hi dear
thank you for answer, so i understand from you the ARP table of switch will often time out!
and what about Router because i faced same issue , the idea behind that i want to know the ip of host from the switch
Hello Ridhwan.
ARP tables on all Cisco devices will time out after four hours by default. In general, using the ARP table of a Layer 2 switch to see the IP addresses of hosts connected to it is not very useful because the ARP table will only be populated if traffic is directed to or from the switch itself, and this does not happen very often. Actually, unless you specifically access the switch from a host, this will NEVER happen. So for a Layer 2 switch, using the ARP table is not an option to find the IP addresses of hosts.
If you look at the ARP table of the default gateway of the subnet, then you will have a list of the IP addresses that are in the subnet that have been active over the past few hours. This is a more suitable way to find what you’re looking for. If you are using a L3 switch, and an SVI on that switch as the default gateway, then this would be ideal. So whether a router or an L3 switch, the ARP table of the default gateway is the best choice to do what you need.
I hope this has been helpful!
Laz
Hi Rene,
I am new to networking and really network lessons is helping lot for me to learn more basics about networking. Thanks for that.
My doubt related to this topic is, For example i have a network as
Computer A (10.10.1.2) ---- Switch1 ----- Computer B (10.11.1.2)
Both were in different subnets, but connected to same swicth, In this case arp will get resolved here or for sure it needs some L3 device to reach different subnets.
Another question, When arp request is broadcast to all ports in the switch, Corresponding host which owns the destination IP will update its arp and send an arp response. I understood other device will drop the requests comes in. But before dropping will it update its arp table or it wont and only just drop the packets which is not destined to them.
Hello Thiyagarajan
If you have the topology you suggest, then any ARP requests sent by each computer will only exist within the subnet that each one is found in. For example, let’s say Switch1 has ports 1 to 12 on VLAN10 and ports 13 to 24 on VLAN 20. The subnet for VLAN 10 is 10.10.1.0/24 and for VLAN 20 it’s 10.11.1.0/24. If computer A sends an ARP request, it will go to hosts on ports 1 to 12. It will never reach the other ports or computer B. In order for computer A to reach computer B, you are correct, you require a L3 device. The switch may be an L3 device, and if so, it can be configured with SVIs that function as the default gateway of each subnet, so that computer A can reach computer B.
In such a scenario, ARP would be used to find the MAC address of the default gateway in order for the appropriate destination MAC to populate the field in the frame header.
Now for your second question, let’s say we have a situation where 10 PCs are connected to the same VLAN. PC1 is trying to send something to PC5. It doesn’t know PC5’s MAC address, so it sends an ARP request. Now PC3 also receives this ARP request too. What information is found within it? Well, we have the IP address of PC5, which the sender is using to identify which host we want the MAC address of. But there is no other information in that message that can be used to update any ARP table in PC3, so it disregards it completely.
I hope this has been helpful!
Laz
Hi Laz,
Thanks for your quick response.
One more query,
Computer A ---------- Switch ----- Router1 ------- Router2 ---- Switch ------ Computer B
When i try to reach out to Computer B from A, As both are in different network unable to reach VIA L2, I am forwarding it to default route.
Once it hits the default route (Router1) and while forwarding further what will be the source address of that packet.
* At present source address will be Computer A’s address (Source MAC and Source IP) and destination mac will be Mac address of Router1 and detsination IP is ComputerB IP.
* When it get forwaded from Router1 to Router 2, this source mac and ip address will get replaced with Router1’s address?
* If yes, Again while responding how it will get respond back to Computer A.
Hello Thiyagarajan
In your scenario, when communication takes place between Computer A and Computer B, the source and destination IP (L3) addresses remain the same from end to end, while the source and destination MAC addresses (L2) change from hop to hop.
- For the first hop, from Computer A to Router 1, the source MAC is ComputerA and the destination MAC is Router 1.
- For the second hop from Router 1 to Router 2, the source MAC is Router1 and the destination MAC is Router2
- For the third hop from Router 2 to Computer B, the source MAC is Router2 and the destination MAC is ComputerB.
When Computer A users ARP to find the MAC address of Router1, it sends an ARP request with the IP address of the default gateway, and not of the destination IP. That’s why it gets the MAC address of Router1 to place in the destination field.
Similarly, when Router1 sends an ARP request, it uses the IP address of the next hop router in that request, and receives the MAC address of Router2.
Finally, when Router2 sends an ARP request for the MAC address of Computer B, it uses the destination IP address in the request. This is because the router knows that the destination is on a subnet directly connected to one of its interfaces.
So ARP is used to find the MAC address that corresponds to the next hop IP, not the IP of the destination, except for the case where the next hop is the destination.
I hope this has been helpful!
Laz
Thanks for quick response, Helps a lot.
1 Like
Hi Laz,
I got one more query,
How does a system decides either to send an arp request for destination ip or for default route. Assuming arp table is empty now,
* Only if destination IP subnet belongs to any of the configured interface subnet then it will initiate arp for destination IP
* Even though if destination IP does not belongs to any of the configured subnet, will it raise arp request for destination IP before it raise arp request for default route.
Please clarify me on this.
Hello Thiyagarajan
Yes, you are correct. Think about it this way. A host has a packet that it wants to send to another subnet. It encapsulates the IP packet with the source and destination IP addresses. Once that’s done, it will then encapsulate that into an Ethernet frame. It uses its own source MAC address, and then takes a look at the destination IP. If it is in the same subnet as its own IP address, it sends an ARP request for the destination IP. If it is not in its own subnet, it will send an ARP request for the configured default gateway. ’
If a router has a packet and it wants to send it to the next hop router, it will not send an ARP request to the destination IP. Such an ARP request will fail, because ARP functions only within a single subnet/broadcast domain. (except for Proxy ARP which is another feature which we will not look at here). The only time the destination IP is used is if it belongs to the subnet on one of the router’s interfaces.
Remember, in the process of routing, ARP is used to find the MAC address that corresponds to the next hop IP, not the IP of the destination, except for the case where the next hop is the destination.
I hope this has been helpful!
Laz
Hi Laz,
Thanks a lot for a clear explanation.
1 Like
Why is in arp request protocol type IPv4, when there is no ip layer on the top?
Hello Jan
ARP itself is indeed a Layer 2 protocol as it functions only within a single broadcast domain/network segment. However, its function is to return the L2 address that corresponds to a particular L3 address. In most cases, this returns the MAC address that corresponds to a particular IP address.
Now the ARP packet itself has several fields including the Hardware Type (HTYPE) and the Protocol Type (PTYPE) fields. These fields contain the information pertaining to the network link protocol and the internetwork protocol being used for that particular ARP packet. In an Ethernet/IP network, the HTYPE is Ethernet (denoted by a value of1) and the PTYPE is IPv4 (denoted by the value 0x0800). This is simply information contained within the ARP packet, which does not mean that ARP actually functions at L3, but contains information about the type of L3 address involved in the ARP request.
I hope this has been helpful!
Laz
1 Like
Hi Rene, i understand what we use the ARP broadcost (FF:FF:FF:FF:FF:FF:), but i have one question. When we take for example this subnet : 1.1.1.1/30, the IP 1 to 2 are for devices, the 0 define the subnet and the last .3 is defined as broadcast IP. What is the utility of this boadcast IP ? Can you help to understand ?
Hello Willy
When you have a /30 network, you’re right, there really is no use for the broadcast address, since it would be the same as communicating with the other host on the network, since only two hosts exist. However, because the broadcast functionality is one that must function on all subnet sizes, it works the same regardless of the size of the subnet. There is no exception to the way broadcast works for /30 networks.
However, having said that, it is possible to create a /31 network on some networking equipment. Cisco supports such a feature. You can have an IP range of 192.168.1.10/31 for example, and this subnet would have a range from 192.168.1.10 to 192.168.1.11. This would have no network or broadcast address, but would function as a point to point link. This is a slight violation of the functionality of IPv4, but some vendors do support it, in order to save on addresses when implementing many point to point networks.
I hope this has been helpful!
Laz
Hi Laz,
Thanks for your return. But im still confusing (sorry, french is my mother language). For example, if we take 192.168.1.0/24,
- 192.168.0 is the network address : thats ok,
- 192.168.1-254 range allowed for device.
- 192.168.1.255 is the broadcast address.
My question is : What is the difference between the ARP broadcast address FF:FF:FF:FF:FF:FF and this broadcast address 192.168.1.155 ? That’s where i don’t understand. During an ARP request, the host using FF:FF:FF:FF:FF:FF. So what’s the utility of a broadcast IP Address ?
Thanks.
Hello Willy
No problem, no reason to apologize (French is a beautiful language, I wish I could speak it fluently!)
So let’s take a look at your example. Just to clarify, I think you have a typo in what you wrote, so let me write it out again. If we have 192.168.1.0/24, then we have the following addresses:
- 192.168.1.0 is the network address
- 192.168.1.1 to 192.168.1.254 are the host addresses
- 192.168.1.255 is the broadcast address.
Now, if you want to send a packet to all the hosts in the network, then you would place the 192.168.1.255 address in the header of the IP packet. The result is that all the hosts will receive such a packet. But how does that work? Because the 192.168.1.255 address is on Layer 3 of the OSI model. What happens when this is encapsulated into an Ethernet frame? Well, that’s where the FF:FF:FF:FF:FF:FF address comes in.
So the host which is sending this broadcast address places the destination IP of 192.168.1.255 into the IP header. This is then encapsulated into an Ethernet frame. From this IP address, we must find the destination MAC address to populate the frame header. The host knows that the IP address is the broadcast address, so the MAC address that must be used in the frame must also be a broadcast address. FF:FF:FF:FF:FF:FF is the broadcast MAC address that must be used. When a switch receives such a packet, it will forward it out of all it’s ports of the same VLAN, thus sending it to all hosts in the subnet.
Broadcast IP addresses are used by features such as DHCP and other mechanisms that allow a network to function. When the broadcast IP is used, the resulting destination MAC used in the encapsulating frame, FF:FF:FF:FF:FF:FF.
Now in the case of an ARP request, remember that ARP is a Layer 2 protocol, and it does not use IP addressing. So in such a case, a broadcast IP address would never be used. The ARP protocol will only use MAC addressing to get its messages to their intended recipients. So an ARP request, because it is always broadcast to all the hosts in the network segment, will use FF:FF:FF:FF:FF:FF as the destination MAC. The IP protocol is not involved here at all.
I hope this has been helpful!
Laz
1 Like
Hi Laz,
Thank you very for your return. Like we said in french “Ta réponse est claire et limpide”.
1 Like
Hi Rene / lagas Sir ,
Well appreciated , I need one help and suggestion as i am started switching configuration for practice purpose , would you please recommend the tool for practice purpose as gns 3 does not suuport switching topology .
Please share the download link and image of particular series of switch where i can practice and share the mop at initial level to set up a label .
Hope you understand my concern and suggest best to best …
Also as i am worked in media domain in a isp ,and my work basically on mpls L2 Vpn , Mpls tp and mpls TE level , Would you provide a deep drive in above terms to brush up my skills .
Regards’
Chaudhary Shivam Chahal
Hello Shivam
In the past GNS3 was not suitable for emulating switching features. However, this has changed. You can indeed use GNS3 for switching features including Etherchannel, STP, Port Security, DTP as well as ARP. Take a look at this GNS3 link for more information about this.
Alternatively, you can use VIRL which is Cisco’s official emulator, and includes all of these features as well.
Concerning information about MPLS, you can take a look at the MPLS course which includes much information about all of these concepts. You can see this course at the following link:
I hope this has been helpful! Stay safe and healthy!
Laz
1 Like
Sir ,
Thanks for reply , could you please tell me is the virl emulator is chargeable from cisco and how much ram and cpu speed they have consume .Please share the initial set up of lab as a beginner level in both GNS and VIRL Emulator If its is possible.
As i go through with mpls topic you mentioned , only L3 vpn and l2 Vpn (Metro etherenet ,L2 Connectivity through WAN ) is shared .I want to learn MPLS tp AND MPLS traffic enginnering too .Kindly help and provide deep drive about these concept please , as i m faced issue in configuration and deployment level in real scenerio , may be something is lack .Hope you understand my concern and do needfull accordingly .
rgds
shivam chahal