Skip to content
My Docs

Ethernet And Data Link Layer

Category: Network Fundamentals
Type: Network Concepts
Generated on: 2025-07-10 08:51:46
For: Network Engineering, Administration & Technical Interviews

Ethernet & Data Link Layer Cheat Sheet

Section titled “Ethernet & Data Link Layer Cheat Sheet”

What is it? The Data Link Layer (Layer 2 of the OSI model) is responsible for reliable transmission of data frames between two nodes directly connected by a physical link. Ethernet is the dominant technology used at this layer in local area networks (LANs). It defines how data is formatted for transmission, how access to the network is controlled, and how errors are detected.

Why is it important? It provides a reliable and efficient way to transmit data across a local network. Without it, applications couldn’t communicate reliably, leading to data corruption and network instability. It’s the foundation upon which higher-layer protocols like TCP/IP operate.

  • MAC Address: A unique 48-bit hexadecimal address assigned to a network interface card (NIC). Used for identifying devices within a local network. Example: 00:1A:2B:3C:4D:5E
  • Ethernet Frame: The basic unit of data transmission on an Ethernet network.
  • MTU (Maximum Transmission Unit): The largest size of a packet that can be transmitted on a network. Standard Ethernet MTU is 1500 bytes.
  • Collision Domain: An area of a network where devices compete for access to the network medium. Collisions degrade performance. Switches eliminate collision domains.
  • Broadcast Domain: An area of a network where a broadcast frame is forwarded to all devices. Routers segment broadcast domains.
  • CSMA/CD (Carrier Sense Multiple Access with Collision Detection): A media access control method used in older Ethernet networks (like 10BASE-T and 100BASE-TX) to detect and resolve collisions. Modern Ethernet uses switches, eliminating the need for CSMA/CD.
  • CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance): Used in wireless networks to avoid collisions.
  • VLAN (Virtual LAN): A logical grouping of network devices that allows them to communicate as if they were on the same physical network segment, even if they are geographically dispersed.
  • Switch: A network device that forwards traffic based on MAC addresses. It learns MAC addresses by examining the source MAC address of incoming frames and storing it in a MAC address table.
  • Spanning Tree Protocol (STP): A protocol that prevents loops in a switched network by blocking redundant paths.
  • Link Aggregation (LAG/EtherChannel): Combining multiple physical links into a single logical link to increase bandwidth and provide redundancy.
  • Quality of Service (QoS): Mechanisms to prioritize certain types of network traffic over others.
  • Jumbo Frames: Ethernet frames larger than the standard 1500-byte MTU. Typically 9000 bytes. Used to improve network efficiency in certain environments.

Ethernet Frame Transmission (Simplified):

  1. Data Preparation: An upper-layer protocol (e.g., TCP) prepares data for transmission.
  2. Frame Creation: The Data Link Layer encapsulates the data into an Ethernet frame. This involves adding a header (containing source and destination MAC addresses, VLAN tag if present, etc.) and a trailer (containing a Frame Check Sequence (FCS) for error detection).
  3. Media Access: The NIC (Network Interface Card) gains access to the network medium (e.g., Ethernet cable). In modern switched networks, this is generally contention-free.
  4. Transmission: The NIC transmits the Ethernet frame onto the network.
  5. Reception: The destination NIC receives the frame.
  6. Error Check: The destination NIC calculates the FCS and compares it to the FCS in the frame. If they match, the frame is considered valid.
  7. Frame Processing: The destination NIC removes the Ethernet header and trailer and passes the data to the upper-layer protocol.

Simplified Network Topology:

+-------+       +-------+       +-------+
| Host A|-------| Switch|-------| Host B|
+-------+       +-------+       +-------+
      |               |
      +---------------|
                      |
                +-------+
                | Host C|
                +-------+
  • Host A wants to send data to Host B.
  • Host A’s NIC creates an Ethernet frame with Host B’s MAC address as the destination.
  • The frame is sent to the switch.
  • The switch looks up Host B’s MAC address in its MAC address table.
  • The switch forwards the frame only to the port connected to Host B.
  • Host B receives the frame and processes the data.

Ethernet Frame Format (IEEE 802.3):

+-----------------------------------------------------------------------------------+
| Preamble (7 bytes) | SFD (1 byte) | Destination MAC (6 bytes) | Source MAC (6 bytes) |
+-----------------------------------------------------------------------------------+
| EtherType/Length (2 bytes) | Data (46-1500 bytes) | FCS (4 bytes) |
+-----------------------------------------------------------------------------------+
  • Preamble: Used for synchronization.
  • SFD (Start Frame Delimiter): Signals the beginning of the frame.
  • Destination MAC Address: The MAC address of the intended recipient.
  • Source MAC Address: The MAC address of the sender.
  • EtherType/Length:
    • EtherType: Indicates the protocol used in the data field (e.g., 0x0800 for IPv4, 0x0806 for ARP, 0x86DD for IPv6).
    • Length: Indicates the length of the data field if the value is less than 1500 (0x05DC).
  • Data: The actual data being transmitted. Must be at least 46 bytes to ensure proper collision detection in older networks. Padding is added if necessary.
  • FCS (Frame Check Sequence): A 32-bit CRC (Cyclic Redundancy Check) value used for error detection.

VLAN Tag (IEEE 802.1Q): If VLAN tagging is enabled, a VLAN tag is inserted after the Source MAC address.

+-----------------------------------------------------------------------------------+
| Destination MAC (6 bytes) | Source MAC (6 bytes) | 802.1Q Tag (4 bytes) | EtherType/Length (2 bytes) |
+-----------------------------------------------------------------------------------+
| Data (46-1500 bytes) | FCS (4 bytes) |
+-----------------------------------------------------------------------------------+
  • 802.1Q Tag: Contains:
    • TPID (Tag Protocol Identifier): 0x8100, indicating the presence of a VLAN tag.
    • Priority Code Point (PCP): 3 bits for QoS prioritization.
    • Drop Eligible Indicator (DEI): 1 bit indicating whether the frame is eligible to be dropped during congestion.
    • VLAN ID (VID): 12 bits identifying the VLAN (values 1-4094 are valid).

ARP (Address Resolution Protocol): Used to resolve IP addresses to MAC addresses.

  • ARP Request: A broadcast message sent to discover the MAC address associated with a specific IP address.

  • ARP Reply: A unicast message sent in response to an ARP request, containing the MAC address associated with the requested IP address.

  • Home Network: A home network uses Ethernet to connect computers, printers, and other devices to a router. The router then connects to the internet.

  • Office Network: An office network uses Ethernet to connect computers, servers, and other devices to a switch. The switch then connects to a router, which connects to the internet or other networks. VLANs can be used to segment the network for security and performance.

  • Data Center: Data centers use high-speed Ethernet (e.g., 10GbE, 40GbE, 100GbE) to connect servers, storage devices, and network devices. Link aggregation is used to provide high bandwidth and redundancy. Jumbo frames may be used to improve network efficiency.

Packet Capture Example (using tcpdump):

Terminal window
tcpdump -i eth0 -n -e
  • -i eth0: Specifies the network interface to capture traffic on (e.g., eth0).
  • -n: Do not resolve hostnames or port numbers.
  • -e: Print the link-layer header (Ethernet header).

Example output:

11:34:56.789012 00:1a:2b:3c:4d:5e > 00:f0:00:aa:bb:cc, ethertype IPv4 (0x0800): 192.168.1.100 > 192.168.1.1: ICMP echo request, id 12345, seq 1, length 64

  • 00:1a:2b:3c:4d:5e: Source MAC address.

  • 00:f0:00:aa:bb:cc: Destination MAC address.

  • ethertype IPv4 (0x0800): Indicates that the payload is an IPv4 packet.

  • 192.168.1.100 > 192.168.1.1: Source and destination IP addresses.

  • ICMP echo request: Indicates an ICMP ping request.

  • Collision (Older Networks): Two devices transmit simultaneously, causing data corruption. Mitigated by using switched networks.

  • Broadcast Storm: Excessive broadcast traffic overwhelms the network, causing performance degradation. Prevented by properly configuring VLANs and routers.

  • MAC Address Table Overflow: A switch’s MAC address table becomes full, causing it to flood traffic to all ports. Mitigated by using larger switches and limiting the number of devices on the network.

  • Spanning Tree Loops: Loops in a switched network can cause broadcast storms and MAC address table instability. Prevented by properly configuring STP.

  • MTU Mismatch: Devices with different MTU settings may not be able to communicate properly. Ensure consistent MTU settings across the network. Path MTU Discovery (PMTUD) helps dynamically determine the MTU along a path.

  • Duplex Mismatch: One device is configured for full-duplex, while the other is configured for half-duplex. This can lead to collisions and performance problems. Always configure devices for full-duplex with auto-negotiation enabled.

  • Cable Problems: Damaged or improperly terminated cables can cause connectivity issues. Test cables using a cable tester.

Troubleshooting Steps:

  1. Check Physical Connectivity: Ensure cables are properly connected and that devices are powered on.
  2. Verify IP Configuration: Ensure devices have valid IP addresses, subnet masks, and gateway addresses.
  3. Ping Test: Use the ping command to test connectivity to other devices.
  4. Traceroute: Use the traceroute command to identify the path taken by packets to a destination.
  5. Packet Capture: Use tcpdump or Wireshark to capture and analyze network traffic.
  6. Switchport Analysis: Examine switchport statistics for errors, collisions, or high utilization.
  7. Check VLAN Configuration: Verify correct VLAN assignments on switchports.
  8. Examine STP Status: Check STP status to ensure there are no loops in the network.

Cisco Switch VLAN Configuration:

! Create VLAN 10
vlan 10
 name Marketing


! Configure interface FastEthernet0/1 to be an access port in VLAN 10
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 10


! Configure interface GigabitEthernet0/1 to be a trunk port
interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20,30

Linux Interface Configuration (using ip command):

Terminal window
# Assign IP address 192.168.1.100/24 to interface eth0
sudo ip addr add 192.168.1.100/24 dev eth0


# Bring the interface up
sudo ip link set eth0 up


# Set MTU to 9000 (Jumbo Frames)
sudo ip link set dev eth0 mtu 9000


# Show interface details
ip addr show eth0
ip link show eth0

  • What is the purpose of the Data Link Layer?

    • The Data Link Layer provides reliable transmission of data frames between two nodes directly connected by a physical link. It handles framing, addressing (MAC addresses), and error detection.

  • Explain the difference between a MAC address and an IP address.

    • A MAC address is a physical address assigned to a network interface card (NIC) and is used for identifying devices within a local network. An IP address is a logical address assigned to a device and is used for routing traffic across networks.

  • What is the purpose of ARP?

    • ARP (Address Resolution Protocol) is used to resolve IP addresses to MAC addresses within a local network.

  • What is a VLAN? Why are VLANs used?

    • A VLAN (Virtual LAN) is a logical grouping of network devices that allows them to communicate as if they were on the same physical network segment, even if they are geographically dispersed. VLANs are used for security, performance, and network management.

  • What is STP and why is it important?

    • STP (Spanning Tree Protocol) is a protocol that prevents loops in a switched network by blocking redundant paths. Loops can cause broadcast storms and MAC address table instability.

  • What is the difference between a collision domain and a broadcast domain?

    • A collision domain is an area of a network where devices compete for access to the network medium. A broadcast domain is an area of a network where a broadcast frame is forwarded to all devices.

  • Explain the Ethernet frame format.

    • (See “Protocol Details” section above for a detailed explanation of the Ethernet frame format.)

  • What is link aggregation (EtherChannel)? Why is it used?

    • Link aggregation (also known as EtherChannel or LAG) is combining multiple physical links into a single logical link to increase bandwidth and provide redundancy.

  • What are jumbo frames and when are they used?

    • Jumbo frames are Ethernet frames larger than the standard 1500-byte MTU. They are typically 9000 bytes. Jumbo frames can improve network efficiency by reducing overhead in certain environments, such as data centers.

  • How do you troubleshoot a network connectivity problem?

    • (See “Common Issues” and “Troubleshooting Steps” above for a detailed explanation of how to troubleshoot network connectivity problems.)

  • OSI Model: The Data Link Layer is Layer 2 of the OSI model.

  • TCP/IP Model: The Data Link Layer corresponds to the Network Access Layer in the TCP/IP model.

  • Network Topologies: Bus, Star, Ring, Mesh. Ethernet is most commonly used with a Star topology.

  • Wireless Networking (802.11): A different type of Data Link Layer technology used for wireless networks. Uses CSMA/CA instead of CSMA/CD.

  • Network Security: MAC address filtering, port security, and VLANs can be used to enhance network security.

  • Quality of Service (QoS): Mechanisms to prioritize certain types of network traffic over others.

  • Software-Defined Networking (SDN): A network architecture that allows for centralized control and programmability of the network.

This cheat sheet provides a comprehensive overview of Ethernet and the Data Link Layer, covering key concepts, practical examples, and troubleshooting techniques. It is intended to be a valuable resource for students and professionals alike. Remember to practice and experiment with these concepts to gain a deeper understanding.