Switching concepts are core to CompTIA Network+ N10-009, covering how switches learn and forward frames, VLANs, spanning tree, and port-level security. As the dominant Layer 2 device in modern LANs, switches are involved in questions across networking concepts, implementation, security, and troubleshooting domains. Network+ tests switching conceptually — understanding what happens and why, not CLI configuration syntax.
Practice this topic
Switches operate at Layer 2 (Data Link layer) and make forwarding decisions based on MAC addresses. When a frame arrives, the switch learns the source MAC address and the port it arrived on, adding or updating the MAC address table (also called CAM table). The switch then looks up the destination MAC: if found, it forwards the frame only to that port (unicast forwarding). If not found, it floods the frame to all ports except the incoming port (unknown unicast flooding).
Switch frame handling: known unicast → forward to specific port. Unknown unicast → flood all ports. Broadcast (FF:FF:FF:FF:FF:FF) → flood all ports. Multicast → flood all ports (unless multicast snooping is configured). MAC address table entries age out after a timeout (typically 300 seconds) if no frames are seen from that MAC.
VLANs (Virtual LANs) divide a single physical switch into multiple logical broadcast domains using IEEE 802.1Q tags. Devices in different VLANs cannot communicate without a router or Layer 3 switch. Access ports carry traffic for a single VLAN (untagged) — used for end devices. Trunk ports carry traffic for multiple VLANs (tagged with VLAN IDs) — used between switches and for router-on-a-stick configurations.
Native VLAN: the VLAN that traffic is placed into on a trunk port when no 802.1Q tag is present. Default is VLAN 1 — change it for security. VLAN ID range: 1–4094 (VLAN 1 default, VLANs 1002–1005 reserved for legacy). Inter-VLAN routing requires a Layer 3 device (router with subinterfaces or Layer 3 switch with SVIs).
STP (IEEE 802.1D) prevents Layer 2 loops in networks with redundant switch paths. Without STP, broadcast frames would loop endlessly, consuming all bandwidth (broadcast storm). STP elects a root bridge (lowest bridge ID = priority + MAC address) and puts redundant ports into blocking state. Only the root bridge paths remain forwarding.
STP port states: Blocking → Listening → Learning → Forwarding. Convergence takes ~30–50 seconds. RSTP (Rapid STP, 802.1w) converges in ~1–2 seconds — the modern standard. MSTP (802.1s) supports multiple spanning tree instances per VLAN group.
PortFast: STP feature for access ports that skips the listening/learning states, immediately transitioning to forwarding. Used for end-device ports to eliminate the 30-second wait. BPDU Guard: automatically disables a PortFast port if it receives STP BPDUs (Bridge Protocol Data Units) — prevents rogue switches from affecting the STP topology.
All switch ports are trunk ports by default
Switch ports default to access mode on most switches. Trunk ports must be explicitly configured or negotiated via DTP (Dynamic Trunking Protocol)
VLANs provide complete security isolation without additional controls
VLANs provide logical separation but VLAN hopping attacks can bypass isolation if trunks and native VLANs are not properly hardened
STP is not needed in modern networks
STP or RSTP is essential whenever there are redundant switch paths — without it, a loop would instantly crash the network with a broadcast storm. Modern deployments use RSTP for fast convergence
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A switch receives a frame with a destination MAC address not in its MAC address table. What does the switch do?
Explanation: When a switch receives a frame with an unknown destination MAC address, it floods the frame out all ports except the port it was received on (unknown unicast flooding). This ensures the frame reaches its destination even though the switch doesn't know which port to use. When the destination device responds, the switch learns its port and updates the MAC table.
What is the purpose of configuring PortFast on a switch port?
Explanation: PortFast skips the STP Listening (15 sec) and Learning (15 sec) states, transitioning an access port directly to Forwarding. This eliminates the 30-second delay that would otherwise occur when a device connects. PortFast should only be used on access ports connected to end devices (not switch uplinks) — always paired with BPDU Guard.
A broadcast storm occurs when broadcast frames loop through the network endlessly on redundant paths without STP. Each switch floods broadcasts to all ports, which re-enters other switches, which flood again — exponentially multiplying until network bandwidth is consumed. All devices receive and process the flood, CPUs spike, and the network becomes unresponsive. STP prevents this by blocking redundant paths.
Try free Switching Concepts practice questions with explanations, topic links and progress tracking.