The Ethernet switch is now an integral part the global LAN infrastructure. The Ethernet is fundamentally a shared network. Each node competes for bandwidth and must deal with collisions.
Before switches, hubs received Ethernet frames from connected devices and forward them to the rest. There was no privacy, security or performance and it was slow. The network needed a more logical device that could block traffic to unrelated devices and make decisions about where data should be sent. These functions are accomplished by the switch’s four core functions: Flooding, Forwarding Filtering, Filtering, and Learning. These functions are built into a switch right out of the box. There is no configuration required.
Imagine a switch with four ports, four user workstations, and a switch. These workstations will be called A, B, D, and C. We’ll also number the ports 1, 2, 3, and 4. Below is a list of all four workstations along with their respective MAC addresses.
Workstation MAC Address A02:60:8c.12:34.56 B02:60:8c.34:56.78 C 00.10:4c.39:47.6c D00:02:67.80:5c.1a
It is important to keep in mind that every Ethernet frame has two MAC addresses. The source address is always an unicast address. The destination address can be either a broadcast address, multicast address, or unicast address. The switch can read and process both the source address and destination address.
Learning
Let’s get started with learning. All connected devices must be kept track of by switches. The learning function is essential for the switch to know which port the destination device is connected. A part of the switch’s storage is at the heart of the learning function. This memory location is known as the MAC Address Table. The switch reads a data packet and maps the port number to that source address. The following diagram shows how a MAC Address Table entry looks if Workstation A is plugged in to Port 1 of our switch. It then sends a frame.
Port # MAC Address102:60:8c:12:34:562 3 4
The MAC address table is temporary because it is stored in memory and not in persistent storage. In fact, MAC addresses tables have a timer which, once expired, results is the deletion of the entry. This is important. Let’s suppose that Workstation A is plugged in to Port 1 and then quickly switches over to Port 2. Port 1 and Port 2 will both display the same MAC address. The switch will use Port 1 and Port 2. This indicates that the port has the longest timer. Most switches have a default timer that is 300 seconds (5 minutes).
This is only half the process. As you can see, our switch has not been used by any other device. Let’s continue our scenario. Workstation A tried to send a frame from Workstation D. But where was Workstation D? This is what the switch sees. To find the destination, the switch must rely upon another function. Flooding is the second function.
Flooding
Flooding is when the switch sends an incoming frame to all active and occupied ports (except the one it received). Flooding is basically when a switch pretends it is a hub. A frame will flood when a switch floods it for two reasons.
1. The switch cannot refuse to continue a broadcast when it receives one. These broadcasts are essential for protocols like ARP or DHCP. This diagram shows how an Ethernet frame header could look as a broadcast.
[FF:FF:FF:FF:FF:FF][02:60:8c:12:34:56][0806]DestinationSourceARP
2. The switch cannot flood a frame that is dedicated to a destination if it receives a frame for that destination, even if the destination does not have an entry on the MAC Address Table. The goal