Basic Switching and MAC Learning

Switching Inside the Local Network

A switch connects devices inside the same local network segment and makes forwarding decisions with Ethernet MAC addresses. When a laptop sends a frame to a printer on the same LAN, the switch does not need to inspect the application or make an Internet routing decision. It reads the destination MAC address in the Ethernet frame, checks its MAC address table, and forwards the frame out the appropriate switch port.

The MAC address table is built dynamically. When a frame enters a switch port, the switch records the source MAC address and associates it with that incoming port and VLAN. For example, if a frame from MAC address 00:11:22:33:44:55 arrives on port 3, the switch can learn that this MAC address is reachable through port 3. Later, if another device sends a frame to that same MAC address, the switch can forward the frame only out port 3 instead of sending it everywhere.

Three forwarding behaviors are especially important. A known unicast frame has a destination MAC address that the switch already knows. The switch forwards it only out the learned destination port. An unknown unicast frame has a destination MAC address that is not currently in the table. The switch floods it out other ports in the same VLAN so the destination has a chance to receive it. A broadcast frame uses destination MAC address ff:ff:ff:ff:ff:ff; switches flood broadcasts within the VLAN because broadcasts are meant for all local devices.

A switch also ages out MAC table entries after a period of inactivity. This keeps the table accurate as users move, devices sleep, or patch cables change. If a device moves from one switch port to another, the switch can relearn that MAC address on the new port when it receives a frame from the device. This is normal, but rapid MAC moves can also indicate a loop, cabling mistake, virtualization behavior, or a device connected through another switch.

Technicians should connect MAC learning to real symptoms. If a host can send traffic but does not receive replies, the issue might be the wrong VLAN, a bad cable, a disabled port, or a stale security rule. If multiple users report slow local access and switch LEDs show unusual activity, unknown unicast flooding or a loop may be worth escalating. If a port security feature is enabled by an engineer, a switch might intentionally block traffic from an unexpected MAC address.

CCST-level work usually does not require redesigning switching, but it does require recognizing what information to gather: device MAC address, switch port, VLAN, link status, recent moves, and whether other devices on the same switch are affected.

A practical way to think about a switch is this: it learns from where traffic comes from, and it forwards based on where traffic is going. The table is local to the switch and scoped by VLAN. The switch does not replace IP addressing, DNS, DHCP, or routing; it simply provides efficient frame delivery across the local Layer 2 network.

Study Checkpoint

• Topic: Basic Switching and MAC Learning.
• Verify the official Cisco concept before memorizing a shortcut.
• Practice the technician action: observe, document, test, fix when supported, or escalate.