MAC Address Tables
A MAC address table, sometimes called a Content Addressable Memory (CAM) table, is used on Ethernet switches to determine where to forward traffic on a LAN. Now let's break this down a little bit to understand how the MAC address table is built and used by an Ethernet switch to help traffic move along the path to its destination. We will use the graphic in Figure 1.
Figure 1 Basic switched network.
In Figure 1, a switch is surrounded by a number of common devices. Let's assume that all of the devices are powered on but have not sent any traffic. In this case, the MAC address table of the switch would be empty (ignoring any system MAC addresses shown in the table by default).
Now suppose PC1 wants to send traffic to the server that has a MAC address of 00:00:00:00:00:01. It would encapsulate an Ethernet frame and send it off toward the switch. The first thing the switch would do when receiving the traffic is create a new entry in its MAC address table for PC1's MAC address (PC1 -> Fa0/3). The switch would then perform a lookup on its MAC address table to determine whether it knows which port to send the traffic to; since no matching entries exist in the switch's tables, it would flood the frame out all of its interfaces (except the receiving port).
Because the frame was sent out to all of the switch's other ports, it would be received by the target server. Assuming that the server wants to respond to PC1, it would sent a new frame back toward the switch. The switch would receive the frame and create a new entry in its MAC address table for the server's MAC address (Server -> Fa0/2). It would then perform a lookup of its MAC address table to determine whether it knows which port to send the server's traffic to; in this case it does, so it sends the return traffic out only its Fa0/3 port (PC1), without flooding. Listing 1 shows what the MAC address table would look like at this point.
Listing 1—MAC address table example.
2960-1#show mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 00ld.70ab.5d60 DYNAMIC Fa0/2 1 00le.f724.al60 DYNAMIC Fa0/3 Total Mac Addresses for this criterion: 2 2960-1#
This process repeats as devices continue to send traffic to each other. An important detail to remember is that the MAC address table timeout is typically short (Cisco's default is five minutes), so an entry is left in the table itself only for that specified amount of time before the timeout expires and the entry is removed from the table.
Now we will move on to the question of how the devices get the destination MAC addresses to begin this process; in a word, ARP.