Layer 2 switching

Layer 2 switching (or Data Link layer switching) is the process of using devices’ MAC addresses on a LAN to segment a network. Switches and bridges are used for Layer 2 switching. They break up one large collision domain into multiple smaller ones.

In a typical LAN, all hosts are connected to one central device. In the past, the device was usually a hub. But hubs had many disadvantages, such as not being aware of traffic that passes through them, creating one large collision domain, etc. To overcome some of the problems with hubs, the bridges were created. They were better than hubs because they created multiple collision domains, but they had limited number of ports. Finally, switches were created and are still widely used today. Switches have more ports than bridges, can inspect incoming traffic and make forwarding decisions accordingly. Each port on a switch is a separate collision domain.

Here is an example of the typical LAN network used today – the switch serves as a central device that connects all devices together:

typical switch network

Differences between hubs and switches

To better understand the concept of packet switching based on the hardware address of a device, you need to understand how switches differ from hubs.

First, consider the example of a LAN, with all hosts connecting to a hub:

hub network

As mentioned previously, hubs create only one collision domain, so the chance for a collision to occur is high. The hub depicted above simply repeats the signal it receives out all ports, except the one from which the signal was received, so no packet filtering takes place. Imagine if you had 20 hosts connected to a hub, a packet would be sent to 19 hosts, instead of just one! This can also cause security problems, because an attacker can capture all traffic on the network.

how hubs work

Now consider the way the switches work. We have the same topology as above, only this we are using a switch instead of a hub.

how switches work

Switches increase the number of collision domains. Each port is one collision domain, which means that the chances for collisions to occur are minimal. A switch learns which device is connected to which port and forwards a frame based on the destination MAC address included in the frame. This reduces traffic on the LAN and enhances security.

How switches work

Each network card has a unique identifier called a Media Access Control (MAC) address. This address is used in LANs for communication between devices on the same network segment. Devices that want to communicate need to know each other MAC address before sending out packets. They use a process called ARP (Address Resolution Protocol) to find out the MAC address of another device. When the hardware address of the destination host is known, the sending host has all the required information to communicate with the remote host.

To better understand the concept of ARP, let’s take a look at the following example:

arp process
Let’s say that host A wants to communicate with host B for the first time. Host A knows the IP address of host B, but since this is the first time the two hosts communicate, the hardware (MAC) addresses are not known. Host A uses the ARP process to find out the MAC address of host B. The switch forwards the ARP request out all ports except the port the host A is connected to. Host B receives the ARP request and responds with its MAC address. Host B also learns the MAC address of host A (because host A sent its MAC address in the ARP request). The switch learns which MAC addresses are associated with which port. For example, because host B responded with the ARP reply that included its MAC address, the switch knows the MAC address of host B and stores that address in its MAC address table. The same is with host A, the switch knows the MAC address of the host A because of the ARP request.

Now, when host A sends a packet to host B, the switch looks up in its MAC address table and forwards the frame only out Fa0/1 port, the port on which host B is connected. Other hosts on the network will not be involved in the communication:

How switches work

You can display the MAC address table of the switch by using the show mac-address-table command:

show mac address table