If a recently reset switch that has 4 hosts, A-D, has information in its MAC table of all the hosts except for D, and host A sends a frame to host D, would the switch be smart enough to know that by process of elimination, it does not need to flood the network segment with a broadcast of that frame to get the destination MAC address?

I am currently studying for the N+ and I learned that a switch will always broadcast for the addresses it needs that are not currently in its table, so I was just wondering. It seems like they would be smart enough to know not to broadcast to the hosts of known addresses.

Thanks,
John

I'll start this explanation with a minor clarification. If a switch hasn't learned the MAC address that's in the destination address of a packet, it will retransmit (not broadcast) the frame to every port. This repeating of data is fundamentally different than a MAC layer broadcast, which is a packet that is retransmitted to all ports on a switch regardless of the switch's learned MAC address table.

In your scenario above, the problem is that the switch doesn't know the MAC address of whatever is plugged into that last port. The switch can't assume anything. What if host A is actually sending a frame to the MAC address of host E, which isn't even on the network? If the switch incorrectly identifies the MAC addresses associated with a port, the entire switching process will be broken.

You also can't assume that one port=one device. It's very common to connect (or "uplink") switches together, which means that a single port on a core switch might service hundreds of MAC addresses! Eventually the switch learns about all of them, but it might take some time before that happens. The retransmission of the frame across every port helps during this learning process.

We have this weird tendency in our industry to name normal-everyday-and-completely-necessary functions after some type of disaster (i.e., collision, flood). The transmissions of unknown MAC address destinations to every port is a normal part of the switching process and it shouldn't be considered a "bad thing."

As an aside, you usually don't see the scenario you described because the source device has already sent an ARP for the destination device as a MAC layer broadcast. If the destination device for the ARP is on the IP subnet, it will have already sent a reply with it's MAC address. Once the destination device responds to the ARP, the switch sees the conversation and adds the source MAC address of the ARP response to its lookup table. The ARP discovery conversation goes something like this:

----

Device A: I need to send some information to device D. I have his IP address, but not his MAC address. I wonder what his MAC address is? I'll send an ARP to find out. Hello everyone, is device D out there? Here's his IP address. If you are device D, please respond back with your MAC address.

Device D: Hi Device A, nice to hear from you, here's my MAC address if you want to talk directly to me. Since I'm sending this frame directly back to you, our layer 2 switch will now see my traffic and add my MAC address to its lookup table.

Device A: Thanks for the reply, Device D. I've also added you to my local ARP table and now I can talk to you directly through your MAC address.

----

This is a process that happens constantly on every network around the world. You can't talk to other devices on your local network unless you know their MAC address, so the ARP process is a fundamental part of networking.

Want to see what MAC addresses your system knows? Pop out to a command prompt and run "arp -a" on Windows or just "arp" in Linux.

Professor,

Thank you so much for the detailed response. I am growing to love networking more and more. You are a big part of that and I really can't thank you enough.

Do I need to learn how to configure routers/switches for the N+ using commands like "enable" and "config t", "hostname x", etc.? Will they ask me how to configure a VLAN or ACLs? I am at the point now where I need some good practice questions, and lots of them, but I can't seem to find any for the N10-004, just the 003. The A+ exams had a really good question book by ExamCram2 with 850 questions. Not sure what to use for the 004.

Thanks again,
John

You won't need to know any detailed configuration commands for any manufacturer's switches. Every switch does this differently (even switches from the same manufacturer), and no one person out there knows how to configure every switch on the market. You won't need to know how to configure a VLAN or ACL, but you will need to understand the concepts at a high level.

You'll need to know how to architect a proper VLAN configuration, how trunking works, and how the process works under the surface.

From a filtering perspective, you'll need to know the difference between a MAC layer filter, an IP layer filter, and filtering at the application layer. You won't need to know detailed syntax of a manufacturer's ACL implementation, but you will need to understand why and how you'd use one.