Cisco: Understanding how Mac and IPs are used to travel the network

dsterling used Ask the Experts™
I've see a lot of videos on the Internet about packet travel through a network, but I'm looking for a clear detail understanding of how data travels on a network from a Cisco point of view, this info needs to include how the mac-address, IP address are used and what happens to the data (mac and IP address) as it travels through the local area network and also out to the Internet?

Thank you,
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
So let's just say a PC with an IP of is sending a packet out to the internet.  Because this destination address on the internet ( is not in the PC's subnet (, it's going to send this packet to its configured default gateway (

The PC will ARP for this default gateway address ( in order to determine what MAC address to place in the Ethernet Header Destination Field.  It will find the router's MAC address and place it in the Ethernet Header.

The packet will be encapsulated in this Ethernet header (Layer 2 Header) and sent across the link into a switchport.  The switch will then examine this Layer 2 Header, and determine if it has the Destination MAC of the router in it's MAC address table.  If it does, it will send it out the corresponding port where it knows that MAC address lives.  If the switch doesn't know where this MAC address is, it will perform what's called "Unknown Unicast Flooding".  The switch will "flood" the packet out every switchport EXCEPT the one it came in on.

Every switch will repeat these steps until it gets to the destination device, which will accept the packet because its MAC address matches the destination MAC address specified in the Layer 2 Header.  The other devices that got the packet flooded to them will just discard it.

Once the router/firewall receives this packet, it inspects the IP header and finds the destination IP address (  The router/firewall will then perform a lookup in its routing table and check if it has this IP address listed.  If it does, it will forward it out to the next-hop device listed in this routing table entry.  If it doesn't find this address in its table and it has a default gateway (gateway of last resort) configured, it will forward it out to the next-hop device specified in this default route.  

The router will then arp for this default route next-hop IP address to determine its MAC address.  Once it does that, it will replace the Layer 2 Header with one that has that MAC address in its destination field and send it out on that link to the ISP's router.

Most of the time, the internet facing device (router or firewall) will have NAT configured, in order to translate the private IP address used inside the enterprise to public IP addresses that are routable on the internet.  NAT is implemented differently, depending on which device its used on.

That pretty much sums it up.  Let me know if you have any questions.


Great answer!, now I would like to know what is in packet, I guess how it it framed and how that packet is used through the switching and routing process, if you want I'll ask this in another question. The answer you gave, answers my question, but I have a question to follow.
It'd be better to ask it in a separate question.  This will help everybody, including those who are trying to find solutions to similar problems they're experiencing.


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial