Cisco switches are layer 2 LAN devices used to create smaller collision domains. Creating smaller collision domains allows users full access to bandwidth and supports full duplex data transmission. Additionally, switches protect networks from routing loops and keep local traffic local. Switches use bridging technology to accomplish these functions. The bridging technologies deployed by Cisco switches are based on the IEEE 802.1d standard, which defines Ethernet bridging through the use of transparent bridging.

Transparent bridging
Transparent bridging consists of these five bridging processes:

  • Learning
  • Flooding
  • Forwarding
  • Filtering
  • Aging

When a frame is received by a switch operating in transparent bridging mode, the switch must analyze the frame’s source and destination MAC address. The switch then uses this information to build a forwarding table. The first step in this process is learning.

As each frame enters the switch, the source MAC address is learned and is placed into a forwarding table. This forwarding table contains the source MAC address of the frame and the switch port that received the frame. Next, the destination address is analyzed. The switch looks at the destination address contained in the frame’s data link header and checks the destination address against the addresses contained in the forwarding table. If the destination address is not in the forwarding table, the bridge moves on to the process of flooding.

Flooding occurs when a switch receives a frame with an unknown unicast destination address, a broadcast frame, or a multicast frame. When any of these three frame types is received, the switch floods the traffic out all of the ports on the switch. (If VLANs have been established, the frame is only flooded out the ports assigned to the same VLAN. For more information on VLANs, check out “Microsegment your network with a virtual LAN“).

To reiterate the process, a switch receives a frame. The switch analyzes the source and destination MAC addresses. The source address is added to the forwarding table, and the destination address is checked against the forwarding table. If the destination address is not contained in the forwarding table, the frame is flooded out all switch ports.

Now on to the next step of the process, forwarding. The flooded unicast frame is received by its intended recipient. When the destination host responds to the original sender of the frame, the switch analyzes the source and destination addresses of the frame. The source address is learned and is stored in the forwarding table. The destination address is compared to the forwarding table. This time, the switch finds a match for the destination MAC address and forwards the frame only out of the switch port designated by the forwarding table.

As mentioned earlier, one of the responsibilities of a switch is to keep local traffic local. A switch does this by filtering. Filtering occurs when a unicast frame is received, and the source and destination addresses are listed in the forwarding table with the same switch port. This occurs when multiple hosts share the same switch port. For example, say a group of hosts is connected to an Ethernet hub and that Ethernet hub is connected to a single switch port. When these hosts communicate within the group, the switch receives these frames, but filters them because these frames do not need to be forwarded to other switch ports.

The last process in transparent bridging is aging. Each time a switch learns a MAC address, the MAC address and switch port are stored in the forwarding table. The switch time stamps these entries. By default, Cisco stores forwarding table entries for five minutes. When the five-minute timer has expired, forwarding table entries are aged out of the table.

Viewing the forwarding table
You can view the forwarding table on the Catalyst 5000 family of switches by using the following command:
Console> (enable) show cam dynamic

With this command, the network administrator can view the forwarding table and discover if traffic is being forwarded, filtered, or flooded.

Warren Heaton Jr., MCSE+I, CCNP, CCDP is the Cisco program manager for A Technological Advantage in Louisville, KY.

If you’d like to share your opinion, please post a comment below or send the editor an e-mail.