English

Switch Mac Address: What’s It and How Does it Work?

Updated on Sep 29, 2021 by
111.9k

Switch Mac Address: What’s It and How Does it Work?

You may have noticed that every piece of hardware on your local network has a MAC address in addition to the IP address. Except for switches which have switch MAC address, all devices that connected to the Internet have this unique identifying number, from desktop computers, laptops, cell phones, tablets to wireless security cameras, and even your connected refrigerator have a MAC address. So, why does your network devices need two addresses to connect to a network? Isn’t an IP address sufficient? What exactly is that MAC address for?

To put the MAC (Media Access Control) address in layman’s terms, you can think of the MAC address as your unique digital fingerprint, which is one of a kind in the world. A MAC Address is given by the manufacturer and it is embedded in the chip that allows your device to connect to a network. For a network switch, it is likely to have many MAC addresses, since one MAC address is assigned to every interface on the switch.

An Overall View of Mac Address

A MAC address, also known as “hardware address” or “physical address”, is a binary number used to uniquely identify computer network adapters. Packets that are sent on the Ethernet are always coming from a MAC address and sent to a MAC address. If a network adapter is receiving a packet, it is comparing the packet’s destination MAC address to the adapter’s own MAC address. If the addresses match, the packet is processed, otherwise it is discarded. Traditional MAC addresses are 12-digit hexadecimal numbers. The leftmost six hexadecimal digits of the address correspond to a manufacturer's unique identifier, while the rightmost six digits correspond to the serial number of the network interface card (NIC).

MAC addresse numbers

MAC vs IP Address Relationship

Initially it might seem that IP addresses and MAC addresses are redundant because both are unique identifiers of networked devices, but they actually serve different purposes, and are visible in very different ways. MAC operates at Layer 2 of the OSI model while IP operates at Layer 3.

MAC addresses are typically used only to direct packets from one device to the next device as data travels on a network. That means that the MAC address of your computer’s network adapter travels the network only until the next device along the way. If you have a router, then your machine’s MAC address will go no further than that. While when your computer wants to send a packet to some IP address x.x.x.x, then the first check is if the destination address is in the same IP network as the computer itself. If x.x.x.x is in the same network, then the destination IP can be reached directly, otherwise the packet needs to be sent to the configured router. So do you see what’s going on? The MAC address just gets the data packet to the next device but the IP address is responsible for getting it to the ultimate destination.

MAC vs IP Address Relationship

What Do Switches Use Mac Address For?

Switches are unlike hubs or repeaters. A hub simply rebroadcasts every signal on every port to every other port, which (while inefficient and slow) is easy to create. A switch, on the other hand, intelligently directs traffic between systems by routing packets only to their proper destination. To do this, it keeps track of the MAC addresses of the NICs plugged into each port. MAC addresses need to be unique or at least highly unlikely to be repeated for switches to identify different ports and devices, which is why manually setting a MAC address can have unexpected consequences in a switched network. Switches usually have a bunch of MAC addresses reserved in its MAC address table. When forwarding a frame, the switch first looks up the MAC address table by the destination MAC address of the frame for the outgoing port. If the outgoing port is found, the frame is forwarded rather than broadcast, so broadcasts are reduced.

How Do Switches Learn Mac Address?

Since a switch has some intelligence, it can build the MAC address table automatically. The following part will illustrate how a switch learns MAC addresses.

a switch with 3 computers around

There’s a switch in the middle and we have 3 computers around. All computers have a MAC address but they are simplified as AAA, BBB, and CCC. The switch has a MAC address table and it will learn where all the MAC addresses are in the network. Now, assuming Computer A is going to send something to Computer B:

how a switch learns MAC addresses step one

Computer A is going to send some data meant for computer B, thus it will create an Ethernet frame which has a source MAC address (AAA) and a destination MAC address (BBB). The switch has a MAC address table and here’s what will happen:

how a switch learns MAC addresses step two

The switch will build a MAC address table and only learns from source MAC addresses. At this moment it just learned that the MAC address of computer A is on interface 1. It will now add this information in its MAC address table. But the switch currently has no information where computer B is located. There’s only one option left to flood this frame out of all its interfaces except the one where it came from. computer B and computer C will receive this Ethernet frame.

a switch with 3 computers around

Since computer B sees its MAC address as the destination of this Ethernet frame it knows it’s meant for him, computer C will discard it. Computer B is going to respond to computer A, build an Ethernet frame and send it towards the switch. At this moment the switch will learn the MAC address of computer B. That’s the end of our story, the switch now knows both MAC addresses and the next time it can “switch” instead of flooding Ethernet frames. Computer C will never see any frames between Computer A and B except for the first one which was flooded. You can use the show mac address-table dynamic command to see all the MAC addresses that the switch has learned.

One other point worth emphasizing here is that the MAC address table on the switch uses an aging mechanism for dynamic entries. If the MAC address of Computer A and B are not updated within their aging time, they will be deleted to make room for new entries, which means the frames between computer A and B will be flooded to Computer C again if A wants to transfer information to B.

How to Configure Your Switch Mac Address Table?

A MAC address table is maintained for frame forwarding, which can be dynamically learned or manually configured. The former has been introduced in the previous text, and the next part will focus on how to configure the MAC addresses manually to adapt to network changes and enhance network security.

Configuring Static, Dynamic, and Blackhole MAC Address Table Entries

To improve port security, you can manually add MAC address entries to the MAC address table to bind ports with MAC addresses, fending off MAC address spoofing attacks. In addition, you can configure blackhole MAC address entries to filter out packets with certain source or destination MAC addresses.

To add or modify a static, dynamic, or blackhole MAC address table entry:

Step Command Remarks
1. Enter system view. system-view N/A
2. Add or modify a dynamic or static MAC address entry. mac-address { dynamic | static } mac-addressinterface interface-typeinterface-number vlan vlan-id Use either command.
3. Add or modify a blackhole MAC address entry. mac-address blackhole mac-address vlan vlan-id

Configuring a Multi-port Unicast MAC Address Table Entry

You can configure a multi-port unicast MAC address table entry to associate a unicast MAC address with multiple ports, so that packets that match the entry is delivered to multiple destination ports.

To configure a multi-port unicast MAC address table entry:

Step Command Remarks
1. Enter system view. system-view N/A
2. Configure a multi-port unicast MAC address table entry. mac-address multiport mac-address interface interface-list vlan vlan-id No multi-port unicast MAC address table entries exist by default.
Make sure that you have created the VLAN and assign the interfaces to the VLAN.

Configuring the Aging Timer for Dynamic MAC Address Entries

The MAC address table on your switch uses an aging mechanism for dynamic entries, so dynamic MAC address entries that are not updated within their aging time are deleted to make room for new entries, and the MAC address table is promptly updated to accommodate the latest network changes.

To configure the aging timer for dynamic MAC address entries:

Step Command Remarks
1. Enter system view. system-view N/A
2. Configure the aging timer for dynamic MAC address entries. mac-address timer { agingseconds | no-aging } Optional. The value range of the aging timer is 10 to 3600 seconds and the default value is 300 seconds.

Configuring the MAC Learning Limit on Ports

To prevent the MAC address table from getting so large that the forwarding performance of the switch degrades, you can limit the number of MAC addresses that can be learned on a port.

To configure the MAC learning limit on ports:

Step Command Remarks
1. Enter system view. system-view N/A
2.Enter Ethernet interface, port group, or Layer 2 aggregate interface view.

1. Enter Ethernet interface view: interface interface-type interface-number

2. Enter port group view: port-group manual port-group-name

3. Enter Layer 2 aggregate interface view: interface bridge-aggregationinterface-number

Use any command.
Settings in Ethernet interface view or Layer 2 aggregate interface view effect on the current port only. Settings in port group view take effect on all the member ports in the port group.
3.Configure the MAC learning limit on an interface, and configure whether frames with unknown source MAC addresses can be forwarded when the MAC learning limit is reached. mac-address max-mac-count { count | disable-forwarding } By default, the maximum number of MAC addresses that can be learned on an interface is not specified.

Configuring the MAC Learning Limit on a VLAN

You may also limit the number of MAC addresses that can be learned on a per-VLAN basis.

To configure the MAC learning limit on a VLAN:

Step Command Remarks
1. Enter system view. system-view N/A
2. Enter VLAN view. vlan vlan-id N/A
3. Configure the MAC learning limit on a VLAN, and configure whether or not frames with unknown source MAC addresses can be forwarded in the VLAN when the upper limit is reached. mac-address max-mac-count { count| disable-forwarding } By default, the maximum number of MAC addresses that can be learned on a VLAN is not specified.

Displaying and Maintaining the MAC Address Table

Task Command Remarks
1.Display MAC address table information. display mac-address [mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] [ | { begin | exclude | include } regular-expression ] Available in any view
2. Display the multi-port unicast MAC address table entries. display mac-address multiport [ vlan vlan-id ] [ count ] [ | { begin | exclude | include } regular-expression ] Available in any view
3. Display the aging timer for dynamic MAC address entries. display mac-address aging-time [ | { begin | exclude | include } regular-expression ] Available in any view

Summary

Admittedly, when it comes to MAC, men tend to think of the fantastic computer while women think of a thing of beauty. But when we hear the term “MAC Address”, now we know we are talking about an entirely different beast. Since MAC Addresses are unique to the network card and not reused, they are quite useful and important in applications. Network switches store a list of MAC addresses seen at every port and only forward packets to the ports that need to see the packet. Wireless access points often use MAC addresses for access control. They only allow access for known devices. Besides, DHCP (Dynamic host configuration protocol) servers use the MAC address to identify devices and give some devices fixed IP addresses.


You might be interested in

Knowledge
Knowledge
Knowledge
See profile for Sheldon.
Sheldon
Decoding OLT, ONU, ONT, and ODN in PON Network
Mar 14, 2023
431.9k
Knowledge
See profile for Irving.
Irving
What's the Difference? Hub vs Switch vs Router
Dec 17, 2021
381.9k
Knowledge
See profile for Sheldon.
Sheldon
What Is SFP Port of Gigabit Switch?
Jan 6, 2023
371.7k
Knowledge
See profile for Migelle.
Migelle
PoE vs PoE+ vs PoE++ Switch: How to Choose?
May 30, 2024
456.6k
Knowledge
Knowledge
Knowledge
Knowledge
See profile for Moris.
Moris
How Much Do You Know About Power Cord Types?
Sep 29, 2021
329.8k