Hello Sameer
A switch can have transverse traffic, and traffic that is sent or destined to the switch itself.
Transverse traffic is traffic with source and destination MAC addresses that don’t belong to the switch. In other words, this is traffic that comes from and goes to a host other than the switch itself. This is the vast majority of traffic that a switch will service, and this fulfills the fundamental function of the switch. This can generally be called user traffic, or data plane traffic. Transverse traffic automatically creates entries in the MAC address table, allowing MAC addresses to correspond to particular interfaces.
Now traffic that is sourced or destined to or from the switch itself is different. The actual physical MAC addresses of the switch and of its interfaces do not actually appear in the MAC address table. However, what does appear is a list of multicast MAC addresses. When a frame enters a switch with a multicast MAC address as the destination, it must know what to do with it. It looks in the MAC address and sends it to the CPU.
What does that mean? Well the CPU isn’t a port in the normal sense. It’s not even a virtual port, but it is the processing center of the switch that will take the frame and decide what to do with it. It is important to note here that the MAC addresses you see in the list above, are statically assigned, because they are “well known” or preconfigured addresses for use with particular internal processes. Here is a short list of some of these that appear in your output as well:
0100.0ccc.cccc CDP, VTP, and UDLD
0100.0ccc.cccd Cisco Shared Spanning Tree Protocol Address
0180.c200.0000 Spanning Tree Protocol (for bridges) IEEE 802.1D
0180.C200.0002 LACP and others
0180.C200.0003 LLDP
0180.C200.0008 STP for providers 802.1ad
ffff.ffff.ffff All nodes multicast address
So all of these are used for the internal operations and data plane communications with other switches and devices on the network.
I hope this has been helpful! Stay safe, and healthy!
Laz