Lab - View the Switch MAC Address Table

Topology

Addressing Table
Device Interface IP Address Subnet Mask

S1 VLAN 1 192.168.1.11 255.255.255.0

S2 VLAN 1 192.168.1.12 255.255.255.0
PC-A NIC 192.168.1.1 255.255.255.0
PC-B NIC 192.168.1.2 255.255.255.0

Objectives
Part 1: Build and Configure the Network
Part 2: Examine the Switch MAC Address Table

Background / Scenario
The purpose of a Layer 2 LAN switch is to deliver Ethernet frames to host devices on the local network. The
switch records host MAC addresses that are visible on the network, and maps those MAC addresses to its
own Ethernet switch ports. This process is called building the MAC address table. When a switch receives a
frame from a PC, it examines the frame’s source and destination MAC addresses. The source MAC address
is recorded and mapped to the switch port from which it arrived. Then the destination MAC address is looked
up in the MAC address table. If the destination MAC address is a known address, then the frame is forwarded
out of the corresponding switch port associated with that MAC address. If the MAC address is unknown, then
the frame is broadcasted out of all switch ports, except the one from which it came. It is important to observe
and understand the function of a switch and how it delivers data on the network. The way a switch operates
has implications for network administrators whose job it is to ensure secure and consistent network
communication.
Switches are used to interconnect and deliver information to computers on local area networks. Switches
deliver Ethernet frames to host devices identified by network interface card MAC addresses.
In Part 1, you will build a multi-switch topology with a trunk linking the two switches. In Part 2, you will ping
various devices and observe how the two switches build their MAC address tables.

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Note: The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other
switches and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the
commands available and output produced might vary from what is shown in the labs.
Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure
contact your instructor.

Required Resources
 2 Switches (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
 2 PCs (Windows with terminal emulation program, such as Tera Term)
 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet cables as shown in the topology
Note: The Fast Ethernet interfaces on Cisco 2960 switches are autosensing and an Ethernet straight-through
cable may be used between switches S1 and S2. If using another model Cisco switch, it may be necessary to
use an Ethernet crossover cable.

Instructions

Part 1: Build and Configure the Network

Step 1: Cable the network according to the topology.

Step 2: Configure PC hosts.

Step 3: Initialize and reload switches as necessary.

Step 4: Configure basic settings for each switch.

Open configuration window

a. Configure device name as shown in the topology.

b. Configure IP address as listed in Addressing Table.
c. Assign cisco as the console and vty passwords.
d. Assign class as the privileged EXEC password.
Close configuration window

Part 2: Examine the Switch MAC Address Table

A switch learns MAC addresses and builds the MAC address table, as network devices initiate
communication on the network.

Step 1: Record network device MAC addresses.

a. Open a command prompt on PC-A and PC-B and type ipconfig /all.
Open Windows command prompt
Question:

What are the Ethernet adapter physical addresses?

PC-A MAC Address: 00-03-E4-BC-EA-B0
Type your answers here.
PC-B MAC Address: 00-01-63-CA-43-62
Type your answers here.
Close Windows command prompt

b. Console into switch S1 and S2 and type the show interface F0/1 command on each switch.

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Open a configuration window

Questions:

On the second line of command output, what is the hardware addresses (or burned-in address [bia])?
S1 Fast Ethernet 0/1 MAC Address: 00-01-42-2a-a6-01
Type your answers here.
S2 Fast Ethernet 0/1 MAC Address: 00-60-5c-8c-41-01
Type your answers here.
Close a configuration window

Step 2: Display the switch MAC address table.

Console into switch S2 and view the MAC address table, both before and after running network
communication tests with ping.
a. Establish a console connection to S2 and enter privileged EXEC mode.
Open a configuration window

b. In privileged EXEC mode, type the show mac address-table command and press Enter.
S2# show mac address-table
Even though there has been no network communication initiated across the network (i.e., no use of ping),
it is possible that the switch has learned MAC addresses from its connection to the PC and the other
switch.
Questions:

Are there any MAC addresses recorded in the MAC address table?
Yes

What MAC addresses are recorded in the table? To which switch ports are they mapped and to which
devices do they belong? Ignore MAC addresses that are mapped to the CPU.
0001.422a.a601 DYNAMIC Fa0/1

If you had not previously recorded MAC addresses of network devices in Step 1, how could you tell which
devices the MAC addresses belong to, using only the output from the show mac address-table
command? Does it work in all scenarios?
If the port is connected to another switch or a hub, the MAC address listed might belong to a device
connected through that intermediary device. I would need to trace the connection further along the
network path. If there are multiple devices connected through a single port (via a hub or switch), all their
MAC addresses might show up on the same port, making it harder to identify individual devices, while the
show mac address-table command can help identify the interface to which a MAC address is connected,
it is not foolproof in all scenarios. Physical tracing of connections and good network documentation are
essential for accurate device identification.

Step 3: Clear the S2 MAC address table and display the MAC address table again.
a. In privileged EXEC mode, type the clear mac address-table dynamic command and press Enter.
S2# clear mac address-table dynamic
b. Quickly type the show mac address-table command again.
Questions:

Does the MAC address table have any addresses in it for VLAN 1? Are there other MAC addresses
listed?
No. Yes(0001.422a.a601-Fa0/1)

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Type your answers here.

Wait 10 seconds, type the show mac address-table command, and press Enter. Are there new
addresses in the MAC address table?
Yes
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0001.422a.a601 DYNAMIC Fa0/1

Type your answers here.
Close a configuration window

Step 4: From PC-B, ping the devices on the network and observe the switch MAC address table.
a. From PC-B, open a command prompt and type arp -a.
Open a command prompt
Question:

Not including multicast or broadcast addresses, how many device IP-to-MAC address pairs have been
learned by ARP?
No ARP Entries Found
Type your answers here.
b. From the PC-B command prompt, ping PC-A, S1, and S2.
Question:

Did all devices have successful replies? If not, check your cabling and IP configurations.
C:\>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=5ms TTL=128

Reply from 192.168.1.1: bytes=32 time<1ms TTL=128
Reply from 192.168.1.1: bytes=32 time<1ms TTL=128
Reply from 192.168.1.1: bytes=32 time=10ms TTL=128

Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 10ms, Average = 3ms

C:\>ping 192.168.1.11

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Pinging 192.168.1.11 with 32 bytes of data:

Request timed out.

Reply from 192.168.1.11: bytes=32 time<1ms TTL=255
Reply from 192.168.1.11: bytes=32 time<1ms TTL=255
Reply from 192.168.1.11: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.11:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping 192.168.1.11

Pinging 192.168.1.11 with 32 bytes of data:

Reply from 192.168.1.11: bytes=32 time<1ms TTL=255

Reply from 192.168.1.11: bytes=32 time<1ms TTL=255
Reply from 192.168.1.11: bytes=32 time<1ms TTL=255
Reply from 192.168.1.11: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping 192.168.1.12

Pinging 192.168.1.12 with 32 bytes of data:

Request timed out.

Reply from 192.168.1.12: bytes=32 time<1ms TTL=255
Reply from 192.168.1.12: bytes=32 time<1ms TTL=255
Reply from 192.168.1.12: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.12:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping 192.168.1.12

Pinging 192.168.1.12 with 32 bytes of data:

Reply from 192.168.1.12: bytes=32 time<1ms TTL=255

Reply from 192.168.1.12: bytes=32 time<1ms TTL=255
Reply from 192.168.1.12: bytes=32 time<1ms TTL=255
Reply from 192.168.1.12: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Type your answers here.
Close a command prompt

c. From a console connection to S2, enter the show mac address-table command.
Open a configuration window
Question:

Has the switch added additional MAC addresses to the MAC address table? If so, which addresses and
devices?
Vlan Mac Address Type Ports
---- ----------- -------- -----

1 0060.5c8c.4101 DYNAMIC Fa0/1

Type your answers here.
Close a configuration window
Open a command prompt

From PC-B, open a command prompt and retype arp -a.

Question:

Does the PC-B ARP cache have additional entries for all network devices that were sent pings?
Yes
C:\>arp -a
Internet Address Physical Address Type
192.168.1.1 0003.e4bc.eab0 dynamic
192.168.1.11 00d0.9748.65dc dynamic
192.168.1.12 00e0.8fe0.7bc6 dynamic
Type your answers here.
Close a command prompt

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Reflection Question
On Ethernet networks, data is delivered to devices by their MAC addresses. For this to happen, switches and
PCs dynamically build ARP caches and MAC address tables. With only a few computers on the network this
process seems fairly easy. What might be some of the challenges on larger networks?
1. Scalability Issues
ARP Cache Size: As the number of devices increases, each device must maintain a larger ARP cache. This
can lead to memory and processing limitations on the devices.
MAC Address Table Size: Switches maintain MAC address tables to map MAC addresses to switch ports. In
larger networks, the number of devices can exceed the switch's table capacity, causing table overflow. When
this happens, switches may flood traffic to all ports, reducing efficiency and potentially causing network
congestion.
2. Increased Broadcast Traffic
ARP Requests: ARP operates via broadcast messages to resolve IP addresses to MAC addresses. In large
networks, frequent ARP requests can generate excessive broadcast traffic, consuming bandwidth and
processing resources on all devices within the broadcast domain.
Broadcast Storms: Excessive broadcasting can lead to broadcast storms, where the network becomes
saturated with broadcast traffic, severely impacting performance and possibly causing network outages.
3. Security Risks
ARP Spoofing: Larger networks are more vulnerable to ARP spoofing attacks, where an attacker sends
falsified ARP messages to associate their MAC address with the IP address of another device. This can lead
to man-in-the-middle attacks, data interception, and session hijacking.
MAC Flooding: Attackers can send numerous packets with different source MAC addresses to overflow the
switch's MAC address table, causing the switch to broadcast all incoming traffic to all ports (fail-open mode).
This allows attackers to capture data from other devices on the network.
4. Management Complexity
Network Topology Changes: Frequent changes in network topology, such as devices moving or new devices
being added, require continuous updates to ARP caches and MAC address tables. Managing these changes
in large networks can be challenging.
Administrative Overhead: Monitoring and managing a large number of devices and their associated ARP and
MAC table entries can be cumbersome, requiring advanced network management tools and increased
administrative effort.
5. Convergence Time
ARP Convergence: When devices join the network or change their IP or MAC addresses, the ARP cache
needs to be updated. In larger networks, it takes longer for these updates to propagate, potentially leading to
temporary communication issues.
MAC Address Table Updates: Similarly, switches need to update their MAC address tables when devices
move or new devices are added. The larger the network, the longer it takes for these updates to converge,
which can affect network performance and stability.
6. Resource Utilization
CPU and Memory Load: Maintaining extensive ARP caches and MAC address tables requires significant
CPU and memory resources on network devices. This can affect the overall performance and responsiveness
of both end devices and network infrastructure.
Mitigation Strategies
To address these challenges, larger networks often employ various strategies, such as:

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 8 www.netacad.com
Lab - View the Switch MAC Address Table

Network Segmentation: Dividing the network into smaller subnets or VLANs to reduce the size of broadcast
domains and improve manageability.
Layer 3 Switching: Using Layer 3 switches to route traffic based on IP addresses, reducing the reliance on
ARP and MAC address tables.
Security Enhancements: Implementing security features like Dynamic ARP Inspection (DAI) and MAC
address filtering to prevent spoofing and flooding attacks.
Optimized Protocols: Utilizing advanced protocols and technologies designed for larger networks, such as
Proxy ARP, ARP reduction techniques, and ARP suppression mechanisms.
Network Management Tools: Deploying comprehensive network management and monitoring tools to
efficiently handle the complexity of large networks and ensure optimal performance and security.

Type your answers here.

End of Document

 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 8 www.netacad.com