MAC table, filter table, or Content addressable memory (CAM) table refers to a dynamic table in a network switch that maps MAC addresses to ports. It is the essential mechanism that separates network switches from network hubs.
An Ethernet switch's role is to copy Ethernet frames from one port to another. The presence of a CAM table is one attribute that separates a switch from a hub. Without a functional CAM table, all frames received by a network switch would be echoed back out to all other ports, much like an Ethernet hub. A switch should only emit a frame on the port where the destination network device resides (unicast), unless the frame is for all nodes on the switch (broadcast) or multiple nodes (multicast).
Generally, the CAM table is a system memory construct used by Ethernet switch logic to different Media Access Control (MAC) addresses of stations to the ports on which they connect to the switch. This allows switches to facilitate communications between connected stations at high speed regardless of how many devices are connected to the switch. The CAM table is consulted to make the frame forwarding decision. Switches learn MAC addresses from the source address of Ethernet frames on the ports, such as Address Resolution Protocol response packets.
CAM tables are often the target of layer 2 network attacks in a local area network to set up man-in-the-middle attacks. A threat agent which has control of a device connected to an Ethernet switch can attack the switch's CAM table. This attack usually involves exploiting a vulnerability in switch design that appears when the switch runs out of space to record all of the MAC address to port mappings it learns. If the table fills up due to MAC flooding, most switches are no longer able to reliably add new MAC addresses.