Ethernet Switching
How Ethernet switches learn MAC addresses and forward frames in modern networks.
The Evolution from Hubs to Switches: Solving Network Chaos
To understand the revolutionary impact of the Ethernet switch, we must first recall the significant limitations of its predecessor, the hub. A hub is a simple device that operates at the physical layer (Layer 1). Its only job is to receive an electrical signal on one port and regenerate and broadcast it out to every other port. This creates a "logical bus," where all connected devices share a single communication channel.
This shared environment resulted in several critical problems:
- Collisions: When two devices tried to transmit simultaneously, their signals corrupted each other, forcing them to stop and retransmit.
- Wasted Bandwidth: The total bandwidth of the network was shared among all devices, so performance degraded rapidly as more devices became active.
- No Security: Every device on the hub could "hear" all the traffic, making it easy to eavesdrop on conversations between other devices.
The Ethernet switch was invented to solve these problems. It introduces intelligence into the local network, transforming it from a chaotic shouting match into a series of private, direct conversations.
What is an Ethernet Switch? The Intelligent Traffic Director
An Ethernet switch is an intelligent networking device that operates at Layer 2 (the Data Link Layer) of the OSI model. This is the crucial difference from a hub. Because it operates at Layer 2, a switch understands the concept of an Ethernet frame and, most importantly, can read the addresses contained within it.
The primary job of a switch is to receive incoming frames and make intelligent decisions about where to forward them. Instead of blindly broadcasting frames to all ports like a hub, a switch directs each frame only to the specific port that leads to the intended destination device. This process is known as microsegmentation, as the switch effectively breaks a large, single collision domain into many smaller, individual domains, one for each port.
The Heart of the Switch: The MAC Address Table
The "brain" of an Ethernet switch is its MAC address table. This is a special table stored in the switch's memory that acts as a directory for the local network. It maps the unique hardware address of each connected device to the physical port on the switch to which that device is connected.
This table is also sometimes referred to as a CAM (Content-Addressable Memory) table, reflecting the high-speed memory hardware often used to implement it. A typical MAC address table contains entries with the following information:
Sample MAC Address Table
This view captures the result of the learning process after a few frames have traversed the switch.
| VLAN | MAC address | Type | Port | Age | Notes |
|---|---|---|---|---|---|
| 10 | 0030.A3CB.87C5 | Dynamic | Fa0/1 | 00:45 | HP ProBook (learned 45 s ago) |
| 10 | 7C8A.20F1.9B11 | Dynamic | Fa0/2 | 01:52 | IP phone in Finance |
| 20 | B025.AA04.1130 | Dynamic | Fa0/5 | -- | Network printer (actively sending ARP) |
| 99 | 0019.EAFF.0100 | Static | Gi0/1 | N/A | Uplink to distribution switch |
Dynamic entries expire after 300 seconds without traffic; the highlighted row represents the most recently learned device.
| Column | Description |
|---|---|
| MAC Address | The unique 48-bit hardware address of the connected device. |
| Port | The physical port number on the switch where the device with this MAC address is located. |
| Type | Indicates how the entry was learned. Dynamic entries are learned automatically, while Static entries are manually configured by an administrator. |
| VLAN (optional) | The Virtual LAN identifier associated with the port, used in more advanced network segmentation. |
The Learning Process: How a Switch Builds its Table
A new switch, when first powered on, has an empty MAC address table. It doesn't magically know where any devices are. Instead, it builds its table dynamically through a passive, intelligent learning process.
This process relies on a simple, yet powerful, principle: every Ethernet frame has a source MAC address. The switch uses this fact to learn the layout of the network. The process is as follows:
- Frame Arrival: An Ethernet frame arrives on one of the switch's ports (e.g., Port Fa0/1).
- Inspect Source MAC Address: The switch examines the header of the frame and reads the source MAC address. Let's say the source is
0030.a3cb.87c5. - Consult MAC Address Table: The switch looks in its table to see if it already has an entry for
0030.a3cb.87c5. - Learn or Refresh:
- If the address is NOT in the table: The switch concludes, "A device with MAC address
0030.a3cb.87c5is located on the other end of Port Fa0/1." It then creates a new dynamic entry in its table, associating that MAC address with that port number. - If the address IS already in the table: The switch knows the device's location. It simply resets an internal aging timer for that entry. This timer ensures that entries for devices that are no longer on the network are eventually removed.
- If the address is NOT in the table: The switch concludes, "A device with MAC address
The switch repeats this process for every single frame that enters it. Over a short period, as devices on the network communicate, the switch quickly and automatically populates its MAC address table, building a complete map of the local network topology without any manual configuration.
The Forwarding Decision: Filter, Forward, or Flood
Once the switch has started learning addresses, it can begin making intelligent decisions about what to do with incoming frames. After learning from the source MAC address, the switch's next step is to examine the destination MAC address of the frame. Based on this, it takes one of three actions:
1. Forwarding (Known Unicast)
This is the ideal and most common scenario. The switch receives a frame destined for a known MAC address.
- A frame arrives on Port Fa0/1, destined for a device with MAC
00d0.bab8.8516. - The switch performs a lookup in its MAC address table.
- It finds an entry:
00d0.bab8.8516is located on Port Fa0/4. - The switch then transmits the frame only out of Port Fa0/4. No other ports receive the frame.
This creates a temporary, dedicated point-to-point connection between the source and destination ports for the duration of that frame's transmission, providing dedicated bandwidth and security.
2. Flooding (Unknown Unicast)
This occurs when the switch receives a frame destined for a MAC address that is not yet in its MAC address table. Since the switch does not know which port to send the frame to, it must resort to a method similar to a hub.
- A frame arrives on Port Fa0/1, destined for MAC
00e0.f9cd.3908. - The switch performs a lookup in its table and finds no entry for this address.
- The switch then floods the frame: it makes a copy and sends it out every single port except for the one it came in on.
The intended recipient will receive the frame and likely send a reply. When that reply comes back, the switch will learn the location of 00e0.f9cd.3908 from its source MAC address, and future frames to that device will be forwarded, not flooded. Broadcast frames (destination FF:FF:FF:FF:FF:FF) and multicast frames are also always flooded.
3. Filtering (Same-Port Destination)
This is a less common but logical scenario. The switch receives a frame where the destination MAC address is located on the same port that the frame arrived on.
- A frame arrives on Port Fa0/3 from a device connected to a hub, which is then connected to the switch. The frame is destined for another device on the same hub.
- The switch inspects the destination MAC and finds in its table that this MAC is also reachable via Port Fa0/3.
- The switch knows there is no need to transmit the frame back out the same port it came from. It simply filters, or discards, the frame.
Key Advantages of Ethernet Switching
The intelligent frame forwarding performed by switches directly solves the fundamental problems of hubs, leading to dramatically improved network performance and security.
Elimination of Collisions
The most significant benefit of switching is the segmentation of collision domains. Each switch port creates its own isolated collision domain. This means that a 24-port switch creates 24 separate collision domains. Collisions can now only occur on a half-duplex link if the device and switch both try to transmit at once, which is rare. For all practical purposes in modern networks, switches eliminate collisions.
Full-Duplex Communication
Since collisions are eliminated, devices no longer need to listen while talking (the CD part of CSMA/CD is turned off). This allows for full-duplex operation, where a device can send and receive data simultaneously on separate wire pairs. This effectively doubles the potential bandwidth of a link (e.g., a 100 Mbps link becomes 200 Mbps of aggregate throughput).
Dedicated Bandwidth
Unlike a hub, which forces all devices to share the total bandwidth, a switch provides dedicated bandwidth for each port. When Host A communicates with Server C on a 1 Gbps switch, they have a dedicated 1 Gbps channel for their communication. At the same time, Host B can communicate with Server D, also at a full 1 Gbps, without impacting the first conversation. This provides enormous performance scalability.
Enhanced Security
Because switches forward frames only to the intended destination port, other devices on the network do not see the traffic. This prevents casual eavesdropping with a packet sniffer and dramatically improves the privacy and security of the local network compared to an insecure hub-based environment.