How does a switch learn MAC Addresses

A switch has some intelligence and operates on layer 2 of the OSI model. In this lesson, I’ll demonstrate how a switch learns MAC addresses. Let me show you an example of three computers connected to a switch:

There’s a switch in the middle and we have 3 computers. All computers have a MAC address but I’ve simplified them. Our switch has a MAC address table and it will learn where all the MAC addresses are in the network. Let’s send something from H1 to H2:

H1 is going to send some data meant for H2, thus it will create an Ethernet frame which has a source MAC address (AAA) and a destination MAC address (BBB). Our switch has a MAC address table and here’s what will happen:

Our switch will build a MAC address table and only learns from source MAC addresses. At this moment it just learned that the MAC address of H1 is on interface 1. It will now add this information in its MAC address table. As you can see our switch currently has no information where H2 is located. There’s only one option left….flood this frame out of all its interfaces except the one where it came from. H2 and H3 will receive this Ethernet frame.

Since H2 sees its MAC address as the destination of this Ethernet frame it knows it’s meant for him, H3 will discard it. H2 is going to respond to H1, build an Ethernet frame and send it towards our switch. At this moment the switch will learn the MAC address of H2.

That’s the end of our story, the switch now knows both MAC addresses and the next time it can “switch” instead of flooding Ethernet frames. H3 will never see any frames between H1 and H2 except for the first one which was flooded.

Verification

Let me show you what this looks like on a real Cisco switch. I will use a topology with one switch and three host devices:

This is the topology I’ll use, it’s the same as the previous example but I have added some interface numbers.

Let’s verify if all interfaces are up and running:

SW1#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type 
Gi0/1                        connected    1            auto   auto unknown
Gi0/2                        connected    1            auto   auto unknown
Gi0/3                        connected    1            auto   auto unknown

All interfaces are connected, let’s check the MAC address table:

SW1#show mac address-table dynamic 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e15.d86d    DYNAMIC     Gi0/1
   1    fa16.3e5c.bc0f    DYNAMIC     Gi0/2
   1    fa16.3ed2.c7c2    DYNAMIC     Gi0/3
Total Mac Addresses for this criterion: 3

The show mac address-table dynamic command gives us all MAC addresses that the switch has learned dynamically. We can see it has learned three MAC addresses.

There are a couple of parameters we can use with this command. For example:

SW1#show mac address-table dynamic address fa16.3e15.d86d
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e15.d86d    DYNAMIC     Gi0/1

This only gives us the output for the MAC address of H1. We can also get an overview of all MAC addresses that were learned on a single interface:

SW1#show mac address-table dynamic interface Gi0/2
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e5c.bc0f    DYNAMIC     Gi0/2
Total Mac Addresses for this criterion: 1

This shows interface GigabitEthernet0/2 with the MAC address of H2. Here’s how you can see the default aging time:

SW1#show mac address-table aging-time 
Global Aging Time:  300
Vlan    Aging Time
----    ----------

If the switch doesn’t see a particular MAC address for 300 seconds, it will be removed from the MAC address table.

What if we want to manually remove something from the MAC address table? This is possible with the clear mac address-table command:

SW1#clear mac address-table dynamic ?
  address    address keyword
  interface  interface keyword
  vlan       vlan keyword
  <cr>

You can choose if you want to remove a single MAC address, all MAC address on a particular interface or that belong to one VLAN. If you don’t add any parameters then it will remove all MAC addresses. Let’s try that:

SW1#clear mac address-table dynamic

The MAC address table is now empty:

SW1#show mac address-table dynamic 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

Let’s send a ping from H1 to H2 to check if our switch is able to learn their MAC addresses:

H1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/10 ms

The ping is succesful, let’s check the table:

SW1#show mac address-table dynamic  
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e15.d86d    DYNAMIC     Gi0/1
   1    fa16.3e5c.bc0f    DYNAMIC     Gi0/2
Total Mac Addresses for this criterion: 2

It’s now showing the MAC addresses of H1 and H2.

Alright, so far so good. What if we have two switches with a couple of hosts? Take a look at the following topology:

Take a look at the output of these two switches, especially their GigabitEthernet0/3 interfaces:

SW1#show mac address-table dynamic  
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e02.9079    DYNAMIC     Gi0/3
   1    fa16.3e31.cdd8    DYNAMIC     Gi0/2
   1    fa16.3e40.f97d    DYNAMIC     Gi0/1
   1    fa16.3eb9.eacd    DYNAMIC     Gi0/3
Total Mac Addresses for this criterion: 4

As you can see above, SW1 has learned the MAC addresses of H3 and H4 on its GigabitEthernet0/3 interface. SW2 has learned the addresses of H1 and H2:

SW2#show mac address-table dynamic
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e02.9079    DYNAMIC     Gi0/2
   1    fa16.3e31.cdd8    DYNAMIC     Gi0/3
   1    fa16.3e40.f97d    DYNAMIC     Gi0/3
   1    fa16.3eb9.eacd    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 4

This is just a quick example to explain that a switch is able to learn multiple MAC addresses on a single interface.

I hope this lesson has been useful to understand the MAC address table of your Cisco Catalyst switch.

Forum Replies

system says:

How does ComputerA know the mac address of ComputerB?
ReneMolenaar says:

Good question, take a look at this tutorial and you’ll find the answer:

https://networklessons.com/ip-services/arp-address-resolution-protocol-explained
system says:

I had read that tutorial before this one and I asked the question because we were working in layer 2 here (not using IP address)
ReneMolenaar says:

Ah I see. The switch doesn’t care whatever is in the ethernet frame…only interesting thing for it are the source MAC addresses (to learn) and the destination MAC addresses (to forward).
system says:

What about when show mac add-table shows no mac for a port. But you know their is
a device on the other end

118 more replies! Ask a question or join the discussion by visiting our Community Forum