M7: Address Resolution

M7 CISCO NET DEV: Explain how ARP enables communication on a local area network.

Address Resolution Protocol

An IPv4 network protocol use to discover the MAC address of a device when you only know its IPv4 address.

MAC Address

A unique Layer 2 hardware address assigned to a network interface. Required for sending Ethernet frames on a local network.

Default Gateway’s MAC

If the destination IP is remote, you are looking for this Layer 2 hardware address.

Source MAC Address

The MAC address of the sender’s NIC.

ARP Request

A broadcast message sent when a device does not know the MAC address for a target IPv4 address and cannot find it in its ARP table. It asks: “Who has this IPv4 address? Tell me your MAC.”

ARP Reply

A unicast response sent only by the device whose IPv4 address matches the ARP Request. It provides its MAC address so the requester can update its ARP table and send frames correctly.

ARP Table

A temporary local table storing IPv4 → MAC mappings learned through ARP. Prevents repeated broadcasts. It is stored in RAM.

ARP Functions

1. Resolve IPv4 → MAC address

2. Maintain IPv4 → MAC mappings

ARP Lookup

When a device needs to send a frame, it checks the ARP table to find the MAC address that corresponds to the destination IPv4 address.

ARP Mapping

Each ARP table entry binds an IPv4 address to a MAC address. This binding lets the device know which MAC address to use when building the Ethernet frame.

ARP Cache Timeout

The time limit for how long an ARP entry stays in the table before being removed. This prevents outdated MAC mappings from causing communication failures.

Default Gateway ARP Resolution

When sending to a device outside the local network, the sender must know the MAC address of the default gateway. If it’s not in the ARP table, the device sends an ARP request for the gateway’s IPv4 address.

ARP Table Update

After receiving an ARP reply, the device stores the new mapping in the ARP table so future traffic can be sent without repeating the ARP request.

ARP Encapsulation

ARP messages are placed directly inside an Ethernet frame (Layer 2). There is no IPv4 header because ARP operates below IP.

EtherType 0×806

A special value in the Ethernet header that tells the receiving NIC: “This frame contains an ARP message.” This ensures the frame is passed to the ARP process, not IP or another protocol.

Static ARP Entry

A manually configured IPv4-to-MAC mapping that never expires. Rarely used because it must be manually added and removed.

Off-Network Traffic

When a host determines that the destination IPv4 address is not on the same Layer 3 network, it must send the packet to the default gateway, not directly to the destination device.

Gateway MAC Resolution

To send a frame to the default gateway, the host needs the MAC address of the router’s interface. If the ARP table does not contain this mapping, the host uses ARP to discover it.

ARP Spoofing

A security Risk. A malicious technique where a threat actor sends fake ARP Replies to trick a device into storing the wrong MAC address for a legitimate IPv4 address (often the default gateway).

Dynamic ARP Inspection

A security feature on enterprise switches that validates ARP messages and blocks spoofed ARP Replies.