Network Switching Overview – CompTIA Network+ N10-007 – 1.3

The network switch is perhaps the most common piece of networking equipment in use today. In this video, you’ll learn how the switch makes forwarding decisions, how the switch reacts when it doesn’t know the destination of a frame, and how the ARP command can be used to validate a switch’s forwarding table.
<< Previous Video: Introduction to Ethernet Next: Broadcast Domains and Collision Domains >>

One of the most common network devices we use every day is our switch. Our switch is responsible for either forwarding or dropping frames on our network, based on the destination MAC address that’s inside of our Ethernet communication. If the switch sees traffic from a source MAC address, it makes a note of where it saw that traffic coming from so that later on, if any traffic was destined to that device, it would know exactly where to send it.

And because we connect many switches to each other in our larger networks, the switches are also responsible for making sure that there are no loops on the network. It does that by using a protocol called STP, or Spanning Tree Protocol.

Here’s a common network configuration. We’ve got a switch A in the middle of the network, and this switch has a number of fast Ethernet interfaces on it, and the fast Ethernet interfaces use the letter F to designate those interfaces. There’s also on this switch, a particular card where all of these interfaces are located. It’s card zero, and so you’ll see each one of these start with F0.

And then, each individual interface on this card will be numbered. So we have fast Ethernet on slot zero interface one. Slot zero, interface two. Interface three. Interface four. And interface five. We have five devices plugged into this device– Sam, Jack, Daniel, Teal, and the SGC server. And of course, each one of those devices has its own unique MAC address associated with each individual device.

Inside of the switch is a table that contains information that this switch has gathered over time. This table has a list of all of the MAC addresses that it has seen. And it has a list of all of the interfaces that are associated with those MAC addresses.

This means that when Sam wants to send information to the SGC server, Sam will put a frame on the network that says, I’d like to send information to the destination MAC address, 1000.5555.5555. That information is sent down to the switch. The switch then looks through its MAC address table and tries to find any place where it happens to match that destination MAC address.

And of course, we have a match, and that match is associated with an output interface, a fast Ethernet on slot zero, interface number five. So this switch knows to send that traffic down that particular interface where ultimately, it will end up at the destination address.

If this is a larger network, it might have multiple switches. For instance, a switch A and a switch B. We not only have fast Ethernet interfaces, some of these interfaces are gigabit communication that start with the letter G.

There are two separate MAC address tables– one for switch A and one for switch B. Switch A doesn’t know what’s inside the switch B MAC address table. And switch B doesn’t know what’s inside the switch A MAC address table. They all work independently from each other.

Let’s perform the same function, where Sam is sending information over to the SGC server. Sam will put a frame on the network that has the destination MAC address of 1000.5555.5555. And it goes to switch A. In all of these situations, the switch only knows where the next step is to be able to forward this frame.

Switch A will look through its MAC address table. Find a match for that destination MAC address. And see that the output interfaces on the gigabit network, slot A, port number two. And it simply sends that time frame out to that particular interface.

At this point, switch A has no idea what the next step is going to be, but that’s OK because switch B has now received that time frame and switch B will look through its own set of MAC addresses to find a match. And in this case, it’s found a match that says, it should send this particular frame to fast Ethernet slot zero, interface number five, to be able to have it reach the SGC server.

Being able to build this interface of MAC addresses and interface names is an important function for any switch. The switch is going to constantly be examining the incoming information into the switch. And it makes a note of the source MAC address associated with that traffic. When it sees that source MAC address, it can then, start filling in the MAC address table inside the switch.

So if Sam is going to send that information to the SGC server, let’s say, that we just turned on the switch and there’s no information that’s currently contained in the MAC address table of this switch. When Sam sends that information to the switch, the switch is going to look at the source MAC address, which is 1000.1111.1111, and it will recognize that it doesn’t currently have that address in its table. So it will add that address, and it will put the output interface up fast Ethernet zero slash one because that was the interface where it received that particular frame.

The same thing would occur if the SGC server was to send information because that source MAC address of 1000.5555.5555 also does not exist in the MAC address table. The switch makes a note of that new MAC address. And sees that it was coming from fast Ethernet zero slash five, and adds that to be related to the MAC address inside of its MAC address table.

In that previous example, the MAC address table did not have a list of the source or destination MAC addresses. So what happens if a MAC address destination comes into a switch and the switch has nowhere to send it? In that particular case, it floods the network with that particular traffic.

Let’s take the example of Sam sending that information to the SGC server. Sam puts traffic onto the network that will be destined for the SGC server. Since that MAC address table is currently empty, the first thing the switch is going to do is add that source MAC address to the interface where that information was received.

But notice that this particular MAC address table doesn’t have the destination MAC address. And in that case, the switch just decided the only way to make sure that traffic gets to the end station is to send it to all of the stations on this particular switch. And hopefully, it will be able to find its way once it’s received by all of the devices on the network.

On this network, this frame is received by Teal and Daniel and Jack, but notice that the destination MAC address doesn’t match either of their workstations. In that case, the Ethernet adapter on those workstations will simply drop this frame. The only frame that makes it through is the one that’s destined for the SGC server, where the destination MAC address and the MAC address of this device are the same.

Now, the traffic’s going to go the other direction. The SGC server will send information back to Sam. The source MAC address is going to be the SGC server and the destination MAC address is going to match Sam’s MAC address. When the SGC server sends that frame to the switch, the switch also determines that that particular MAC address does not exist inside of its table so we’ll add the SGC server.

And of course, it already knows what the MAC address is of Sam’s device because it made that entry when the traffic was going to the SGC server from the beginning. In that particular case, the frame can be directed to Sam without having to flood all of the other interfaces on the network.

Your work station has a similar function that it uses to be able to find the MAC addresses of those devices across the network. It does this by sending an Address Resolution Protocol broadcast, asking for the MAC address of a particular IP that happens to be on the network. These ARP requests occur behind the scenes, but if you have a Packet Analyzer, you can capture these ARP requests. And you can see exactly the sender’s IP request, the target IP request, and you can see what MAC address is being sent as the response to that particular ARP.

You can also look at the command line on your computer, to see the ARPs that may be already existing in the ARP cache for your computer. To be able to view those, you would use the command ARP-A. If we perform that ARP-A on my computer, you can see there are a number of IP addresses that I have communicated with on this network. And you can see the MAC address that’s associated with every single one of those IP addresses.