How does a switch learn MAC Addresses

Hello Hugues

Yes, your thoughts are correct. The MAC address will remain the same for the whole trip of the frame since both H1 and H4 are in the same subnet/network segment. MAC addresses will only change when they are routed by routers. Source and Destination MAC addresses change for every hop from router to router.

Now, the MAC address you’ll see when you use the CDP neighbors command is the MAC of the switch itself. You will only see MAC address of SW1 in the MAC address table of SW2 only if there was a frame whose source is SW1, such as a ping from the command line interface of SW1. Transient traffic, that is, traffic that the switch receives and forwards, does not incorporate the MAC address of SW1 in any way.

I hope this has been helpful!


If the switch doesn’t see a particular MAC address for 300 seconds, it will be removed from the MAC address table

Hi Rene , that is mean if particular mac address not active for 300 seconds ? if it active it never cleaned from mac table until reboot ?

Hello Emil

The MAC address table is populated by the source MAC address found in each frame that enters a port. Every time a frame enters a port of a switch, the source MAC address is read. This source MAC address is compared to all the MAC addresses in the MAC address table. If it exists in the table, then the timer associated with that address is reset to 300 seconds. If it is not found in the table, it is added, and the timer associated with that address is set to 300 seconds.

If the timer of 300 seconds goes to zero, that means that no additional frames with that source MAC address have been detected on any ports, thus the MAC address times out and is removed. So if you have a frame coming from a specific MAC address at least once every 300 seconds, that MAC address will always remain within the MAC address table.

I hope this has been helpful!


i have a question suppose i ping a to b on switch 1- we know only the ip address right, how will switch know dest mac is ---------------to forward a frame

Hello Rakshit

If you have host A and host B connected to a switch, and one host pings the other, then the process is as follows:

  1. Host A knows the IP address of host B, and encapsulates an IP packet with the appropriate addresses in the header.
  2. This IP packet is then encapsulated within an Ethernet frame which has a header that contains the source and destination MAC address. The source address is known (MAC of host A) but the destination MAC address must be determined. This is done using ARP, and you can find out more about how it works in detail at the ARP (Address Resolution Protocol) Explained lesson.
  3. Once the MAC addresses are written in the Ethernet header, the frame is placed on the wire and sent to the switch.
  4. The switch will read the Ethernet header and see the destination MAC address, and based on the MAC address table, will forward the frame out the appropriate port. If no entry is found in the MAC address table, it will flood the frame out all ports except the incoming port.

So the switch does learn the MAC address of the destination using ARP.

I hope this has been helpful!


@lagapidis Thanks for the Reply, how does this work in case of layer 3 switch

user vlan 10(>l3 switch -------------------->user in vlan 20(

how does a packet flow in this case since switch switch has only one mac and 2 svi for both users in vlan 10 and 20 what would be destination packet since it is on the same switch

Hello Rakshit

Let’s say you have a setup like this:

Host A wants to ping Host B. The following will occur:

  1. Host A will encapsulate an IP packet with a source IP of and a destination IP of The host sees that the destination IP is not in the same subnet as the source IP.
  2. When this is encapsulated into an Ethernet frame, the MAC of the next hop must be determined. Since the destination is not in the same subnet, the host will need the MAC of the default gateway, which is the SVI of VLAN 10 with an IP address of If the host has this MAC in its ARP table, it will use that as a destination MAC. If not, it will send out an ARP request, find it out, and put it in the destination MAC. The frame is then sent on its way.
  3. The switch will receive this frame on it’s port, and will populate the MAC address table with the source MAC and the port number. The destination MAC is read and it is that of the SVI (the switch itself), so the switch decapsulates the frame, and sees that the destination IP in the IP header is Because this is a L3 switch, it knows that this address is in a network that it is directly attached to so it routes the packet.
  4. The IP packet will then be encapsulated into a new frame, with the source MAC as the SVI of VLAN 20 and the destination MAC of the Host B, which is either learned via ARP or already in the ARP table.
  5. The switch will then look at the destination MAC and determine in the MAC address table if an entry exists. If it does, it will send it out of the right port and it reaches Host B. If it does not, then it sends it out all of the ports on VLAN 20.

I hope this has been helpful!


Hi guys,

I’ve build a lab with 3 hosts and a L2 switch like the Rene’s lessons but I’ve a couple of issues.

The interfaces of my hosts are fastethernet and the switch has all gigabit,
the speed and the duplex mode are configured as auto in all devices but I still see this error in the switch console:

“duplex mistmatch discovered on the interface…(not full duplex)…”, Should It negotiate automagically the duplex mode??

and after that I can see that my mac address-table is always learning for dynamic mac addresses even with no traffic pruduced by the hosts , I’ve also disabled CDP STP with this commands on SW1:

no spanning-tree valn1
no cdp enable

Can you help me?

Hello Giovanni

Yes, the duplex and speed should automatically negotiate and function correctly. However there are cases where some NICs and switch ports just don’t get along. If you’ve confirmed that configurations are indeed correct, then it could just be an incompatibility of hardware. I suggest the following:

  1. Try to hardwire the duplex mode to full on the swichport and see if the problem is resolved
  2. PC NICs can also be configured to be auto/half/full - if you go into the network adaptor admin of the PCs, verify that they are indeed set to auto
  3. The “duplex mistmatch discovered on the interface” message sounds like a CDP message to me, but you said that you disabled CDP. Does it look something like this?
    %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on GigabitEthernet0/0 (not full duplex)
    If so, you may be running into the problem on a port that is connected to another Cisco switch or router. Verify that this is not the case and verify that CDP has been disabled on the appropriate port (if you want to disable CDP).

Hosts will always send and receive some level of traffic, even if you don’t initiate any applications on the device. Even if you disable STP and CDP, NIC cards will always be sending some information such as gratuitous ARP requests for example. If you have IPv6 enabled, it will attempt to find the local router as well as other devices on the network. These are all functions that are put in place by the operating system of the host as “housekeeping” routines, so you will almost always see traffic coming from the host, and thus the MAC address table being populated as a result.

I hope this has been helpful!


I think that the issue about the mismatch is releated at the GNS3 enviroment.

Thank you again, for now I will disable cdp :slight_smile:

Hello Giovanni,
if you are using routers with fastethernet interfaces, configure their interfaces like this:

! on router interface
interface fa0/0
 duplex full
 speed 100

On switch interfaces disable autonegotiation and hardcode duplex and speed.

! on switch interface
interface g0/1
 no negotiation auto
 duplex full
 speed 100

This should fix your issue.

I’ve fixed thank you.

I have only to disable the negotiation on switches, no anymore cdp errors

A post was merged into an existing topic: Collision Domain


how to ping mac address in Cisco devices?

You cannot ping a mac-address because it works on layer-3.

When you perform a ping to an X.X.X.X the device do the arp-request (at layer2) to find the mac address with this IP.

You can check mac addresses with:
show mac address-table

and the arp entries with
show arp [vlan <X>]


okey .so its not possible to ping mac address directly right?

Yes, it is not possible.

Hello Gowthamraj

@obertigiovannicesare is right, you can’t ping a host using the MAC address. Ping uses the ICMP protocol and functions at Layer 3. It is designed to send echo requests and echo replies and uses IP addresses as the source and destination of these messages. More about ping can be found at the following lesson.

However, you can ping a particular MAC address “indirectly”. If you know the MAC address you’re looking for, you can find IP address that corresponds to it using Address Resolution Protocol (ARP). Once you find this, you can ping that IP address, and if you get a response, you can be sure that the MAC address of that host has been successfully reached.

Remember that IP communication relies on the underlying Ethernet communication that uses the source and destination MAC addresses, so all IP communications have an underlying Layer 2 component.

I hope this has been helpful!


How are you …Hope everything in your end.Could you please check the below and advise.
You are here: Home » Cisco » CCIE Enterprise Infrastructure
How does a switch learn MAC Addresses

SW1#show mac address-table dynamic  
          Mac Address Table

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    fa16.3e02.9079    DYNAMIC     Gi0/3
   1    fa16.3e31.cdd8    DYNAMIC     Gi0/2
   1    fa16.3e40.f97d    DYNAMIC     Gi0/1
   1    fa16.3eb9.eacd    DYNAMIC     Gi0/3
Total Mac Addresses for this criterion: 5

Total Mac Address of this creation should be - 4

Hello Amjed

Thanks for pointing that one out, I will let Rene know to correct it.