Switch forwarding logic, VLAN vs no VLAN

Hi, I've just recently finished reading the CCENT offical cert guide and I'm going back over the key topics before I try the practice exams.

One thing I always assumed was a switch dropped unicast frames if the destination address is not in the MAC table. Now I just noticed in chapter 10 it states..

"Make a forwarding decision. Look for the frame’s destination MAC address in the MAC address table, but only for entries in the VLAN identified in Step 1. If the destination MAC is...

"Not found (unicast), flood the frame out all other access ports (except the incoming port) in that same VLAN, plus out trunks that have not restricted the VLAN from that trunk (as discussed in Chapter 9, “Implementing Ethernet Virtual LANs,” as related to the show inter- faces trunk command)."

Does this mean that if there is no assosiated VLAN then the switch will drop unknown unicast frames?

And if there is an unknown unicast frame with an assosiated VLAN then broadcast to that VLAN?

Thanks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

late_collision

Hi WastedHat,

If you consider the first power up of a switch, the MAC table is empty, it makes perfect sense to forward unknown unicast out all ports (except incoming). The switch learns the location of end stations, organically, by recording src mac addresses of traffic that passes through it. Although the first unknown unicast frame to a destination may be forwarded throughout the entire VLAN, future frames to that destination will not.

Also, be careful of terminology here, a switch will not "broadcast" unknown unicast frames within a VLANs domain, it will "forward" the frame. Unicast and Broadcast are different types of traffic.

clarson

late_collision wrote: »

Although the first unknown unicast frame to a destination may be forwarded throughout the entire VLAN, future frames to that destination will not.

Well, not quite. an unknown unicast frame stays unknown until it sends a frame to the switch. So, every frame to an unknown mac address will be flooded until the switch enters that mac address into it's cam table (receives a frame with that mac address). And, entries in the cam table have a time to live of 5 minutes (by default). So, if the switch hasn't heard a mac address in 5 minutes, it becomes unknown again. And frames to an unknown mac address get flooded.

Yes an unknown unicast frame gets flooded to the vlan. That is all the access ports in that vlan and all trunks that permit that vlan on that switch. And of course not the originating port.

Layer 2 switches only drop frames that have errors.
oops, they also filter the frame if the destination mac address is for a host on the same network segment as the source of the traffic

WastedHat

Thanks for the replies. Makes a lot of sense now and I found the part of the book that says switches flood frames with unknown destination MACs.

I was only reading the Key Topic's and came accross this in chapter 6 which made me think unknown frames were dropped

"To decide whether to forward a frame, a switch uses a dynamically built table that lists MAC addresses and outgoing interfaces. Switches compare the frame’s destination MAC address to this table to decide whether the switch should forward a frame or simply ignore it."