Switch Learning Vs. Switch Forwarding: Answer

 In 200-301 V1 Ch05: Ethernet Switching, 200-301 V1 Part 2: Ethernet, CCENT-OLD, Q&A

Today’s post wraps up this latest sample #CCENT exam question. Answer is below the fold.

Relevant Links:

The Answers

B, C

The Explanation

First, the switch’s MAC table is empty.

Then, PC1 sends a frame, source MAC address 1111.1111.1111, arriving in port F0/1. As a result, the MAC table now lists PC1’s MAC off port F0/1. (We don’t care where this frame was forwarded, at least for this question).

Then, PC3 sends a frame, source of 3333.3333.3333, destination of PC2’s MAC. The frame arrives at the switch in port F0/3. So, the MAC table now lists PC3’s MAC off port F0/3.

The question asks: where does the switch forward this second frame, which has a destination address of 2222.2222.2222.

Per the MAC table at the instant the frame arrives, PC2’s MAC is not in the MAC table. So, the switch floods the frame.

In this case, flooding the frame in VLAN 1 means: forwarding out ports F0/1 and F0/2, but not out port F0/3, because the frame arrived in F0/3.

Switch Learning Vs. Switch Forwarding - Analysis
Switch Forwarding of Frame From Host to Gateway
Subscribe
Notify of
guest

36 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Anna

Hi Wendell,

Per my understanding, when the second frame arrives the MAC table already has PC1 and learned PC3 MAC (2 entries & ports )
Can the switch filter and forward the frame only to PC2?
If the PC1 entry expired in mac table, then flooding occurs and forwarding the frame to pc1 & pc2 sounds correct.
If i see the similar question in the test, i will answer PC2 whatever port it’s connected to.

Thanks,
Anna

lyjo

Hi Anna,
On this specific question, because the switch has not learned PC2’s MAC yet, SW2 will flood that second frame. One key here is that learning happens based on the source MAC, and PC2 hasn’t yet sent a frame. So, that 2nd frame as referenced in the question, destined to PC2’s MAC address, would be flooded.

Hope this helps,
Wendell

Anna

Hi Wendell,
I’m not sure if I’m getting the question.
My assumption of the first frame was from PC1 to PC2
(SW2 should flood the frame to PC3 & PC2, but don’t care), however I assume that SW2 learned PC1 MAC.
Second frame is PC3 to PC2.
So when the switch received the 2nd frame, SW2 learned PC3, (SW2 MAC table=PC1 + PC3).
so why would 2nd frame be flooded if SW2 has 2 entries?
If my assumptions are correct,
yes the frame will be send out to PC2. but why to B?

Thanks again for your response.
Anna

lyjo

Hi Anna,
Couple of ideas that might connect the dots.

Yep, I agree, maybe a thorough read of the question would help. You stated that you assumed what the first frame was from PC1 to PC2, but the question states it was from PC1 to PC3. However, that mistaken assumption actually would not change the answer…

Your further comments are 100% correct until you ask the question “so why would the 2nd frame be flooded”. You stated the exact reasons why above that line. Why?

The mac table lists PC1 and PC3, but not PC2
The 2nd frame has a destination MAC of PC2’s MAC
Therefore, the switch’s forwarding logic does NOT match an entry in the MAC table…
So the switch floods the frame.

Does that connect it all? If not, maybe drawing the frames with source and destination MAC addresses?

Anna

Hi Wendell,
Thank you very much for taking time answering my questions.
I am learning a lot on this blog.
I went back to your book (CCENT/CCNA) and read that switch can either flood or filter (not forward) the frame..
So, now I see..
Maybe cisco can create another rule for switch, by send ing the frame only to the port/ports not listed in the mac table instead of flooding it.

Thanks,
Anna

Rade

Hi Wendell,

could you please clarify once more this situation as i am totally confused?

I understand that SW will flood the frame in case PC3 sends to PC2 and SW doesn’t know PC2 MAC. This is all clear in situation SW does not know PC2 MAC.

But why SW did not flood frame and learn PC2 MAC for the first time, when PC1 sends the frame to 2222.2222.2222 which is PC2 MAC?

Thanks
Rade

lyjo

Hi Rade,
Sure. The reason is that learning is based on the source MAC. So, that frame sent “from” aka source MAC of PC1, sent “to” destination MAC of PC2’s MAC, causes the switch to learn PC1’s MAC. It doesn’t cause the switch to learn PC2’s MAC. PC2 has to send aka be the source MAC of a frame before the switch would learn PC2’s MAC.
Wendell

Jo Moreno

I’ll admit that I misunderstood the first step which is to not assume a reply occurred from PC2 on this scenario before PC3 sent it’s frame into the switch. However, the answer “B” is incorrect because the switch already knows PC 1’s address. The question asks about something that occurs when the 2nd frame is processed which means the MAC learning that occurred from the first frame would rule out B as an answer. I love that I have the ability now to critically think about the answers provided on this post! CCNA 200-301 was excellently written and has solidified the once shaky understanding I had of networking from previous undergrad studies and certification study resources. Thank you for this wonderful study material!

bavthethy

Hi Wendell,

I’ve just gone through this question and appeared to have stumbled at the same hurdle as others, and I think I can see why.

First of all in the Cisco press book in chapter 7 it says “The idea is simple:if you do not know where to send it, send it everywhere, to deliver the frame. And, by theway, that device will likely then send a reply—and then the switch can learn that device’s MAC address, and forward future frames out one port as a known unicast frame.”

Going back to the question, the 1st frame is from PC1 to MAC 2222.2222.2222 (the MAC of PC2). SW1 will learn PC1’s MAC but then at that point if the above course text extract is taken literally then the SW should flood the frame out Fa0/2 and Fa0/3 in an attempt to learn the MAC of PC2. PC2 should then reply to the SW (again as per the course text) and in the process SW will learn the MAC address for PC2.

After reading your explanation a few times I can see that the question is subtely wording such that that the 2nd frame is sent right after the 1st frame. But again I don’t follow why the switch chooses to flood after the 2nd frame, but not the 1st frame given they are both destined for 2222.2222.2222. Why does SW choose to flood after frame 2 but not frame 2?

I’m wondering if maybe your question is wrong and the 1st frame should actually be going to 3333.3333.3333, as you also mentioned in answer to Anna that PC1 is actually sending a frame to PC3. The question clearly says 2222.2222.2222, which is the MAC of PC2, not PC3.

Is that right? In your answer you’ve said for the 1st frame “We don’t care where this frame was forwarded, at least for this question”, but you’ve listed the same MAC (2222.2222.2222) as where the 2nd frame was addressed to, so I think that changes things.

Can you confirm please?

lyjo

Hi,
Thanks for the note.
I lost you on your 3rd paragraph, which ends with “why does SW choose to flood after frame 2 but not frame 2?” But let me take a guess.

The question spells out the first two frames, in the order they occur. While I agree that if frame 1 is received by PC2, that if PC2 is up and working, that PC2 will probably make a reply. However, that reply isn’t the 2nd frame in the scenario. I think that might be where your analysis differs from the question.
Instead, taken as literally stated in the question:
frame 1 is sent, destination PC2. PC2’s MAC isn’t in the switch’s MAC table, so the switch floods the frame.
frame 2 is sent, destination PC2. PC2’s MAC isn’t in the switch’s MAC table, so the switch floods the frame.

Make sense?

If instead the question had listed frame 2 as the reply from PC2 (source) to PC1 (destination), then it’s a difference answer, because the switch learned an entry for PC1’s MAC as a side effect of frame 1.

Hope this helps,
Wendell

bavthethy

Exactly. I was taking the question literally and assuming that frame 1 would be flooded, resulting in PC2 replying and then the switch knowing about the PC2 MAC, which is why the answer confused me. I assumed that because the book talks about in that scenario and says the device would usually reply.

Sunny

how could we understand when we care forwarding of a frame and when we don’t?

lyjo

Sunny,
That’s a pretty broad question. Can you post again and try a question that’s more specific?
Wendell

Nathanoj

Why would the switch flood the frame to fa0/1 if SW1 already knows that Fa0/1 has a device with a mac address of 1111.1111.1111

I wonder it is because you can connect more than one device in one of the switch ports? Am I correct? BTW thank you of showing how such easy looking problem is harder than it appears.

lyjo

Nathan,
Your last comment first – that’s exactly the kind of thing people miss, but don’t even know they missed it. Those are hard to uncover and learn – and precisely why I ask these kinds of problems!

To your initial question, I’d say that’s the motivation. EG, that link could be connected to another switch even, or to another switch which connects to countless switches with countless devices with different MACs. The literal reason is that the logic doesn’t include a check for “are other MAC’s known” – but as you rightly noted, the underlying reason is that we need to flood out those links anyway, just in case the device using that MAC is out there somewhere.
Wendell

Thorsama

Sneaky question indeed, many would assume that PC2 replies to the first frame (myself included), and as such the switch would hold the MAC address in its mac address table.

This is not explicitly written tho, so the second frame also destined to PC2 will be flooded.

Reformulating the question to be more obvious would help many answer it correctly. However I think the point of the question is to get you analysing/thinking, which is probbably worth more than answering the question correctly.

lyjo

Thorsama,
I agree that learning is far more important than getting a question right when practicing. That said, I could improve the question enough so it’s clear that while PC2 will reply to PC1, timing-wise, maybe the frame sent by PC3 arrived before PC2 replied. Contrived of course, but makes the point.
Thanks,
Wendell

Austin

Im not sure if this has already been suggest, (by the way love this content), but it would helpful if you posted the topology in the answer as well!

that’s all!

Austin

So we are to assume that PC2 did not reply to PC1s frame before PC3 sent it’s frame. Correct?

Zuhail

I get it , why so many Wendell’s fans (including me) are getting confused here , we’re confusing this with an arp broadcast cuz in that case the intended recipient sends a *packet* backt tell it’s own Mac address (because that’s the whole purpose of Arp) but for a simple frame forwarding , a switch just flood the frame out all interfaces except one obviously, it doesn’t matter if PC2 replied us back or not, at all!
THANKS SO MUCH FOR BRUSHING UP MY SKILLS .
I really love Cisco certification tracks and I hope to work there one day !

kutay

After ARP request from PC1 something bad must have happened to the switch, otherwise the mac table wouldn’t be empty 😀

Picard

Hello Wendell,‎

I hope all is well.‎

I am slightly confused by the answer. Just to double check switches builds their MAC Address ‎table/ Learns by source mac addresses. I know they can learn/build their MAC address tables from ‎other switches. However, for the sake of this question, I will limit it to just by source MAC ‎addresses.‎

You stated:‎

The PC1 creates and sends a frame with a destination address of 2222.2222.2222.‎

At that point the switch learns that:‎
Source MAC address is 1111.1111.1111 and it’s port is fa0/1 and it makes this entry into it’s mac ‎address table.

Since the switch doesn’t know the destination mac address it will flood all the ports apart from ‎fa0/1‎
This will cause PC 2 to receive the frame BUT HAS NOT RESPONDED in which case the switch will not ‎make an entry for pc 2 and its MAC ADDRESS.‎

The you said:

Then PC3 creates and sends a frame destined for PC2’s MAC address of 2222.2222.2222‎

At that point:

It learns (like I said it Learns by source mac address) that PC3 its MAC Address is 3333.3333.33333 ‎and its port is FA0/3.‎

Now that the switch needs to forward the frame to 2222.2222.2222. but doesn’t knowwhere it lies ‎but it KNOWS PC1’s MAC address of 1111.1111.1111and its port is fa0/1 and PC3 and it’s MAC ‎address 3333.3333.33333 and its port is FA0/3.‎

This only leaves port FA0/2‎

Chris

Hello Captain!
A switch forwards or floods based on the entries in the MAC address table.
The switch does not filter based on those entries.
The switch receives a frame and enters the source MAC address into the MAC address table.
Then the switch compares the destination MAC address in the frame to the entries in the MAC address table. If there is a match the frame is forwarded out the correct port only.
If none of the entries in the MAC address table match the destination MAC address in the frame, the switch floods the frame out all ports except the port the frame arrived on.
It is possible to have more than 1 host connected to a port on a switch. There could be another switch on that port with many more hosts connected to it’s ports.

Miguel Angel

thank´s Chris , I explain it very well.

imaximumax

After PC1 sends the first frame which will be flooded , 2 MAC addresses will be added to the SW1 table .

PC1 MAC address = Because this is the port where the first frame came from

PC2 MAC address = Because when there is a flood of frames we expect an answer from all the PCs to respond if the the frame was for them or not . And in this case , normally PC2 should answer with “Yes , this frame was for me ” which will result in the switch learning its MAC address .

So , when the second frame from PC3 reaches the SW1 , we already got the addresses of PC1 and PC2 , and the only address that will be added to the MAC table is PC3 MAC address .

And the SW1 is aware of all devices in the LAN , which means the only answer is C .

Almeida

Hi Wendell,
I’ve been reading some comments, and I guess we are confusing ourselves because we have the concept that when a frame is sent by a host(PC1), the receiving host(PC2) replies back and then creating another table entry. I agree with the answers given. But it would be more clear to specify that PC2 does not reply back to the frame sent.

Thank you.

brahooke

Wendell, this question really showed how difficult it must be for the CCNA committee to write exam questions and to word it to not be interpreted in the wrong way. Like many people on here I only chose answer C and did not think B would also be included. I thought that ICMP replies from PC2 would update the switches MAC table for 1111.1111.1111 after the first frame was switched between the two hosts. Does the CCNA ask questions like you ended this one with (Select all answers that are correct)? I hope it is easier and would only say (choose two correct answers). Then I would have deduced the only other answer could be B because A and D are clearly wrong. Again great question that really makes you think. I was glad to get it wrong because I learned the lesson of wording tricks that might be the reason between a pass and a fail on exam day.

brahooke

Sorry, ICMP is layer 3. I’m still learning. I don’t know what to call layer 2 replies. Maybe ARP? When I use physical switch the MAC table populates just by connecting to it so I get confused with the whole replying thing and when the switch learns. Is it either a link status after a given amount of time or a frame movement that the switch knows the MAC address?

GJM

I think I understand what you have gone over and replied to everyone in varying ways (the same answer) at least a dozen times.

You ask us to read the question and interpret it literally. As in you did not state that PC2 replied to the first frame. So not to assume that PC2 replied to the original flooding of the packet.

The question only states that PC1 and PC3 have sent frames so that the switch only knows of those 2 MAC’s/incoming interfaces.

I guess I dont fully understand the switches logic if it already knows there is a MAC/IP/Host connected to fa0/1 why would it send/flood the frame there.

Wendell Odom

GJM,
Yeah, honestly, if I had unlimited time to devote to the blog, I’d probably try and make questions like this a little less literal. It’s my nature to think literally, moreso than most, and it’s probably a little unfair as written. That said, as long as you work through it and understand, learn something, it’s still useful, so I keep it around.
You closed with a comment to say you don’t understand something. So… On that: The short version is that switches can and do learn more than one MAC address on a port sometimes. So, the switches just don’t have logic as you describe, what I would summarize as “since I know 1 MAC on a port, don’t flood out that port.” It’s just not what they do.
When would a switch learn multiple MACs on a port? On any port connected to another switch. So you’re probably thinking about the case of a switch connected to an end-user device, just one device, so we know it will learn only one MAC there. But connect two switches, say SW1 and SW2, with a bunch of end-user devices connected to each, and the interface on SW1 that connects to SW2 will eventually learn all the MACs off SW2, and vice versa. As an example.
Hope that helps,
Wendell

GJM

I thought about it some more after working through the other labs/scenarios for this chapter late last night on this blog and it made more sense at the end. The way I’m understanding it now which is basically what you said – the switch is going to flood the packet for any unknown mac address. Regardless if it already learned of 1 mac on a particular port. I guess the logic is that the switch has no idea if there is a switch with multiple devices on that single port like you said.

36
0
Would love your thoughts, please comment.x
()
x