SkarpSkarp

Chapter 8 of 29

Switching Foundations: MAC Address Tables, Frames, and Basic Configuration

See how switches learn MAC addresses, forward frames, and build Layer 2 domains, then configure basic switch settings that underpin more advanced features.

27 min readen

Where Switching Fits: From Wires to Frames

Layers Recap

Cables and interfaces handle bits at Layer 1, switches decide which port a frame uses at Layer 2, and routers decide which network a packet goes to at Layer 3.

What a Switch Does

A switch receives Ethernet frames, learns which MAC addresses are on which ports, and forwards frames only out the correct port instead of flooding them everywhere.

Why It Matters

MAC learning and forwarding underpins VLANs, STP, and security. Basic switch setup (hostname, management IP, remote access) is often your first real config task.

Your Goals Here

You will learn MAC tables, collision vs broadcast domains, basic management configuration, and neighbor discovery using CDP and LLDP, aligned with current CCNA topics.

Inside a Frame: MAC Addresses and Switch Decisions

Ethernet Frame Basics

An Ethernet frame includes destination MAC, source MAC, EtherType/Length, payload, and FCS. Switches mainly care about the source and destination MAC fields.

MAC Address Format

A MAC address is 48 bits, commonly shown as 6 hex pairs like 00:1A:2B:3C:4D:5E or 001A.2B3C.4D5E. Cisco devices often use the dotted-quad format.

Unicast, Broadcast, Multicast

Unicast targets one MAC, broadcast uses FF:FF:FF:FF:FF:FF for all hosts in the broadcast domain, and multicast targets a group of hosts using special MAC ranges.

Forwarding Decisions

The source MAC tells the switch where that device is located; the destination MAC tells the switch where to send the frame or whether it must flood it.

How Switches Learn: Building the MAC Address Table

What Is a MAC Table?

The MAC address table (CAM table) maps MAC addresses to switch ports and VLANs, letting the switch know which port leads to which device.

Learning Process

When a frame arrives, the switch records the source MAC, the incoming port, and the VLAN, updating its MAC table with that association and a timestamp.

Aging and Static Entries

Dynamic MAC entries age out after an idle period (often 300 seconds). Static MAC entries are configured by admins and do not age out.

Key Exam Trap

Switches learn MAC addresses only from the source MAC field, never from the destination MAC. CCNA questions often test this specific detail.

Forwarding, Flooding, and Filtering: A Walkthrough

Initial Flooding

When PC A first sends a frame to PC B, the switch learns A’s MAC on F0/1 but does not yet know B’s MAC, so it floods the frame out all other ports in that VLAN.

Learning B’s MAC

When B replies, the switch learns B’s MAC on F0/2 and now has entries for both A and B, so future frames between them are sent only on F0/1 and F0/2.

Adding C to the Table

When C sends a frame to B, the switch learns C’s MAC on F0/3 and forwards the frame only to F0/2 because it already knows where B is located.

Filtering Behavior

Switches drop frames that would be sent back out the same port they arrived on, and they do not forward a unicast frame to ports where the destination MAC is not located.

Collision Domains vs Broadcast Domains

Collision Domains

A collision domain is where Ethernet collisions can occur. With full-duplex switches, each switch port is its own collision domain, eliminating shared collisions.

Broadcast Domains

A broadcast domain is the set of devices that receive a Layer 2 broadcast. By default, all ports in a switch VLAN share a broadcast domain until a router boundary.

Switches vs Routers

Switches reduce collision domains by giving each port its own domain but do not shrink broadcast domains by default. Routers separate broadcast domains.

Exam Angle

Expect questions asking how adding a switch or router changes the number of collision and broadcast domains, or how far an ARP broadcast travels.

Basic Switch Setup: Console, Hostname, and Management IP

Console Access

You initially manage a switch via the console port using a terminal emulator, typically at 9600 bps, then enter enable and configure terminal modes.

Set Hostname

Use global configuration: `hostname SW-Access-1` to give the switch an identifiable name that appears in the CLI prompt and configs.

Management IP on SVI

On a Layer 2 switch, assign the management IP to a VLAN interface, e.g. `interface vlan 1`, then `ip address 192.168.10.2 255.255.255.0` and `no shutdown`.

Default Gateway for the Switch

Configure `ip default-gateway 192.168.10.1` so the switch itself can reach remote management hosts via its router for that subnet.

Securing and Enabling Remote Access: Console, VTY, and SSH

Console and Enable Security

Protect local access by setting a console line password with `login` and an encrypted `enable secret` for privileged EXEC mode.

Local User for SSH

Create a user with privilege 15 and a secret password, e.g. `username admin privilege 15 secret Adm1nP@ss`, for SSH authentication.

VTY Lines for SSH

On lines vty 0 4, configure `transport input ssh` and `login local` so remote sessions must use SSH and authenticate with local user accounts.

SSH Keys and Domain

Set a domain name and generate RSA keys with `crypto key generate rsa modulus 2048`, then verify SSH using `show ip ssh` and a test connection.

Discovering Neighbors: CDP and LLDP

What CDP Does

Cisco Discovery Protocol (CDP) is Cisco proprietary and advertises info like hostname, platform, IP, and port ID to directly connected Cisco neighbors.

CDP Commands

Use `show cdp neighbors` and `show cdp neighbors detail` to see neighbors, and `no cdp run` or `no cdp enable` to disable CDP globally or per interface.

What LLDP Does

Link Layer Discovery Protocol (LLDP) is an IEEE standard for multi-vendor neighbor discovery. It provides similar info to CDP across different vendors.

LLDP Commands

Enable LLDP with `lldp run` globally and `lldp transmit`/`lldp receive` per interface, then view neighbors with `show lldp neighbors`.

Thought Exercise: Tracing Frames and Domains

Use this mental lab to connect concepts.

Scenario

  • A 24-port switch, all ports in VLAN 1.
  • PC1 on F0/1, PC2 on F0/2, PC3 on F0/3.
  • Router R1 on F0/24, acting as the default gateway for 192.168.1.0/24.

Part 1: Collision and broadcast domains

  1. How many collision domains exist?
  • Hint: think "per switch port".
  1. How many broadcast domains exist on this switch?
  • Hint: consider VLANs and router boundaries.

Part 2: Frame journey

  1. PC1 sends an ARP request for R1's IP. Describe:
  • What destination MAC is used.
  • Which ports on the switch see this frame.
  1. R1 replies with an ARP reply to PC1. Describe:
  • How the switch forwards this frame.
  • Which MAC addresses the switch learns or refreshes.

Part 3: Troubleshooting twist

  1. Suppose PC1 can ping PC2 but not R1. The switch's MAC table shows entries for PC1 and PC2, but not for R1. What are two likely causes?
  • Think about cabling, VLANs, and R1's interface status.

Write out your answers, then compare with model reasoning:

  • Collision domains: one per port (24).
  • Broadcast domains: one (VLAN 1) on the switch side.
  • ARP request: broadcast MAC, flooded to all VLAN 1 ports including F0/24.
  • ARP reply: unicast from R1 to PC1, forwarded only between F0/24 and F0/1, refreshing both MAC entries.
  • Missing R1 MAC: maybe R1's interface is down or in a different VLAN/subnet.

Quiz 1: MAC Learning and Forwarding

Check your understanding of MAC tables and frame handling.

A switch receives a unicast frame on port F0/5 with source MAC 1111.1111.1111 and destination MAC 2222.2222.2222. The MAC table currently has only one entry: VLAN 1, MAC 1111.1111.1111, Port F0/3, Type dynamic. What does the switch do first?

  1. Floods the frame out all ports in VLAN 1 except F0/5, without learning anything
  2. Updates the MAC table to associate 1111.1111.1111 with F0/5, then floods the frame in VLAN 1
  3. Updates the MAC table to associate 2222.2222.2222 with F0/5, then forwards the frame to F0/3
  4. Drops the frame because the source MAC conflicts with the existing entry
Show Answer

Answer: B) Updates the MAC table to associate 1111.1111.1111 with F0/5, then floods the frame in VLAN 1

Switches always learn from the source MAC. The existing entry for 1111.1111.1111 on F0/3 is now incorrect, so the switch overwrites it with F0/5. Because the destination MAC 2222.2222.2222 is unknown, the switch then floods the frame out all other ports in the VLAN. It does not learn from the destination MAC, and it does not drop the frame for a simple move.

Quiz 2: Domains and Management Access

Test your understanding of collision/broadcast domains and basic switch config.

You add a new 48-port Layer 2 switch into a flat network with no VLANs configured (all ports in VLAN 1). You connect 40 PCs and one router acting as the default gateway. How many collision domains and broadcast domains exist on this switch, and what must you configure so you can SSH into the switch from a remote subnet?

  1. 1 collision domain, 1 broadcast domain; configure an IP address on a physical port and a default route
  2. 48 collision domains, 48 broadcast domains; configure an SVI IP and `ip route 0.0.0.0 0.0.0.0`
  3. 48 collision domains, 1 broadcast domain; configure an SVI IP in VLAN 1 and `ip default-gateway` pointing to the router
  4. 1 collision domain, 48 broadcast domains; configure a loopback IP and enable CDP
Show Answer

Answer: C) 48 collision domains, 1 broadcast domain; configure an SVI IP in VLAN 1 and `ip default-gateway` pointing to the router

Each switch port is its own collision domain, so there are 48 collision domains. With all ports in VLAN 1, there is a single broadcast domain on the switch. To manage a Layer 2 switch remotely, you assign an IP address to a VLAN interface (SVI), often VLAN 1 in simple labs, and configure `ip default-gateway` with the router's IP for that subnet so the switch can reach remote networks via that router.

Key Term Flashcards: Switching Basics

Flip through these cards to reinforce core terms before moving on.

MAC address table (CAM table)
A switch's internal database that maps learned MAC addresses to specific switch ports and VLANs, enabling efficient Layer 2 forwarding of Ethernet frames.
Collision domain
A network segment where a single Ethernet collision can affect all devices on that segment. In modern full-duplex switched networks, each switch port is its own collision domain.
Broadcast domain
The set of devices that receive a Layer 2 broadcast frame. By default, all ports in the same VLAN on a switch are in the same broadcast domain, and routers separate broadcast domains.
Unicast vs broadcast frame
A unicast frame is addressed to a single destination MAC and should be forwarded only to the corresponding port. A broadcast frame uses destination MAC FF:FF:FF:FF:FF:FF and is flooded to all ports in the VLAN except the incoming port.
CDP (Cisco Discovery Protocol)
A Cisco proprietary Layer 2 discovery protocol that advertises information such as device ID, platform, IP addresses, and port ID to directly connected Cisco neighbors.
LLDP (Link Layer Discovery Protocol)
An IEEE 802.1AB open-standard Layer 2 discovery protocol used to advertise and discover information about directly connected network devices in multi-vendor environments.
Management SVI
A Switch Virtual Interface (SVI), such as interface vlan 1, that is assigned an IP address so that a Layer 2 switch can be managed remotely using protocols like SSH.
ip default-gateway (on a Layer 2 switch)
The configuration command that specifies the router IP address used by the switch itself to send management traffic to remote networks.

Key Terms

CDP
Cisco Discovery Protocol, a Cisco proprietary Layer 2 discovery protocol used to learn information about directly connected Cisco devices.
SVI
Switch Virtual Interface, a logical Layer 3 interface on a switch (such as interface vlan 1) that can be assigned an IP address for management or routing.
LLDP
Link Layer Discovery Protocol, an IEEE 802.1AB open-standard Layer 2 discovery protocol for multi-vendor neighbor discovery.
Aging time
The period of inactivity after which a dynamic MAC address entry is removed from the MAC address table if no frames are seen from that MAC.
Unicast frame
An Ethernet frame addressed to a single destination MAC address.
Broadcast frame
An Ethernet frame with destination MAC FF:FF:FF:FF:FF:FF, delivered to all devices in the same Layer 2 broadcast domain.
Broadcast domain
The set of devices that receive a Layer 2 broadcast frame. By default, all ports in the same VLAN on a switch are in the same broadcast domain, and routers separate broadcast domains.
Collision domain
A network segment where a single Ethernet collision can affect all devices on that segment. In modern full-duplex switched networks, each switch port is its own collision domain.
MAC address table
A switch's internal database that maps learned MAC addresses to specific switch ports and VLANs, enabling efficient Layer 2 forwarding of Ethernet frames.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself