Dirty Question

A 24 Port Cisco Catalyst switch is configured with 2 VLANs. Port 1-12 are configured in VLAN2 and 13-24 are configured in VLAN4. The Switch does not have Layer 3 capabilities. How will the switch handle a frame with Source MAC address in VLAN2 and a Destination MAC in VLAN4? (Select the best answer)

A. The Switch will flood the frame out of all ports in VLAN2, except for the port on which the frame was received.

B. The Switch will discard the frame.

C. The Switch will forward the frame to destination MAC Address.

D. The Switch will flood the frame out all of the ports in VLAN4.

I mean seriously. What do you answer to this? A or B?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

spacenoxx

In that case may be I wasn't paying attention while watching the Video. Let me go through them again.

I was just unable to understand why a switch would flood a frame when it already knows the port the MAC ID is connected to. (although the question doesn't mention it, but like I said a node knowing a MAC while the switch not knowing, is not such a usual scenario and we are supposed to give the best possible answer). It is logical to drop it than flood when the MAC is known.

The CAM table isolation just makes perfect sense. In this case the MAC remains unknown and hence the resulting flood. Once again, thanks a lot APR911.

Also the reason behind a host/switch knowing MAC now makes sense when say the destination has just been assigned to VLAN4, and would also be there on CAM table. but not visible to VLAN2.

apr911

jayskata wrote: »

I knew the switch keeps a different CAM per VLAN. It was mentioned on one of Jeremy Cioara's videos but I wasn't sure how to check that on the switch and so I didn't mention it to spacenoxxx. Thanks for clearing that out. Now I know.

A slight clarification... There is only one CAM table and one MAC address table on the switch. The isolation is based on the way the CAM table works and requires a deeper understanding of the memory space in CAM.

In practice we refer to CAM and MAC address tables almost interchangeably but technically they are different as the CAM table can hold more information than just MAC addresses.

CAM stands for "Content Addressable Memory" which is used to store fix length values in binary form for fast lookups. MAC addresses being of fixed length get stored in the CAM. When you perform a show cam command, you are actually seeing a formatted output of the cam table. CAM matches are made based on the binary string stored in memory.

A lot of switches now use TCAM instead of CAM. Ternary CAM allows a 3rd value for matching. Instead of just 0/1 matching, TCAM allows for X or "dont care matching" where it can specify specific bits to ignore (i.e. ignore the bits pertaining to vlan)

I dont know the internal data structure of the CAM table but I imagine it goes something like this (for ease of explanation Im going to use 2-bits for vlan, 2-bits for MAC and 2-bits for port):

VLAN 1 + MAC 1 + Port 1 = CAM Value 010101
VLAN 2 + MAC 1 + Port 2 = CAM Value 100110
VLAN 1 + MAC 2 + Port 3 = CAM Value 011011

If I were on the server connected to Port 2 on VLAN 2 looking for MAC 2, the switch will prepend my VLAN resulting in a lookup for the value 1010.

The switch will not find 1010 on the CAM table and will flood the packet.

If I were on the server connected to Port 3 on VLAN 1 looking for MAC 1, the switch will prepend my VLAN resulting in a lookup for the value 0101. The switch will find 0101 and know the port is 1 by the last 2-bits of 01. Although the MAC address exists on both vlan1 and vlan2 the traffic will only match vlan 1 and thus get sent out port 1.

TCAM works a bit differently in that the switch can say not to care about a value (what values it cares or does not care about involve a deeper understanding of the OS than I possess). So if I didnt care about vlan, the switch would do a lookup for XX01 and find 2 matches - 010101 and 100110... It would then have 2 ports that it could forward traffic out of.

Its my understanding that the "dont care value" is optional and TCAM can be used in the same way a CAM.

Again the above is not necessarily accurate, its a crude example of the way a CAM table lookup works and how it maintains a logical separation within the CAM table for different vlans though functionally only 1 CAM table exists.

Your show commands can have additional parameters in which you specify certain values (ie record type of static/permanent/sys/dynamic or mac address) which allows you to search for specific values but a default show cam will **** all MAC addresses on all vlans regardless of how it was learned.

xnx

I'd have picked A

crazboy84

I think they are just trying to fool you with useless information and its a poorly thought out question. When a switch doesn't know where the destination mac address is for a packet it floods it to all ports except the one it received it from. Thats the knowledge they are looking for with this question.

Heero

I don't think it is a poorly thought out question. It is testing two things. First, it is testing your knowledge of how CAM table isolation works between vlans. Second, it is testing your knowledge of how a switch acts when it receives a frame and doesn't have the destination MAC in it's cam table (unknown unicast flooding). There isn't really useless information, just two concepts baked into one question.

If you understand the two concepts, then the answer is A without any question.