Answer: Predicting ARP Messages 1

 In 200-301 V1 Ch03: Intro Routing, WAN, CCENT-OLD, Q&A

This latest #CCNA / #CCENT question uses a specific scenario: a working ping, a clearing of a switch MAC address table, and a repeat of the ping. The scenario hopes to make stretch a bit and think outside the box. Take a look at the original question before checking the answers and explanations listed below the fold!


G: 0 ARP Requests are sent



Honestly, this question features the distractors, rather than the typical operations of how ARP and MAC tables work. As a result, the correct answer shows that no devices needed to send new ARP Requests. To see why first consider the IP forwarding logic used on hosts and routers (but not on layer 2 switches).

To deliver packets from the source host (A) to destination host B, the hosts and routers work together. They think about forwarding the IP packets, encapsulating those packets, and having appropriate ARP tables so that they can build the correct new data link headers when encapsulating the packets.

The layer 2 switches do not perform any encapsulation on the messages – that is true of all layer 2 switching. Instead, layer 2 switches receive an Ethernet frame and forward the Ethernet frame, without stripping the Ethernet header/trailer (de-encapsulation) or adding a new Ethernet header/trailer (re-encapsulation). As a result, they do not need an ARP table for that purpose, because an ARP table supplies some of the information used when encapsulating an IP packet into an Ethernet frame.

In short, the hosts and routers need ARP table entries to support forwarding the packets holding the ICMP messages for the ping commands, but the switches do not.


Figure 1: Devices and Their Need for ARP Tables in this Question


Sifting Through the Distractor Technology

The question forces you to think about a couple of major distractors. First, what about that clearing of switch SW2’s MAC table? Even if you agreed about the ARP table entries required on the hosts and routers, does the process of clearing SW2’s MAC table cause issues for the ARP tables on the hosts or routers? It sure creates a little heartburn if you have never thought about it, that’s for sure. But no: The hosts and routers do not change their behavior at all based on changes to the neighboring switches’ MAC tables.

The other distractor – probably the more likely mistake people make – is to think that switches also need ARP table entries when forwarding packets. Let me put the critical ideas in bullets:

  • Layer 2 switches do NOT use an ARP cache during the process of receiving and forwarding Ethernet frames.
  • Layer 2 switches do NOT use an ARP cache when learning new entries for their MAC address tables.
  • Layer 2 switches DO use an ARP cache for IP Packets to/from the switch’s management IP address.

Remember switch forwarding logic? A frame arrives. The switch determines the incoming frame’s VLAN, compares the frame’s destination MAC address to its MAC address table, and makes a forwarding decision. No encapsulation, no use of ARP. Also, the switch learns MAC addresses based on the source MAC address of the frames – a process independent from ARP, and for a different purpose than ARP.

Finally, the last distractor might be wrapped up in the whole idea of who needs to ARP for whom. If you start thinking about the beginning, what ARP table entries do each device need to discover? Which ARP table entries would not be needed? You may have been thinking about those details first, given the context of the question, especially if you thought that the clearing of the MAC address table caused a clearing of all or some of the ARP caches. For this post, I will leave that discussion for a later question – one that uses a scenario which requires at least one ARP Request.


Live Courses from Wendell, and Common Mistakes

I will be teaching Live courses this year, free to anyone with a SafariBooksOnline subscription. The first one, “Acing the CCNA Exam: Top 10 Tactics and Other Insights”, is a 3-4 hour course that focuses on picking up enough points to pass the CCNA Exam. At least half the class discusses scenarios like the one in this question, with challenging distractors – distractors that can be the most common mistakes people make on the exam. Come join in the fun! The next class is Feb 8th, 2018, with another one scheduled for March 21st.

I’ve been summarizing the most common mistakes people make in these kinds of questions at the end of the question explanations in posts this year as an extra help to those people taking the “Acing” courses. Here’s a summary of facts you need to know which then let you avoid those common mistakes:

  • Hosts and routers need ARP tables, because they encapsulate IP packets into Ethernet frames.
  • Layer 2 switches do not need ARP tables for the purpose of forwarding frames.
  • Layer 2 switches do need and use ARP tables to support the sending of IP packets for their management IP address.
  • Both the MAC address table of a switch, and an ARP table on any device, includes MAC addresses. However, the processes that use them are independent from each other.
    • The clearing (or timing out of entries) of a MAC address table on a switch does not cause the ARP tables of connected devices to change.
    • The clearing (or timing out of entries) of an ARP table on a host or router does not cause a neighboring switch’s MAC table to change.




Predicting ARP Messages 1
Wendell is Teaching Again! Live Courses on Safari.
Notify of

Newest Most Voted
Inline Feedbacks
View all comments

You mentioned in Part II of the ICND1 book to assume that the test will be referring to switches as Layer 2 unless specifically mentioned as Multilayer. This seems like a good example of keeping that in mind, thanks.


you’re welcome!


Hi Mr. Wendall,

Your topics are precise and to the point. It’s a wonderful explanation given in this example. Could u please replicate the scenario with multilayer switch. Appreciate your help.


Another way to think about the ARP process is that routers and PC maps the IP addresses with mac addresses. Switches doesn’t do that. Mostly the switch only used like what Wendell says about switches for “IP Packets to/from the switch’s management IP address.”

Thanks for the sparking my mind!


Thank you.
This question was very helpful!


Thanks Mr. Wendall. In the scenario presented in this question, what would SW2 do with the frame that it recieves? (Let’s assume there’re more hosts connected to SW2)
Would it broadcast the frame it recieved since it doesn’t have the MAC address of server(B)? Or something else?

Would love your thoughts, please comment.x