Master MAC Addresses, Ethernet Frames & VLANs: A Layer‑2 Networking Guide

MAC Address

Each network interface card (NIC) or Layer‑3 port has a unique 48‑bit MAC address burned into hardware, also called a hardware address. The address consists of six bytes; the first three identify the vendor (OUI) and the last three are assigned by the vendor to ensure uniqueness.

MAC addresses are usually displayed in hexadecimal, e.g., E0-06-E6-39-86-31. Although software can change a MAC address and virtual machines may share the same physical MAC, uniqueness is only required within the same data‑link segment.

What is a byte? What is a bit?

A bit (binary digit) is the smallest unit of data, having a value of 0 or 1. A byte consists of eight bits.

Ethernet

Ethernet is the most common wired LAN technology. The widely used Ethernet II frame format includes the following fields:

Preamble (7 bytes of 10101010) and Frame Start Delimiter ( 10101011) to synchronize receivers.

Destination Address (6 bytes) – identifies the receiving device.

Source Address (6 bytes) – identifies the sending device.

Type (2 bytes) – indicates the encapsulated network‑layer protocol.

Data (46–1500 bytes) – payload; frames shorter than 46 bytes are padded.

FCS (4 bytes) – Frame Check Sequence for error detection.

The minimum Ethernet frame is 64 bytes (including the 8‑byte preamble), which translates to 672 bits on the wire after adding the 12‑byte inter‑frame gap.

Switch Layer‑2 Forwarding

A switch learns MAC addresses by examining the source address of incoming frames and stores the address‑port mapping in a MAC address table. Entries age out if no frames are seen for a configurable period, but static entries can be added manually and never age out.

When a frame arrives, the switch performs two actions:

If the destination MAC is unknown, the switch floods the frame out all ports except the one it arrived on.

If the destination MAC is known and associated with a different port, the switch unicasts the frame to that port.

If the destination MAC is known and associated with the same ingress port, the frame is discarded.

Unicast frames are sent to a single destination, broadcast frames use the address FF-FF-FF-FF-FF-FF, and flooding forwards a frame out all ports except the source.

VLAN

A VLAN (Virtual LAN) partitions a physical LAN into multiple broadcast domains, improving performance and security. Frames are tagged with a 4‑byte VLAN tag defined by IEEE 802.1Q, inserted after the source MAC address.

The VLAN tag contains:

TPID (0x8100) – indicates an 802.1Q tag.

TCI – includes 3‑bit priority, 1‑bit CFI, and 12‑bit VLAN ID (1‑4094).

When a switch receives a broadcast frame, it forwards it only to ports belonging to the same VLAN. If a unicast frame’s destination MAC is not in the table, the switch floods it within the same VLAN.

Hosts in different VLANs cannot communicate directly; inter‑VLAN routing is required.

VLAN Configuration Methods

Common ways to assign ports to VLANs include:

Port‑based VLANs – set a PVID (Port VLAN ID) on each access port.

MAC‑based, IP‑based, protocol‑based, or policy‑based VLANs.

Access ports belong to a single VLAN and carry untagged frames. Trunk ports carry tagged frames for multiple VLANs. Hybrid ports can send both tagged and untagged frames.

Lab Example: Access vs. Trunk vs. Hybrid

The lab topology connects two switches (SW1 and SW2) and several PCs/servers. The tasks are to configure:

Trunk link between SW1 and SW2 allowing VLAN 5 traffic.

Access ports on PCs with PVID 5.

Hybrid ports to isolate VLAN 2 and VLAN 3 while allowing both to reach VLAN 10.

Configuration steps include setting port types, assigning PVIDs, and verifying with display vlan commands.

Conclusion

Understanding MAC addresses, Ethernet frame structure, and VLAN tagging is essential for designing and troubleshooting Layer‑2 networks. Proper use of Access, Trunk, and Hybrid interfaces enables flexible segmentation and controlled traffic flow.

References:

"图解TCP/IP" – 竹下隆史

"网络基础" – 田果

"路由与交换技术" – 刘丹宁