Switches are used to connect different devices in network and operate at Layer 2 (Data Link Layer) of OSI model. It uses MAC addresses to forward network traffic between the devices efficiently. This section explains the basic concepts of Ethernet Switching, MAC Learning & Aging, Frame Switching, Frame Flooding, MAC Address Table and more.
What is Ethernet Switching
Ethernet switching is a data-link layer (Layer 2) process in computer networking that allows devices on the same local area network (LAN) to communicate efficiently by forwarding Ethernet frames only to their intended destination rather than broadcasting them to all devices.
Key points of Ethernet Switch
- It Operates at Layer 2 (Data Link Layer) of the OSI model.
- Switch connects multiple devices (computers, printers, servers) within a Local Area Network (LAN).
- It uses MAC addresses to identify and forward frames to the correct destination.
- It maintains a MAC Address Table (CAM Table) to map devices to switch ports.
- Switch learns source MAC addresses automatically from incoming frames and forwards frames only to the specified destination port.
- It also floods frames when the destination MAC is unknown.
- It also prevents collisions i.e. each port is its own collision domain.
- It supports full-duplex communication (send and receive at the same time).
- It provides high-speed data transfer (10/100/1000 Mbps or higher).
- Switches are configured for VLANs to segment network traffic.
- Spanning Tree Protocol (STP) is default enabled on switch to prevent network loops.
- It enhances security with features like port security and MAC filtering.
- It can perform Quality of Service (QoS) to prioritize important traffic.
- It also supports link aggregation (EtherChannel) for load balancing and redundancy.
How Ethernet Switch Works
Every device connected to a network has a unique identifier called a MAC (Media Access Control) address. An Ethernet switch uses these MAC addresses to decide where data should go. It involves a series of processes from mac learning, frame switching to mac aging.
- Frame Reception: When a device (like a PC or printer) sends data, it is encapsulated into an Ethernet frameThe switch receives this frame on one of its ports.
- MAC Address Learning: The switch looks at the Source MAC Address in the frame. It stores this address in its MAC Address Table (CAM Table) along with the port number the frame came from.
- MAC Address Table Lookup: The switch then checks the Destination MAC Address in the frame. It searches its MAC table to see if it knows which port that address belongs to.
- Frame Forwarding: If the destination MAC is found in the table: The switch forwards the frame only to that port (unicast transmission). If the destination MAC is not found: The switch floods the frame to all ports except the source port (broadcast). When the destination device replies, the switch learns its MAC and updates the table.
- Aging Process: Each MAC address entry in the table has a timer (usually ~300 seconds). If no traffic is seen from that device during that time, the entry is removed (aged out).
This keeps the table updated and prevents it from becoming full of inactive entries. - Loop Prevention: If multiple switches are connected, Spanning Tree Protocol (STP) ensures there are no network loops by blocking redundant links.
MAC Learning and Aging
Switches use MAC addresses to decide where to send Ethernet frames.
A MAC (Media Access Control) address is a unique physical address assigned to the devices (PC, laptops, printers, servers) consisting of 48 bits representing in hexadecimal format. It is divided into 6 equal blocks consisting of 2 hexadecimal digits (8 bits) separated by colon (:). The first 4 bits are called OUI (Organisationally Unique Identifier) and the other 4 bits are vendor specific.
Example of MAC address: AA:BB:CC:11:22:33
MAC learning is the process by which an Ethernet switch automatically learns the MAC addresses of devices connected to its ports. whereas MAC aging is the process of removing unused MAC address entries from the switch’s MAC address table after a certain time.
How Switches Learn MAC
A switch learns MAC addresses by examining the source MAC address of every Ethernet frame that arrives on its ports. When a frame enters a port, the switch records the source MAC address and the port number in its MAC address table (also called the CAM table). This process is called MAC learning and allows the switch to know which devices are connected to which ports.
Over time, the switch updates this table dynamically and removes entries that have not been used for a certain period, enabling efficient forwarding of frames only to the correct destination port instead of broadcasting them to all ports. Switches use an aging timer (default: 300 seconds/5 minutes) to remove unused entries. If no frames are seen from a MAC address before the timer expires, the entry is deleted.
Frame Switching
When a switch receives an Ethernet frame on one of its ports, it examines the destination MAC address in the frame header. The switch then consults its MAC address table to determine the correct outgoing port. If the destination MAC address is already known, the switch forwards the frame only to the specific port connected to the destination device. This process improves network efficiency by reducing unnecessary traffic compared to older technologies like hubs, which broadcast frames to all ports.
Frame Flooding
Frame flooding occurs when a network switch receives an Ethernet frame but does not know the destination MAC address. Since the switch cannot determine which port should receive the frame, it forwards (or floods) the frame out of all ports except the one on which it was received. This ensures that the frame still reaches its intended destination, even though the switch has not yet learned where that device is located.
Frame flooding commonly happens in two situations.
- The first is when the switch encounters an unknown unicast frame, meaning the destination MAC address is not yet stored in the switch’s MAC address table.
- The second situation involves broadcast frames, such as ARP requests, which are intentionally sent to all devices within the same broadcast domain.
- In both cases, flooding is a normal and necessary process that allows communication to continue while the switch learns network information.
Although frame flooding is essential for initial communication, excessive flooding can negatively impact network performance. When too many frames are flooded, unnecessary traffic is sent to devices that do not need it, leading to congestion and reduced efficiency. This is why switches continuously perform MAC address learning, updating their MAC address tables to minimize flooding and forward frames only to the correct destination port.
MAC Address Table
A MAC Address Table is a database stored in the memory of a network switch. Its primary purpose is to keep track of which Media Access Control (MAC) address is connected to which physical port on the switch. It is also called CAM (Content-Addressable Memory) Table.
The MAC Address Table entries can be of two types- Dynamic and Static
The Dynamic MAC entries are created and maintained by the switch automatically, without any manual intervention from a network administrator. They are learned automatically from the traffic flowing through the switch.
The Static entries in a MAC Address Table are manually configured by a network administrator, rather than being automatically learned by the switch. Static entries are a powerful tool used for security, control, and to override the switch’s default dynamic learning behaviour.
CLI Command to verify MAC Address Table in Ethernet Switching
Switch# show mac address-table dynamicOutput Example:
| Switch# show mac address-table Mac Address Table ——————————————- Vlan Mac Address Type Ports —- ———– ——– —– 10 0011.2233.4455 DYNAMIC Fa0/1 20 00aa.bbcc.ddee DYNAMIC Fa0/2 10 0011.2233.5566 STATIC Gi0/1 |
CLI Command to clear Dynamic MAC Entries
Switch# clear mac address-table dynamicConclusion
| Switching Concept | Functions |
|---|---|
| MAC Learning | Switches record source MACs from incoming frames. |
| MAC Aging | Dynamic entries expire after 300 sec (default). |
| Frame Switching | Forwards frames only to the correct port. |
| Frame Flooding | Used for unknown, broadcast, or multicast traffic. |
| MAC Address Table | Stores MAC-to-port mappings (dynamic/static). |
Related posts:
![identifying interface and cable issue]()
Identifying Interface and Cable Issues
![SECURITY PROGRAM ELEMENTS]()
Security Program Elements | User Awareness, Training, and Physical Access Control
![understanding key security concept]()
Understanding Key Security Concepts
![understanding roles and functions of network devices]()
Understanding Roles and Functions of Network Components
![Understanding JSON-encoded Data]()
Understanding JSON-encoded Data
![ip sec vpn - remote access and site to site vpn]()
IPsec - Remote Access and Site-to-Site VPNs
![ccna 200-301 study guides nad notes]()
CCNA 200-301 Study Guides and Notes
![how automation impacts network management]()
How Automation Impacts Network Management
![configuring and verifying interswitch connectivity]()
Configuring and Verifying Interswitch Connectivity
