Frame Forwarding β Complete Guide
1. What is Frame Forwarding?
Frame forwarding is the method by which a Layer 2 switch decides where to send an incoming Ethernet frame. Itβs a core switch function that enables devices on a network to communicate efficiently.
Proper frame forwarding maximizes bandwidth, minimizes unnecessary traffic, and is essential for reliable and secure connectivity.
2. Difference Between Forwarding and Flooding
- Forwarding: The switch delivers the frame only to the port mapped to the destination MAC address (unicast).
- Flooding: The switch sends the frame to all ports except the incoming port. Used for:
- Broadcast frames
- Unknown unicast frames (destination MAC not in the table)
- Multicast frames (unless IGMP snooping is active)
3. Layer 2 Frame Structure Review
| Field | Description |
|---|---|
| Destination MAC | 6 bytes |
| Source MAC | 6 bytes |
| EtherType/Length | 2 bytes |
| Payload | 46β1500 bytes |
| FCS (CRC) | 4 bytes (error checking) |
Example: A frame from 00:11:22:33:44:55 (source) to AA:BB:CC:DD:EE:FF (destination).
4. Switching Methods
| Method | How It Works | Use Case |
|---|---|---|
| Store-and-Forward | Receives full frame, checks for errors, then forwards | Most modern switches (default) |
| Cut-Through | Starts forwarding as soon as destination MAC is read | Low-latency, but may forward errored frames |
| Fragment-Free | Waits for first 64 bytes before forwarding | Prevents collision fragments; compromise between speed and error checking |
5. MAC Address Table Lookup
When a switch receives a frame, it checks the destination MAC address against its MAC address table.
If found: Frame is forwarded to the correct port.
If not found: Frame is flooded to all ports in the VLAN except the source port.
6. Unicast Frame Forwarding
Unicast: Frame destined for a single device.
Example: Host A (port 1) sends to Host B (port 4):
Switch MAC table: MAC_B is on port 4.
Frame is forwarded only to port 4.
7. Broadcast and Multicast Frame Handling
- Broadcast: Destination MAC = FF:FF:FF:FF:FF:FF. Frame is flooded to all ports in the VLAN except source.
- Multicast: Address range
01:00:5E:xx:xx:xx. Usually flooded unless IGMP snooping is used for selective forwarding.
8. Unknown Unicast Handling
If destination MAC is not in the table, the switch floods the frame to all ports in the VLAN (except source).
Once the destination replies, its MAC is learned and mapped to the correct port.
9. Forwarding and VLANs
- VLAN Tagging (802.1Q): Each frame carries a VLAN tag; switches maintain a separate MAC table per VLAN.
- Inter-VLAN Forwarding: Requires a Layer 3 device (router or L3 switch). Switches only forward frames within the same VLAN.
- Example: Host A (VLAN 10) and Host B (VLAN 20) communicate via router-on-a-stick.
10. Forwarding and Spanning Tree Protocol (STP)
STP blocks ports as needed to prevent Layer 2 loops. Switches do not forward frames on STP-blocked ports, preventing broadcast storms and network loops.
11. Switch Forwarding vs. Router Forwarding
| Feature | Switch (Layer 2) | Router (Layer 3) |
|---|---|---|
| Forwards | Frames (MAC address) | Packets (IP address) |
| Address Table | MAC address table | Routing table |
| Speed | Hardware-accelerated (ASIC) | Software/hardware (may be slower) |
12. Hardware and Software Forwarding
- ASIC-based Forwarding: Switches use hardware chips for fast frame forwarding (modern switches).
- CPU-based Forwarding: Only used for special control-plane traffic or management packets.
13. Forwarding Table Updates
- Switch learns source MAC addresses dynamically from incoming frames.
- Updates the MAC table with MAC-to-port/VLAN mapping.
- Entries "age out" (are removed) if inactive for a set period (e.g., 300s).
14. Security Considerations in Forwarding
- Port Security: Limit the number of allowed MACs per port to defend against MAC flooding attacks.
- VLAN ACLs (VACLs): Apply security filtering to traffic within or between VLANs.
15. Troubleshooting Frame Forwarding Issues
| Symptom | Possible Cause | Troubleshooting Steps |
|---|---|---|
| Frames flooded unnecessarily | MAC table overflow, MAC flapping | Check for MAC flooding attacks; use show mac address-table |
| One-way communication | VLAN misconfig, STP issues | Check VLANs, trunk config, STP port state |
| Broadcast storms | STP failure, Layer 2 loop | Check STP status, redundant links |
| Delayed forwarding | Store-and-forward mode | Review switch mode, check for errors |
Useful Commands:
show mac address-table show interfaces status show vlan brief show spanning-tree
π Example Scenario
Host A (00:11:22:33:44:55, VLAN 10, Port 1) sends to Host B (66:77:88:99:AA:BB, VLAN 10, Port 5):
The switch checks if 66:77:88:99:AA:BB is in its MAC table for VLAN 10.
If found: frame sent only to Port 5.
If not: frame is flooded to all ports in VLAN 10 except Port 1.
When Host B replies, switch learns 66:77:88:99:AA:BB is on Port 5βnext unicast is directly forwarded.
π Summary Table
| Aspect | Switch Frame Forwarding Behavior |
|---|---|
| Forwarding Decision | MAC address table lookup |
| Flooding | Unknown MACs, broadcast, multicast (by default) |
| VLAN Impact | MAC table is per VLAN; forwarding limited within VLAN |
| STP Influence | No forwarding on STP-blocked ports |
| Security Controls | Port security, VACLs, MAC limits |