www.unix.org.ua

[FMorales]

I'm currently studying my ICND1 book, just got to Chapter 8. Had a question on Chapter 7, "Do I Know This Already?" question 5. It was answered here:

https://learningnetwork.cisco.com/message/8758#8758

however something struck me as odd. After completing the chapter i went back and re-did the test and got the question right w/o issue. However, how it goes is as follows:
PC1, PC2, PC3 all connected to Switch1:
- PC1 sends a frame to Switch1 destined for PC2 (Switch1 adds PC1 entry to MAC table)
- Switch1 doesn't have PC2 in it's MAC table, so it broadcasts the frame out all interfaces (except source, specifically PC2, PC3)
- Before PC2 can reply, PC3 also sends a frame destined for PC2 (Switch1 adds PC3 entry to MAC table, still doesn't have PC2)

Correct answer is Switch1 rightfully so, floods the frame out all interfaces (accept the source) because PC2 is still unknown. Here lies my question:

- Switch1 already has an entry for PC1 and knows (in the books example) it's on Fa 0/1, so why then does the switch flood that frame out that interface?

It seems like it would make sense to keep a short list of "unassigned interfaces" that it would flood to learn. Rather than every interface, even ones it already knows. One thing i thought of, is since NICs don't appear to be proactive with notifying the switch, "Eg: Hey i'm [MAC] just letting you know i'm on this interface" but rather get learned naturally when they send frames, or get flooded and respond. If we swapped PC2 and PC1s cable, not forwarding out Fa 0/1 would be an error because we'd never know that PC2 was there until it sent a frame.

I realize this is a very specific question, but i'm just curious. Do we always forward out to every interface just incase? Or would there be ways to optimize the process? Thanks in advance

[chris reynolds]

Hey there!

Let me see if I can give this a try... haha.

I can see where you would have this question, remember switches are "smarter" than hubs, but only to a certain point. The switch is only going to record the last MAC address that came in on that port. The switch does not know that there is not a hub connected to FA0/1. You could have a hub sitting out there off that port (just for examples sake) and PC1 was the last machine to send something up to the switch. Since the switch is not recording more than one MAC address out that port .... if there were more machines plugged into the hub hanging off of FA0/1 the switch would not know that.

Because of instances like that the switch continues to flood all ports except the one that it comes in on simply because it knows for sure that it is not going back out the port that it came in on.

Sticking with that same example... if another PC on the hub with PC1 was sending a frame to PC1 the hub would of course repeat it out all of its ports even the port leading to FA0/1 that the hub connects to the switch with. (because hubs just repeat it out all ports, no MAC tables) So when the switch gets the frame from FA0/1 for PC1's MAC address it sees that PC1 is actually on that same interface, and because it will not send back out the interface that a frame came in on it will simply filter (drop) that frame.

Did that make any sense?


Good Luck,
Chris

[FMorales]

Chris,

Makes perfect sense thank you! I wasn't even thinking in terms of the devices connected to the switch being something other than single PCs.


Thanks again ,
Frank..

[mgdjr]

Hi Chris and Frank,

Thank you for bringing this up. This answers some of the questions in my mind. However, I just want to clarify. Going back to your example, does that mean that the MAC address table will contain MAC address for both PC1 and PC (both connected to the hub and the hub is connected to Fa0/1) and the destination port is FA0/1? Sorry for the english


Thanks in advance
JR

[chris reynolds]

Hey there MG...

The switch is only going to keep a record of the last PC to communicate on any given port.

Say we have that PC and PC1 plugged into a hub, and then that hub is connected to the switches FA0/1 port. If PC1 was the last host to send anything out that reached the FA0/1 port then PC1's MAC address would be the MAC stored in the table.

Remember that a switch is going to add the SOURCE MAC address of a frame into its table, and that it is only going to store one address per port. So if you have a 8 port hub connected to the switch and that hub is fully populated with hosts, no matter what, the switch is only going to have the last MAC address stored that came into the switch (source MAC address), but non of the other hosts on that hub. Only when a different host off that hub sends something up to the switch will it change the address in the MAC table, but will kick out the old address and put in the new one.

At least this was my understanding of it.
Hope that makes sense.


Good Luck,
Chris

[Paul Stewart]

A switch can actually have many cam entries for one interface (by default). It's not necessarily just the last pc that sent traffic to the port unless all of the other devices connected to that port haven't sent for the time specified by the timeout period. So it is not really about the last frame received, but about all frames received since link up and within the timeout window. Cisco switches can be configured using "switchport port-security" to limit the amount of MAC addresses that should be seen on a port and configure the violation behavior.

[chris reynolds]

Thank you for clearing that up for me Paul. Sorry to the others about that.

So it is going to just add them into the table as they come in then, but if they have not done anything for 5 minutes (or whatever you set your default to) and it drops them off the table.

But the understanding would be correct that a frame coming into a switch that is destined to a host on the same port that frame comes in as then the switch is going to be filtered out?

Thank you again Paul. I guess some of those novice things I have to get cleared up myself too.


Chris

[mgdjr]

Hi Paul,

I got your point Paul. I guess that explains why PC's will still be able to find each other even if the frames pass through a lot of interconnected switches. Just like the enterprise network.


Thanks again,
JR

[Scott Morris]

Part of the great magic of Layer2!

Also, the result of a great quote from President Reagan.. "Trust, but verify" Translated, as we may ASSUME that, but can't prove it's only PCs on end port. While lack of BPDUs may prove it's not a switch connected, there's no saying it isn't a hub.


HTH,
Scott