Feb 01

Managing MAC address table on Cisco Catalyst switch

There are two types of MAC tables on Cisco Catalyst switches CAM and TCAM. CAM is Layer 2 table used in all switches and TCAM is a layer 3 table therefore is utilized to routing and other network layer

CAM stands for Content Addressable Memory which is a special type of memory used by Cisco switches. In the case of ordinary RAM the IOS uses a memory address to get the data stored at this memory location, while with CAM the IOS does the inverse. It uses the data and the CAM returns the address where the data is stored. Also the CAM is considered to be faster than the RAM since the CAM searches the entire memory in one operation.

CAM tables provide only two results: 0 (true) or 1 (false). CAM is most useful for building tables that search on exact matches such as MAC address tables. The CAM table is the primary table used to make Layer 2 forwarding decisions. In the case of Layer 2 switching tables, the switch must find an exact match to a destination MAC address or the switch floods the packet out all ports in the VLAN.

The table is built by recording the source address and inbound port of all frames. As frames arrive on switch ports, the source MAC addresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MAC address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated.

When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address. The information a switch uses to perform a lookup in a CAM table is called a key. For example, a Layer 2 lookup would use a destination MAC address and a VLAN ID as a key.

CAM – Content Addressable Memory characteristics are listed below:

  • use hardware ASIC’s
  • keep MAC addresses for 300 sec
  • if more than one match is found the latest entry takes precedence (with highest timer left)

  • TCAM stands for Ternary Content Addressable Memory which can match a third state, which is any value. This makes TCAM a very important component of Cisco Layer 3 switches and modern routers, since they can store their routing table in the TCAMs, allowing for very fast lookups, which is considerably better than routing tables stored in ordinary RAM. TCAM is a specialized CAM designed for rapid table lookups.

    TCAM provides three results: 0, 1, and “don’t care.” TCAM is most useful for building tables for searching on longest matches such as IP routing tables organized by IP prefixes. The TCAM table stores ACL, QoS and other information generally associated with upper-layer processing. As a result of using TCAM, applying ACLs does not affect the performance of the switch.

    Most switches have multiple TCAMs so that both inbound and outbound security, as well as QoS ACLs, can be evaluated simultaneously or entirely in parallel with a Layer 2 or Layer 3 forwarding decision.

    The term VMR (Value, Mask and Result) refers to the format of entries in TCAM. The “value” in VMR refers to the pattern that is to be matched; examples include IP addresses, protocol ports, DSCP values, and so on. The “mask” refers to the mask bits associated with the pattern and determines the prefix. The “result” refers to the result or action that occurs in the case where a lookup returns a hit for the pattern and mask.

    This result might be a “permit” or “deny” in the case of a TCAM for ACLs, values for QoS policies in case of QoS or a pointer to an entry in the hardware adjacency table that contains the next-hop MAC rewrite information in the case of a TCAM used for IP routing.

    To see the current TCAM resource usage, use the show tcam counts EXEC command. To see the current TCAM partitioning, you can use the show sdm prefer EXEC command.

    Most of the traditional Layer 2 Cisco switches has only CAM for Layer 2 switching, while some Layer 2 Cisco switches has TCAM for QoS and not for routing, while layer 3 switches has the routing TCAM. CAM and TCAM are the most important parts of the so called ASICs that Cisco switches leverage for line-speed fast switching.

    Catalyst switch architecture supports the ability to perform multiple lookups into multiple distinct CAM and TCAM regions in parallel. As a result of this ability to perform multiple lookups simultaneously, Catalyst switches do not suffer any performance degradation by enabling additional hardware-switching features such as QoS and IP ACL processing.

    TCAM – Ternary Content Addressable Memory table allow switch to perform following functions:

  • Routing
  • ACL’s
  • QoS

  • Commands:

    Switch# show mac address-table
    Switch# show mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id]
    Switch# show mac address-table interface ethernet 0/1
    Switch# show mac address-table | include <text string>
    Switch# show platform tcam utilization
    Switch# show mac address-table count


    Screen Shot 02-01-17 at 09.40 PM

    Follow me!

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>