A hub is a simple repeater. It forwards incoming frames out all ports except the incoming one. It operates at half‑duplex, causing collisions. All devices share bandwidth, so performance degrades as traffic increases. Hubs are obsolete in modern networks.
Switches (Layer 2)
A switch is a smarter device. It learns MAC addresses and builds a MAC address table (CAM table) to forward frames only to the intended destination port, reducing collisions and increasing efficiency.
How a Switch Works
Learning: When a frame arrives, the switch records the source MAC address and the port it came from. This populates the CAM table.
Forwarding: It looks up the destination MAC in the CAM table:
If found, the frame is sent only to that port (unicast).
If not found, the frame is flooded to all ports (except the incoming one) – this is called unknown unicast flooding.
Broadcast handling: If the destination MAC is FF:FF:FF:FF:FF:FF (broadcast), the switch ignores the table and floods the frame to all ports (like a hub).
Comparison Table
Feature
Hub
Switch
OSI Layer
Layer 1 (Physical)
Layer 2 (Data Link)
Forwarding
Repeats to all ports
Selective (based on MAC table)
Collision Domain
Single (shared)
Each port is its own domain
Bandwidth
Shared among all ports
Dedicated per port
Learning
No
Yes (CAM table)
Security
Low (all devices see all traffic)
Higher (traffic only to destination)
Security Considerations
Promiscuous mode: A NIC in promiscuous mode can capture all traffic on the wire. On a hub, this is easy. On a switch, an attacker would need to trick the switch (e.g., ARP spoofing) to receive frames not intended for them.
Broadcast storms: Excessive broadcast traffic can overwhelm switches and degrade performance.
MAC flooding: An attack that floods the CAM table with fake MAC addresses, forcing the switch to flood traffic (like a hub), enabling eavesdropping.
Practical Tips for Medical Networks
Use switches, not hubs, for security and performance.
Implement port security to limit the number of MAC addresses per port and prevent MAC flooding.
Monitor for excessive broadcast traffic (e.g., from misconfigured devices).
In medical environments, reliable communication is critical; switches provide deterministic performance.