Data Link Layer (Layer 2)
The Data Link Layer (Layer 2) of the OSI model is
responsible for node-to-node communication, error
detection, and framing. It ensures reliable data transfer
across a physical network.
a node is a device that can receive, create, store, or forward data along a
communications path
• The data link layer of the OSI model (Layer 2) prepares network data for the
physical network. The data link layer is responsible for network interface card
(NIC) to network interface card communications.
• Enables upper layers to access the media. The upper layer protocol is
completely unaware of the type of media that is used to forward the data.
• Accepts data, usually Layer 3 packets (i.e., IPv4 or IPv6), and encapsulates
them into Layer 2 frames.
• Controls how data is placed and received on the media.
• Exchanges frames between endpoints over the network media.
• Receives encapsulated data, usually Layer 3 packets, and directs them to the
proper upper-layer protocol.
• Performs error detection and rejects any corrupt frame.
IEEE 802 LAN/MAN Data Link Sublayers
• IEEE 802 LAN/MAN standards are specific to Ethernet LANs, wireless LANs
(WLAN), wireless personal area networks (WPAN) and other types of local and
metropolitan area networks. The IEEE 802 LAN/MAN data link layer consists of
the following two sublayers:
• Logical Link Control (LLC) - This IEEE 802.2 sublayer communicates between the
networking software at the upper layers and the device hardware at the lower
layers. It places information in the frame that identifies which network layer
protocol is being used for the frame. This information allows multiple Layer 3
protocols, such as IPv4 and IPv6, to use the same network interface and media.
• Media Access Control (MAC) - Implements this sublayer (IEEE 802.3, 802.11, or
802.15) in hardware. It is responsible for data encapsulation and media access
control. It provides data link layer addressing and it is integrated with various
physical layer technologies.
• The MAC Sublayer Provides data encapsulation through frame delimiting,
addressing, and error detection
Data Link Layer Standards
• Data link layer protocols are generally not defined by Request for
Comments (RFCs), unlike the protocols of the upper layers of the TCP/IP
suite. The Internet Engineering Task Force (IETF) maintains the functional
protocols and services for the TCP/IP protocol suite in the upper layers, but
they do not define the functions and operation of the TCP/IP network
access layer.
• Engineering organizations that define open standards and protocols that
apply to the network access layer (i.e., the OSI physical and data link layers)
include the following:
1. Institute of Electrical and Electronics Engineers (IEEE)
2. International Telecommunication Union (ITU)
3. International Organization for Standardization (ISO)
4. American National Standards Institute (ANSI)
Topologies
• Two types of topologies used in LAN and WAN networks are physical
and logical
• Data link layer “sees” the logical topology of a networks when
controlling data access to the media.
• Logical topology influences the type of network framing and media
access control used.
• Common types of physical WAN topologies are
1. Point to point: directly connect two end devices
2. Hub and spoke
3. mesh
Multi-access networks
• Network that can have multiple nodes accessing the network
simultaneously
Two basic access control methods for shared media:
1. Contention-based access: all nodes operating in half-duplex
i. CSMA/CD : for Bus topology Ethernet LANS
ii. CSMA/CA : for WLAN(wireless LAN)
2. Controlled access
Data link Frame
• Prepares the encapsulated data (IPv4 or IPv6 packet) for transmission by
encapsulating it with a header and trailer to create a frame.
• Data link protocol is responsible for NIC-to-NIC communications within the same
network
• Different data link layer protocols that describe data link layer frames, each frame
type has three basic parts: Header, Data and Trailer.
• There is no one frame structure that meets the needs of all data transportation
across all types of media.
• Frame structure depends on : control information for media and logical topology
• Frame fields include: Frame start and stop indicator flags, addressing, type, control,
data and error detection.
• Data link layer protocols include: Ethernet, 802.11 Wireless, PPP, HDLC and Frame
Relay.
Data link layer Frame
Frame start and stop indicator flags - Used to identify the beginning and end limits of the frame.
Addressing - Indicates the source and destination nodes on the media.
Type - Identifies the Layer 3 protocol in the data field.
Control - Identifies special flow control services such as quality of service (QoS). QoS gives forwarding priority to certain types
of messages. For example, voice over IP (VoIP) frames normally receive priority because they are sensitive to delay.
Data - Contains the frame payload (i.e., packet header, segment header, and the data).
Error Detection - Included after the data to form the trailer.
Layer 2 Addresses
• Device addresses at this layer are referred to as physical addresses.
• The data link layer address is only used for local delivery.
• Addresses at this layer have no meaning beyond the local network.
Compare this to Layer 3, where addresses in the packet header are carried
from the source host to the destination host, regardless of the number of
network hops along the route.
• The router must accept the frame based on the physical address and de-
encapsulate the frame in order to examine the hierarchical address, which is
the IP address. Using the IP address, the router can determine the network
location of the destination device and the best path to reach it. When it
knows where to forward the packet, the router then creates a new frame for
the packet, and the new frame is sent on to the next network segment
toward its final destination.
LAN and WAN Frames
• Ethernet protocols are used by wired LANs. Wireless communications fall
under WLAN (IEEE 802.11) protocols. These protocols were designed for
multiaccess networks.
• WANs traditionally used other types of protocols for various types of
point-to-point, hub-spoke, and full-mesh topologies. Some of the common
WAN protocols over the years have included:
• Point-to-Point Protocol (PPP)
• High-Level Data Link Control (HDLC)
• Frame Relay
• Asynchronous Transfer Mode (ATM)
• X.25
These Layer 2 protocols are now being replaced in the WAN by Ethernet.
• The difference in bandwidth normally results in the use of different
protocols for LANs and WANs.
Data link layer protocols include:
• Ethernet
• 802.11 Wireless
• Point-to-Point Protocol (PPP)
• High-Level Data Link Control (HDLC)
• Frame Relay
Ethernet Switching
Ethernet Frame Fields
• The minimum Ethernet frame size is 64 bytes and the expected
maximum is 1518 bytes.
• The preamble field is not included when describing the size of the
frame.
• Any frame less than 64 bytes in length is considered a “collision
fragment” or “runt frame” and is automatically discarded by receiving
stations. Frames with more than 1500 bytes of data are considered
“jumbo” or “baby giant frames”.
MAC Address and Hexadecimal
• IPv4 addresses are represented using the decimal base ten number system and
the binary base 2 number system. IPv6 addresses and Ethernet addresses are
represented using the hexadecimal base sixteen number system.
• The hexadecimal numbering system uses the numbers 0 to 9 and the letters A
to F.
• An Ethernet MAC address consists of a 48-bit binary value. a single
hexadecimal digit represents four binary bits. Therefore, a 48-bit Ethernet MAC
address can be expressed using only 12 hexadecimal values.
• Hexadecimal numbers are often represented by the value preceded by 0x (e.g.,
0x73) to distinguish between decimal and hexadecimal values in
documentation.
• Hexadecimal may also be represented by a subscript 16, or the hex number
followed by an H (e.g., 73H).
Decimal and
Binary
Equivalents of
0 to F
Hexadecimal
Ethernet MAC Address
• MAC addressing provides a method for device identification at the data link layer of
the OSI model.
• An Ethernet MAC address is a 48-bit address expressed using 12 hexadecimal digits.
• Because a byte equals 8 bits, we can also say that a MAC address is 6 bytes in
length.
• When a vendor assigns a MAC address to a device or Ethernet interface, the vendor
must do as follows:
• Use its assigned organizationally unique identifier(OUI) as the first 6 hexadecimal digits.
• Assign a unique value in the last 6 hexadecimal digits.
The IEEE has assigned Cisco a OUI of 00-60-2F. Cisco would then configure the device
with a unique vendor code such as 3A-07-BC. Therefore, the Ethernet MAC address
of that device would be 00-60-2F-3A-07-BC.
Ethernet MAC Address
•A MAC (Media Access Control) address is a 48-bit (6-byte) unique
identifier assigned to a network interface.
•Represented in hexadecimal (e.g., 00:1A:2B:3C:4D:5E).
•Types:
•Unicast: Sent to a single device.
•Multicast: Sent to a group of devices.
•Broadcast: Sent to all devices (FF:FF:FF:FF:FF:FF).
•Structure:
•First 3 bytes (OUI): Manufacturer ID (e.g., Cisco, Intel).
•Last 3 bytes: Device-specific ID.
Frame Processing
• Sometimes the MAC address is referred to as a burned-in address (BIA) because the
address is hard coded into read-only memory (ROM) on the NIC.
• Note: On modern PC operating systems and NICs, it is possible to change the MAC
address in software. This is useful when attempting to gain access to a network that
filters based on BIA. Consequently, filtering or controlling traffic based on the MAC
address is no longer as secure.
• When the computer boots up, the NIC copies its MAC address from ROM into RAM.
When a device is forwarding a message to an Ethernet network, the Ethernet
header includes these:
• Source MAC address - This is the MAC address of the source device NIC.
• Destination MAC address - This is the MAC address of the destination device NIC.
• Note: Ethernet NICs will also accept frames if the destination MAC address is a
broadcast or a multicast group of which the host is a member.
Unicast MAC Address
• In Ethernet, different MAC addresses are used for Layer 2 unicast,
broadcast, and multicast communications.
• A unicast MAC address is the unique address that is used when a
frame is sent from a single transmitting device to a single destination
device.
• The process that a source host uses to determine the destination
MAC address associated with an IPv4 address is known as Address
Resolution Protocol (ARP). The process that a source host uses to
determine the destination MAC address associated with an IPv6
address is known as Neighbor Discovery (ND).
• Note: The source MAC address must always be a unicast.
Broadcast MAC Address
• An Ethernet broadcast frame is received and processed by every
device on the Ethernet LAN. The features of an Ethernet broadcast
are as follows:
• It has a destination MAC address of FF-FF-FF-FF-FF-FF in
hexadecimal (48 ones in binary).
• It is flooded out all Ethernet switch ports except the incoming
port.
• It is not forwarded by a router.
Multicast MAC Address
• An Ethernet multicast frame is received and processed by a group of
devices on the Ethernet LAN that belong to the same multicast group.
• There is a destination MAC address of 01-00-5E when the encapsulated
data is an IPv4 multicast packet and a destination MAC address of 33-33
when the encapsulated data is an IPv6 multicast packet.
• There are other reserved multicast destination MAC addresses for when
the encapsulated data is not IP, such as Spanning Tree Protocol (STP) and
Link Layer Discovery Protocol (LLDP).
• It is flooded out all Ethernet switch ports except the incoming port, unless
the switch is configured for multicast snooping.
• It is not forwarded by a router, unless the router is configured to route
multicast packets.
• The range of IPv4 multicast addresses is 224.0.0.0 to 239.255.255.255.
• The range of IPv6 multicast addresses begins with ff00::/8.
Switch Fundamentals
• A Layer 2 Ethernet switch uses Layer 2 MAC addresses to make
forwarding decisions. It is completely unaware of the data (protocol)
being carried in the data portion of the frame, such as an IPv4 packet,
an ARP message, or an IPv6 ND packet. The switch makes its
forwarding decisions based solely on the Layer 2 Ethernet MAC
addresses.
• The MAC address table is sometimes referred to as a content
addressable memory (CAM) table. While the term CAM table is fairly
common, for the purposes of this course, we will refer to it as a MAC
address table.
Switch Learning and Forwarding
• Ethernet switches keep an entry in the table for 5 minutes.
• Note: If the source MAC address does exist in the table but on a
different port, the switch treats this as a new entry. The entry is
replaced using the same MAC address but with the more current port
number.
• If the destination MAC address is not in the table, the switch will
forward the frame out all ports except the incoming port. This is
called an unknown unicast.
• Note: If the destination MAC address is a broadcast or a multicast,
the frame is also flooded out all ports except the incoming port.
Filtering Frames
• A switch can have multiple MAC addresses associated with a single
port. This is common when the switch is connected to another switch.
The switch will have a separate MAC address table entry for each
frame received with a different source MAC address.
Frame Forwarding Methods on Cisco Switches
• Store-and-forward switching - This frame forwarding method receives the
entire frame and computes the CRC. CRC uses a mathematical formula,
based on the number of bits (1s) in the frame, to determine whether the
received frame has an error. If the CRC is valid, the switch looks up the
destination address, which determines the outgoing interface. Then the
frame is forwarded out of the correct port.
• Cut-through switching - This frame forwarding method forwards the frame
before it is entirely received. At a minimum, the destination address of the
frame must be read before the frame can be forwarded.
1. Fast-forward switching - Fast-forward switching offers the lowest level of latency.
2. Fragment-free switching - In fragment-free switching, the switch stores the first
64 bytes of the frame before forwarding.
Memory Buffering on Switches
• An Ethernet switch may use a buffering technique to store frames before
forwarding them. Buffering may also be used when the destination port is
busy because of congestion. The switch stores the frame until it can be
transmitted.
1. Port-based memory: frames are stored in queues that are linked to
specific incoming and outgoing ports.
2. Shared memory: Deposits all frames into a common memory buffer
shared by all switch port and the amount of buffer memory required by a
port is dynamically allocated.
This is important with asymmetric switching which allows for different data
rates on different ports such as when connecting a server to a 10 Gbps
switch port and PCs to 1 Gbps ports.
Auto-MDIX
• Connections between devices once
required the use of either a crossover
or straight-through cable. The type of
cable required depended on the type
of interconnecting devices.
• A crossover cable is used when
connecting like devices, and a
straight-through cable is used for
connecting unlike devices.
Switch Speed and Forwarding Methods
• Switch Speed
• Port Speed: Typically 10/100/1000 Mbps (Gigabit Ethernet).
• Backplane Speed: Determines total switching capacity.
• Forwarding Rate: Frames processed per second (e.g., 1 Gbps switch can
forward ~1.48 million 64-byte frames per second).
Method Description Advantages Disadvantages
Receives entire frame, checks CRC, then Error-free
Store-and-Forward Higher latency.
forwards. transmission.
Forwards frame as soon as destination
Cut-Through Low latency. No error checking.
MAC is read.
Checks first 64 bytes (collision fragment Balances speed &
Fragment-Free Moderate latency.
threshold). error checking.
PPP (Point-to-Point Protocol)
•Purpose: Used for direct communication between two nodes (e.g., dial-up, leased lines).
•Features:
•Authentication (PAP, CHAP).
•Multiplexing (supports multiple network protocols).
•Error detection (but no recovery).
•Frame Format:
•Flag (1 byte): Start/end delimiter (0x7E).
•Address (1 byte): Broadcast (0xFF).
•Control (1 byte): Unnumbered information (0x03).
•Protocol (2 bytes): Identifies payload (e.g., IPv4, IPv6).
•Data (Variable): Encapsulated packet.
•FCS (2/4 bytes): Error detection.
STP (Spanning Tree Protocol)
• The Spanning Tree Protocol (STP) is a network protocol designed to
prevent loops in Ethernet networks while ensuring redundancy. It was
standardized as IEEE 802.1D and is crucial in switched networks to
avoid broadcast storms and unstable forwarding paths.
How STP Works:
1. Elects a Root Bridge (Switch):
• STP selects a Root Bridge (the reference point for the network) based on the
lowest Bridge ID (BID), which consists of:
• A configurable priority value (default: 32768)
• The switch’s MAC address
• All other switches determine the best path to the Root Bridge.
2. Selects Root Ports on Non-Root Switches:
• Each non-root switch selects a Root Port (the best path to the Root Bridge)
based on:
• Lowest Root Path Cost (accumulated cost of all links to the root)
• If costs are equal, the switch with the lowest BID is chosen.
3. Selects Designated Ports for Each Segment:
• On each network segment, STP elects a Designated Port (forwarding port)
that has the lowest path cost to the Root Bridge.
• All other ports are placed in a blocking state to prevent loops.
4. Blocks Redundant Paths:
• STP disables (blocks) redundant paths, leaving only one active path to the
Root Bridge.
• If the primary path fails, STP recalculates and activates a backup path.
STP Port States:
• Blocking – No forwarding, only listens to BPDUs.
• Listening – Processes BPDUs but doesn’t forward data.
• Learning – Builds MAC table but doesn’t forward frames.
• Forwarding – Fully operational, forwards data.
• Disabled – Administratively shut down.
STP Variants:
1. Traditional STP (802.1D) – Original, slow convergence (~30-50 sec).
2. Rapid STP (RSTP, 802.1w) – Faster convergence (~1-2 sec), replaces
older STP.
3. Multiple STP (MSTP, 802.1s) – Allows multiple VLANs to map to a
single STP instance.
4. Per-VLAN STP (PVST/PVST+) – Cisco proprietary, runs a separate
STP instance per VLAN.
Key STP Terms:
• BPDU (Bridge Protocol Data Unit) – Messages exchanged between
switches for STP operation.
• Root Bridge – The central reference switch.
• Root Port – The best path to the Root Bridge on non-root switches.
• Designated Port – The forwarding port on a network segment.
• Alternate/Backup Port – A blocked port that can take over if the
primary fails.
VLAN (Virtual LAN)
• Purpose: Logically segments a physical network into
multiple broadcast domains.
• Benefits:
• Improved Security: Isolates traffic between VLANs.
• Reduced Broadcast Traffic: Limits broadcast domains.
• Flexibility: Devices can be grouped logically (not physically).
• Types:
• Port-based VLAN: Assigns ports to a VLAN.
• Tagged VLAN (802.1Q): Adds a VLAN ID (12-bit) to Ethernet frames.
• VLAN Trunking: Uses 802.1Q tagging to carry multiple VLANs over a
single link.
Introduction to the Data Link Layer
Function: Provides reliable data transfer between directly connected nodes.
Sub-layers:
Logical Link Control (LLC): Manages flow control, error checking, and
multiplexing.
Media Access Control (MAC): Handles addressing and channel access.
Key Responsibilities:
Framing: Encapsulates network layer data into frames.
Physical Addressing (MAC Addressing): Uses MAC addresses for device
identification.
Error Control: Detects and retransmits corrupted frames.
Flow Control: Regulates data transmission speed.
Access Control: Determines which device can transmit in shared media.