Answer to Question: Destination MAC Only?

 In 200-301 V1 Ch08: Virtual LANs, 200-301 V1 Part 3: VLANs, STP, CCENT-OLD, Q&A

The previous post posed a question that appeared straightforward – but one that set up a couple of the more common mistakes that people make with the subject of Layer 2 frame forwarding.  The goal was twofold: yet another practice question, but also to give you a reason to check out the  “CCENT ICND1 100-105 Exam Prep LiveLessons” product in case you wanted more background info. This post details the answers, focusing on the trickier answers.

First – the Literal Answers

A, D

That is, a frame sent by PC2 to PC4’s MAC address (0200.4444.4444) will be forwarded out SW3’s ports F0/1 and G0/1, but not the other ports. Here’s a copy of the figure for reference, and a copy of the exhibit.

Figure for This Question

 

SW3# show interfaces status
Port      Name         Status       Vlan     Duplex  Speed Type
Fa0/1                  connected    2        a-full  a-100 10/100BaseTX
Fa0/2                  connected    2        a-full  a-100 10/100BaseTX
Fa0/3                  connected    3        a-full  a-100 10/100BaseTX
...
G0/1                   connected    trunk    a-full a-1000 10/100/1000BaseTx
! Only pertinent lines shown

SW3# show mac address-table dynamic
        Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
2       0200.1111.1111    DYNAMIC     Fa0/1
3       0200.5555.5555    DYNAMIC     Fa0/3
2       0200.6666.6666    DYNAMIC     Gi0/1

 

Example 1: Command Output

 

Analysis: Forwarding in VLAN 2

One key to answering this question is to determine which VLAN the switch considers the frame to be in when processing the frame. Reducing the facts:

  • The question stem states: frame is sent by PC2
  • The Figure shows PC2 off switch SW3’s port F0/2
  • The stem states that all ports connected to PCs are access ports
  • The exhibit shows port F0/2 as an access port in VLAN 2

So, switch SW3 processes the frame as part of VLAN 2.

 

Ruling Out Two Incorrect Answers

Next consider the incorrect answer about port F0/2. Will a switch receive a frame in one access interface (F0/2) and send it back out that same access interface? No. Simple enough.

Next, consider the answer for interface F0/3. Why wouldn’t the switch forward the frame out F0/3? That port appears to be up and working, and SW3 needs to flood the frame as it turns out.

The reason is simple: the port is not part of VLAN 2, but the frame arrived in VLAN 2. Following the facts again:

  • From the earlier list, switch SW3 considers the frame to be part of VLAN 2
  • The question stem states that the ports connected to PCs are access ports
  • The exhibit shows port F0/3 as being assigned to VLAN 3

Therefore, switch SW3 will not forward the frame out port F0/3 – even though SW3 will flood the frame.

 

Flooding the Frame… In VLAN 2

Now turn to the correct answers. The frame arrives in an access port assigned to VLAN 2 (port F0/2). As it turns out, switch SW3 floods the frame in VLAN 2. Here’s why:

  • The destination MAC – 0200.4444.4444 – is not in SW3’s MAC table at all. More importantly, there is no entry for that MAC address that also lists VLAN 2.
  • In other words, the destination is unknown to SW3 in VLAN 2, so SW3 treats the frame as an unknown unicast frame
  • SW3 floods the frame out:
    • All ports in VLAN 2 (access ports and trunks)
    • …Except the incoming port (F0/2 in this case)

Per the exhibit, those interfaces include F0/1 (an access port) and G0/1 (a trunk port). Those are the two correct answers.

 

Extra Logic… That Does NOT Apply

Did you think that SW3 would NOT forward the frame out port F0/1?

Couple of times over the last few months I’ve heard from readers who have wanted to add a bit of switching logic to SW3, logic that would have made SW3 not forward the frame out F0/1. Here’s the logic, which is NOT true – but you can easily see why someone might go there mentally.

  • SW3 has learned the MAC address of the one device off its F0/1 access port (0200.1111.1111)
  • When flooding the frame in VLAN 2, SW3 does NOT flood the frame out port F0/1, because SW3 has already learned of one MAC
  • The logic (which is, again, not true) is that because SW3 knows of one MAC on that port, it should NOT flood the frame on the port

Switches don’t add that bit of logic, because there might be more than one device connected off that port (for instance, through a hub or even through another switch). So, don’t add the logic!

 

CCENT Exam Prep LiveLessons – Common Mistakes

Did you find it useful to think about these kinds of situations where you might make a mistake? That’s what half the new CCENT Exam Prep LiveLessons product is about – predicting those kinds of mistakes, and revealing them to you so that you can not make those mistakes on the exam. Check out the samples.

 

Switch Forwarding Question: Destination MAC Only?
Practice Test SW Fix
Subscribe
Notify of
guest

11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Robert

Absolutely useful and clarifier, as usual.

Thank you very much Wendell

Mikhail

I am not a native English speaker, so sorry for my mistakes.
And what about ARP? Why SW3 just dont send ARP request to realise that PC4 is after G0/1?

lyjo

Hi Mikhail,
I understand you! Your English is great.
SW3 is a layer 2 switch in this question, so it would never send ARPs or process received ARPs for the same of learning information about the network. As a layer 2 switch, it only learns about MAC addresses by looking at the source MAC address of received frames, and then placing those in the MAC address table.

Even a layer 3 switch wouldn’t use ARP to learn entries for it’s MAC table. A layer 3 switch would use ARP to learn the mapping of IP addresses to their MAC addresses, placing that data into the switch’s ARP table. But the ARP process wouldn’t update the MAC address table, which is the table used by the switch to direct layer 2 switching.

Hope this helps,
Wendell

Mikhail

Thank you Wendell allot!
I tricked myself a little. Of course I meant, that not SW3 sent ARP request, but PC2 did.
But what, if PC2 sent frame not to PC4 Mac address, but to IP address? As it works in real life.
In my opinion, logic should go this way:
1. PC2 watches at his ARP table and don’t find any match
2. Send an ARP request into the LAN
3. Request walks through our LAN and SW3 learns the PC4’s entrance and write it down at his Mac-address table
4. PC2 makes a frame with PC4 Mac-address and sends it directly to PC4 (as is in your question)
5. SW3 already has match in his Mac-address table, so he don’t need to send a broadcast messages and just send the frame directly through G0/1.

Please tell me whether I am right, or not.
Thank you again!

lyjo

Hi Mikhail,
OK, got it, you meant that PC2 ARPs, not SW3.
Then you said “what if PC2… like in real life.”
Well, what’s described in the scenario is what happens in real life as well. Imagine PC2 and PC4 are in the same subnet, say addresses 10.1.1.2 and 10.1.1.4. PC2 wants to send an IP packet to destination IP address 10.1.1.4 (which I think is what you’re describing). Once ARP completes, the IP packet sent to PC4’s IP address is encapsulated in a frame sent to PC4’s MAC address.
I think we’re in agreement on the above?
If so, then I understand your 5 steps – which aren’t what the question asks – but I understand them. Then I agree with your 5 steps, except step 5, but my disagreement is only about the wording. I wouldn’t use the phrase “don’t need to send a broadcast message”, because that may imply that SW3 is creating that message. I might instead state that SW3 “does not flood the frame”, because the word “flood” is the specific term describing switch logic for a frame with an unknown destination MAC address.

And your English is still great! 🙂
Wendell

RN

Hi Wendell,

Shouldn’t “show interfaces status” also display interface G0/1?

Packet Tracer does not support this command and I don’t have real or emulated switch so I can’t test it.

Thanks,

RN

Maxim

There is a mistake in your answer:
“Per the exhibit, those interfaces include F0/1 (an access port) and G0/2 (a trunk port). Those are the two correct answers.”
G0/1 should be.

lyjo

Maxim,
Yep, I agree. I changed it (so for the rest of you, no need to look for what Maxim referenced – I changed it).
Thanks,
Wendell

ABDOULAYE

Thank you wendell. God bless you…

Roberto

Dear Wendell,

Thank you for clarifying the logic under “Extra Logic… That Does NOT Apply.”

What a helpful exercise!

Ignacio Polesello

Hi Everyone,

Why does the entry for Gi0/1 in the output of “show interfaces status” is included in the answer and it does not appear in the question?

Thank you,
Ignacio

Wendell Odom

Ignacio,
Because it was a mistake! Thanks for noting it. I’ll fix it here in a few minutes. Thanks again.
Wendell

11
0
Would love your thoughts, please comment.x
()
x