Certification‎ > ‎


This is official Cisco CCENT certification material.


In order for a host to communicate with another host on a network, it must know the hardware address (MAC). ARP is responsible for doing this job. ARP is used to connect the OSI Layer 3 (Network) to OSI Layer 2 (Data-Link) by linking an IP address to a MAC address. If a MAC address is not known, the host will broadcast an ARP request to find the MAC address. Once the MAC address is known, the host will store it in its ARP table.

There are two types of ARP entries, static and dynamic. Dynamic ARP entries are the most common although static ARP entries can be used as well. ARP can be compromised by what is called ARP Spoofing or ARP Poisoning.

ARP Process:
  1. Data is sent down to Layer 3 (Network Layer) and added to a PACKET for the destination IP address.
  2. The Packet is passed from the Network Layer to the Data-Link layer where it needs a MAC address.
  3. Based off the Subnet address of the destination PC, is the data local (LAN) or remote (WAN)?
    1. Local (LAN)
      1. The sending host will now check it's ARP table to see if it has the MAC Address of the destination host.
      2. Is the destination's IP address mapped to a MAC address in the Sending host's ARP table?
        1. Yes
          1. The Packet is encapsulated in a FRAME.
          2. The FRAME is sent to the destination host.
        2. No 
          1. The Sending host broadcasts an ARP request to all hosts on the same broadcast network. 
          2. The Destination host responds to the ARP request with its MAC address and is sent back to the sending host.
          3. The Sending host updates its ARP table by mapping the IP address with the MAC address of the destination host.
          4. The Data is sent to the destination host.
          5. The Packet is encapsulated in a FRAME.
          6. The FRAME is sent to the destination host on the LAN.
    2. Remote (WAN)
      1. The Packet is encapsulated in a FRAME.
      2. The FRAME is sent to the the default gateway of the Sending host's network interface, which is the NIC interface on a ROUTER.
      3. Since the data was sent to, and accepted by the router's interface, the ROUTER will unpack the FRAME, and send the PACKET to Layer 2.
      4. The ROUTER will see that the PACKET is intended for a different network interface and needs to be routed.
      5. The Router will look in it's routing table for the closest match to the destination IP address in order to find what interface to send the packet out on.
      6. When a match is found, the Router re-packs the PACKET into a new FRAME and sends the data out the appropriate interface.
      7. The data hops from one router interface to the next until it reaches the appropriate network interface.