A network switch is a device that connects multiple devices within a Local Area Network (LAN) and directs data to the correct destination using MAC addresses. Unlike hubs (which blindly send data to all devices), switches intelligently forward data only where it needs to go. This makes them a fundamental building block of modern networks.
- What is a Switch?
- Why Switches are Important
- How Switches Work
- Switching Process in Detail
- Types of Switches
- Switches vs Hubs vs Routers
- Switches and VLANs
- Switch Security Features
- Practical Examples of Switch Usage
- Further Reading
A switch is a Layer 2 (Data Link Layer) device in the OSI model, though some operate at Layer 3 (Network Layer). It connects devices (computers, printers, servers, etc.) in a LAN and ensures data packets are delivered only to their intended destination.
Think of a switch like a post office clerk: instead of delivering every letter to every house, the clerk reads the address and sends it only where it belongs.
- Reduce collisions compared to hubs.
- Efficient data delivery using MAC addresses.
- Support for VLANs to segment networks.
- Scalability for growing networks.
- Security features like port security and access control.
Without switches, modern LANs would be inefficient, insecure, and nearly impossible to scale.
Switches build and use a MAC Address Table (or CAM table) to decide where to forward frames.
- Each device has a unique MAC address.
- When a device sends data, the switch records the source MAC and the port it came from.
- Over time, the switch learns where all devices are located.
- When a frame arrives, the switch checks the destination MAC address.
- If the address is in the MAC table, the switch forwards the frame to the correct port.
- If not, it floods the frame to all ports (except the source).
- Unknown destination? → Flood the frame.
- Broadcast traffic (like ARP requests) → Sent to all ports.
This ensures communication even when the switch doesn’t yet know all devices.
- A frame enters the switch on a port.
- The switch records the source MAC address and associates it with that port.
- The switch checks its MAC table for the destination MAC.
- If found, the frame is forwarded only to that port.
- If not found, the switch floods the frame to all ports.
- Over time, the switch learns the entire LAN topology.
This intelligent forwarding is why switches are faster and more efficient than hubs.
- Plug-and-play, no configuration needed.
- Common in small offices or homes.
- Offer configuration options via CLI, web, or SNMP.
- Support VLANs, QoS, port mirroring, and security features.
- Used in enterprise environments.
- Operate at the Data Link Layer.
- Forward based on MAC addresses only.
- Combine switch + router capabilities.
- Can forward based on IP addresses.
- Support inter-VLAN routing.
- Provide Power over Ethernet to devices (IP phones, cameras, APs).
- Eliminate the need for separate power supplies.
| Feature | Hub | Switch | Router |
|---|---|---|---|
| OSI Layer | Layer 1 (Physical) | Layer 2 (Data Link) | Layer 3 (Network) |
| Data Delivery | Sends to all devices | Sends only to destination MAC | Sends based on IP addresses |
| Efficiency | Low | High | High (but slower than switches) |
| Scope | Small LAN | LAN | LAN ↔ WAN |
Switches support Virtual LANs (VLANs), which allow you to:
- Segment a physical network into multiple logical networks.
- Improve security by isolating traffic.
- Improve efficiency by reducing broadcast domains.
Example: Separate VLANs for HR, Finance, and IT in a single physical switch.
For more details: VLAN
Modern switches can improve security with:
- Port security → Limit devices per port.
- MAC filtering → Allow only approved devices.
- Access Control Lists (ACLs) → Restrict traffic based on rules.
- Storm control → Prevent broadcast/multicast floods.
- 802.1X authentication → User/device authentication before access.
- A home network using an unmanaged switch to connect PCs, printers, and a NAS.
- An office network using managed switches with VLANs to separate departments.
- A data center using Layer 3 switches for routing between server racks.