First things first, what is a MAC address?
A MAC address is a unique physical address assigned to a device that is 6 bytes in length. It is easily discernible by its hexadecimal format and an example of one is 2FF8.0A22.3B0E. As stated above, MAC addresses are completely unique and no two devices should have the same MAC, much like no two houses on the same street should have the same address, but a MAC can be spoofed or faked to impersonate a network device.
If your curious to see your MAC address and your on a Windows machine, press the Windows Key + R, type CMD, and then type ipconfig /all and look for your physical address.
What is the MAC Address Table?
In every switch there is a piece of memory called the MAC address-table. This table is responsible for holding all of the known and active MAC addresses that the switch has learned. The switch then uses this information to efficiently switch packets from its source to its destination.
Here is an example of what a MAC address-table looks like.
Source: Cisco question regarding static MAC addresses on switch – Network Engineering Stack Exchange
Using the show mac address-table (Cisco, Aruba devices) or show etherchannel-switching table (Juniper) command and moving across the headers left to right in the image above, we have,
– The VLAN associated with that MAC,
– The MAC Address itself,
– The type, meaning if it was dynamically or statically learned which I will touch on.
– The ports this MAC address is known on.
These MACs are what the switch will use to determine where to send a packet.
How does a switch learn about these MAC addresses?
Let’s assume we have a switch established on the network and we connect a brand new PC to it. It’s evitable that the PC will send a packet out of its NIC towards the switch. Once the switch receives the packet it will look at the destination MAC address to see where it’s going and the source MAC address to see who and where it’s coming from.
The switch will then compare the source MAC with it’s MAC address table to see if it knows about it, if it does it won’t take further action concerning the source MAC address, if it doesn’t it will add that MAC to the address table, along with the VLAN, how it was learned (dynamically or statically talked about later), and which interface it came out of.
How long does a switch keep a MAC in the MAC address table?
By default, switches (Cisco, Aruba, and Juniper to my knowledge) will keep a MAC for 300 seconds/five minutes. This of course can be changed, but it’s not recommended due to decreased network stability, compatibility issues with other network devices and protocols, and added difficulty in troubleshooting if something goes wrong.
What are the differences between dynamic and static MAC addresses?
Dynamic MAC Addresses
A dynamic MAC address is simply one that is learned by the switch as part of the process mentioned above when a switch receives a source MAC address it doesn’t know. When you look at the show mac address-table command it will display Dynamic.
Static MAC Addresses
These are MAC addresses set by the administrator. Maybe they want a specific MAC address to stay in the switch instead of dropping off after 300 seconds.
What happens if there are duplicate entries in the MAC address-table?
Duplicate MAC addresses occur when a MAC is configured statically and a switch learns the same MAC dynamically.
What happens? The static MAC address will be the chosen path on the switch! Almost any statically set configuration will near always be selected as the preferred option if there is a choice between that and a dynamically learned option. I say almost because, there has to be one catch out there I haven’t encountered yet 🙂
And that’s a high level overview of MACs and the switches MAC address-table. Please ask any questions or if there is a discrepancy in what I’ve written let me know! I can learn and correct it.