- Bronze, 100 points or more
hi every body!
I was reading ccna guide by cisco press about mac address learning, this is what i have found:"when host connecting to a switch, send a frame, switch look at the source mac address and port it came into and record them in mac address table"
that means if host does not send any packet, there should not be any entry for the host's mac address in mac address table right?
I connected desktop to cisco 1900 cat switch.When i use the command "show mac-address-table, i find desktop mac address in switch mac address table.
The question is why as desktop is the only host connected to switch , it cant send any frame to any other host as there is none.How did switch learn the mac address?
To me it appears as switch learn mac addresses of directly connected hosts even they dont send any frame.
I would greatly appreciate any help.
thanks and have a nice day!
Can you tell us how the switch port is configured to which the PC is connected?
My guess is that the switch port is not configured with port fast. If port fast is not configured then when the switch restarts all of its ports will go through the Spanning Tree stages of listening, learning, forwarding which takes about 45 seconds. During this time the PC interface went down, came back up, and the PC sent the frames. But since the switch port was not in the right state it did not learn the PC MAC address. This does not mean that the PC did not send it, it only means that the switch was not looking for it when the PC sent it.
It makes a significant difference who is up first. If the switch is up and then the PC is booted then the switch will see the initial PC frames. But if the PC is up and then the switch comes up there are issues about whether the switch sees the frames from the PC.
Based on a desktop running an IP Stack, the desktop/host sends a gratitous arp for duplicate IP detection during the initilization of the IP Stack, this arp has your hosts nic mac address as the source, therefore your switch learns the source MAC.
Thot makes a very good point that Microsoft frequently sends out packets for a variety of services and there is a good possibility that your desktop sent some Microsoft packet.
Another likely possibility is that your desktop sent an ARP response. It is a standard part of most IP stacks that when an interface changes from down to up that it will send an ARP response out the interface (sort of announcing I am here - and also used as a mechanism to detect duplicate IP addresses). So it is likely that you desktop sent an ARP response which would have allowed the switch to learn the MAC of the desktop.
One thing that I can assure you is that if the desktop had not sent ANY frames then the switch would not have learned the MAC of the desktop.
Sometime a host sends broadcast packets/frames so switch can learn a source mac-address.Many services on host aka microsoft service can send any frames so are you sure that the switch didn't send any packets? When host wants to send a frame to other hosts it needs to use arp-request first so it needs to know what is mac-address of their hosts before sending any frames.
Hopes this helps
Cisico devices periodically send various frames e.g to discover neighbours. When the frame is a broadcast as ARP request - your host has to answer even that he did not initiated the conversation. The best thing to do is install any sniffer ew. wireshark to see that silent network is not silent at all - there's plenty of traffic in the background.