OSI MODEL

Layer 7 - Application: The Application layer provides services to the software through which
the user requests network services. This layer is not nor does it contain any applications, and your
computer application software is not on this layer. In other words, a program like Microsoft Word
does not exist at this layer, but browsers, FTP clients and mail clients do.

Layer 6 - Presentation: This layer is concerned with data representation and code
formatting.

Layer 5 - Session: The Session layer establishes, maintains, and manages the communication
session between computers.

Layer 4 - Transport: The functions defined in this layer provide for the reliable transmission
of data segments as well as the disassembly and assembly of the data before and after
transmission.

Layer 3 - Network: This is the layer on which routing takes place. The Network layer defines
the processes used to route data across the network and the structure and use of logical
addressing.

Layer 2 - Data Link: As its name suggests, this layer is concerned with the linkages and
mechanisms used to move data about the network, including the topology, such as Ethernet or
Token Ring, and also deals with the ways in which data is reliably transmitted.

Layer 1 - Physical: The Physical layer's name says it all. This layer defines the electrical and
physical specifications for the networking media that carry the data bits across a network.

THE APPLICATION LAYER - LAYER 7

The Application layer provides three basic services to applications:
• It makes sure the resources needed to carry out a session are present.
• It matches the application to the appropriate communication protocol or service.
• It synchronizes the transmission of data between the application and its protocol.

The Application layer is used to support the following services:

• File services - store, move control access to, and retrieve files
• Print services - send data to local or network printers
• Message services - transfer text, graphics, audio, and video over a network
• Application services - process applications locally or through distributed processing
• Database services - allow a local computer to access network services

In addition, the Application layer advertises any services that are being offered and determines
whether requests made by the client should be processed locally or remotely (through another
network resource).

The Application layer services and protocols you should know are:
• FTP (File Transfer Protocol)
• E-mail clients
 • Web Browsers
• Telnet
• SNMP (Simple Network Management Protocol)
• BBS (bulletin board system) services
• EDI (Electronic Data Interchange) and other transaction services

THE PRESENTATION LAYER - LAYER 6

The main function of the presentation layer is to define the data formats
used to provide a number of services to the Application layer.

Included in these services the ones you need to know are:

• Data encryption - coding data so that it is protected from unauthorizaed access
• Data compression - reducing the number of packets required for transport
• Data formatting
• Data conversion

Conversions standards defined on the Presentation Layer for data

conversion and formatting:

Category Standards
Data Conversion ASCII, EBCDIC, encryption
Audio/video conversion MIDI, MPEG, QuickTime, AVI
Graphics conversion GIF, JPEG, PICT, TIFF

THE SESSION LAYER - LAYER 5

Layer 5 of the OSI model is the Session Layer, which establishes,
manages, and terminates sessions between applications.

Following are some of the communication tasks performed at this layer:

• Establishing connections
• Maintaining connections
• Synchronizing communications
• Controlling dialogues
• Terminating connections

When you create a connection, you authenticate the user account at the sending and receiving
computers. Connection creation also involves determining the type of communication that will take
place and the protocols that will be used by the lower layers.

Data transfer and dialogue control are used to determine which computer is making requests and
which computer is making responses. This also determines whether acknowledgments are required
for data transmission.

A session is a series of related connection-oriented transmissions between network nodes. Another

way to look at it is that a session is the interrelated communications between two or more
presentation entities, which emphasizes that the Session layer provides services to the Presentation
layer.
For the CCNA exam, one of the Session Layer's transmission modes that you need to focus on is
the Ethernet half-duplex and its design and operation. The key element to understanding half-
duplex is that each of the two stations in a communications session can use only one circuit each at
a time.

The three basic transmission modes are:

• Simplex Communications: only allows data to flow in one direction.
• Half-duplex Communications: Two way data flow, only one way at a time.
• Full-duplex Communications: Two way data flow simultaneously.

Some facts and requirements to know about full-duplex operations:

• Requires full-duplex NIC cards
• Loop back and collision detection must be disabled in the NIC card
• The NIC card's device driver must support simultaneous transmission and receiving.
• Full-duplex circuits are capable of 10 Mbps, 100 Mbps, and Gigabit Ethernet data speeds.

The following services and protocols are defined on the Sessions layer:
• ASP (AppleTalk Session Protocol)
• NFS (Network File Services)
• RPC (Remote Procedure Call)
• SCP (Serial Communications Protocol)
• SQL (Structured Query Language)
• X Window System and X Terminal
• ZIP (AppleTalk Zone Information Protocol)

THE TRANSPORT LAYER - LAYER 4

The four main functions of the Transport layer are:
• Segment and assemble upper-layer applications
• Transport segments from one host to another host
• Establish and manage end-to-end operations
• Error recovery

In carrying out its duties, the Transport layer performs a range of support activities, including:
• Maintaining data integrity through flow control techniques
• Multiplexing the data from upper layer applications
• Setting up and tearing down any virtual circuits established to transport the data over the
network
• Hiding any network-dependent information from the upper layers (which will only confuse
them)
• Breaking down Session layer (layer 5) datagrams into segments
• Monitoring the error-free delivery of the data to its destination
• Providing for general connection management and data transfer services
• Providing for the reliable (but, not guaranteed) delivery of data

Transporting Protocols
• TCP (Transmission Control Protocol): The protocol primarily concerned with the reliable
delivery of packets that requires an acknowledgement of a packet's arrival at its destination.
• UDP (User Datagram Protocol): The TCP/IP best-effort protocol that isn't concerned with the
reliable delivery of packets and doesn't bother with overhead such as acknowledgments.
 • SPX (Sequence Package Exchange): The Novell protocol most akin to TCP. It guarantees
data delivery.
• NWLink (NetWare Link): Microsoft's version of Novell's IPX/SPX.
• ATP/NBP (AppleTalk Transaction Protocol/Name Binding Protocol): AppleTalk's data transport
protocols.
• NetBIOS/NetBEUI (Network Basic Input/Output System/NetBIOS extended User Interface):
Microsoft's network protocols that work together to manage communications and provide
data transport services.

TCP, UDP and SPX are Transport layer protocols. Network layer protocols include IP, ICMP, and IPX.

SPX is connection-oriented and its packets are tracked through the use of a sequence number
associated with each packet. A positive acknowledgment must be received from the destination
device for each packet before another packet is sent. A print server is an example of an application
that implements SPX.

A protocol is considered connection-oriented if it meets one of two criteria:

• Data is transmitted over a negotiated, established path, a virtual circuit, between two
nodes.
• The protocol includes a process for error-recovery.

The following protocols and link types are connection-oriented:

• Frame Relay
• TCP
• SPX
• X.25

Connectionless protocols:
• IP
• IPX
• UDP

Note: IP and IPX are Network layer protocols.

Layer 4 protocols that implement error recovery have the following characteristics:
• They are connection-oriented, which means they establish a connection prior to the
transmission of data.
• Each PDU has header information used by the receiver to acknowledge the receipt of a
packet and a system to check for errors in transmission.
• The sender requires notification of packets that have been successfully received.

You use three primary methods for error-checking. They are parity bit, check-sum, and CRC.

The three basic forms of flow control are:

• Buffering
• Congestion avoidance
• Windowing

THE NETWORK LAYER - LAYER 3

The Network layer of the OSI Model basically defines logical addressing and the ways
that packets are moved from source to destination on a network. The functions of the
Network layer can be broken down as follows:

• Message addressing
• Path determination between source and destination nodes on different networks
• Routing messages between networks
• Controlling congestion on the subnet
• Translating logical addresses into physical addresses

Logical Address Construction

Total Address
Protocol Bits in Network Portion Bits in Host Portion
Length
Class A - 8 Class A - 24
TCP/IP 32 Class B - 16 Class B - 16
Class C - 24 Class C - 8
32 or less (only significant digits
IPX 80 48 bits (MAC address)
listed)
16 or less (indicates one or many 8 bits or less
AppleTalk 24
in cable range) (dynamically assigned)

Routing protocols support routed protocols. A routing protocol is used to pass messages between
routers for maintaining and updating routing tables. Examples of routing protocols are RIP, IGRP,
OSPF, EIGRP.
Routed protocols are used to carry end-user traffic across the internetwork. Examples of routed
protocols are IP and IPX

Routing Protocol Types

Protocol Characteristics Examples
Uses hop count; views the network from its
Distance neighbors' perspective; RIP, IPX RIP,
Vector frequnt updates; copies its routing table to IGRP
neighbors
Shortest path; common view of network; event-
triggered update; NLSP, OSPF, IS-
Link State
LSPs (link state packets) sent to all network IS
routers
Distance vector with more accurate metrics; no
Hybrid periodic updates; IS-IS, EIGRP
only event-triggered
IPX is a member of the IPX/SPX proprietary suite of protocols. IPX operates at the Network layer. It
is connectionless and uses datagram’s.

NetWare terms to memorize:

• Service Advertisement Protocol (SAP) - the NetWare protocol used to advertise (update) the
services available over the network.
• Routing Information Protocol (RIP) - A distance vector routing protocol similar to RIP in
TCP/IP that uses ticks, hop counts and split horizon metrics.
• NetWare Link Services Protocol (NLSP) - A link state routing protocol that is the default
routing protocol on NetWare 4.11 and higher.
• Novell Directory Service (NDS) - Novell's Directory Service protocol.
• NetWare Core Protocol (NCP) - Providing client-to-server connections and applications.

Configuring the router for use with the Novell NetWare IPX protocol is a two-step process:
1. Enabling IPX routing: This is done in global configuration mode. You may also enable load
sharing if you want.
2. Assigning networks to interfaces: This step in the process assigns network numbers to each
interface. Remember that multiple network numbers can be assigned as long as each uses a
different encapsulation (frame) type. To apply an encapsulation type, you need to use a
Cisco keyword and not the Novell frame type's name.

Novell IPX Frame Types and Cisco Keywords:

Interface Novell Frame Type Cisco Keyword

Ethernet Ethernet_802.3 novell-ether (default)
Ethernet_802.2 sap
Ethernet_II arpa
Ethernet_SNAP : snap
Token Ring Token-Ring sap (default)
FDDI Fddi_snap snap (default)

THE DATA LINK LAYER - LAYER 2

The Data Link layer performs a number of separate activities, including:

• Physical addressing
• Network topoloty
• Error notification
 • Access to the physical medium
• Flow control

Different data link layer specifications define different network and protocol characteristics,
including physical addressing, network topology, error notification, sequencing of frames, and flow
control.

Physical addressing is not to be confused with network or IP addressing. The physical address
defines how devices are labeled in the data link layer. This physical address is most commonly
called the Media Access Control (MAC) address. The MAC address is a unique number assigned by
the manufacturer. This numbering system is actually administered by one of the networking
governing bodies.

Network topology consists of the data-link layer specifications that often define how devices are to
be physically connected, such as in a bus or a ring topology. Error notification alerts upper layer
protocols that a transmission error has occurred, and the sequencing of data frames reorders
frames that are transmitted out of sequence. Finally, flow control moderates the transmission of
data so that the receiving device is not overwhelmed with more traffic than it can handle at one
time.

Switches and bridges use MAC addressing to make networking decisions and therefore these types
of equipment function on the data link layer.

IEEE 802 Standards

The 802 Project defines 12-plus subcommittee standards groups. Some are as follows:

Internetworking/LAN Defines routing, bridging, and internetwork

802.1
Protocols communications
Allows Network layer protocols to link to
802.2 Logical Link Control (LLC)
Physical layer and MAC sublayer protocols
802.3 Ethernet The Ethernet standard; defines CSMA/CD
Defines logical ring topology, media, and
802.5 Token Ring
interfaces
802.12 High-speed networks Defines 100 Mbps technologies

Ethernet - 802.3

The Data Link layer is divided into two sublayer by the 802 standards: the Logical Link Control
(LLC) and Media Access Control (MAC) sublayers. The LLC sublayer is defined in 802.1 and 802.2.
The MAC sublayer is defined in the 802.1, 802.3, 802.5 and 802.12.

Logical Link Control (LLC)

Conceptually, the LLC sublayer sits on top of the MAC sublayer. It's defined by the 802.2 standard
to be topology independent.
The LLC functions include:
• Managing frames to upper and lower layers
• Error Control
• Flow control

The LLC works with the transport layer by providing connection-oriented and connectionless
services. It manages and creates the communication link.

The LLC sub layer transfers data in two ways:

• Connectionless services: Messages are not acknowledged by the receiving device, which
speeds up the processing. Although it sounds unreliable, this type of transfer is commonly
used at this level because the upper OSI layers implement their own error-checking and
control.
• Connection-oriented services: Because each message is acknowledged, this service is much
slower than connectionless services, but it's much more reliable.

Flow Control

Another communications control defined on the LLC sublayer is flow control. The Transport layer of
the OSI model actually manages the mechanisms used to control the flow of data between two
hosts. The Data Link layer defines the data values used in the flow control signaling between two
transmitting hosts.

There are two types of flow control implemented in data communications - software and hardware:
• Software flow control, common to networking, involves a process called XON/XOFF; which
roughly stands for transmission on/transmission off.
• Hardware flow control, also called RTS/CTS (ready to send/clear to send), uses two wires in
a cable, one for RTS and one for CTS. When either is turned off, the flow is interrupted.

Error Detection

Another function of the Data Link layer is error detection. Error detection is the process of detecting
whether errors occurred during the transmission of the bits across the wire. The Data Link layer
uses a calculated value called the CRC (Cyclic Redundancy Check) that's placed into the Data Link
trailer that's added to the message frame before it's sent to the Physical layer. The receiving
computer recalculates the CRC and compares it to the one sent with the data. If the two values are
equal, it's assumed that the data arrived without errors. Otherwise, the message frame may need
to be retransmitted under control of an upper layer. Although the Data Link layer implements error
detection, it does not include a function to perform error recovery. This is left for the upper layers
to deal with, primarily on the Transport layer.

MAC

The MAC sub layer carries the physical address of each device on the network. This address is more
commonly called a device's MAC address. The MAC address is a 48-bit address that's encoded on
each network device by its manufacturer. It's the MAC address that the Physical layer uses to move
data between nodes of the network.

ARP (Address Resolution Protocol)

ARP maintains a small database in memory, called the ARP cache, which cross-references physical
and logical addresses. When a device wants to communicate with a local device, it checks its ARP
cache to determine whether it has that device's MAC address. If it doesn't, it sends out an ARP
broadcast request to all devices on the local network. Each device examines the message to see
whether the request is intended for it. If it is, the device responds with its MAC address, which is
stored in the sending device's ARP cache.

CSMA/CD (Carrier Sense Multiple Access/Collision Detection)

CSMA/CD is the method used in Ethernet networks for controlling access to the physical media by
network nodes.

CSMA/CD process can be described as follows:

• Listen to see whether the wire is being used.
• If the wire is busy, wait.
• If the wire is quiet, send.
• If a collision occurs while sending, stop wait a specific amount of time, and send again.

Segmentation

Dividing up a LAN into smaller collision domains (segments) is called segmentation.

General benefits of LAN segmentation:
• Increased bandwidth per user
• Keeping local traffic local
• Reduced broadcasts
• Decreased collisions

Bridge

A bridge is used to break larger network segments into smaller network segments. It works much
like a repeater, but because a bridge works solely with Layer 2 protocols and layer 2 MAC sub layer
addresses, it operates at the Data Link layer.

A bridge uses the MAC address to perform its tasks, including:

• Monitoring network traffic
• Identifying the destination and source addresses of a message
• Creating a routing table that identifies MAC addresses to the network segment on which
they're located
• Sending messages to only the network segment on which its destination MAC address is
located

Know the following about bridges:

• Bridges operate at Layer 2 and usually do not reduce broadcasts because bridge forwards
broadcast packets to all of its ports accept the port on which the broadcast packet arrived.
On the other hand, a router usually blocks broadcast packets.
• Bridges expand the distance of an Ethernet network because each segment can be built to
the maximum distance.
• Bridges filter some traffic based upon MAC addresses.
• Bandwidth is used more efficiently.
• Local traffic is kept local.

Switch
In networking, a switch is a device responsible for multiple functions such as filtering, flooding, and
sending frames. Broadly, a switch is any electronic/mechanical device allowing connections to be
established as needed and terminated if no longer necessary.

Layer-2 switching is shard ware based, which means it uses the MAC address from the host's NIC
cards to filter the network. Layer-2 switches are fast because they do not look at the Network layer
header information, looking instead at the frame's hardware addresses before deciding to either
forward the frame or drop it.

Three Switch Functions at layer 2

1. Address learning - Layer-2 switches and bridges remember the source hardware address
of each frame received on an interface and enter this information into a MAC database
2. Forward/filter decisions - When a frame is received on an interface, the switch looks at
the destination hardware address and finds the exit interface in the MAC database
3. Loop avoidance - If multiple connections between switches are created for redundancy,
network loops can occur. The Spanning-Tree Protocol (STP) is used to stop network loops
and allow redundancy.

Bridging versus LAN Switching

Layer-2 switches are really just bridges with more ports. However, there are some important
differences you should be aware of:

• Bridges are software based, while switches are hardware based because they use an ASICs
chip to help make filtering decisions.
• Bridges can only have one spanning-tree instance per bridge, shile switches can have many.
• Bridges can only have up to 16 ports, whereas a switch can have hundreds.

Five steps of encapsulation:

User Information into 1. User information is converted into data.

Data 2. Data is converted into segments for transport across the network.
3. Segments are converted into segments for transport across the
Data into Segments
network.
Segments into Packets 4. Packets and datagrams are converted into frames and the Data Link
Packets into Frames header is added.
Frames to Bits 5. The data in the frames is converted into bits for transmission over the
physical media.

Five steps of encapsulation that occur when a user uses a browser to open a Web page:
1. the user requests that the browser open a Web page.
2. The transport layer adds a header indicating that an HTTP process is requested.
3. The Network layer puts a source and destination address into its packet header that helps
indicate the path across the network.
4. The Data Link layer frame puts in the hardware addresses of both the source node and the next
directly connected network device.
5. The frame is converted into bits for transmission over the media.

Data encapsulation by OSI Layer:

OSI Layer Encapsulation

Transport Segment
Network Packet
 Data Link Frame
Physical Bits

THE PHYSICAL - LAYER 1

The Physical Layer has two responsibilities; it sends bits and receives bits.

The Physical layer specifications specify the electrical, mechanical, procedural, and functional
requirements for activating, maintaining, and deactivating a physical link between end systems.
The physical layer is usually a combination of software and hardware programming and may include
electromechanical devices. All wiring, power, cabling and connections are part of the physical layer.
Without the physical layer functioning properly none of the upper layers will respond correctly.

• transmits raw bit stream over physical cable

• defines cables, cards, and physical aspects
• defines NIC attachments to hardware, how cable is attached to NIC
• defines techniques to transfer bit stream to cable