● Understand how switches manage Ethernet addresses of attached devices.
Requirements:
● Labsw1 and labsw2 configured and connected from previous labs
● 2 PCs connected to the network with Ethernet cables
● Console cable on PC1
Lab 14 covered internal switch addressing, which, just like we keep threatening, will become very important in a couple of labs. However, how switches manage addresses from external devices is also an important concept to master. Yes, it is a potential test question, as well as very important in managing an enterprise network. (Notice how often those two are related?)
The basis of Ethernet address management was covered in Lab 5:
● Switches learn Ethernet addresses by capturing the source address of each new frame that enters the switch
● Switches record the addresses and the interfaces the frames used to enter the switch in a MAC Address Table.
● Switches use MAC Address Table to make the decision to forward or filter packets.
The above is pretty much the definition of layer 2 switching.
How does that work in a network with multiple switches? Consider 2 configurations:
Configuration 1
Both PC1 and PC2 are connected to labsw1 on interfaces Fa0/1 and Fa0/5, both in VLAN 200. In this exercise, we will ping PC2, 192.168.1.3, from PC1, 192.168.1.2. Before connecting PC1 and PC2 to the network, record their MAC addresses.
PC1: 0009.7CDC.DD12
PC2: 0040.0B5B.E116
Verify that the only addresses in the MAC Address Table of labsw1 and labsw2 are the internal MAC addresses of the respective switches by using the “show mac-address-table dynamic” command. Remember, these addresses should be associated with interface Fa0/24, the trunk port. If there are other addresses in the MAC Address Tables, clear the MAC Address Table using the “clear mac-address-table dynamic” command.
Connect both computers to labsw1 as shown in the schematic above.
PC1 on interface Fa0/1
PC2 to interface Fa0/5
(Note: any two interfaces can be used if both are in the same VLAN. If you don’t remember the interface VLAN assignments, display them with “show vlan” command.) When the interfaces have synchronized (LEDs are green):
1. PC1> ping 192.168.1.3
Request timed out. (You may not receive this response, though.)
Reply from 192.168.1.3: bytes=32 time=63ms TTL=128
Reply from 192.168.1.3: bytes=32 time=63ms TTL=128
Reply from 192.168.1.3: bytes=32 time=62ms TTL=128
Display the MAC Address Table of labsw1
2. labsw1# show mac-address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.c9c8.a118 DYNAMIC Fa0/24
200 0001.c9c8.a118 DYNAMIC Fa0/24
200 0009.7cdc.dd12 DYNAMIC Fa0/1
200 0040.0b5b.e116 DYNAMIC Fa0/5
201 0001.c9c8.a118 DYNAMIC Fa0/24
202 0001.c9c8.a118 DYNAMIC Fa0/24
203 0001.c9c8.a118 DYNAMIC Fa0/24
Both MAC addresses are in the MAC Address Table.
PC1, 0009.7cdc.dd12, on interface Fa0/1
PC2, 0040.0b5b.e116, on interface Fa0/5.
You should understand this from Lab 5. However, now look at the MAC Address Table on labsw2.
3. labsw2# show mac-address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.63d7.d918 DYNAMIC Fa0/24
200 0001.63d7.d918 DYNAMIC Fa0/24
200 0009.7cdc.dd12 DYNAMIC Fa0/24
201 0001.63d7.d918 DYNAMIC Fa0/24
202 0001.63d7.d918 DYNAMIC Fa0/24
203 0001.63d7.d918 DYNAMIC Fa0/24
labsw2 now has the MAC address of PC1, 0009.7cdc.dd12, in its MAC Address Table. How did that happen? PC1 is not connected to labsw2.
Review the responses from PC1 when the ping was started.
Request timed out. (You may not receive this response, though.)
Reply from 192.168.1.3: bytes=32 time=63ms TTL=128
Reply from 192.168.1.3: bytes=32 time=63ms TTL=128
Reply from 192.168.1.3: bytes=32 time=62ms TTL=128
On the first ping attempt, PC1 did not know the MAC address of PC2, IP address 192.68.1.3. To learn the MAC address, PC1 issued an ARP request, a broadcast, for the MAC address associated with an IP address (Review Lab 5).
How does a switch process a broadcast frame? First, it records the MAC address of the issuing computer in the MAC Address Table, 0009.7cdc.dd12, the MAC address of PC1, interface Fa0/1. The next step is to forward the broadcast on all active interfaces except for the interface used to enter the switch: interface Fa0/1.
Review the diagram above. Which other interfaces are active? Interface Fa0/5 is active, since it supports PC2. But interface Fa0/24 is also active, since it is the trunk port between the switches. labsw1 forwards the ARP broadcast on both Fa0/5 and Fa0/24. PC2 responds to the ARP request, and labsw1 updates the MAC Address table with PC2’s MAC address and switch interface.
labsw2 received the broadcast frame on the trunk port, Fa0/24. labsw2 processes the frame according to the rules of switching: it updates its MAC address table with the PC1 MAC address, 0009.7cdc.dd12, learned on interface Fa0/24. labsw2 cannot forward the frame because it has a single active interface: Fa0/24. It will not forward a frame on the same interface that it received the frame on. After updating the MAC Address Table, labsw2 discards, or filters, the frame. If labsw2 had computers connected to other interfaces, however, it would have forwarded the broadcast to those interfaces.
(Even if the first ping request from PC1 did not time out, PC1 still issued an ARP request. Your lab was able to process the ARP request before the first ping attempt failed. Sometimes it works out that way. You still need to know this for the exam.)
Review the MAC Address tables of both labsw1 and labsw2 again.
Labsw1
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.c9c8.a118 DYNAMIC Fa0/24
200 0001.c9c8.a118 DYNAMIC Fa0/24
200 0009.7cdc.dd12 DYNAMIC Fa0/1
200 0040.0b5b.e116 DYNAMIC Fa0/5
201 0001.c9c8.a118 DYNAMIC Fa0/24
202 0001.c9c8.a118 DYNAMIC Fa0/24
203 0001.c9c8.a118 DYNAMIC Fa0/24
Labsw2
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.63d7.d918 DYNAMIC Fa0/24
200 0001.63d7.d918 DYNAMIC Fa0/24
200 0009.7cdc.dd12 DYNAMIC Fa0/24
201 0001.63d7.d918 DYNAMIC Fa0/24
202 0001.63d7.d918 DYNAMIC Fa0/24
203 0001.63d7.d918 DYNAMIC Fa0/24
Why doesn’t labsw2 know about PC2, MAC Address 0040.0b5b.e116?
The reason is that PC2 did not issue a broadcast. Review the process from the perspective of PC2:
- PC2 received the ARP request from PC1.
- PC2 recognized that the ARP request was intended for itself, since it has IP address 192.168.1.3.
- PC2 responded to the ARP request, using PC1’s MAC address as the destination for the reply: 0009.7cdc.dd12. PC2 used its own MAC address as the source address: 0040.0b5b.e116.
- When PC2 responds to the ARP request, labsw1 updates the MAC Address Table with PC2’s MAC address and interface: 0040.0b5b.e116, interface Fa0/5.
- labsw1 then checks the MAC Address Table for MAC address 0009.7cdc.dd12, the destination address in the response frame. It finds the MAC address on interface Fa0/1.
- labsw1 forwards the frame to interface Fa0/1.
- PC1 continues to issue pings, PC2 continues to respond to pings, and labsw1 continues to forward the frames based on the MAC Address Table.
The response from PC2 is a unicast frame to PC1, not a broadcast. Since labsw1 knows which interface supports PC1, the frame is not forwarded on Fa0/24. labsw2 knows about PC1, but it does not yet know about PC2.
Configuration 2
PC1 is connected to labsw1 on interface Fa0/1, VLAN 200.
PC2 is connected to labsw2 on interface Fa0/2, also in VLAN 200.
Repeat the process used to test Configuration 1 above. Clear the MAC Address Table in both labsw1 and labsw2.
1. PC1> ping 192.168.1.3
Request timed out. (You may not receive this response, though.)
Reply from 192.168.1.3: bytes=32 time=63ms TTL=128
Reply from 192.168.1.3: bytes=32 time=63ms TTL=128
Reply from 192.168.1.3: bytes=32 time=62ms TTL=128
Display the MAC Address Table on both labsw1 and labsw2.
2. labsw1# show mac-address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.c9c8.a118 DYNAMIC Fa0/24
200 0001.c9c8.a118 DYNAMIC Fa0/24
200 0009.7cdc.dd12 DYNAMIC Fa0/1
200 0040.0b5b.e116 DYNAMIC Fa0/24
201 0001.c9c8.a118 DYNAMIC Fa0/24
202 0001.c9c8.a118 DYNAMIC Fa0/24
203 0001.c9c8.a118 DYNAMIC Fa0/24
labsw1 has the MAC address of both PC1 and PC2 recorded in the MAC Address Table. PC1 is on Fa0/1, as expected. PC2, however, is associated with interface Fa0/24, the trunk port.
3. labsw2# show mac-address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.63d7.d918 DYNAMIC Fa0/24
200 0001.63d7.d918 DYNAMIC Fa0/24
200 0009.7cdc.dd12 DYNAMIC Fa0/24
200 0040.0b5b.e116 DYNAMIC Fa0/2
201 0001.63d7.d918 DYNAMIC Fa0/24
202 0001.63d7.d918 DYNAMIC Fa0/24
203 0001.63d7.d918 DYNAMIC Fa0/24
labsw2 also has the MAC addresses of both PC1 and PC2 recorded in its MAC Address Table. The MAC address of PC2 is recorded on interface Fa0/2, and the MAC address of PC1 is recorded on interface Fa0/24. By now, you should be able to figure out the process.
- PC1, on Fa0/1, issued an ARP request for PC2’s MAC Address.
- labsw1 recorded PC1’s MAC address in its MAC Address Table: 0009.7cdc.dd12, interface Fa0/1.
- labsw1 forwarded the frame on all active interfaces except interface Fa0/1. The only other interface that is active on labsw1 is Fa0/24, the trunk port.
- labsw2 received the ARP request on the trunk port, Fa0/24. labsw2 recorded the source MAC address of the frame and the interface that it received the frame on: 0009.7cdc.dd12, from Fa0/24.
- labsw2 forwarded the broadcast frame on all active interfaces except Fa0/24. Only interface Fa0/2 is active, which supports PC2.
- PC2 responds to the ARP request, using PC1’s MAC address as the destination and its own address, 0040.0b5b.e116, as the source address.
- labsw2 recorded the MAC address for PC2 in its MAC Address Table on interface Fa0/2.
- labsw2 checked its MAC Address Table for the destination MAC address, PC1, in the frame. labsw2 recorded the MAC address for PC1 when it received the ARP request on the trunk port. The MAC Address Table showed the PC1 MAC address on interface Fa0/24. labsw2 forwarded the frame on the trunk port.
- labsw1 received the response on the trunk port, Fa0/24. It recorded the MAC address for PC2 in its MAC Address Table: 0040.0b5b.e116, Fa0/24.
- labsw1 received the PC2 response on trunk port Fa0/24. labsw1 checked the destination address, found it in the MAC Address Table: 0009.7cdc.dd12, Fa0/1.
- labsw1 forwarded the frame to Fa0/1.
- PC1, labsw1, and labsw2 all know the MAC Address of PC2. PC1 continues the ping process using the MAC address for PC2. labsw1 and labsw2 continue to forward the frame, using the trunk connection to deliver the frame to the neighboring switch. PC2 continues to respond to the ping requests.
The process occurs about a bazillion times a day in an enterprise network. Each switch knows the MAC addresses of the computers connected to each of its access ports. It knows about the rest of addresses from the traffic on its trunk ports.
This also shows why the process is known as "transparent switching." You have seen that there are MAC addresses associated with the switches in Lab 14. However, these addresses are "transparent" to the end devices. The computers connected to the switches do not need the switch MAC address, and never learn them.
Review this lab as many times as necessary to understand it. It will be on the test in some format. It will be a part of your job.
