Switch Mac Address: What’s It and How Does it Work?
Jul 12, 20221 min read
You may notice that every piece of hardware on your local network has both an IP address and a MAC address. All internet-connected devices—including desktops, laptops, smartphones, tablets, security cameras, and even smart appliances—possess this unique identifier. Network switches are the exception, typically having multiple MAC addresses (one per interface). So why do network devices need two addresses? Isn't an IP address sufficient? What exactly is a switch MAC address for? How does switch learn mac address?
Simply put, a MAC (Media Access Control) address is a device's unique physical address, assigned by the manufacturer and embedded in its network interface hardware. Think of it as a permanent identifier for the device itself on the network.
Mac Address Explained
A MAC address, also known as a "hardware address" or "physical address," is a unique identifier assigned to network interfaces. Ethernet packets always carry both a source and destination MAC address. Upon receiving a packet, a network adapter compares the destination MAC address to its own. Matching addresses trigger packet processing; otherwise, the packet is discarded. Standard MAC addresses are 12-digit hexadecimal numbers. The first six digits (leftmost) represent the manufacturer's identifier, while the last six digits correspond to the network interface card's (NIC) serial number.
Types of MAC Addresses | Features |
Unicast MAC Address | A Unicast MAC address uniquely identifies a single network interface, allowing direct communication between two specific devices on a network. |
Multicast MAC Address | A Multicast MAC address enables efficient data delivery to multiple devices that are part of a multicast group, facilitating group communication on a network. |
Broadcast MAC Address | A Broadcast MAC address sends data to all devices within a local network segment, ensuring every device on the network receives the same information simultaneously. |
Differences Between MAC and IP Address
While IP and MAC addresses both uniquely identify network devices, they serve distinct purposes and operate at different OSI layers: MAC at Layer 2, IP at Layer 3.
MAC addresses direct packets only to the next device along a network path. For example, your computer’s MAC address travels no further than your local router. Conversely, IP addresses handle end-to-end delivery. When sending a packet, a device first checks if the destination IP is within its local network. If so, it communicates directly; otherwise, it forwards the packet to its default gateway (router). Thus, while MAC addresses move data to the next hop, IP addresses ensure it reaches the final destination.
What Do Network Switches Use Mac Address For?
Network switches are unlike hubs or repeaters. A hub simply rebroadcasts every signal on every port to every other port, which (while inefficient and slow) is easy to create. A switch, on the other hand, intelligently directs traffic between systems by routing packets only to their proper destination. To do this, it keeps track of the MAC addresses of the NICs plugged into each port.
Switch MAC addresses need to be unique or at least highly unlikely to be repeated for switches to identify different ports and devices, which is why manually setting a MAC address can have unexpected consequences in a switched network. Network switches usually have a bunch of MAC addresses reserved in its MAC address table. When forwarding a frame, the switch first looks up the MAC address table by the destination MAC address of the frame for the outgoing port. If the outgoing port is found, the frame is forwarded rather than broadcast, so broadcasts are reduced.
Network Switch Mac Address Learning Process
Since a switch has some intelligence, it can build the MAC address table automatically. The following part will illustrate how a switch learns MAC addresses.
There’s a switch in the middle and we have 3 computers around. All computers have a MAC address but they are simplified as AAA, BBB, and CCC. The switch has a MAC address table and it will learn where all the MAC addresses are in the network. Now, assuming Computer A is going to send something to Computer B:
Computer A is going to send some data meant for computer B, thus it will create an Ethernet frame which has a source MAC address (AAA) and a destination MAC address (BBB). The switch has a MAC address table and here’s what will happen:
The switch will build a MAC address table and only learns from source MAC addresses. At this moment it just learned that the MAC address of computer A is on interface 1. It will now add this information in its MAC address table. But the switch currently has no information where computer B is located. There’s only one option left to flood this frame out of all its interfaces except the one where it came from. computer B and computer C will receive this Ethernet frame.
Since computer B sees its MAC address as the destination of this Ethernet frame it knows it’s meant for him, computer C will discard it. Computer B is going to respond to computer A, build an Ethernet frame and send it towards the switch. At this moment the switch will learn the MAC address of computer B. That’s the end of our story, the switch now knows both MAC addresses and the next time it can “switch” instead of flooding Ethernet frames. Computer C will never see any frames between Computer A and B except for the first one which was flooded. You can use the show mac address-table dynamic command to see all the MAC addresses that the switch has learned.
One other point worth emphasizing here is that the switch MAC address table uses an aging mechanism for dynamic entries. If the MAC address of Computer A and B are not updated within their aging time, they will be deleted to make room for new entries, which means the frames between computer A and B will be flooded to Computer C again if A wants to transfer information to B.
How to Configure Your Switch Mac Address Table?
A switch MAC address table is maintained for frame forwarding, which can be dynamically learned or manually configured. The former has been introduced in the previous text, and the next part will focus on how to configure the MAC addresses manually to adapt to network changes and enhance network security.
Configuring Static, Dynamic, and Blackhole MAC Address Table Entries
To improve port security, you can manually add MAC address entries to the MAC address table to bind ports with MAC addresses, fending off MAC address spoofing attacks. In addition, you can configure blackhole MAC address entries to filter out packets with certain source or destination MAC addresses.
To add or modify a static, dynamic, or blackhole MAC address table entry:
Step | Command | Remarks |
1. Enter system view. | system-view | N/A |
2. Add or modify a dynamic or static MAC address entry. | mac-address { dynamic | static } mac-addressinterface interface-typeinterface-number vlan vlan-id | Use either command. |
3. Add or modify a blackhole MAC address entry. | mac-address blackhole mac-address vlan vlan-id |
Configuring a Multi-port Unicast MAC Address Table Entry
You can configure a multi-port unicast MAC address table entry to associate a unicast MAC address with multiple ports, so that packets that match the entry are delivered to multiple destination ports.
To configure a multi-port unicast MAC address table entry:
Step | Command | Remarks |
1. Enter system view. | system-view | N/A |
2. Configure a multi-port unicast MAC address table entry. | mac-address multiport mac-address interface interface-list vlan vlan-id | No multi-port unicast MAC address table entries exist by default.
Make sure that you have created the VLAN and assign the interfaces to the VLAN. |
Configuring the Aging Timer for Dynamic MAC Address Entries
The switch MAC address table uses an aging mechanism for dynamic entries, so dynamic MAC address entries that are not updated within their aging time are deleted to make room for new entries, and the MAC address table is promptly updated to accommodate the latest network changes.
To configure the aging timer for dynamic MAC address entries:
Step | Command | Remarks |
1. Enter system view. | system-view | N/A |
2. Configure the aging timer for dynamic MAC address entries. | mac-address timer { agingseconds | no-aging } | Optional. The value range of the aging timer is 10 to 3600 seconds and the default value is 300 seconds. |
Configuring the MAC Learning Limit on Ports
To prevent the MAC address table from getting so large that the forwarding performance of the switch degrades, you can limit the number of MAC addresses that can be learned on a port.
To configure the MAC learning limit on ports:
Step | Command | Remarks |
1. Enter system view. | system-view | N/A |
2.Enter Ethernet interface, port group, or Layer 2 aggregate interface view. | 1. Enter Ethernet interface view: interface interface-type interface-number 2. Enter port group view: port-group manual port-group-name 3. Enter Layer 2 aggregate interface view: interface bridge-aggregationinterface-number | Use any command.
Settings in Ethernet interface view or Layer 2 aggregate interface view effect on the current port only. Settings in port group view take effect on all the member ports in the port group. |
3.Configure the MAC learning limit on an interface, and configure whether frames with unknown source MAC addresses can be forwarded when the MAC learning limit is reached. | mac-address max-mac-count { count | disable-forwarding } | By default, the maximum number of MAC addresses that can be learned on an interface is not specified. |
Configuring the MAC Learning Limit on a VLAN
You may also limit the number of MAC addresses that can be learned on a per-VLAN basis.
To configure the MAC learning limit on a VLAN:
Step | Command | Remarks |
1. Enter system view. | system-view | N/A |
2. Enter VLAN view. | vlan vlan-id | N/A |
3. Configure the MAC learning limit on a VLAN, and configure whether or not frames with unknown source MAC addresses can be forwarded in the VLAN when the upper limit is reached. | mac-address max-mac-count { count| disable-forwarding } | By default, the maximum number of MAC addresses that can be learned on a VLAN is not specified. |
Displaying and Maintaining the MAC Address Table
Task | Command | Remarks |
1.Display MAC address table information. | display mac-address [mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] [ | { begin | exclude | include } regular-expression ] | Available in any view |
2. Display the multi-port unicast MAC address table entries. | display mac-address multiport [ vlan vlan-id ] [ count ] [ | { begin | exclude | include } regular-expression ] | Available in any view |
3. Display the aging timer for dynamic MAC address entries. | display mac-address aging-time [ | { begin | exclude | include } regular-expression ] | Available in any view |
Summary
The core function of a network switch relies on MAC addresses. Unlike simple hubs that broadcast data to all devices, a switch intelligently forwards data frames only to the specific port where the intended destination device is connected. It achieves this by examining the destination MAC address within each incoming Ethernet frame and using its internal MAC address table to determine the correct outgoing port.
To maximize MAC address management and enhance your network capabilities, FS PicOS® switches are recommended. These high-performance, enterprise-grade switches provide stable and reliable network transmission. They also feature the robust PicOS® operating system, supporting a variety of protocols to continuously meet your needs.
Hot-selling PicOS® Gigabit switches:
S5810-48TS: 48 x 1G RJ45, 4 x 10Gb SFP+ Uplinks, Broadcom Chip
S5810-28TS: 24 x 1G RJ45, 4 x RJ45/SFP Combo, Broadcom Chip
S5870-48T6BC: 48 x 1G RJ45, 4 x 25G SFP28 & 2 x 100Gb QSFP28 Uplinks
- Categories:
- Enterprise Network