What happens when a switch doesnt know what port a MAC address is associated with?

Normally your switch will automatically learn MAC addresses and fill its MAC address table (CAM table) by looking at the source MAC address of incoming frames and flooding frames if it doesn’t know where to forward the frame.

Nội dung chính Show

What will switch do if the MAC address is not found in its MAC address table?
Does each port on a switch have its own MAC address?
How does a switch know the MAC addresses of connected devices?
Does a switch memorize the computers MAC addresses that are connected to the ports?

This process is vulnerable to layer 2 MAC address spoofing attacks where an attacker spoofs a certain MAC address to change entries in the MAC address table. A really simple method to deal with this issue is to manually configure entries in the MAC address table, a static entry will always overrule dynamic entries. You can either specify the interface where the MAC address is located or tell the switch to drop the traffic.

Let’s look at an example!

To demonstrate this we only require two devices. A router to generate some traffic and a switch to look at (and configure) the MAC address table. Here’s the configuration:

R1(config)#interface fastEthernet 0/0 R1(config-if)#no shutdown R1(config-if)#ip address 192.168.12.1 255.255.255.0SW1(config)#interface vlan 1 SW1(config-if)#no shutdown SW1(config-if)#ip address 192.168.12.2 255.255.255.0

We’ll do a quick ping to generate some traffic so SW1 can learn about the mac address of R1’s FastEthernet 0/0 interface:

R1#ping 192.168.12.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms

Let’s take a look at the MAC address table:

SW1#show mac address-table dynamic vlan 1 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 001d.a18b.36d0 DYNAMIC Fa0/1 Total Mac Addresses for this criterion: 1

Here’s the MAC address of R1, learned dynamically. Let’s turn this into a static entry:

SW1(config)#mac address-table static 001d.a18b.36d0 vlan 1 interface fastEthernet 0/1

Use the mac address-table static command to create a static entry. Here’s what the MAC address table looks like now:

SW1#show mac address-table static | include Fa0/1 1 001d.a18b.36d0 STATIC Fa0/1

There it is, a static entry. No way to overrule this unless you have access to our switch. This prevents us from moving R1 to another interface on SW1 unless we change the static entry. Like I mentioned before we can also change a static entry so it will drop all traffic. Here’s how to do it:

The MAC address table is where the switch stores information about the other Ethernet interfaces to which it is connected on a network. The table enables the switch to send outgoing data (Ethernet frames) on the specific port required to reach its destination, instead of broadcasting the data on all ports (flooding).

The MAC address table can contain two types of entries:

Static: Static entries are manually added to the table by a switch administrator. Static entries have higher priority than dynamic entries. Static entries remain active until they are removed by the switch administrator.
Dynamic: Dynamic entries are automatically added to the table through a process called MAC learning, in which the switch retrieves the source MAC address (and VLAN ID, if present) of each Ethernet frame received on a port. If the retrieved address does not exist in the table, it is added. Dynamic entries remain in the table for a predetermined amount of time (defined with the command mac-address-table age-time), after which they are automatically deleted.

Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames, which can invite security hazards. When Host A is connected to port A, a MAC address entry will be learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames with MAC A as the source MAC address to port B, the device performs the following operations:

Learns a new MAC address entry with port B as the outgoing interface and overwrites the old entry for MAC A.
Forwards frames destined for MAC A out of port B to the illegal user.

As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually configure a static entry to bind Host A to port A. Then, the frames destined for Host A are always sent out of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

For example, in the following topology, switch A learns the MAC addresses of ports on switch B, C, and D. This way, traffic between any two switches is not broadcast to the other switches. For example, if server 1 sends traffic to server 3, it does not get broadcast onto the link to switch C, only on the link to switch D.

What will switch do if the MAC address is not found in its MAC address table?

When the destination MAC address is not found in the MAC address table, the switch forwards the frame out of all ports (flooding) except for the ingress port of the frame.

Does each port on a switch have its own MAC address?

Like all Ethernet interfaces, every port on a switch has a unique factory-assigned MAC address.

How does a switch know the MAC addresses of connected devices?

At the center of the learning function is a part of the switch's memory. We refer to this memory location as the MAC Address Table. As the switch receives a data packet, it reads the source address and maps the port number to the MAC address in that source field.

Does a switch memorize the computers MAC addresses that are connected to the ports?

Both PCs have MAC addresses and the switch maintains the MAC address table, and it will learn all MAC addresses in the network. Usually, the switch sends Layer 2 protocol frames like STP(Spanning-tree protocol), CDP(Cisco Discovery Protocol), and DTP(Dynamic Trunking Protocol)in periodic time intervals.