Layer 2 LAN Switching

You can think of layer 2 switches as bridges with more ports. Remember from Chapter 1 that layer 2 switching is hardware based, which means that it uses the Media Access Control (MAC) address from the hosts' network interface cards (NICs) to filter the network. You should also remember how switches use application-specific integrated circuits (ASICs) to build and maintain filter tables.

However, there are some differences between bridges and switches that you should be aware of. This section outlines those differences and then discusses the three functions of layer 2 switching.

Comparing Bridges to Switches

The following list describes the differences between bridges and switches. Table 4.1 provides an overview of that comparison.

  • Bridges are considered software based. Switches are hardware based because they use ASICs chips to help make filtering decisions.

  • Bridges can have only one spanning-tree instance per bridge. Switches can have many. (Spanning tree is covered later in this chapter.)

  • Bridges can have up to only 16 ports. A switch can have hundreds.

You probably won't go out and buy a bridge, but it's important to understand how bridges are designed and maintained because layer 2 switches function in a similar fashion.

Table 4.1: Comparison of Bridges and Switches




Software based

Hardware based

Spanning tree numbers

One spanning tree instance

Many spanning tree instances


16 ports maximum

Hundreds of ports available

Three Switch Functions at Layer 2

There are three distinct functions of layer 2 switching:

Address learning  Layer 2 switches and bridges remember the source hardware address of each frame received on an interface and enter it into a MAC database.

The forwarding and filtering decision  When a frame is received on an interface, the switch looks at the destination hardware address and looks up the exit interface in the MAC database.

Loop avoidance  If multiple connections between switches are created for redundancy, network loops can occur. STP is used to stop network loops and allow redundancy.

These functions of the layer 2 switch-address learning, forward and filtering decisions, and loop avoidance-are discussed in detail next.

Address Learning

The layer 2 switch is responsible for address learning. When a switch is powered on, the MAC filtering table is empty. When a device transmits and a frame is received on an interface, the switch takes the source address and places it in the MAC filter table. It remembers what interface the device is located on. The switch has no choice but to flood the network with this frame because it has no idea where the destination device is located.

If a device answers and sends a frame back, then the switch takes the source address from that frame, places the MAC address in the database, and associates this address with the interface on which the frame was received. Because the switch now has two MAC addresses in the filtering table, the devices can now make a point-to-point connection and the frames are forwarded only between the two devices. This is what makes layer 2 switches better than hubs. In a hub network, all frames are forwarded out all ports every time.

Figure 4.1 shows the procedures for building a MAC database.

click to expand
Figure 4.1: How switches learn hosts' locations

In the figure, four hosts are attached to a switch. The switch has nothing in the MAC address table when it is powered on. The figure shows the switch's MAC filter table after each device has communicated with the switch. The following steps show how the table is populated:

  1. Station 1 sends a frame to station 3. Station 1 has a MAC address of 0000.8c01.1111. Station 3 has a MAC address of 0000.8c01.3333.

  2. The switch receives the frame on Ethernet interface 0/1, examines the source and destination MAC addresses, and places the source address in the MAC address table.

  3. Because the destination address is not in the MAC database, the frame is forwarded out of all interfaces.

  4. Station 3 receives the frame and responds to station 1. The switch receives this frame on interface E0/3 and places the source hardware address in the MAC database.

  5. Station 1 and station 3 can now make a point-to-point connection, and only the two devices will receive the frames. Stations 2 and 4 do not see the frames.

If the two devices do not communicate with the switch again within a certain time limit, the switch flushes the entries from the database to keep the database as current as possible.

Forwarding/Filtering Decision

The layer 2 switch also uses the MAC filter table to both forward and filter frames received on the switch. This is called the forwarding and filtering decision. When a frame arrives at a switch interface, the destination hardware address is compared to the forward/filter MAC database. If the destination hardware address is known and listed in the database, the frame is sent out only on the correct exit interface. The switch does not transmit the frame out of any interface except for the destination interface, thus preserving bandwidth on the other network segments. This is called frame filtering.

If the destination hardware address is not listed in the MAC database, the frame is flooded out all active interfaces except the interface on which the frame was received. If a device answers, the MAC database is updated with the device location (interface).


In modern switches, the switching or bridging table is known as the CAM or TCM table. I will cover these in detail in Chapter 10, 'Catalyst Switch Technologies.' For the moment, please accept that these are just tables, optimized for pretty fast lookup.

Broadcast and Multicast Frames

Remember, the layer 2 switches forward all broadcasts by default. The forwarding/filtering decision is a bit different because broadcast packets are designed to go to every device that is listening and multicasts are for every device listening for a particular type of packet. Whereas the MAC address of a given device is normally determined by the MAC address that is burned into the network card, broadcasts and multicasts need some way of targeting multiple devices.

A broadcast targets every device on the subnet by setting all the bits in the destination MAC address to 1. Thus, the 48-bit destination MAC address, which uses hexadecimal notation, looks like FFFF.FFFF.FFFF. Every device is trained to look for frames destined to its MAC address and frames destined to every MAC address. An example of a packet that needs to be addressed to every device that can hear is an ARP request.

A multicast is a slightly different animal in that it wants to go to every device that is participating in a certain process. If five routers are using the EIGRP routing protocol and one sends out an update, it sends the update to the multicast IP address Each router is listening for any packet with that IP address as its destination, but devices don't look at the IP address when the frame is received-they look at the MAC address. There is a special format that MAC addresses follow when the packet is part of a multicast process. This process is covered in detail in Chapter 8, 'Multicast Technologies.'

When a switch receives these types of frames, the frames are then quickly flooded out of all active ports of the switch by default. To have broadcasts and multicasts forwarded out of only a limited number of administratively assigned ports, you create virtual LANs, which were discussed in Chapter 3, 'VLANs, Trunks, and VTP.'

Loop Avoidance

Finally, the layer 2 switch is responsible for loop avoidance. It's a good idea to use redundant links between switches. They help stop complete network failures if one link fails. Even though redundant links are extremely helpful, they cause more problems than they solve. In this section, we'll discuss some of the most serious problems:

  • Broadcast storms

  • Multiple frame copies

  • Multiple loops

Broadcast Storms

If no loop avoidance schemes are put in place, the switches will flood broadcasts endlessly throughout the internetwork. This is sometimes referred to as a broadcast storm. Figure 4.2 shows how a broadcast might be propagated throughout the network.

click to expand
Figure 4.2: Broadcast storms

Multiple Frame Copies

Another problem is that a device can receive multiple copies of the same frame because the frame can arrive from different segments at the same time. Figure 4.3 shows how multiple frames can arrive from multiple segments simultaneously.

click to expand
Figure 4.3: Multiple frame copies

The MAC address filter table will be confused about where a device is located because the switch can receive the frame from more than one link. It is possible that the switch can't forward a frame because it is constantly updating the MAC filter table with source hardware address locations. This is called thrashing the MAC table.

Multiple Loops

One of the biggest problems is multiple loops generating throughout an internetwork. This means that loops can occur within other loops. If a broadcast storm were to then occur, the network would not be able to perform packet switching.

To solve these three problems, the Spanning Tree Protocol was developed.

CCNP. Building Cisco Multilayer Switched Networks Study Guide (642-811)
CCNP: Building Cisco Multilayer Switched Networks Study Guide (642-811)
ISBN: 078214294X
EAN: 2147483647
Year: 2002
Pages: 174
Authors: Terry Jack © 2008-2017.
If you may any questions please contact us: