How Switch Works? How Does It Learn MAC Addresses?

By January 15, 2020 GNS3 0 Comments

Switch network devices provide data communication between the computer or all devices connected to the network. How do Switches work and learn the MAC addresses of devices on the network?

How Switch Works? How Does Switch Learn MAC Addresses?

How Switch Works?

Switches, which are widely used in the network and act as switching devices, provide data transmission according to MAC addresses. Each network device connected to the ports of the switches has an address. Switches, therefore, store their MAC addresses in their own tables and then use those addresses in their tables for fast data transmission.

How does a Switch learn the MAC address of a networked device?

Suppose there are 2 computers on the network. For example; PC1 is Pinging PC2. When pinging, the source and destination IP addresses are designed immediately by the ICMP protocol. Since PC1 does not know the MAC address of PC2, it broadcasts a Broadcast message to the network environment. ARP (Address Resolution Protocol) performs the broadcast process.

PC1 sets the target part to ff:ff:ff:ff:ff:ff to broadcast. In short, PC1 asks who owns the IP address 192.168.5.10 using the ARP protocol. The ARP address resolution protocol finds the address with the IP address 192.168.5.10 and then pings the next step.

In our previous articles, we talked about what Switch is and what Switch Types are. In this article, we will examine how to learn the MAC address of devices on the SW network.

How to Examine the Operating Logic of a Switch using Wireshark in GNS3

After making a small network topology using the GNS3 program, we will Ping the PC2 to PC2. And before pinging, we will perform the packet analysis using the Wireshark program to connect the PC1 and Layer 2 Switch.

Please follow the steps below to examine how a Switch works.

   Step 1

First, run the GNS3 simulator software and create a new project.

Creating a New Project in GNS3

   Step 2

Add one Layer 2 Switch and two VPCS to the GNS3 workspace. For example, define an IP address block and add comments to the workspace.

Add Layer 2 Switch and VPCS

   Step 3

After assigning IP addresses to VPCS computers, check the configuration with the show ip command at the command prompt.

VPCS / show ip

   Step 4

The IP address information on PC2 is as follows. In the meantime, do not forget the MAC addresses of PC1 and PC2.

VPCS / show ip

   Step 5

Since no data transmitted on the network, the MAC address table on the SW will be empty. You can see the MAC table with the show mac address-table command on the switch.

At certain times, computers send ARP Broadcast (ff:ff:ff:ff:ff:ff) to the network and create their own MAC table. MAC addresses store in Cache for up to 10 minutes. Therefore, when the computer wants to send the packet again, it will not broadcast ARP because it knows its address of the destination computer.

show mac address-table

   Step 6

To start Wireshark in GNS3, click Start Capture on the connection between PC1 and Layer 2 Switch.

Running the Wireshark Program

   Step 7

In the Packet Capture window, click OK.

Packet Capture

   Step 8

As soon as you press the OK button, the Wireshark program will open and begin to perform packet analysis in the image below.

Wireshark Package Analysis

   Step 9

As soon as you ping from PC1 to PC2, you can see that the ARP protocol activated on the Wireshark program.

ARP Protocol

   Step 10

Click Broadcast ARP for more information. As you can see in the image below, PC1 broadcasts to the destination address ff:ff:ff:ff:ff:ff because it does not know the IP address of PC2.

As a result, the MAC address of the computer with the IP address 192.168.5.10 reached by ARP Broadcast. And now that PC1 has learned the MAC address of PC2, it will immediately start Ping (ICMP).

ARP Broadcast

   Step 11

By clicking on column 25 on Wireshark, you can now see that ARP address resolution is complete. You can also moan that the source and destination address fields are PC1 and PC2.

Sender MAC Address

   Step 12

After completing the ping When you browse the MAC table with the show mac address-table command on the SW, you can see that the addresses of PC1 and PC2 are in the table.

show mac address-table

   Step 13

If you want to delete table records, you can do this by using the clear mac address-table command.

clear mac address-table

   Step 14

You can also use the show arp command to view the address records on VPCS PC1 and PC2, and you can also use the clear arp command to delete.

clear arp

   Step 15

And finally, you can use the Stop Capture option on GNS3 to close the Wireshark packet analysis program.

Stop Capture

How LAN Switches Work ⇒ Video

You can watch the video below to see how it learns MAC addresses, and you can also subscribe to our YouTube channel to support us!

   Final Word

You can configure a Static address instead of learning Dynamic MAC address to reduce ARP Broadcast broadcast and improve network performance on Cisco branded or any brand Switches.

In Windows operating systems, you can also view the address table with the arp -a command. Thanks for following us!

   Related Articles

How to Install GNS3
Cisco DHCP Configuration
Static NAT Configuration
♦ Cisco Switch Configuration
VLAN Configuration

Tags:, ,

About Author

Avatar for Tolga Bagci
tolqabaqci

SYSNETTECH Solutions

Add a Comment

Your email address will not be published. Required fields are marked *

You cannot copy content of this page