Cisco: Understanding how Mac and IPs are used to travel the network

Posted on 2014-08-07
Last Modified: 2014-08-07
I've see a lot of videos on the Internet about packet travel through a network, but I'm looking for a clear detail understanding of how data travels on a network from a Cisco point of view, this info needs to include how the mac-address, IP address are used and what happens to the data (mac and IP address) as it travels through the local area network and also out to the Internet?

Thank you,
Question by:dsterling
    LVL 1

    Accepted Solution

    So let's just say a PC with an IP of is sending a packet out to the internet.  Because this destination address on the internet ( is not in the PC's subnet (, it's going to send this packet to its configured default gateway (

    The PC will ARP for this default gateway address ( in order to determine what MAC address to place in the Ethernet Header Destination Field.  It will find the router's MAC address and place it in the Ethernet Header.

    The packet will be encapsulated in this Ethernet header (Layer 2 Header) and sent across the link into a switchport.  The switch will then examine this Layer 2 Header, and determine if it has the Destination MAC of the router in it's MAC address table.  If it does, it will send it out the corresponding port where it knows that MAC address lives.  If the switch doesn't know where this MAC address is, it will perform what's called "Unknown Unicast Flooding".  The switch will "flood" the packet out every switchport EXCEPT the one it came in on.

    Every switch will repeat these steps until it gets to the destination device, which will accept the packet because its MAC address matches the destination MAC address specified in the Layer 2 Header.  The other devices that got the packet flooded to them will just discard it.

    Once the router/firewall receives this packet, it inspects the IP header and finds the destination IP address (  The router/firewall will then perform a lookup in its routing table and check if it has this IP address listed.  If it does, it will forward it out to the next-hop device listed in this routing table entry.  If it doesn't find this address in its table and it has a default gateway (gateway of last resort) configured, it will forward it out to the next-hop device specified in this default route.  

    The router will then arp for this default route next-hop IP address to determine its MAC address.  Once it does that, it will replace the Layer 2 Header with one that has that MAC address in its destination field and send it out on that link to the ISP's router.

    Most of the time, the internet facing device (router or firewall) will have NAT configured, in order to translate the private IP address used inside the enterprise to public IP addresses that are routable on the internet.  NAT is implemented differently, depending on which device its used on.

    That pretty much sums it up.  Let me know if you have any questions.

    Author Closing Comment

    Great answer!, now I would like to know what is in packet, I guess how it it framed and how that packet is used through the switching and routing process, if you want I'll ask this in another question. The answer you gave, answers my question, but I have a question to follow.
    LVL 1

    Expert Comment

    by:Andy Cantu
    It'd be better to ask it in a separate question.  This will help everybody, including those who are trying to find solutions to similar problems they're experiencing.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now