Layer 2 and Layer 3 Switches in Networking

This section will explain the roles and the functionalities of layer 2 and layer 3 switches in networking. The basic concept of layer 2 and the layer 3 switches are included CCNA 200-301 syllabus in the Network Fundamentals module.
Before diving into the rolls of layer 2 and layer 3 switches. Let us first understand what is network switch, its different types, comparison between layer 2 and layer 3 switches, Ethernet frame format, concept of mac address and so on.

What is a switch in networking?

The network switch is also popularly known as an ethernet switch or a LAN switch. It is the network component that forwards data frames from source to destination on the basis of the device’s mac address.

Basically ethernet switch operates at layer 2 of the OSI model. That is why it is also called a layer 2 device. However, the switch can be layer 2 or layer 3 depending on their roles and functionalities. The layer 3 switches can operate at layer 2 as well as layer 3 of the OSI model. I will discuss in details layer 2 and layer 3 switches in the later section of the article.

Characteristics of switch in networking

The major characteristics of the switch are enumerated as.

  • Switch forwards frames from source to destination by using the device’s destination mac address.
  • Basically, it operates at the data link layer of the OSI model ( However, the layer 3 switch can operate at both the data link and the network layer of the OSI model).
  • Switch stores and maintains the mac address or CAM table in its memory to make a forwarding decision.
  • Modern Switch uses ASIC chip to store mac table.
  • The switch is a more intelligent network device as compared to the hub.
  • By default, the switch has multiple collision domains and a single broadcast domain.

Types of network  switches

The switch can be two types: unmanaged and the managed switch.
The managed switch is further categorised into layer 2 and layer 3 according to their roles and functionalities.

types of network switchUnmanaged Switch

  • The unmanaged switch is a simple device with multiple LAN ports to connect the different device in the network.
  • It is a plug and plays device and its interfaces are always active.
  • Its port is not user-configurable.
  • It has a fixed QoS to ensure it’s working well.
  • It works at layer 2 of the OSI Model.
  • It can maintain only a dynamic mac table.
  • The unmanaged switches are available at a very low cost.

Managed Switch

A managed switch is user-configurable with a bundle of features. The managed switch may be a layer 2 or layer 3 switch.

Layer 2 switch in networking

  • The layer 2 switch operates at the data link layer of the OSI model.
  • The layer 2 switch works similar to the network bridge.
  • It uses the device mac address to forward data from one device to the other.
  • It works after routers.
  • The layer 2 switch support VLAN, STP, QoS, Port security, port mirroring, SNMP etc.

Layer 3 Switch in networking

  • The layer 3 switch operates at both the data link and the network layer of the OSI model.
  • It is also called a multilayer switch (MLS).
  • It can similar to the router in a small network environment where the installation of the router seems to be costly. The layer 3 switches can perform the function of the router in that situation.
  • The layer 3 switch maintains both the mac table and theIP routing.
  • The main purpose of the layer 3 switches to perform inter-VLAN routing to connect different VLAN in a network.
  • It can support IP routing, VLAN, STP, QoS, Port security, port mirroring, SNMP, etc.

Comparison between Layer 2 and Layer 3 Switches in Networking

Layer 2 Switch Layer 3 Switch
Layer 2 Switch operates at the data link layer of OSI Model Layer 3 switch operates at both the data link and the network layer of the OSI model.
It only maintains the mac-address-table It maintains both the mac table as well as IP routing table.
It forwards frames from one host to the other in a single LAN. It reroutes packets from one VLAN to the other VLAN.
It works faster as it only examines the mac table It has to examine both mac and IP table, hence slower than layer 2 switch.
Layer 2 switch utilizes ARP to discover the other devices mac address. Layer 3 switch utilizes IP address for inter VLAN communication.

How Layer 2 Switch works

By default, the switch contains a single broadcast domain and multiple collision domains. Initially, the switch broadcast the frame to fetch the destination mac address of the device and makes an entry in the mac table. The switch then makes a forwarding decision by examining the mac table.

Remember, the data link layer of the OSI model provides hop to hop delivery of the frame. The destination mac address changes at every hop.

how layer 2 switch works

Look at the diagram above to understand how switches the forward frame on one device to the other.

Suppose PC 1 wants to send data to PC2. The following sequence of events happen to traverse data from PC1 to PC2

  • PC1, PC2 and PCS 3  are connected to the F0/1, F0/2 and F0/3   of the switch1 respectively,
  • The mac address of PC1, PC2 and PC3 are AA:AA:AA:00:00:01, AA:AA:AA:00:00:02, and AA:AA:AA:00:00:03.
  • Initially, when the switch is turned on, its mac address table is empty.
  • Now, when PC1 wants to send the packet to PC2, the packet arrives at the interface F0/1 of switch1.
  • Switch 1 then learns mac address of PC1 and makes an entry in the mac address table.
  • However, the packet does not contain the destination mac address to who the packet to be delivered.
  • The switch then broadcast the frame to all the ports except the incoming ports.
  • The ARP ( Address Resolution Protocol) helps to fetch the destination mac address of the receiving device and then switch update its mac address table.
  • Now the PC2 mac is mapped with the F0/2 of the sitch. The switch then forwards the frame to the PC2.

Ethernet Frame Structure and Field Size

When information is sent from source to destination, the actual information or data has to pass through the different layers of the OSI reference model. the actual data is encapsulated by the corresponding layers with their header information. The data with the header field in each layer is called PDU (Protocol Datagram Unit). The PDU at each layer is represented by a unique name as follows:

Data Application
Data Presentation
Data Session
Segment Transport
Packet Network
Frame data link
Bits Physical

In this article, we are talking about the ethernet switch. hence we will concentrate on the data link layer of the OSI Model.

In the data link layer, the upper layer PDU or packet is encapsulated with header and trailer information and is termed as the ethernet frame. The Ethernet frame comprises different fields. The frame format and its different fields are described in IEEE 802.3  standards.

The header field consists of

  • Preamble
  • SFD
  • Destination address
  • Source address
  • Type/Length

The trailer consists of FCS (Frame Check Sequence)


ethernet frame strucutre and field size

Preamble SFD Dest MAC Source MAC Type Field Data and Padding FCS
7 bytes 1 byte 6 bytes 6 bytes 2 bytes 46 to 1500 bytes 4bytes


The preamble field is the beginning of the ethernet frame. It is  7 bytes or 56 bits in length. It is series of alternating ones (1s) and zeroes (0s). The main function of the preamble is bit synchronization. It allows the device to synchronise the receiver clock and ensure that the receiver is ready to receive the data.

SFD ( Start Frame Delimiter)

SFD is the second field of the ethernet frame. It is 1 byte or 8 bits in length. The SFD bit pattern is 10101011. It looks similar to the preamble. The only difference is the last bit is always 1 in the SFD field.

Destination Address

The destination address field contains mac address of the receiving device. The length of mac address is 6 bytes or 48 bites.

The mac address of the device is explained in details later in this article.

Source Address

The source address field contains the mac address of the transmitting device.


The Type/Length field is 2 bytes or 16 bits in length. It is used to indicate the upper layer protocols encapsulated with the payload.  It also indicates the length of the ethernet frame.

There are two conditions to represent this frame field: Type and Length

If the size of the ethernet frame is less than or equal to 1500 (bytes), then it represents the length of the frame.

If it is greater than or equal to 1536, it represents the type of protocols used in the encapsulated packet. The protocols may be IP v4 or IP v6.

If the value is 0x800 (hexadecimal), it indicates the type of protocol is IP v4.

If the value is 0x86DD (hexadecimal), it indicates the type of protocol is IP v6.


The data field contains the actual data and its range is from 0 10 1500 bytes.

FCS (Frame Check Sequence).

FCS is a4 byte field that added at the end of the frame after data in the ethernet frame. The main purpose of FCS is to detect the error that has occurred during the frame transmission. It uses a special algorithm called CRC or Cyclic Redundancy Check for error detection and correction during transmission.


Though, Preamble and SFD  are starting fields of the ethernet frame. However, they are added to the physical layer of the OSI Model.

Hence the actual fields of the frame header are the destination, source, Type and FCS.

Thus, the new header size will be 6 + 6 + 2 + 4 = 18 bytes.

The minimum size for the ethernet frame (header + payload + trailer ) must be always 64 bytes.

So, the  minimum size of the data must be 64 – 18 = 46 bytes

If the actual data is less than 46 bytes, padding bytes are added to the data. The padding bytes are all zeroes.


What is a mac address in networking

what is a mac addressThe mac address stands for Media Access Control Address. It is a globally unique identifier assigned to the NIC (network interface card ) of the device that is connected to the computer network

The mac address is 6 bytes of 48 bits in length. It is represented in hexadecimal format. It is written in 6 octets separated by colon or hyphen.

For example:




The first three octets are called Organisationally Unique Identifier (OUI) that represents the network components manufacturers, organization or vendors.

The last three octets are  NIC specific. NIC stands for Network Interface Controller. The last three octets are assigned by the vendors or manufacturers to their devices during manufacture.

←Prev Next→
Setting Passwords in a Cisco Router Next-Generation Firewall and IPS

Leave a Reply