om

CCENT L A B GUIDE 1-2

l.c
Interconnecting Cisco Network Devices
ba

version 3.0
m
bo
d
vi
da

DAVID
DAVID
BOMBAL
BOMBAL
David Bombal CCNA Lab Lab 1.2

Lab 1-2: Observing how a switch populates the

CAM (MAC Address) Table

Task 1: Initial Lab Setup

Task 2. Observe How a Switch Learns MAC addresses

Visual Objective: Observe how a switch populates the CAM (MAC Address) Table

om
l.c
ba
m
d bo
vi
da

Rev 1.0.1 L1.2-1

David Bombal CCNA Lab Lab 1.2

NOTE: The following table of commands is reference only. Do not try to type them all
in your lab now. Follow the steps after the table.

Command List Useful Shortcut Description

Command

>enable >en Activates privilege exec

#show interface #sh int Displays the current interface

statistics

#show mac address- Displays the current MAC

table <options> addresses on SW1

#clear mac Displays the current MAC

address-table addresses on SW1
dynamic

om
#show mac-address-
table <options> l.c Displays the current MAC
addresses on SW2
ba
m

#clear mac- Displays the current MAC

address-table addresses on SW2
bo

dynamic
d
vi

#ping ‘ip-address’ Uses icmp echo-request and

echo-replies to determine
da

connectivity exists
#? Help may be requested at
any point in a command by
entering a question mark '?'.
If nothing matches, the help
list will be empty and you
must backup until entering a
'?' shows the available
options.

Rev 1.0.1 L1.2-2

David Bombal CCNA Lab Lab 1.2

Task 1: Initial Lab setup

Step 1: Open the Packet Tracer file ‘CCENT Lab 1-2 Observing How a Switch
Learns a CAM Table.pkt’

Step 2: Access the Branch Router and verify the interface settings for the LAN are
already correctly set. You will configure the routers in later labs.

Press the RETURN key.

Branch>

om
Note:
l.c
Notice that the Branch router already has a hostname. There is an initial
configuration applied to the router at the beginning of this lab.
ba
Step 3: On the Branch Router, verify that the device has the correct IP address of
m

10.1.1.1 as per the visual objectives on page L1.2-1.

d bo
vi
da

Note:
Note the use of the 'filter' in the output. IOS can apply a filter to your
output so you only see the relevant information. The 'pipe' key can be
used to apply the filter. (You access the 'pipe' key by pressing the 'Shift
+ \' on the keyboard) It can be very useful to limit the output of your
show commands as some output can be quite extensive at times and
will take longer to decipher. You will use many filters during these labs
although not all possibilities will be available within Packet Tracer.
Try repeating the command without the filter applied and observe the
difference in the output.

Rev 1.0.1 L1.2-3

David Bombal CCNA Lab Lab 1.2

The Branch router should have an IP Address of 10.1.1.1 and the Status and
Protocol columns should both read as UP.

Step 4: Verifying the IP Address on the PC

You have already configured PC1 and PC2 with their IP Addresses in Lab 1-1.

Check that the addresses are correct per the Visual Objective using a different

om
method. Firstly, on PC1, click the device to open the Packet Tracer PC utility and
choose the Desktop tab.

l.c
ba
m
d bo
vi
da

Click on the Command Prompt and type ‘ipconfig’ to use the Windows command
to verify the settings made in Lab 1-1

Rev 1.0.1 L1.2-4

David Bombal CCNA Lab Lab 1.2

The settings should be as shown in the above output. Leave the Packet tracer
window open for the next tasks.

om
Next, on PC2, click the device to open the Packet Tracer PC utility, choose the
Desktop tab once again, and repeat the task to verify PC2 is set correctly.

l.c
ba
m
d bo
vi
da

Click on the Command Prompt and type ‘ipconfig’ to use the Windows command to
verify the settings made in Lab 1-1

Rev 1.0.1 L1.2-5

David Bombal CCNA Lab Lab 1.2

Activity Verification

1. You verified the configuration of the Branch Router.

2. You verified the configuration of both PC devices

om
l.c
ba
m
d bo
vi
da

Rev 1.0.1 L1.2-6

David Bombal CCNA Lab Lab 1.2

Task 2: Observe How Switches Build a CAM Table.

Step 1: First, determine the MAC addresses of the Ethernet interface on PC1
returning toPC1’sCommand Prompt.

In the command prompt window type the command ipconfig/all and wite down
the MAC address associated with theFastEthernet 0 interface:

om
l.c
ba
m
d bo
vi
da

MAC Address of PC1 in this screenshot: 00E0.F984.D68C (the MAC may be

different in your lab).

Note:
On an actual Windows PC the display would be in a slightly different
format than shown here, (which is a Cisco format for MAC addressing).
Windows would display addressing as 00-E0-F9-84-D6-8C

Rev 1.0.1 L1.2-7

David Bombal CCNA Lab Lab 1.2

Step 2: Repeat the same steps on PC2 and write down the MAC address associated
with the FastEthernet 0interface:

om
l.c
ba
m
d bo
vi

MAC Address of PC2: 000C.CF4D.8730 (the MAC may be different in your lab).
da

Once again, Windows would display addressing as 00-0C-CF-4D-87-30

Step 3: Now access the Branch router session once again and use the show
interface command to display the MAC address of theG0/0 interface along with
other information. To reduce the amount of output shown in the real world, allowing
you to focus on the line that contains the MAC address, you could‘pipe’ the show
interface output to include a filter as shown.

Rev 1.0.1 L1.2-8

David Bombal CCNA Lab Lab 1.2

Full output command with no filter:

Branch# show interface g0/0

GigabitEthernet0/0 is up, line protocol is up (connected)
Hardware is CN Gigabit Ethernet, address is 00e0.f702.1e01 (bia
00e0.f702.1e01)
Internet address is 10.1.1.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is
unsupported
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)

om
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
l.c
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
ba
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
m

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out
d bo

Alternatively, the abbreviated ‘pipe’ output filters the relevant sections for you. This
vi

can be very useful, but may not always be supported in Packet Tracer:
da

Branch# show interface g0/0 | include address

Hardware is CN Gigabit Ethernet, address is 00e0.f702.1e01 (bia
00e0.f702.1e01)
Internet address is 10.1.1.1/24

MAC Address of Branch:_____________________ (the MAC may be different on

your Packet Tracer)

Rev 1.0.1 L1.2-9

David Bombal CCNA Lab Lab 1.2

Step 4: Access the console of SW1

Press RETURN to get started!

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed
state to up
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3,
changed state to up
LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2,
changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2,
changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2,
changed state to up

om
SW1>

l.c
Step 5: Enter the show mac address-table command from the user exec prompt.
ba
This command displays the static and currently learned dynamic addresses in the
Switch Content Addressable Memory (CAM). Please note that the tables may be
different for your assigned devices, but the ports that these addresses are being
m

learned on are the same for all.

bo

SW1> show mac address-table

d

Mac Address Table

-------------------------------------------
vi

Vlan Mac Address Type Ports

---- ----------- -------- -----
da

1 00e0.8fc6.5303 DYNAMIC Fa0/3

1 00e0.f702.1e01 DYNAMIC Fa0/2

The addresses learned on SW1 are consistent with the Visual Objective, which
displays the port connections for the devices.

Referring to the recorded MAC addresses of PC1, PC2 and the Branch Router, we
can see that the MAC address of the Branch routeris being correctly learned on
F0/2.PC1 and PC2 MAC addresses are currently not in the table of SW1, as they
have not sent any traffic to generate any frames for the SW1 to ‘listen’ to.

The MAC address that is seen against F0/3 in the table is the MAC address of the
neighbouring SW2’s F0/3 port.

Rev 1.0.1 L1.2-10

David Bombal CCNA Lab Lab 1.2

Step 6: Access the console of SW2:

Press RETURN to get started!

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state
to up
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3,
changed state to up

From the user exec prompt issue the below command to verify the MAC that you see
in SW1’s table on the F0/3 port is that of SW2’s F0/3 connected port.

om
SW2> sh interface f0/3 | incl address
Hardware is Lance, address is 00e0.8fc6.5303 (bia 00e0.8fc6.5303)

l.c
Confirm the address matches SW1 mac address table entry.
ba
Step 7: Enter the show mac address-table command from the user exec prompt
on SW2.
m
bo

SW2> show mac address-table

Mac Address Table

d

-------------------------------------------
Vlan Mac Address Type Ports
vi

---- ----------- -------- -----

1 00d0.bc68.1303 DYNAMIC Fa0/3
da

Once again, the addresses learned on SW2 are consistent with the Visual Objective,
which displays the port connections for the devices.

Neither the Branch router, nor PC1 or PC2 MAC addresses are currently in the table
of SW2, as they have not sent any traffic to generate any frames for the SW2 to
‘listen’ to.

The MAC address that is seen against F0/3 in the table is the MAC address of the
neighbouringSW1’s F0/3 port. Verify this is the case by jumping back onto SW1
console session and repeating the command:

SW1> sh int f0/3 | inc address

Hardware is Lance, address is 00d0.bc68.1303
(bia 00d0.bc68.1303)

Rev 1.0.1 L1.2-11

David Bombal CCNA Lab Lab 1.2

Step 8: In this step, you will clear the dynamically learned MAC addresses on SW1
and SW2. Then we will see how the switch populates the table again. You will need
to use the IOS shortcut up-arrow key to clear the table and then show the table
again.

Depending on how quick you use these shortcuts will change what is displayed in the
tables of the two switches. In ‘real’ IOS devices like Switches and Routers - they will
be sending frames onto the network and as such, the CAM table will repopulate very
quickly. In Packet Tracer however, we will have to generate some traffic from the
PC’s to make them visible within the CAM tables of the switches.

Access SW1, enter privilege exec mode (to have access to the #clear command)
and clear the mac address table of SW1, then issue the show command to view how
quick the table is repopulated. Repeat this a few times and see if the CAM table has
less or more in it depending on how fast you use the up-arrow to repeat the
commands. Below is the output of some repetitions of the command.
This can take up to 1 minute to refresh the cache after clearing.

om
SW1> enable
SW1# clear mac address-table dynamic
SW1# sh mac address-table dynamic

Mac Address Table l.c

-------------------------------------------
Vlan Mac Address Type Ports
ba
---- ----------- -------- -----

--output omitted—
m

SW1> show mac address-table

bo

Mac Address Table

-------------------------------------------
Vlan Mac Address Type Ports
d

---- ----------- -------- -----

1 00e0.8fc6.5303 DYNAMIC Fa0/3
vi

1 00e0.f702.1e01 DYNAMIC Fa0/2

da

Which devices do these MAC addresses belong to?

Step 9: Access SW2, enter privilege exec mode (to have access to the clear
command) and clear the mac address table of SW2, and then issue the show
command to view how quick the table is repopulated. Repeat this a few times and
see if the CAM table has less or more in it depending on how fast you use the up-
arrow to repeat the commands. Below is the output of some repetitions of the
command.This can take up to 1 minute to refresh the cache after clearing.

Rev 1.0.1 L1.2-12

David Bombal CCNA Lab Lab 1.2

SW2> enable
SW2# clear mac-address-table dynamic
SW2# sh mac address-table dynamic

Mac Address Table

-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----

--output omitted—

SW2> sh mac address-table

Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 00d0.bc68.1303 DYNAMIC Fa0/3

Which devices does this MAC addresses belong to?

om
A Switch will take one of three actions to forward a frame.

FORWARD, FILTER or FLOOD

l.c
ba
i. If a MAC address of the destination is KNOWN, the frame will be
FORWARDED (‘switched’) using the learned table and the frame sent out of
the corresponding port onwards to its destination.
m

ii. If a mac address of the destination is UNKNOWN, the frame will be

bo

FLOODED out of all ports apart from the one it was received on, ensuring
that the destination will more than likely receive the frame, in this way
ensuring that return traffic from the destination will allow the switch to
d

correctly learn the intended destination mac address and subsequent frame
will be FORWARDED to that destination and not FLOODED, thus conserving
vi

switch and network resources

da

iii. If more than one MAC address is being learned on a particular port and those
devices were communicating with each other directly, but traffic was being
received on the switch port that connects those devices, the switch would
FILTER these frames and not send them forward onto the other ports, thus
conserving switch and network resources

Rev 1.0.1 L1.2-13

David Bombal CCNA Lab Lab 1.2

Step 10: In this step, you will generate some traffic from PC1, PC2 and the Branch
router and observe the processes.

Access PC1. Using the already open Command Prompt window ping PC2.

om
The ping should be successful as there is connectivity between the switches in your
Pod. However, depending on whether the Switch currently has the MAC addresses
of both PC’s in their tables will decide which action the switch will take.
l.c
In our case, SW1 and SW2 both have unknown MAC addresses for PC1 and PC2
ba
currently. When PC1 attempts to ping PC2, PC1 will first query its own ARP
(Address resolution Protocol) cache to find a mapping of the IP address of PC2 to its
Mac address. PC1 will not find this. However, PC1 does not give up at this point –
m

instead it will construct a request for PC2 address and then encapsulate that request
into a frame, with its’ source mac being 00E0.F984.D68Cand the destination MAC
bo

beingFFFF.FFFF.FFFF
d
vi
da

This frame is transmitted by PC1 and received by SW1. SW1 will receive the
broadcast on port F0/1, learn the source address inside the frame and then cache
this in the mac address-table as shown below.

Rev 1.0.1 L1.2-14

David Bombal CCNA Lab Lab 1.2

Step 11: On SW1, recall the command to view the mac address-table to verify this is
the case.

SW1>show mac address-table

Mac Address Table

-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 00e0.8fc6.5303 DYNAMIC Fa0/3
1 00e0.f702.1e01 DYNAMIC Fa0/2
1 00e0.f984.d68c DYNAMIC Fa0/1

Result: PC1 MAC address now learned

om
So, SW1 now has the MAC address of PC1 in its table but it does not (and will not)
know where a broadcast came from as a broadcast is always TO a device and
therefore a Switch will always FLOOD a broadcast forward out of all ports apart from
the one on which it was received. In doing so, the frame is sent across the link to
SW2 and the Branch router. l.c
As the frame reaches port F0/3 of SW2, SW2 will also learn that PC1 is reachable
ba
via port F0/3 as the switch listens to the frame in order to learn the source address
in the header. The header will look like this (below):
m
d bo
vi
da

SW2 will then have the MAC address of PC1 in its table as well.

Rev 1.0.1 L1.2-15

David Bombal CCNA Lab Lab 1.2

Step 12: On SW2, recall the command to view the MAC address-table to verify this
is the case.

SW2>show mac address-table

Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 00d0.bc68.1303 DYNAMIC Fa0/3
1 00e0.f984.d68c DYNAMIC Fa0/3

Result: PC1 MAC address now learned

AS you can see from the ‘Out Layers’ in the exhibit above, SW2 still sees this as a
broadcast message (FFFF.FFFF.FFFF) and will therefore FLOOD this out all ports
apart from the one it was received on (F0/3)
The message will then be received as a broadcast by PC2, who will process this as it

om
is a broadcast (everyone processes broadcasts!!) and find that its own IP address is
in the payload of the request message. PC2 will then add the information regarding
PC1’s mac address and IP information to its own ARP cache gleaned from the
message and the construct an ARP reply to PC1.
l.c
The ARP reply can be unicast back to PC1 as PC2 has all the information to reply
directly without sending a broadcast. PC2 will add the source mac address of
ba
000c.cf4d.8730 (PC2) and destination mac address of 00e0.f984.d68c (PC1) to the
encapsulated frame and place the ARP reply on the network back to PC1. The
encapsulated frame will look like this:
m
d bo
vi
da

At which point SW2 will listen as it is received to populate the mac address table
with the information below:

Rev 1.0.1 L1.2-16

David Bombal CCNA Lab Lab 1.2

Step 13: On SW2, recall the command to view the MAC address-table to verify this
is the case.

SW2>show mac address-table

Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 00d0.bc68.1303 DYNAMIC Fa0/3
1 00e0.f984.d68c DYNAMIC Fa0/3
1 000c.cf4d.8730 DYNAMIC Fa0/1

Result: PC2 MAC address now learned.

SW2 will now look up entries in its own table to see if it can find an entry for PC1’s
mac address. In this case, there is an entry for PC1’s mac address against port F0/3

om
in the table. SW2 will now make a FORWARDING decision based on a learned mac
address table with an entry pointing to F0/3. SW2 does not modify the frame at all,
it merely switches the frame from the F0/1 interface to the F0/3 interface as a unicast
message on its way to SW1.
l.c
SW1 now receives the forwarded frame with the same information inside. As SW1
listens to the frame passing through it now adds PC2’s mac address to its learned
ba
table of addresses via port F0/3 as shown below in the output.
m

Step 14: On SW1, recall the command to view the MAC address-table to verify this
is the case.
d bo

SW1# show mac address-table

Mac Address Table
vi

-------------------------------------------
Vlan Mac Address Type Ports
da

---- ----------- -------- -----

1 000c.cf4d.8730 DYNAMIC Fa0/3 PC2 MAC address
1 00e0.8fc6.5303 DYNAMIC Fa0/3
1 00e0.f702.1e01 DYNAMIC Fa0/2
1 00e0.f984.d68c DYNAMIC Fa0/1 PC1 MAC address

Results: P1 and PC2 MAC addresses now learned

SW1 finally looks up the destination MAC address of 00e0.f984.d68cand finds an

entry in the table through port F0/1. SW1’s decision is to FORWARD the frame onto
PC1 and maximize the efficiency of the device in not sending to any other network-
attached device when the destination is known.
Step 15:The Branch routers MAC (00e0.f702.1e01) is known in the table of SW1,
but not in the table of SW2.

You will need to generate some traffic as before from the Branch router to PC2 in
order for the Branch router MAC to be learned on SW2 as well.

Rev 1.0.1 L1.2-17

David Bombal CCNA Lab Lab 1.2

From the Branch router console session, ping PC2and observe the learning process
the switches go through to populate their tables.

Question 1: – Does SW1 know the routers MAC address already?

Look in the MAC address table of SW1for your answer. You should see that the
MAC of the router is known on port F0/2 of SW1, so when the router sends the ping
packet the same process as described before will occur with an ARP request being
sent to PC2 for its MAC address and placed onto the network as a Broadcast.

om
Note:
Dynamic CAM entries are held for 300 seconds (5 minutes), after which
l.c
time the dynamic entries are removed to conserve memory on the
switch. However, because devices on a network are always sending
frames and packets to and from other destinations, it is very likely that
ba
the CAM table of a switch will not change that much during a day’s
operation, and in doing so will minimize the possibility of any
FLOODING of unknown MAC addresses
m
bo

Question 2: – What will SW1 do with the received Broadcast message?

SW1 will FLOOD the frame out all ports except the one it was received on.
d

Therefore, PC1 and SW2 will receive the frame. PC1 will drop it as the message is
not destined for it.
vi
da

Question 3: – What will SW2 do when it receives the broadcast frame?

SW2 will firstly add the MAC address of the router to its dynamically created table by
listening to the frame on the wire. The Address will then be added to the table and
the frame will then be FLOODED out all ports except the one on which it was
received (F0/3).

Rev 1.0.1 L1.2-18

David Bombal CCNA Lab Lab 1.2

Step 16: On SW2, recall the command to view the MAC address-table to verify this
is the case.

SW2>show mac address-table

-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 00d0.bc68.1303 DYNAMIC Fa0/3
1 00e0.f984.d68c DYNAMIC Fa0/3 PC1 MAC address
1 000c.cf4d.8730 DYNAMIC Fa0/1 PC2 MAC address
1 00e0.f702.1e01 DYNAMIC Fa0/3 Router MAC address

Result: PC1, PC2 and Router MAC address now learned

PC2 will then receive the ARP request and be able to add the entry into its’ own ARP

om
cache, construct the reply message and placing this on the wire back to the
router.The next steps to transmit the following frame will be as follows:

l.c
ba
m
d bo
vi
da

Explanation:

 SW2 receives the frame with the source PC2 MAC address known on F0/1
 SW2 resets the dynamic timer (300 seconds) associated with known PC2
MAC address
 SW2 looks up the destination MAC of the router in the table and finds an
entry
 SW2 forwards the frame out port F0/3 to SW1
 SW1 receives the frame with the same source and destination information
contained.
 SW1 resets the dynamic timer (300 seconds) associated with known PC2
MAC address learned on F0/3
 SW1 looks up the destination MAC of the router in the table and finds an
entry
 SW1 forwards the frame out port F0/2 to the Router.
Rev 1.0.1 L1.2-19
David Bombal CCNA Lab Lab 1.2

Activity Verification

In this task, you learned how a switch builds and maintains a CAM (Content
Addressable Memory) table by LISTENING to frames as they move over the wires.
This allows the switch to learn source MAC addresses on specific ports so that
forwarding decisions can be made based on the MAC address table entries.
Switches will make one of three decisions: FORWARD, FILTER or FLOOD, based
on a learned table of entries.

Messages can be sent in one of 3 ways in IPv4:

 UNICAST (one-to-one)
 BROADCAST (one-to all)
 MULTICAST (one to many or group).

om
l.c
ba
m
d bo
vi
da

Rev 1.0.1 L1.2-20