[Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco: Understanding how Mac and IPs are used to travel the network

Posted on 2014-08-07
Medium Priority
Last Modified: 2014-08-07
I've see a lot of videos on the Internet about packet travel through a network, but I'm looking for a clear detail understanding of how data travels on a network from a Cisco point of view, this info needs to include how the mac-address, IP address are used and what happens to the data (mac and IP address) as it travels through the local area network and also out to the Internet?

Thank you,
Question by:dsterling
  • 2

Accepted Solution

Andy Cantu earned 2000 total points
ID: 40246767
So let's just say a PC with an IP of is sending a packet out to the internet.  Because this destination address on the internet ( is not in the PC's subnet (, it's going to send this packet to its configured default gateway (

The PC will ARP for this default gateway address ( in order to determine what MAC address to place in the Ethernet Header Destination Field.  It will find the router's MAC address and place it in the Ethernet Header.

The packet will be encapsulated in this Ethernet header (Layer 2 Header) and sent across the link into a switchport.  The switch will then examine this Layer 2 Header, and determine if it has the Destination MAC of the router in it's MAC address table.  If it does, it will send it out the corresponding port where it knows that MAC address lives.  If the switch doesn't know where this MAC address is, it will perform what's called "Unknown Unicast Flooding".  The switch will "flood" the packet out every switchport EXCEPT the one it came in on.

Every switch will repeat these steps until it gets to the destination device, which will accept the packet because its MAC address matches the destination MAC address specified in the Layer 2 Header.  The other devices that got the packet flooded to them will just discard it.

Once the router/firewall receives this packet, it inspects the IP header and finds the destination IP address (  The router/firewall will then perform a lookup in its routing table and check if it has this IP address listed.  If it does, it will forward it out to the next-hop device listed in this routing table entry.  If it doesn't find this address in its table and it has a default gateway (gateway of last resort) configured, it will forward it out to the next-hop device specified in this default route.  

The router will then arp for this default route next-hop IP address to determine its MAC address.  Once it does that, it will replace the Layer 2 Header with one that has that MAC address in its destination field and send it out on that link to the ISP's router.

Most of the time, the internet facing device (router or firewall) will have NAT configured, in order to translate the private IP address used inside the enterprise to public IP addresses that are routable on the internet.  NAT is implemented differently, depending on which device its used on.

That pretty much sums it up.  Let me know if you have any questions.

Author Closing Comment

ID: 40247329
Great answer!, now I would like to know what is in packet, I guess how it it framed and how that packet is used through the switching and routing process, if you want I'll ask this in another question. The answer you gave, answers my question, but I have a question to follow.

Expert Comment

by:Andy Cantu
ID: 40247340
It'd be better to ask it in a separate question.  This will help everybody, including those who are trying to find solutions to similar problems they're experiencing.


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question