mind numbing. If that was the case there would normally be an indication in the question that the Switch has recently been restarted and the CAM table is empty or something to that effect.

How do you differentiate between both the scenarios where the switch has been running for a while vs one which just got restarted?

clarson

it isn't just a startup condition. the switch will never get a response for vlan 2 from a vlan 4 mac address. So, it never gets put in the cam table associated with vlan 2.
why is A a better answer than B. Because both always happen. mac not in address table. flood the ports. no response. drop the frame. Happens everytime. So why is one a better answer than the other.
The only reason I can think of is the switch always floods the ports before dropping the frame. It never just drops frame.

clarson

I cant practically think of a real world scenario where a PC already knows the MAC address of a Host in different VLAN while the switch has no clue. Try imagining that..

well how about this:
you have a pc that is connected to a vlan 4 port. pc's mac address tables only has vlan 4 mac addresses
unplug pc's cable from vlan 4. plug it into a vlan 2 access port.
pc is now going to think it's default route has a vlan 4 mac address. until the mac addresses time out.
although, it should also recognize that the default routes ip address is no long on it's network, but I haven't thought it all out.

markulous

Have to agree that it's A. The scenario is very odd as others have mentioned because of how the PC knows the MAC of the other PC but the switch does not, but either way it would just flood it out all ports on that VLAN other than the one that it received it from because the switch has no idea where that MAC address is.

spacenoxx

[ REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST
I have my ICND1 scheduled for Saturday 2:30pm and I have been getting 870s and the like on Boson. Although its also because I am making some silly mistakes such as not putting an answer in the drag and drop box on a subnet map cuase I didn't notice it.

Should I postpone it?

markulous

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

I wouldn't base it solely on your Boson practice exam. Look through the objectives and make sure you're comfortable with them. Make sure you know your show commands and have subnetting down.

Heero

@clarson

The switch will not drop the frame. It will flood it to every port in vlan 2 other than the port it received the frame on. The hosts that receive the frame due to flooding will see the MAC address doesn't match any MAC address they are listening to, and will then drop the frame. The switch doesn't drop anything.

And as for how the PC learned about the MAC address of a host in a different vlan in the first place? That is irrelevant to the question. Could be as simple as a static ARP entry, could be a program that injects a customized frame onto the network, could be that the PC in vlan 4 was previously in vlan 2 and then changed to vlan 4 but the sending PC still has a dynamic ARP entry, etc......

spacenoxx

markulous wrote: »

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

I wouldn't base it solely on your Boson practice exam. Look through the objectives and make sure you're comfortable with them. Make sure you know your show commands and have subnetting down.

Subnetting is fine. Unless you count the fact that you can use any ip in a subnet when using wildcards. Learnt that in todays practice exam. Always used the subnet number and the associated wildcard. It was a bit baffling and couldn;t belive until my 3550 accepted it. I mean
network 192.168.0.30 0.0.0.15 area 0 ???


Regarding the show commands they can be a bit weird.
Imagine an acl : access-list extended 101 permit tcp any any

which of the following show commands can be used to see such statements (choose the best answer):

1. sh access-lists
2. sh ip access-lists
3. sh cdp neigh .
4. sh running-config

clarson

Heero is right switches don't drop frames. in this case, like heero points out, the switch floods the ports then the devices that receive the frames see that the frame isn't intended for them, and they drop the frames. So, A is right.
one more question I should get right on the test. Thanks heero

spacenoxx

clarson wrote: »

Heero is right switches don't drop frames. in this case, like heero points out, the switch floods the ports then the devices that receive the frames see that the frame isn't intended for them, and they drop the frames. So, A is right.
one more question I should get right on the test. Thanks heero

Thats not entirely accurate. They do drop frames. In an Inter-VLAN routing enabled network, they drop when they see a VLAN tag thats not in their allowed list of VLANs.

jayskata

Going back to the basic operation of a switch. If destination MAC Address is unknown. Switch will flood all ports within its broadcast domain hence, ports on VLAN 2 only except the source port #.

chopsticks

I also choose Ans A because one of the main feature of VLAN is to break up Broadcast Domain. So since it does not know where is the destination MAC in relation with VLAN 2, it will broadcast out to all ports that belong to VLAN 2, except from the source port.

spacenoxx

I am not sure if people understood the title correctly.

I KNOW that A is the right answer. The question isn't about that at all. The question is how they 'mislead' by mentioning the known MAC, as usually it would mean the switch knows it too in which case it would look at the packet see that its intended for a port on different VLAN and would drop it (or atleast thats what I think). Reason behind that is the Mac table on a switch.


VLAN ---- MAC Address --- Type ---- Ports

2 aaaa.aaaa.aaaa dynamic Fa0/2
1 bbbb.bbbb.bbbb dynamic Fa0/1
4 cccc.cccc.cccc dynamic Fa0/4
3 dddd.dddd.dddd dynamic Fa0/3

Also, once the frame has been flooded and say eventually the switch comes to know the MAC of the host in VLAN4, would it continue to flood every packet meant for that host from VLAN2 hosts or would it ever decide to drop a packet?

Or do Switches drop packets for only for the those VLANs not in their allowed list, and always floods frames for known/unknown MACs in a different VLAN? Meaning dropping packets only happens when a trunk is involved. Is that so?

Yes thats the question I meant to ask.

jayskata

"Or do Switches drop packets for only for the those VLANs not in their allowed list, and always floods frames for known/unknown MACs in a different VLAN? Meaning dropping packets only happens when a trunk is involved. Is that so?"

Frames are dropped by trunk ports if not included on the allowed vlans. Logically speaking, if a frame with a different VLAN traverse a trunk port, the receiving end will still check its CAM table and based on that it will decide how it will forward the frame either unicast or broadcast. If it uses broadcast then it floods all the switchports and it will keep on sending broadcast as long as there is no ARP reply.

spacenoxx

jayskata wrote: »

"Or do Switches drop packets for only for the those VLANs not in their allowed list, and always floods frames for known/unknown MACs in a different VLAN? Meaning dropping packets only happens when a trunk is involved. Is that so?"

Frames are dropped by trunk ports if not included on the allowed vlans. Logically speaking, if a frame with a different VLAN traverse a trunk port, the receiving end will still check its CAM table and based on that it will decide how it will forward the frame either unicast or broadcast. If it uses broadcast then it floods all the switchports and it will keep on sending broadcast as long as there is no ARP reply.

So dropping frames happens only when trunks/STP is involved. Everywhere else its either forward the frame or flood. Is that it?

Guess I will understand more of this when preparing for ICND2.

jayskata

As far as I know, STP has nothing to do with how frames are handled by switches. Its main purpose is to eliminate switch loops. Try reviewing how switches operates and the definition of a Broadcast domain. Hence, the basic switch operations.

Check this out: http://www.startnetworks.info/2011/07/basic-working-of-switch.html

apr911

The answer is A.

Sure the switch knows about the MAC address in vlan 4 but the CAM table database is kept isolated between vlans which means for vlan 2 it doesnt know the MAC address and thus follows the default behavior, flooding the packet out all ports on vlan 2 except the receiving port. Many people have already given this answer yet the conversation still continues so here's another way of looking at...

What if your MAC address on vlan 4 is on a trunk port containing vlan 2 and 4... The server can be IP'd in both vlans but it may only be using the vlan 4 IP as its default thus the switch would remain unaware of the IP/MAC on vlan 2 (though it would learn the IP when the server ARP'd for it unless it has a static arp configured).

Or what about MAC Address spoofing/masquerading? This is common practice, particularly when dealing with a network device with HA failover and no-gratuitous ARP capablities (i.e. F5 Loadbalancers).

spacenoxx

As per that diagram and explanation :

4. "If the destination address and the source address of the frame are in the same network segment, the frame is discarded and switching is not performed."

Same network segment = As in connected via a Trunk or Wi-Fi AP or anything else landing on the same switch port?

spacenoxx

apr911 wrote: »

The answer is A.

Sure the switch knows about the MAC address in vlan 4 but the CAM table database is kept isolated between vlans which means for vlan 2 it doesnt know the MAC address and thus follows the default behavior, flooding the packet out all ports on vlan 2 except the receiving port. Many people have already given this answer yet the conversation still continues so here's another way of looking at...

What if your MAC address on vlan 4 is on a trunk port containing vlan 2 and 4... The server can be IP'd in both vlans but it may only be using the vlan 4 IP as its default thus the switch would remain unaware of the IP/MAC on vlan 2 (though it would learn the IP when the server ARP'd for it unless it has a static arp configured).

Or what about MAC Address spoofing/masquerading? This is common practice, particularly when dealing with a network device with HA failover and no-gratuitous ARP capablities (i.e. F5 Loadbalancers).

Ahh..thanks a lot. This explains it. I wasn't aware of the CAM table database being isolated between VLANs. Infact I even showed a CAM table but no one mentioned about the isolation. Although it now makes perfect sense...and I feel like an idiot for not thinking of it

jayskata

apr911 wrote: »

the CAM table database is kept isolated between vlans which means for vlan 2 it doesnt know the MAC address and thus follows the default behavior, flooding the packet out all ports on vlan 2 except the receiving port.

I knew the switch keeps a different CAM per VLAN. It was mentioned on one of Jeremy Cioara's videos but I wasn't sure how to check that on the switch and so I didn't mention it to spacenoxxx. Thanks for clearing that out. Now I know.