Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.13. Switching Concepts

💡 First Principle: A switch's job is to forward frames only where they need to go, unlike a hub that sends everywhere. It does this by learning which MAC addresses are reachable through which ports and building a MAC address table. Understanding this learning process explains switch behavior, including flooding when the destination is unknown.

Building on Phase 1's forwarding concepts, this section details how switches populate their MAC tables and make forwarding decisions. This is fundamental—every troubleshooting session eventually comes back to "what does the switch think, and why?"

The switch learning process in plain English: When a frame arrives, the switch looks at the source MAC and thinks "Ah, so that's where device X lives." It records this in the MAC address table. When it needs to forward a frame TO that device later, it already knows which port to use. Simple, automatic, no configuration needed.

What happens when the switch doesn't know? If a frame arrives with a destination MAC not in the table, the switch floods it—sends it out every port except the one it came in on. This ensures delivery but creates extra traffic. That's why MAC flooding attacks work: fill the table, and the switch becomes a hub.

Why this matters for troubleshooting:
  • If devices can't communicate, check if their MACs are in the table
  • If you see excessive flooding, the table might be full or entries are aging too fast
  • If a MAC appears on the wrong port, you might have a loop or a device moved