Network switches are hardware devices which provide OSI layer 2 connectivity between devices. They are used to build networks networks – as opposed to routers which are used to connect networks. Here we will focus on Ethernet switching although other types of switch exist – such as ATM and Frame Relay.

In terms of TCP/IP, basic switches don’t understand IP at all. The identities that switches use for communication are device MAC addresses. In a small network, a switch might just connect to user devices and servers but in a large network, they will also connect to other switches to create large networks maybe across multiple floors in a building. In order to connect all of these devices, switches can have a lot of interfaces, also known as switchports (ports), of different speeds such as Fast Ethernet and Gigabit Ethernet. Switches sometimes have a modular design allowing you to add more ports as needed without having to buy a whole new switch.

What do switches do?

Switches have three purposes in life:

  1. Learning MAC addresses

  2. Filtering, forwarding and flooding frames

  3. Avoiding loops

For now, we won’t worry about how switches avoid loops – just know that they can.

How do switches learn MAC Addresses?

Switches have a MAC address table - also known as a Forwarding Information Base (FIB). It can also be called a CAM table (due to the Content Addressable Memory that it may be stored in). The MAC address table simply lists the MAC addresses that the switch has seen frames from (i.e. in the source address field) and which switchport it is reachable on.

MAC Address Table

01:ab:23:cc:45:dd Gi0/3

01:ab:23:ee:45:ff Gi0/5

When you first turn on a new switch, this table will be empty. Every time the switch receives a frame:

  1. It looks at the source address

  2. if that isn’t in the CAM table then it gets added, along with the port that the frame was received on.

Remember – MAC address learning is based solely on the source address of Ethernet frames it receives.

Filtering and Forwarding Ethernet Frames

Switches receive Ethernet frames and can do one of three things with each frame:

  • Forward out of a single interface.

  • Flood out of all interfaces (except the one that the frame came in on).

  • Filter the frame by ‘dropping’ it.

It decides what to do based on the destination MAC address of the frame. The process will vary depending on whether it is a unicast, broadcast or multicast address. For now we will focus on the first two cases.

Unicast Frames

First, the switch looks up the destination address in its MAC address table. And what happens next depends on whether the destination address has an entry in the table or not.

Known Addresses

If the destination MAC address is already in the MAC address table then the switch will forward this frame out of the port associated with that address in the table.

Unknown Addresses

If the destination MAC address isn’t in the FIB then the switch will ‘flood’ a copy of the frame out of each port except the port that it came in on. This makes sure that if the destination is reachable from the switch then the frame should get to it. If the destination replies then the switch will ‘learn’ it’s address and port so that future frames don’t need to be flooded out to every reachable device.

Broadcast Frames

If the switch receives a frame with the broadcast MAC address set as the destination (FF:FF:FF:FF:FF:FF) then it will flood the packet out of all interfaces (except the interface the frame was received on). This ensures that frame is ‘broadcast’ to all devices connected to the switch.

Related Courses

Learn all about Ethernet LANs and network switching.

Other Related Skills

CDP and LLDP are similar layer two protocols for discovering information about neighboring devices.
Collision and broadcast domains are important properties of an Ethernet network.