Chapter 2 – Switch Operation

  • How does an Ethernet switch isolates the connection between hosts?
    • the collision domain’s scope is limited
    • host connections can operate in full-duplex mode
    • each switch port offers dedicated bandwidth across switch fabric to another switch port
    • each frame received on a switch port is checked for errors
      “store-and-forward” mechanism: packets received -> stored for inspection -> forwarded
    • the broadcast limit can be limited to a volume threshold
  • What is unkown unicast flooding? 
    • When a switch receives a frame but the destination MAC address is not listed in its forwarding table (CAM) it will flood the frame on all ports (in the same VLAN).
  • How does a switch process a frame?
    • switch-processing.PNG
    • First the frame arrives into the ingress queue where it decides where should it forward the frame/ whether it should forward the frame.
  • What is a TCAM table?
    • ternary content-addressable memory: security and/or QoS ACLs are checking the frame
  • What types of multilayer switching (MLS) exists?
    • Route caching: the first packet is processed by the Route Processor and the Switch Engine creates a shortcut in the MLS cache. The remaining packets of the traffic flow is using this shortcut.
    • Topology based = CEF: The Forwarding Information Base is built based on the routing process.
  • What multilayer switching decisions happen when a packet enters into an MLS?
    • L2 forwarding check: The destination MAC address is used as an index into the CAM table. If the frame contains a Layer 3 packet that needs to be forwarded from one subnet to another, the destination MAC address will contain the address of a Layer 3 port on the switch itself. In this case, the CAM table results are used only to decide that the frame should be processed at Layer 3.
    • L3 forwarding check: The destination IP is checked in the FIB table this way the next-hop IP is obtained. The FIB also contains the next-hop MAC address and egress switch port  + VLAN so no further lookup is necessary.
    • Security ACLs and QoS ACLs are also checked in TCAM.
  • What else happen in the forwarding process (L2/3 headers)? 
    • the source/destination MAC address is modified
    • the TTL is decreased by 1
    • as both L2 and L3 contents are modified, both L2 and L3 checksum need to be recalculated
  • What is a punt adjacency?
    • When CEF cannot process a packet it will be passed to CPU for process switching.
      • ARP requests replies
      • TTL expired
      • CDP
      • packet need encryption
      • etc…
  • What is a CAM table and how do they work?
    • when an incoming frame arrives to the switch an entry is going to be added to the CAM table: source MAC, VLAN, port of arrival, time stamp
  • What is a stale entry?
    • A MAC address that have not been heard from for a period of time is aged out (stale).
    • Default: 300 sec
  • How can you modify the CAM aging timer? 
    • mac address-table aging-time seconds
  • How do you configure a CAM entry statically?
    • mac address-table static mac-address vlan vlan-id interface interface
  • What might be the point of adding a MAC address statically?
    • The MAC address is removed from the CAM table every 300 seconds in case there is no communication. We might don’t want this to happen. i.e.: troubleshooting reasons
  • What happens when a MAC is learned on a port then changes to another port?
    • When the switch is learning a new MAC it checks whether that MAC is already in the CAM table.
  • What happens when a MAC address is flapping?
    • That MAC is being learned from more than 1 port.



  • What is the use of TCAM?
    • It can process multiple access security/QoS access lists (in/out) simultaneously. This operation can happen without latency as the TCAM is a special piece of hardware (ASIC).
  • What components does TCAM have?
    • Feature Manager (FM): The FM compiles or merges the Access Control Entries into the TCAM table. The TCAM then can be consulted at full frame-forwarding speed.
    • Switching Database Manager (SDM):  The TCAM is partitioned into several areas that support different functions.
  • What is TCAM VMR?
    • value, mask, result
  • How can you check the contents of the CAM table?
    • show mac address-table
    • useful: show mac address-table address MAC
    • useful: clear mac address-table …
  • How can you recognize a TCAM overflow?
    • When you are configuring ACL entries a syslog message will be generated as the TCAM is trying to compile the ACL entry into TCAM.
    • Smaller devices like Cisco 2960, 3750 and 3850 have a fixed architecture with limited switching table space. The CAM, FIB and other tables must all share resources, so you need to choose the best distribution.
      Other models like Catalyst 4500 and 6500 have more resources so we don’t need to worry about this problem.
  • How can you tune TCAM?
    • checking: show platform tcam utilization
    • check configured template: show sdm prefer
    • configure sdm template: sdm prefer TEMPLATE
      The switch must be rebooted after the sdm modification!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

Up ↑