Basic Layer 2 communication question.

undutchable · ‎07-06-2025

I'm trying to fully understand the flow of L2 traffic.

Lets say there are two or three intermediate l2 switches between me and my default gateway.

If I understand correctly, l2 to l2 does not inspect the l3 headers, meaning the switches don't know what the destination ip address is. And also if I understand correctly, the source and MAC changes every hop. How do the intermediate switches know where the final destination is? Once I ARP for my default gateway and the frame is off to the destination MAC of the next switch, how does the switch after it know where it's supposed to go? All it see's is the source MAC and the destination MAC of itself? Or is the destination MAC of my original ARP retained?

Ramblin Tech · ‎07-06-2025

L2 forwarding preserves the basic L2 encapsulation (eg, the Ethernet frame structure and source & destination MAC addresses) end-to-end. In your scenario, end-to-end means from you to the default gateway.

Your PC knows its def gwy IP address, but does not know the def gwy's MAC address. Your PC sends out an ARP with a broadcast dest MAC (all ones: ffff:ffff:ffff) and the PC's source MAC. Each L2 hop floods the ARP into all its interfaces in the same broadcast domain as the interface it was received on, while preserving the PC's source MAC and broadcast dest MAC. At each L2 hop, the PC's MAC address is "learned" by storing/refreshing it in the hop's MAC address table (CAM/TCAM) and associating that MAC addr with the received interface (and VLAN).

The flooding continues until the ARP reaches the LAN segment with the def gwy. All devices on that segment get an interrupt to examine the broadcast ARP message, but only the def gwy normally responds back. The def gwy returns the ARP response which contains its own MAC, with the L2 hops along the way learning/refreshing the def gwy's MAC as they forward back toward your PC. The ARP response uses your PC's MAC addr as its dest MAC (it was contained in the ARP request) and all the hops along the way forward out the appropriate interface that they previously learned.

The important thing to note (and a misunderstanding in your post) is that L2 hops are not changing the source and dest MAC addresses as they forward the frame. There are exceptions to this concept of preserving the L2 frame as originally transmitted by the source, but let's just set those aside for now and focus on the idea that the L2 frame is preserved end-to-end.

Disclaimers: I am long in CSCO. Bad answers are my own fault as they are not AI generated.

Joseph W. Doherty · ‎07-06-2025

And also if I understand correctly, the source and MAC changes every hop.

A L2 or L3 hop?

For a L2 hop, MACs shouldn't change.

For a L3 hop, MACs might, or might not, change. (Normally they would change, but it's not necessary.)

Once I ARP for my default gateway and the frame is off to the destination MAC of the next switch, how does the switch after it know where it's supposed to go?

Your question's ARP returns the MAC of the gateway NIC, not a L2 switch NIC. L2 switches don't need IPs or MACs for themselves.

As to how a switch know where to send a frame, based on MAC, initially it doesn't know, so it sends such a frame to all its ports (same L2 domain, excluding port that received the frame).

However, switch keeps track of source MACs ingress port, and if destination MAC matches, it sends, out, on just that port.

In your question example, L2 switches have learned the L2 path between your host and the gateway host NICs by watching, and recording, source MAC's ingress port, during ARP request and response.

Joseph W. Doherty · ‎07-06-2025

BTW, my prior reply is an abridged version of Jim's reply.

Also BTW, if my remark of a L2 switch not needing a MAC or IP, is unexpected, it's the norm for many inexpensive home consumer L2 switches, which can actually be used in (possibly also surprisingly) a sizable (practical limit up to about a thousand hosts) LAN network. (Forgoing uncommon within a home, but not that uncommon in some SMBs, that grew from a few hosts.)

MHM Cisco World · ‎07-06-2025

Assume we ping from PC to GW

1- PC will use ARP ask about GW

2- SW will

a- flood to all Ports in same vlan

b- add Mac of PC to port from which frame come from

3- GW is reply to ARP

4- SW will

a- send back ARP reply to port from which it learn PC Mac

b- add Mac of GW from port frame come from

From above step Mac add to port so all SW will have now Mac address table that have

Vlan-mac-port

Ok what different between intermediate SW and SW that direct connect ?

SW direct connect to host/GW it add mac to port direct connect

intermediate SW add mac to vlan-trunk interconnect two SW

MHM

Joseph W. Doherty · ‎07-06-2025

a- flood to all Ports in same vlan

BTW, in practice, basically the same as my prior "same L2 domain". Do note, not all switches support VLANs (like many consumer grade dumb L2 switches), and it's possible to "combine" multiple VLANs into the same physical L2 domain, but that would normally be by error, and most Cisco switches will flag that as an error.

intermediate SW add mac to vlan-trunk interconnect two SW

Also note, inter switch connecting links, on VLAN capable switches, will often have multiple VLANs on such links, but if you only want to span one VLAN between switches, link can be a "regular" edge port too.

Lastly, the port:MAC(:VLAN) table entries often expire, quickly (for example in seconds), if "fresh" follow on frames are not seen. In the unusual case, when the traffic is just being sent in just one direction, one side will find its way to the other, by using the flooding technique. This can, effectively, negate much of the advantage of using a switch over a hub, as all the traffic will be "flooded".