Switch ports for layer 2 switching confusion?

Hi everyone,

I will apologize ahead of time if my question does not make sense but I will try my best.
I am currently reading about layer 2 switching and I want to know how many PC's can be connected to 1 switch port(layer 2) this question came up:

I know that switch ports run on full duplex and have their own collision domain. But as I am reading on I see commands like the STICKY command allowing you to put 2 mac addresses in one port and then shutting down if this rule gets violated and then I also see on the SH MAC ADDRESS-TABLE cmd several mac addresses assigned to 1 port from 2 switches.

Find more posts tagged with

Comments

clarson

yes, generally now days each port will be full duplex and be one collision domain.

But, you can setup a port to be half duplex (or even auto negoiate it). and you could connect a hub to that port with several hosts off of the hub. And, a hub off of that hub, etc. untill until it just doesn't work anymore.

The number of connecting mac addresses is set via the maximum option. The sticky options allows you to save the mac addresses that connect so you can limit not only the number of connecting address but what the specific addresses can be. as in you can allow several know address to connect but will shutdown if an unknown mac address tries to connect.

and you will see several mac address assigned to a port if that port is a trunk.

GDaines

Llukman1 wrote: »

How many PC's can be connected to one L2 switch port? I am reading about commands like the STICKY command allowing you to put 2 mac addresses in one port and then shutting down if this rule gets violated, and then I also see on the SH MAC ADDRESS-TABLE command several mac addresses assigned to one port from 2 switches.

You can connect one PC at a time to a single port - except when that port connects to another switch or hub....

The sticky command allows the port to learn MAC addresses from connected equipment. A scenario in which you might use this would be for a PC sitting in a lobby/reception area running welcome messages for visitors. Because this unit is doing an important job you don't want people being able to unplug it to steal the network connection, so you use port security to restrict only that PC to being allowed to use that connection. The idea of two MAC addresses is that you might also want a Network Administrator's laptop to also work just in case you need to plug in to troubleshoot a screen problem for example.

As for the show mac address-table command listing multiple MAC addresses against a single port, this usually means that it's a trunk port connecting to another switch, and all the MAC addresses are devices connected to that switch (and the switch itself).

Llukman1

Clarson:
Yes I understand if the port is half duplex but I am talking about if its full duplex switch port then would it just allow 1 computer per port or more than 1?

As for that MAC address table I know that it clears up entries after some time but I also want to know does it keep track of each computer that has used that port or multiple computers that are using that same port at the same time?(full duplex or half duplex)

Llukman1

btw thanks guys

clarson

Llukman1 wrote: »

Clarson:
Yes I understand if the port is half duplex but I am talking about if its full duplex switch port then would it just allow 1 computer per port or more than 1?

if it is full duplex, the switch makes the assumption that there is only one connected host. but yes you could connect more than one and it won't work very good. Because there will be collisions occurring. And, with one host there aren't collisions. So, the switch doesn't care about them. So, the switch adds to the collisions because it will transmit any time it wants. Not good when everyone thinks they own the road.

Then there are things like the man-in-the-middle attacks where there is more than one network device is connected. but, they spoof the network traffic to only have one mac address. so the switch only thinks there is one computer connected even though there actually is more than one.

As for that MAC address table I know that it clears up entries after some time but I also want to know does it keep track of each computer that has used that port or multiple computers that are using that same port at the same time?(full duplex or half duplex)

the time to live for mac addresses is by default 5 minutes. show mac-address-table aging-time
The contents of the mac address table is the mac address that was received, it's port, the vlan and the time.
yes it keeps track of every mac address from every frame that is received. at least until the mac address table is full. then the mac address isn't added to the mac address table and the frame is flooded out all ports that the frame wasn't received on. i.e the switch becomes a hub for unknow mac addresses.

as far as the sticky option. the switch saves the mac address in the running config