Layer 2 Switching

Switches forward frames based on MAC addresses. They segment collision domains but share a single broadcast domain (unless VLANs are used).

1. Historical Context: Bridges, Hubs, and Switches

Before modern switches, networks were built using simpler devices:

Hubs (Layer 1): "Multi-port Repeaters". Replicate incoming bits out to every other port. Entire network is one Collision Domain. (Inefficient, insecure).
Bridges (Layer 2): Software-based. Could filter MAC addresses but had few ports (usually 2). Slow CPU processing.
Switches (Layer 2): Hardware-based (ASICs). Each port is its own Collision Domain. Can forward millions of frames per second (Wire Speed).

2. The MAC Address Table

A switch is essentially a multi-port bridge. It learns MAC addresses by listening to incoming frames.

Learning: When a frame arrives on Port 1, the switch records the Source MAC + Port 1 in its CAM table.
Flooding: If the Destination MAC is unknown (or broadcast), the switch floods the frame out all other ports.
Forwarding: If the Destination MAC is known, the switch sends the frame only to that specific port (Unicast).
Aging: Entries expire after 300 seconds (default) of inactivity.

2. VLANs (Virtual LANs)

VLANs logically separate a physical switch into multiple broadcast domains. Traffic cannot cross between VLANs without a router (Inter-VLAN Routing).

The 802.1Q Tag Format

The 4-byte tag is inserted after the Source MAC address. It increases the frame size by 4 bytes (Min: 68B, Max: 1522B).

TPID 0x8100 2B

PRI CoS 3b

CFI DEI 1b

VLAN ID 1-4094 12b

Engineer's Notebook: Native VLAN Mismatch

Symptom: STP loops, intermittent connectivity, or CDP/LLDP errors like "Native VLAN Mismatch discovered".

Cause: One side of the trunk expects VLAN 1 untagged, while the other expects VLAN 10. Frames hop VLANs unintendedly.

Fix: switchport trunk native vlan X must match on both ends.

3. Spanning Tree Protocol (STP)

Redundant links create loops. Loops cause broadcast storms, MAC table instability, and network meltdowns. STP (802.1D) prevents loops by logically blocking redundant ports.

STP Port States: Legacy (802.1D) vs Rapid (802.1w)

802.1D State	802.1w State	Function	Fwd Data?	Learn MAC?
Blocking	Discarding	Prevents loop. Listens to BPDUs.	NO	NO
Listening	Discarding	Calculates topology. (Legacy only).	NO	NO
Learning	Learning	Populates MAC table.	NO	YES
Forwarding	Forwarding	Active data transmission.	YES	YES
Disabled	Discarding	Administratively down.	NO	NO

Engineer's Notebook: PortFast / Edge Port

Problem: Access ports (connected to PCs) shouldn't wait 30 seconds to forward. They cause DHCP timeouts.

Solution: Enable PortFast (Cisco) or Edge Port (Standard). It skips Listening/Learning and goes straight to Forwarding.

Risk: If a user plugs in a switch, you get a loop instantly. Enable BPDU Guard to shut the port down if a BPDU is received.

Root Bridge Election

All switches in a topology elect one Root Bridge. The switch with the lowest Bridge ID wins.

Bridge ID = Priority (Default 32768) + MAC Address

Design Tip: Always manually configure the Root Bridge (set priority 4096) to ensure your core switch is the root, not some random access switch.

4. ARP (Address Resolution Protocol)

Layer 2 needs MAC addresses. Layer 3 has IP addresses. ARP maps IP -> MAC.

Request: "Who has 192.168.1.1? Tell 192.168.1.10." (Broadcast: FF:FF:FF:FF:FF:FF)
Reply: "192.168.1.1 is at AA:BB:CC:DD:EE:FF." (Unicast)