ARP Table Basics Explained

arpNetwork

I'm using the arp -a command to look at the ARP table on my personal computer. After executing the command it shows two types of addresses, dynamic and static.
What do the dynamic and static types mean in the table?

Best Answer

Static ARP entries are entries added to the ARP table manually using arp -s command.

Dynamic ARP entries are entries discovered dynamically using ARP protocol.

When the host needs to communicate with a new IP and does not know its physical address, it will broadcast an ARP request asking for the hardware/MAC address of the host that owns the IP. The owner will replay with a unicast message containing its MAC address.

Related Solutions

ARP Table – Troubleshooting Force10 ARP Table Filling Issue

I looked at the configs in your stack overflow question.

By way of review, this is your topology...

      Ten0/28  Ten0/28
Bldg_L----------------Bldg_S
F10 S25               F10 S25
  |                     |
  Vlan200               Vlan400
  10.2.0.101            10.4.0.101/16

The problem is that building L's switch proxy-ARPs to resolve 10.4.0.0/16 and building S's switch proxy-ARPs for 10.2.0.0/16... interface TenGig0/28 (your transit link between the buildings) is answering proxy-ARPs requests. Remove those 10-net statics and use...

Building L: ip route 10.4.0.0 255.255.0.0 192.168.1.2
Building S: ip route 10.2.0.0 255.255.0.0 192.168.1.1

The reason that a route like ip route 10.4.0.0 255.255.0.0 TenGigabit0/28 proxy-ARPs is because you are essentially telling the switch that the entire /16 subnet is directly connected to TenGigabit0/28 when you static route out an interface like this. Using an IP next-hop only requires an ARP entry for that specific next-hop.

You probably need to move the default gateway to a new interface on the Building L switch, so the whole subnet can default through 10.2.0.101 and either reach 10.4.0.0/16 or the internet.

Sorry to say it, but you are leaving yourself wide open to ARP resource exhaustion problems when you assign a /16 as a connected subnet... ARP is an unauthenticated protocol, and anyone on the LAN can flood the switch with ARPs and it has no choice but to cache / answer them... even for phantom addresses.

Proactively, you might consider DHCP snooping and dynamic ARP inspection, if your version of FTOS supports it. These feature normally require some thought and testing before deployment; however they are well worth using if you have 100s of kids with nothing more exciting than showing off their "hacking" skills. I did a quick search to see if Force10 supports what Cisco calls port security, but I couldnt find it; port security can be used to limit the number of macs learned on a switch port.

ARP table does not store devices responding to a broadcasted ping request

Your (unspecified OS) is apparently only populating it's cache based on hosts it has directly contacted. As it send a frame to FF:FF:FF:FF:FF:FF, none of the previously unknown responding nodes will be learned.

Best Answer

Related Solutions

ARP Table – Troubleshooting Force10 ARP Table Filling Issue

ARP table does not store devices responding to a broadcasted ping request

Related Topic