CCNA And Network+ Tutorial: Why A Switch Filters A Frame (And Action Review)

In the previous lesson in this CCNA and Network+ course on switch fundamentals, we saw how the all-important MAC address table is built.   We’re working with that same network, but now the switch has an entry for every connected host — including two connected to a hub.

This is not a setup you’re going to see often in real-world networking, if at all, but it illustrates the circumstance under which a switch will drop a frame.   At this point, the switch has received frames from every connected host and the MAC table is fully populated, as you’ll see in the MAC address  table below the exhibit.

The Switch Knows Where All Hosts Are

SWITCH1#show mac address

          Mac Address Table

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

1      aaaa.aaaa.aaaa      DYNAMIC     Fa0/1

1      bbbb.bbbb.bbbb      DYNAMIC     Fa0/1

1      cccc.cccc.cccc      DYNAMIC     Fa0/2

1      dddd.dddd.dddd      DYNAMIC     Fa0/3

This results in an unusual scenario where A and B are found off the same port.  If A sends a frame to B, B will get a copy of the frame through the hub, as will the switch.  For clarity, I’ve removed C and D from the exhibit.

Host A Frame Is Forwarded To Host B AND Switch

Once the switch has checked its MAC table for both the source and destination MAC of this incoming frame, it will realize both addresses are found off the same port.

Source and Destination MAC Off Same Port

A switch will never send a frame back out the same port it came in on, so in this rare instance, the switch will filter (drop) the frame.

Let’s review those frame forwarding decisions:

  • Forwarding happens when the switch has an entry for the frame’s destination in its MAC address table. The frame is forwarded only via the port indicated in that MAC address table entry.
  • Flooding occurs when the switch has no entry for the frame’s destination in its MAC address table. With flooding, the frame is sent out every port except the port the frame came in on.
  • Filtering happens when the source and destination MAC addresses are located off the same port. Filtering = dropping.

To see frame forwarding and flooding in action, click that link to visit the previous lesson in this course.

Two very quick and important notes for you before we move forward:

  • Broadcast frames are intended for all hosts, and they have a destination MAC of all Fs (ff-ff-ff-ff-ff-ff, either upper or lower case.) They’re treated in the same manner as a flooded frame.
  • While static MAC address entries remain in the address table until they’re manually removed, dynamically learned addresses stay in the table for 5 minutes (300 seconds). That 5-minute timer is reset every time a frame comes in with that particular source MAC address on that same port.

When it comes to relying on a switch to build its MAC table dynamically rather than relying on static entries, there’s a huge benefit to a dynamic table that you won’t notice until something goes wrong.  We’ll see that scenario in action in the next lesson in this free Switching Fundamentals course.

Check out these additional CCNA and Network+ study tools while you’re here!

Chris Bryant’s CCNA YouTube Channel (Network+ Channel Coming In Dec. 2018)

CCNA and CCENT Tutorials Page (on this site)

Network+ Tutorials Page  (also on this site)

Three new study guides coming your way in the next 90 days!

Chris Bryant's CCNA 200-125 Study Guide

Chris Bryant's CCENT 100-105 Study Guide

Chris Bryant's Network+ N10-007 Study Guide