NetworkingNetwork+

Switching Concepts for CompTIA Network+ N10-009

Switching concepts are core to CompTIA Network+ N10-009, covering how switches learn and forward frames, VLANs, spanning tree, and port-level security. As the dominant Layer 2 device in modern LANs, switches are involved in questions across networking concepts, implementation, security, and troubleshooting domains. Network+ tests switching conceptually — understanding what happens and why, not CLI configuration syntax.

8 min

3 sections · 7 exam key points

2 practice questions

How Switches Learn and Forward

Switches operate at Layer 2 (Data Link layer) and make forwarding decisions based on MAC addresses. When a frame arrives, the switch learns the source MAC address and the port it arrived on, adding or updating the MAC address table (also called CAM table). The switch then looks up the destination MAC: if found, it forwards the frame only to that port (unicast forwarding). If not found, it floods the frame to all ports except the incoming port (unknown unicast flooding).

Switch frame handling: known unicast → forward to specific port. Unknown unicast → flood all ports. Broadcast (FF:FF:FF:FF:FF:FF) → flood all ports. Multicast → flood all ports (unless multicast snooping is configured). MAC address table entries age out after a timeout (typically 300 seconds) if no frames are seen from that MAC.

VLANs and Trunking

VLANs (Virtual LANs) divide a single physical switch into multiple logical broadcast domains using IEEE 802.1Q tags. Devices in different VLANs cannot communicate without a router or Layer 3 switch. Access ports carry traffic for a single VLAN (untagged) — used for end devices. Trunk ports carry traffic for multiple VLANs (tagged with VLAN IDs) — used between switches and for router-on-a-stick configurations.

Native VLAN: the VLAN that traffic is placed into on a trunk port when no 802.1Q tag is present. Default is VLAN 1 — change it for security. VLAN ID range: 1–4094 (VLAN 1 default, VLANs 1002–1005 reserved for legacy). Inter-VLAN routing requires a Layer 3 device (router with subinterfaces or Layer 3 switch with SVIs).

Spanning Tree Protocol (STP)

STP (IEEE 802.1D) prevents Layer 2 loops in networks with redundant switch paths. Without STP, broadcast frames would loop endlessly, consuming all bandwidth (broadcast storm). STP elects a root bridge (lowest bridge ID = priority + MAC address) and puts redundant ports into blocking state. Only the root bridge paths remain forwarding.

STP port states: Blocking → Listening → Learning → Forwarding. Convergence takes ~30–50 seconds. RSTP (Rapid STP, 802.1w) converges in ~1–2 seconds — the modern standard. MSTP (802.1s) supports multiple spanning tree instances per VLAN group.

PortFast: STP feature for access ports that skips the listening/learning states, immediately transitioning to forwarding. Used for end-device ports to eliminate the 30-second wait. BPDU Guard: automatically disables a PortFast port if it receives STP BPDUs (Bridge Protocol Data Units) — prevents rogue switches from affecting the STP topology.

Key exam facts — Network+

MAC address table = CAM table; learned from source MAC of incoming frames
Unknown unicast, broadcast, and multicast are flooded to all ports
802.1Q = VLAN tagging standard; trunk ports carry multiple VLANs tagged
Access ports = single VLAN, untagged; trunk ports = multiple VLANs, tagged
STP prevents loops by blocking redundant paths; root bridge = lowest bridge ID
RSTP (802.1w) = rapid STP, ~1-2 second convergence
PortFast = instant forwarding for end-device ports; BPDU Guard protects PortFast ports

Common exam traps

All switch ports are trunk ports by default

Switch ports default to access mode on most switches. Trunk ports must be explicitly configured or negotiated via DTP (Dynamic Trunking Protocol)

VLANs provide complete security isolation without additional controls

VLANs provide logical separation but VLAN hopping attacks can bypass isolation if trunks and native VLANs are not properly hardened

STP is not needed in modern networks

STP or RSTP is essential whenever there are redundant switch paths — without it, a loop would instantly crash the network with a broadcast storm. Modern deployments use RSTP for fast convergence

Practice questions — Switching Concepts

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A switch receives a frame with a destination MAC address not in its MAC address table. What does the switch do?

A.Drops the frame

B.Sends the frame back to the source

C.Floods the frame out all ports except the source port

D.Requests the MAC address from the router

Explanation: When a switch receives a frame with an unknown destination MAC address, it floods the frame out all ports except the port it was received on (unknown unicast flooding). This ensures the frame reaches its destination even though the switch doesn't know which port to use. When the destination device responds, the switch learns its port and updates the MAC table.

Q2.What is the purpose of configuring PortFast on a switch port?

A.To increase the port speed to maximum

B.To immediately transition the port to forwarding state, bypassing STP listening and learning

C.To allow the port to carry multiple VLANs

D.To enable the port to detect and prevent VLAN hopping

Explanation: PortFast skips the STP Listening (15 sec) and Learning (15 sec) states, transitioning an access port directly to Forwarding. This eliminates the 30-second delay that would otherwise occur when a device connects. PortFast should only be used on access ports connected to end devices (not switch uplinks) — always paired with BPDU Guard.

Frequently asked questions — Switching Concepts

What happens during a broadcast storm?

A broadcast storm occurs when broadcast frames loop through the network endlessly on redundant paths without STP. Each switch floods broadcasts to all ports, which re-enters other switches, which flood again — exponentially multiplying until network bandwidth is consumed. All devices receive and process the flood, CPUs spike, and the network becomes unresponsive. STP prevents this by blocking redundant paths.

Practice this topic

Network+practice questions

Test yourself on Switching Concepts

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime