Forward it; Flood it; Filter it

A cisco switch will do one of three things to an incoming frame (remember, a switch is a layer 2 device -> Data link layer -> Frames):

• Forward it
• Flood it
• Filter it

The decision is based on the MAC address table. The MAC address table is created based on the INCOMING address in the frame. If the incoming frame source MAC address isn't listed in the table, the switch will add it to it's table with the Vlan, the type and the port it's connected to, i.e. 

• Forwarding happens when the switch has an entry for the destination MAC address in it's MAC address table and forwards the frame out a single port. 

• Flooding happens when the switch doesn't have an entry for the destination MAC address in the MAC address table. The frame gets sent out every port on the switch except for the one it came in on.

• Filtering happens when the switch has an entry for both the source and destination MAC address AND the MAC table indicates that both addresses are found to be on the same port.

If a host gets disconnected from one port and connected to another, the switch will notice that the incoming frame source MAC address is now on a different port and updates it's MAC address table accordingly.

Once the switch decides to either forward or flood, it also must figure out which processing method to use:

• Store-and-forward
• Cut-through
• Fragment-free

With the store-and-forward method, the switch stores the entire frame on the switch. After checking the FCS (frame check sequence) for corruption, it continues forwarding on the frame. I.e. more error detection.

With cut-through it will forward on the frame without reading the FCS even before all the frame has been received. This means it's faster, but with less error detection.

With fragment-free, the switch only checks the first 64 bytes for corruption as it assumes that if there is going to be any corruption, it'll happen in the first 64 bytes. This is considered to be the middle ground between the two above.