What happens when a switch needs to forward an Ethernet frame with a destination MAC address that it does not know?

As we learned in the previous lesson, the first step in switches' operational logic is to receive an Ethernet frame from the transmitting node. Depending on the type of switching methodology in use, the switch needs to receive and examine a different number of bytes before going to the next operational step and ultimately switch the frame to the outgoing port or ports. There are two main switching modes supported on Cisco switches:

• Cut-Through mode, which has two forms:
  • Fragment-free switching
  • Fast-forward switching
• Store-and-Forward mode

Both switching modes base their forwarding decisions on the destination MAC address of the Ethernet frames. They also learn MAC addresses and build their MAC tables as they examine the source MAC address (SMAC) fields in the Ethernet header as frames are being forwarded. These switching modes differ in how much of the frame must be received and examined by the switch before the frame start being forwarded out the egress port. 

Figure 1 compares each of the three modes and shows how much information must be received in each mode. Let's look at each one in detail.

Store-and-Forward Mode

Historically, the first widely used forwarding method at the Ethernet layer was referred to as "store-and-forward" switching. In this switching method, the frame has to be received entirely before a forwarding decision is made based on destination MAC address lookup. Once received and buffered, the switch will compare the FCS field of the frame against its frame-check-sequence (FCS) calculations to ensure the integrity and correctness of the data. If the CRC values don't match, the frame is marked as invalid and dropped. If the values match, the destination and the source MAC addresses are examined before the frame is forwarded.

This method creates higher latency than the other three and discards frames smaller than 64 bytes(runts) and larger than 1518 bytes (giants) by default.

Figure 2 shows an example of a switch receiving a frame and validating its integrity. Note that it is first received in its entirety before the next actions are performed.

Cut-Through Switching

Ethernet switch that uses cut-through switching can make a forwarding decision as soon as it gets the first couple of bytes of the incoming frame. The switch does not have to wait for the rest of the frame to start switching the frame to the outgoing port.

Fragment-Free Mode

Switches operating in this mode must receive and examine the first 64 bytes of the frame and then make a forwarding decision. Why they need exactly 64 bytes? In an Ethernet LAN, collision fragments are detected in the first 64 bytes. This switching mode is no longer widely used these days, so we only mention it for reference.

Fast-forward switching (referred to just as cut-through)

A cut-through switch can make a forwarding decision as soon as it gets the destination MAC address of the frame, which means it needs only the first 6 bytes. It does not have to wait for the rest of the Ethernet frame to make its forwarding decision. An example of this behavior is shown in Figure 3.

However, more sophisticated cut-through switches today do not necessarily take this approach. They may parse an incoming frame until they have enough information from the frame content to perform all additional features. For example, if there is an Access Control List (ACL) configured on the interface, the switch must receive the frame up to the IP and transport-layer headers (20 bytes for IPv4 header and 20bytes for TCP header) to match the information there against the interface access list. This means a total of 54 bytes up to that point. Another example would be if there is a quality of service (QoS) configured or any other advanced feature.

Unlike store-and-forward switching, cut-through switching does not drop invalid Ethernet frames. They get forwarded to the next nodes until some device along the path invalidates the FCS of the frame and drops it. 

A primary advantage of this switching approach is that the amount of time the switch takes to start forwarding the packet (referred to as the switch's latency) is way lower than store-and-forward switching.

Configuring and Verifying switching modes

Most modern switch platforms come with cut-through switching mode enabled by default. You can check that using the show switching-mode command.

If you want to enable the store-and-forward mode, you can use the following simple procedure. 

In Summary

So in summary, the most important points about the different switching modes are:

• In store-and-forward mode, switches receive and store the entire frame before making any operational decision. This approach is good for keeping the integrity and validity of the frames but creates additional network latency.
• In cut-through switching mode, switches receive only a fraction of the frame and immediately start making a forwarding decision. In this approach, switches do not drop invalid frames but forward them to the next node. However, the network latency is lower than with the store-and-forward approach.

You may have noticed that every piece of hardware on your local network has a MAC address in addition to the IP address. Except for switches which have switch MAC address, all devices that connected to the Internet have this unique identifying number, from desktop computers, laptops, cell phones, tablets to wireless security cameras, and even your connected refrigerator have a MAC address. So, why does your network devices need two addresses to connect to a network? Isn’t an IP address sufficient? What exactly is that MAC address for?

To put the MAC (Media Access Control) address in layman’s terms, you can think of the MAC address as your unique digital fingerprint, which is one of a kind in the world. A MAC Address is given by the manufacturer and it is embedded in the chip that allows your device to connect to a network. For a network switch, it is likely to have many MAC addresses, since one MAC address is assigned to every interface on the switch.

An Overall View of Mac Address

A MAC address, also known as “hardware address” or “physical address”, is a binary number used to uniquely identify computer network adapters. Packets that are sent on the Ethernet are always coming from a MAC address and sent to a MAC address. If a network adapter is receiving a packet, it is comparing the packet’s destination MAC address to the adapter’s own MAC address. If the addresses match, the packet is processed, otherwise it is discarded. Traditional MAC addresses are 12-digit hexadecimal numbers. The leftmost six hexadecimal digits of the address correspond to a manufacturer's unique identifier, while the rightmost six digits correspond to the serial number of the network interface card (NIC).

MAC vs IP Address Relationship

Initially it might seem that IP addresses and MAC addresses are redundant because both are unique identifiers of networked devices, but they actually serve different purposes, and are visible in very different ways. MAC operates at Layer 2 of the OSI model while IP operates at Layer 3.

MAC addresses are typically used only to direct packets from one device to the next device as data travels on a network. That means that the MAC address of your computer’s network adapter travels the network only until the next device along the way. If you have a router, then your machine’s MAC address will go no further than that. While when your computer wants to send a packet to some IP address x.x.x.x, then the first check is if the destination address is in the same IP network as the computer itself. If x.x.x.x is in the same network, then the destination IP can be reached directly, otherwise the packet needs to be sent to the configured router. So do you see what’s going on? The MAC address just gets the data packet to the next device but the IP address is responsible for getting it to the ultimate destination.

What Do Switches Use Mac Address For?

Switches are unlike hubs or repeaters. A hub simply rebroadcasts every signal on every port to every other port, which (while inefficient and slow) is easy to create. A switch, on the other hand, intelligently directs traffic between systems by routing packets only to their proper destination. To do this, it keeps track of the MAC addresses of the NICs plugged into each port. MAC addresses need to be unique or at least highly unlikely to be repeated for switches to identify different ports and devices, which is why manually setting a MAC address can have unexpected consequences in a switched network. Switches usually have a bunch of MAC addresses reserved in its MAC address table. When forwarding a frame, the switch first looks up the MAC address table by the destination MAC address of the frame for the outgoing port. If the outgoing port is found, the frame is forwarded rather than broadcast, so broadcasts are reduced.

How Do Switches Learn Mac Address?

Since a switch has some intelligence, it can build the MAC address table automatically. The following part will illustrate how a switch learns MAC addresses.

There’s a switch in the middle and we have 3 computers around. All computers have a MAC address but they are simplified as AAA, BBB, and CCC. The switch has a MAC address table and it will learn where all the MAC addresses are in the network. Now, assuming Computer A is going to send something to Computer B:

Computer A is going to send some data meant for computer B, thus it will create an Ethernet frame which has a source MAC address (AAA) and a destination MAC address (BBB). The switch has a MAC address table and here’s what will happen:

The switch will build a MAC address table and only learns from source MAC addresses. At this moment it just learned that the MAC address of computer A is on interface 1. It will now add this information in its MAC address table. But the switch currently has no information where computer B is located. There’s only one option left to flood this frame out of all its interfaces except the one where it came from. computer B and computer C will receive this Ethernet frame.

Since computer B sees its MAC address as the destination of this Ethernet frame it knows it’s meant for him, computer C will discard it. Computer B is going to respond to computer A, build an Ethernet frame and send it towards the switch. At this moment the switch will learn the MAC address of computer B. That’s the end of our story, the switch now knows both MAC addresses and the next time it can “switch” instead of flooding Ethernet frames. Computer C will never see any frames between Computer A and B except for the first one which was flooded. You can use the show mac address-table dynamic command to see all the MAC addresses that the switch has learned.

One other point worth emphasizing here is that the MAC address table on the switch uses an aging mechanism for dynamic entries. If the MAC address of Computer A and B are not updated within their aging time, they will be deleted to make room for new entries, which means the frames between computer A and B will be flooded to Computer C again if A wants to transfer information to B.

How to Configure Your Switch Mac Address Table?

A MAC address table is maintained for frame forwarding, which can be dynamically learned or manually configured. The former has been introduced in the previous text, and the next part will focus on how to configure the MAC addresses manually to adapt to network changes and enhance network security.

To improve port security, you can manually add MAC address entries to the MAC address table to bind ports with MAC addresses, fending off MAC address spoofing attacks. In addition, you can configure blackhole MAC address entries to filter out packets with certain source or destination MAC addresses.

To add or modify a static, dynamic, or blackhole MAC address table entry:

You can configure a multi-port unicast MAC address table entry to associate a unicast MAC address with multiple ports, so that packets that match the entry is delivered to multiple destination ports.

To configure a multi-port unicast MAC address table entry:

The MAC address table on your switch uses an aging mechanism for dynamic entries, so dynamic MAC address entries that are not updated within their aging time are deleted to make room for new entries, and the MAC address table is promptly updated to accommodate the latest network changes.

To configure the aging timer for dynamic MAC address entries:

To prevent the MAC address table from getting so large that the forwarding performance of the switch degrades, you can limit the number of MAC addresses that can be learned on a port.

To configure the MAC learning limit on ports:

You may also limit the number of MAC addresses that can be learned on a per-VLAN basis.

To configure the MAC learning limit on a VLAN:

Summary

Admittedly, when it comes to MAC, men tend to think of the fantastic computer while women think of a thing of beauty. But when we hear the term “MAC Address”, now we know we are talking about an entirely different beast. Since MAC Addresses are unique to the network card and not reused, they are quite useful and important in applications. Network switches store a list of MAC addresses seen at every port and only forward packets to the ports that need to see the packet. Wireless access points often use MAC addresses for access control. They only allow access for known devices. Besides, DHCP (Dynamic host configuration protocol) servers use the MAC address to identify devices and give some devices fixed IP addresses.