MAC Address Table Tutorial - Part 2: Frame Filtering
While this isn't a setup you'll frequently encounter in real-world networking, it serves as a great illustration of when and why a switch might drop a frame. With the MAC table fully populated, the switch has received frames from every connected host. Below the exhibit, you'll see the complete MAC address table, which reflects this fully populated state. This setup allows us to explore the conditions under which the switch will filter (drop) frames, a key part of switching behavior.
Here's the current state of the MAC address table on the switch:
In this scenario, both Host A and Host B are connected to the same port (Fa0/1) via a hub. This creates an interesting situation where Host A sends a frame to Host B. Since both hosts are on the same physical segment, Host B will receive a copy of the frame directly through the hub; however, the switch will also receive the frame.
Here's where the switch's filtering behavior comes into play. Since the switch recognizes both Host A and Host B as being on the same port (Fa0/1), it knows that there's no need to forward the frame again. As a result, the switch will drop the frame instead of forwarding it, conserving resources and avoiding unnecessary traffic. This filtering action is a key features of how switches optimize network performance, particularly in situations involving shared ports like this one.
Once the switch checks its MAC table for both the source and destination MAC addresses of the incoming frame, it will realize that both addresses (Host A and Host B) are associated with the same port (Fa0/1). Since the switch knows that both devices are on the same port, it understands that there's no need to forward the frame to other ports.
This scenario prompts the switch to filter (drop the frame instead of forwarding it, because it recognizes that the frame has already been delivered to the destination host via the hub. This efficient filtering process helps reduce unnecessary traffic and preserves network resources at the same time.
A switch will never send a frame back out the same port it came in on, which is why, in this rare instance, the switch will filter, or drop, the frame.
Let's review the frame forwarding decisions:
- Forwarding: This occurs when the switch has an entry for the frame's destination in its MAC address table. The frame is then forwarded only through the port indicated in that entry.
- Flooding: Flooding happens when the switch does not have an entry for the frames destination in its MAC address table. In this case, the frame is sent out to every port except the port it came in on.
- Filtering: This occurs when both the source and destination MAC addresses are associated with the same port. In such cases, the switch filters (drops) the frame.
To see examples of frame forwarding and flooding in action, click that link to revisit the previous lesson in this tutorial series.
A couple of important notes before we proceed:
1. Broadcast Frames: These are intended for all hosts and have a destination MAC address of all Fs (ff-ff-ff-ff-ff-ff, FF-FF-FF-FF-FF-FF or ff;ff:ff:ff:ff:ff, FF:FF:FF:FF:FF:FF)in either upper or lower case, or both). They are treated like flooded frames, being sent out to all ports.
2. MAC Address Table Timing: Static MAC address entries remain in the table until they are manually removed, while dynamically learned addresses stay in the table for 5 minutes (300 seconds). This timer resets every time a frame with that particular source MAC address arrives on the same port. If the MAC address does not match, this is where you should have port security using MAC address stickies should kick in.
They key advantages of relying on a switch to build its MAC table dynamically, rather than using static entries, becomes evident when something goes awry. We'll explore that scenario in the next lesson.
Rate This Article
Thanks for reading: MAC Address Table Tutorial - Part 2, Sorry, my English is bad:)