- Posts: 7
- Thank you received: 0
Doubt regarding Switching Principle
I have one doubt after going through the Switching concept.
Scenario:
Hosts A,B,C,D are connected to the same switch.
#show mac-address-table dynamic
VLAN MAC ADDRESS PORT TYPE
1 AA:AA:AA:AA:AA:AA fa 0/1 dynamic
1 BB:BB:BB:BB:BB:BB fa 0/2 dynamic
1 CC:CC:CC:CC:CC:CC fa 0/3 dynamic
1 DD:DD:DD:DD:DD:DD fa 0/4 dynamic
Now if the Host A (AA:AA:AA:AA:AA:AA) sends out a frame destined for EE:EE:EE:EE:EE:EE the switch will flood the network and will get no response about the presence of EE:EE:EE:EE:EE:EE.
How will the Switch handle this? Will it drop the packet? or try again? For how long will it wait for the reply from EE:EE:EE:EE:EE:EE?
The host will wait for a reply as the case with ARP. Once the host has the layer3 to layer 2 mapping it will send the packet. During the ARP process the switch learns the MAC addresses by looking at the source MAC, and what interface the frame ingressed the switch then populates its MAC table.
The issue you stated is what some folks take advantage of, blast unknown and never to be resolved MAC addresses onto the ethernet network. The switch will flood these packets. See the problem?
So basically any frame received on any port for a MAC address the switch does not have in its forwarding table will be flooded - whether the switch has seen the MAC before or not doesn't matter. But once that MAC address has appeared in the source-mac-address of a frame then the switch knows which port it can be reached on an places an entry into its forwarding table to record this. After that, the switch forwards the frame on that port only
Yeah I agree with that, but there seems some draw back in this technique.Good answer.
So basically any frame received on any port for a MAC address the switch does not have in its forwarding table will be flooded - whether the switch has seen the MAC before or not doesn't matter.
But once that MAC address has appeared in the source-mac-address of a frame then the switch knows which port it can be reached on an places an entry into its forwarding table to record this. After that, the switch forwards the frame on that port only
Suppose that there is some evil host in the network which is sending out frames to a destination which doesn't exist in the network.
Since the destination never exists in the network, the switch will not have it's entry in its MAC address table.
So basically what the evil host is achieving is that it can flood the whole network by simply sending a packet destined for a host which doesn't exist.
That could consume a lot of bandwidth.... What would be it's solution?
You say the switch will flood the frame out all the switchports (except the one it was received) and I agree with that ... so the switch does not drop the frame. The switch does not wait for a reply, its a switch with the purpose of pumping frames through the network by default. Of course there are features to drop frames, ect..
The host will wait for a reply as the case with ARP. Once the host has the layer3 to layer 2 mapping it will send the packet. During the ARP process the switch learns the MAC addresses by looking at the source MAC, and what interface the frame ingressed the switch then populates its MAC table.
The issue you stated is what some folks take advantage of, blast unknown and never to be resolved MAC addresses onto the ethernet network. The switch will flood these packets. See the problem?
Yeah I understood the problem. But how do I resolve it? There must be some way out to drop such wild frames
- gagamboy
- Visitor
Hello experts,
Any inputs there? Thanks.