π Switching Fundamentals
MAC address tables, MAC filtering, and VLANs explain how switches think, learn, secure, and segment networks. These are core CCST concepts and are heavily used in Cisco Packet Tracer labs and real networks built using Cisco Systems devices.
π§ PART 1: MAC Address Tables
π What Is a MAC Address Table?
A MAC address table (also called a CAM table) is a memory table inside a switch that maps:
MAC Address β Switch Port
Purpose: Helps the switch forward frames only to the correct port.
π How a Switch Learns MAC Addresses
π§ͺ Example Network
PC1 ββ(Fa0/1) Switch (Fa0/2)ββ PC2
- PC1 sends a frame
- Switch reads the source MAC
- Stores it in MAC table
- If destination MAC is known β forward
- If unknown β flood to all ports (except incoming)
π Sample MAC Address Table
| MAC Address | Port |
|---|---|
| AA:BB:CC:11 | Fa0/1 |
| DD:EE:FF:22 | Fa0/2 |
Switches learn source MAC, not destination MAC.
β What If MAC Table Is Empty?
- First frame is flooded
- Reply populates MAC table
- Network becomes efficient
π§ Real-World Benefits
- Faster communication
- Less network traffic
- Improved security
π PART 2: MAC Filtering (MAC-Based Security)
π What Is MAC Filtering?
MAC filtering allows or blocks devices based on their MAC address.
βOnly approved devices are allowed on the network.β
π§ How MAC Filtering Works
- Admin defines allowed MAC addresses
- Switch checks device MAC
- Allows or blocks access
π§ͺ Example (Office Security)
Allowed:
AA:BB:CC:11 (PC)
DD:EE:FF:22 (Printer)
Unknown laptop β Blocked
β Advantages
- Prevents unauthorized access
- Easy to configure
β Limitations (Exam Important)
- MAC spoofing possible
- Not scalable for large networks
MAC filtering = Basic security, not foolproof
π§ Where MAC Filtering Is Used
- Switch port security
- Home Wi-Fi routers
- Small office networks
𧩠PART 3: VLAN Concepts
π What Is a VLAN?
A VLAN (Virtual LAN) is a logical network created inside a switch.
Devices can be separated even if they are on the same physical switch.
π§ Why VLANs Are Needed
| Without VLAN | With VLAN |
|---|---|
| One big broadcast domain | Separate networks |
| More traffic | Less broadcast traffic |
| Low security | Better security |
π§ͺ Example (Same Switch, Different VLANs)
Switch
βββ VLAN 10 β HR PCs
βββ VLAN 20 β IT PCs
- HR and IT are isolated
- No direct communication
VLAN = Separate broadcast domains
π§ Key Rule
VLANs cannot communicate without a Layer 3 device.
π Inter-VLAN Communication
- Router-on-a-stick
- Layer 3 switch
π VLAN Benefits (Exam-Ready)
| Benefit | Explanation |
|---|---|
| Security | Departments isolated |
| Performance | Reduced broadcast traffic |
| Flexibility | Logical grouping |
| Scalability | Easy expansion |
π§ VLAN IDs (Quick Facts)
- VLAN 1 = Default VLAN
- VLAN range: 1β4094
- Each VLAN = separate broadcast domain
π MAC Table + VLAN (IMPORTANT)
Switch maintains separate MAC tables per VLAN.
VLAN 10: MAC A β Fa0/1
VLAN 20: MAC A β Fa0/3
Same MAC address in different VLANs is allowed.
π Switching Fundamentals β Combined Summary
| Concept | Purpose |
|---|---|
| MAC Address Table | Efficient forwarding |
| MAC Filtering | Device-level security |
| VLAN | Network segmentation |