Hello

For a Layer 2 switching process, once the packet comes from the network layer to the data link layer the source host1 will check the arp table for a cached mapping mac address entrys for destination host2 and if their isnt one it will arp broadcast and send a arp frame to the switch with the source host1 ip and source host1 mac address and a destination mac header of ffff.ffff.fff ( broadcast)

 

The switch will check the l2 header and see its a broadcast and flood it out on all ports other than the host the frame came in on, whilst this is happening the ip packet of host 1 will be put on hold (buffered)

Host 2 will see this is arp request and prepares a arp replay, The switch will log the source host1 ip and source host 1mac addresses and the port it came in on from the arp request and eventually also the destination host2 ip and destination host2 mac address and port from its arp reply

At this point the switch now knows the src/dst mac addresses of each host and will forward host 1 

packet and the frame towards the appropriate ports.

Host 2 checks the L2 header and sees that its for itself and strips it off
host 2 checks the l3 header and sees that its for itself and strips it off
host 2 checks dest port and proceeds to process the data.

L3 switch process is similar but the host will see that the destination address isnt on the same subnetwork so it will arp toward its own defined default gateway of which the router will reply to the arp broadcast

A frame will then be created sent to the router, where this frame will be read strip off and the process begins from the router perspective towards host2

The reply from either process wont be as long due to now all the cam and arp tables will now have been populated (cached) so lookups will be quicker

Again, I would like to note, for pure L2 switching, ARP is not needed. I.e. the switch, itself, doesn't ARP to forward transit L2 frames.

When a switch receives a frame, if it's a unicast MAC, it checks its MAC table to determine if the destination MAC has been seen as a source MAC on any specific port. It it has, it transmits the frame on just that port. If not (or a broadcast MAC), if floods the frame to all ports (same VLAN ports, if a VLAN enabled switch) except the port the frame was received on.

(NB: if transit frame has a multicast MAC, if treats it like a broadcast MAC unless the switch supports IGMP snooping and if that's active. If the latter, it will only transmit the frame to ports with a known receiver for that multicast stream, again excluding the ingress port, and also again, limited to same VLAN ports if it's a VLAN active switch.)

What Paul is explaining, on the switch itself, only arises if the switch a L3 host, i.e. it's the source or destination for L3 packets from another host or the switch is a L3 switch supporting a L3 interfaces. For either, you do get into the situation needing to "translate" IP addresses to MAC addresses.

I mostly agree with Joseph but would explain it a bit differently. He is quite correct that when performing layer 2 forwarding a switch does not need to arp. A layer 2 switch does need to arp if the IP frame was originated by the switch itself and if the destination is an address in the local subnet.

 

HTH

 

Rick

Laugh - Rick and I do often sometimes explain things a bit differently, as we also sometimes do with other posters too. Hopefully, though, multiple "slants" in how we explain will assist in understanding.

First, Rick is 100% correct, if the switch is acting as a "host" (or doing routing), it normally ARPs.

Perhaps it might help if you think of 3 "kinds" of switches.

The first would be a "dumb" switch, like a $50 4 port switch found at many electronic stores. These are "pure" L2 switches without any management capability. They would never ARP (or ARP reply).

Next would be a manageable switch, one that you can configure and likely supports VLANs. These would only ARP when other devices communicate to/from the switch itself (as mentioned by Rick, or in my first question in my original post). (They would also ARP reply - again they operate like other IP hosts.)

Lastly would be a L3 switch, which can route. These support transit L3 traffic, and for that traffic, they will ARP for packets traveling between networks, which have a L3 egress interface. If they also support a L3 ingress interface, they will ARP reply too. (NB: generally the same interface supports both L3 ingress and egress.)

"A layer 2 switch does need to arp if the IP frame was originated by the switch itself and if the destination is an address in the local subnet."

BTW, a L2 switch, like other hosts, will also ARP for IP addresses not on the local network too. Again like other hosts, for off local network destinations, they usually have a gateway IP, and they will ARP for that IP.

Yes. We sometimes have different ways of explaining the same underlying behavior. And I do believe that for many people this can be very helpful. It is one of the benefits of these communities.

 

We typically talk about 2 kinds of switch. In this case I really do like Joseph suggesting that we consider 3 kinds of switch. +5

 

HTH

 

Rick