CCNA and Network+ Tutorial: How A Switch’s MAC Address Table Is Built
In this section of this free CCNA and Network+ course on switch fundamentals, we’ll take a detailed look at how a switch builds its all-important MAC address table.
You don’t need to read the first two lessons in this course to understand this lesson, but have a look when you’re done here — the first part is on CSMA/CD and the second on bridges, switches, and broadcast domains.
Now, back to our MAC table. When a switch receives a frame, the switch takes one of three actions with that frame:
- Forward
- Filter (fancy talk for “drop it”)
- Flood (fancy talk for “send it out every port except the one it rode in on”)
The switch builds a table of Layer 2 addresses, typically known as MAC (Media Access Control) addresses. There are two 48-bit MAC addresses contained in every frame, one for the source of the frame and the other for the destination. The switch looks at the source address of an incoming frame before it looks at the destination address. It’s the source MAC addresses that are used to build the all-important MAC address table.
We could build a MAC address table consisting only of static entries, but that approach has serious drawbacks:
- Each time a host is connected to the switch, you’d have to make a static entry for that host, which is easy to forget and even easier to mistype. Nothing on a Cisco switch is easier to screw up than entering a MAC address manually.
- If a port goes down and you switch the host’s cable to another port, that host will not have full connectivity until you add a new static entry for that host’s MAC address. It’s also easy to forget to remove the previous port’s static configuration, which leads to trouble when someone else connects to that port.
It’s much more efficient to let the switch build a MAC address table dynamically. Doing so doesn’t mean you’re lazy, it means you’re smart. You’re almost always better off allowing a dynamic process to take place than taking on the job yourself.
Besides, I think you’ll find knowing how the switch behaves in different scenarios a wonderful skill to have on your CCENT and CCNA exams.
The following walk-throughs will show you how a switch builds its MAC table, and along the way, we’ll see each of those three frame forwarding actions. We’ll start with four hosts, one switch, and a hub. The part of the network involving the hub is not a topology you’ll see often in real-world networking, if at all, but I’m using it here to illustrate every possible frame forwarding action.
Each host will use its letter 12 times to make up its MAC address. If you’re not familiar with the hex values MAC addresses consist of, no worries. We’ll tackle that in detail at the end of the chapter. For now, concentrate on how the switch handles frames in these particular situations.
Our walk-through assumes the switch has just been added to the network, which brings up an important point. When you first power a Cisco switch on, there will be some pre-existing static entries in the MAC table, all for the CPU.
SWITCH1#show mac address Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0180.c200.0000 STATIC CPU (17 lines removed to save trees, all static CPU entries) Total Mac Addresses for this criterion: 20
To begin our walk-through, Host A sends a frame to Host C. The frame goes through the hub and arrives at the switch on FastEthernet 0/1 (“Fa0/1”).
The switch examines the source MAC address of that incoming frame and asks itself, “Do I have an entry for this MAC address in my MAC table?” Since we just turned the switch on, there’s no entry for any host, so the switch makes an entry for that address in its MAC table. “DYNAMIC” appears next to the address in our table, as opposed to the static CPU entries we saw earlier. For clarity, the static CPU entries will not be shown from this point on in the output of show mac address.
SWITCH1#show mac address Mac Address Table Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 aaaa.aaaa.aaaa DYNAMIC Fa0/1
We now arrive at our first frame forwarding decision. Those choices again:
- Forward
- Filter (drop)
- Flood (send it almost everywhere)
The switch now examines the destination MAC and asks itself, “Do I have an entry for this address in my MAC table?” The answer is no, so the switch floods the frame. A copy of a flooded frame is sent out every single port except the port the frame came in on. This is called an unknown unicast frame since the frame is a unicast (destined for one host), but the port that leads directly to that destination is unknown.
With this action, the switch is basically saying “I have no idea which port leads directly to this destination MAC, so I’ll make sure it gets where it needs to go by sending it everywhere – except the port it came in on.” This action ensures the frame gets where it needs to go, but it also ensures every other connected host gets the frame, which wastes bandwidth and switch resources. Imagine the flooding if we had 64 hosts on that switch.
There’s nothing wrong with some frame flooding as a host or switch is added to the network. This initial flooding can’t be helped. As the MAC address table is built, the need for flooding frames slows, as we’ll see when Host C sends a frame back to Host A.
The switch receives this frame and checks its MAC table for the cc-cc-cc-cc-cc-cc address. There isn’t an entry for that source address, so the switch makes one. Reminder: the switch always checks the source MAC address of an incoming frame before looking at the destination MAC. I know I’m hitting you over the head with that fact. You can thank me for it after you pass.
SWITCH1#show mac address Mac Address Table Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 aaaa.aaaa.aaaa DYNAMIC Fa0/1 1 cccc.cccc.cccc DYNAMIC Fa0/2
The dynamic entries begin to work in our favor, as the switch checks for aa-aa-aa-aa-aa-aa, the frame’s destination address. There is such an entry, indicating frames destined for that address should be forwarded out Fa0/1, so that’s just what the switch does. No flooding necessary.
The MAC table now has entries for A and C. When A responds to C, the frame can now be forwarded directly to C rather than the frame being flooded, as happened previously.
SWITCH1#show mac address Mac Address Table Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 aaaa.aaaa.aaaa DYNAMIC Fa0/1 1 cccc.cccc.cccc DYNAMIC Fa0/2
Coming up next, we’ll have a look at how frames are treated when the switch has an entry for every host we see – and one of those “treatments” might surprise you. You’ll see what I mean in the next lesson in this CCNA / Network+ Switching Fundamentals course:
When Switches Filter Frames: A CCNA And Network+ Tutorial
Previous lessons and other stuff:
CCNA and Network+ Tutorial: CSMA/CD And Ethernet
CCNA and Network+ Tutorial: Bridges, Switches, and Domains
Chris Bryant’s CCNA YouTube Channel
I’ll start posting Network+ videos on that channel in December 2018, so head on over and subscribe now so you’ll be the first to know about the new vids!
Coming In December 2018…
Coming in January 2019…