Applied ARP – Answers

 In 200-301 V2 Ch06: Port Security, 200-301 V2 Part 2: Security Services, CCENT-OLD, Q&A

Do you do well with configuration, but then get confused about what happens behind the scenes? Do you know how to configure a layer 2 switch’s IPv4 address, but get confused about how it uses that address in relation to IPv4 packet forwarding? Do you get confused between layer 2 MAC address tables (which list MAC addresses) and ARP tables (which also list MAC addresses)?

This latest practice question appears to be a simple question about how networks use ARP, but it also requires you to think about some of these issues raised above. After reading this question, you will probably agree that adding a “Common Mistake” video to the CCENT Exam Prep LiveLessons product that addresses some of these questions related to ARP was a good idea.

Anyway, as usual, check out the question post first, and choose your own answers. Then come back here for the answers and the explanation.

The Answers:



ARP: Generic

ARP does the following:

  • Beginning with a known IPv4 address…
  • Learn the MAC address on a locally-attached LAN…
  • That uses the MAC address.

For instance, if a router needs to forward an IP Packet to a host on a connected LAN-based subnet, the router will use ARP to learn that host’s MAC address.


ARP: Applied – Local (Connected) Subnets Only (Answers A, B Incorrect)

The challenge that seems to crop up all the time is that people understand the above generic description of ARP, but don’t think about how it is actually used as a result. There are several key points to consider. First, think of these two related points:

  • ARP discovers MACs on the local subnet only
  • ARP does not discover MACs on remote subnets

In this question, which asks about the ARP table on router R2, the only local (aka connected) subnets are the subnets listed as subnets 12 and 23 in the updated figure for this question.


Figure 2: The Network for the ARP Question, with Subnets Marked

Note that this logic rules out answers A and B.


ARP: Applied – LAN Only (Answer E Incorrect)

The next application point that matters to this question is that ARP works on LANs. You may have seen variations of ARP used with other WAN technologies, like Inverse ARP, used with Frame Relay, which was part of CCNA for a long time but fell out of the CCNA Exam topics in 2016. However, those other protocols create another protocol that acts somewhat like ARP, but in other ways not like ARP. ARP, and the data it collects in a router (as shown by a router with the show arp command), relates specifically to the IPv4 ARP protocol that works on LANs, and not WANs.

As another point, point-to-point serial links like the link between R1 and R2 can use of of several data link protocols, most likely HDLC or PPP. Neither of these protocols use MAC addresses. ARP by definition lets a host/router learn another device’s MAC address… so R2 will have no ARP entries related to its serial link connected to R1 in this case.

Note that for this question, that fact rules out any answers that related to ARP table entries related to subnet 12 in the revised figure. In other words, ARP does not apply to the WAN link between R1 and R2, and it rules out answer E.


ARP: Not Needed for Layer 2 Switch Forwarding (Answer D Incorrect)

Another common mistake is getting a little confused about how layer 2 switches use ARP. Layer 2 switches forward Ethernet frames based on their destination MAC addresses. They also can have (and typically do have) IPv4 addresses, so that they use ARP. In particular:

  • Layer 2 switches can use ARP in support of its need to send/receive IPv4 packets for management. However…
  • Layer 2 switches do not need to use ARP to perform layer 2 forwarding.

These two facts rule out answer D. The question stem asked about ARP table entries on R2 that mattered to the messages created as a result of the ping command issued on host A. For those messages, SW2 forwards the Ethernet frames that hold the ping messages, that is, SW2 acts as a layer 2 switch. R2 does not need an ARP entry for SW2’s management IP address for the purposes of delivering these messages.

Note that R2 may well have an ARP entry for SW2’s management IP address, but as worded, that entry isn’t needed, making answer D incorrect.


Answer C: Correct

Of all the answers, only answer C lists something about a device that uses Layer 3 (IPv4) logic and is on a LAN-based subnet connected to router R2.


Applied ARP
OSPFv2 Enabler #2
Notify of

Newest Most Voted
Inline Feedbacks
View all comments

So it looks I’ve learnt something after all. Thank you Wendell! One thing though, does this mean that a serial cable between two routers always indicate there is a WAN? Because I didn’t make up that part out of the question.


Hi Jeroen,
Short answer – yes. Funny you ask, it used to be that ICND1/CCENT had at least some WAN detail, and now it has zero per the exam topics at least. So it’s hard for this old dog to remember to not assume that folks know even the basic assumptions about WAN links at this point in their reading. Anyway… Yes, that lighting bolt style line implies a point-to-point serial link, which typically uses HDLC or PPP and physically uses a serial interface (which isn’t a LAN interface). The Data Link protocols also don’t support a data link broadcast, which would keep ARP from working anyway. Hope this helps!


👍🏻 You’re doing an invaluable job with this blog.


This was great…thought of the link between R1 and R2 looked a bit different, but didn’t consider it when I answered.

I’m still confused about Option C – “An entry for one of router R3’s IP + MAC addresses”.This means that R2 show arp would list the R3’s IP address, but the SW2 MAC address…right?

Keep them coming…I’d keep trying if you don’t mind 🙂


You can see why this topic made the cut as a “Common Mistake” topic in my new CCENT LiveLessons, huh? Lots of places to get confused.

To your question, R2’s ARP table would not list SW2’s MAC address, at least for the purpose of forwarding those ping messages. Say R3’s left-side interface is address, MAC 0200.3333.3333. That’s what would be in a matched pair in the output of R2’s show arp command.
Also, think about encapsulation. When R2 forwards the IP packet to the right, with R3 as the next-hop router, R2 encapsulates the packet in a new Ethernet data link frame. The destination MAC of that frame is… R3’s left-side interface MAC address (0200.3333.3333 per the above example). That reinforces the idea that R2 need not know about MAC addresses on the switch itself (which again is a common mistake to make.)
As an exercise, map out the data link headers used on each link, and in each direction. On the LANs, that’ll show what MAC addresses are needed in the respective ARP caches.


Thank you!




So would SW2 show up on R2’s MAC table?


Not for the purpose of forwarding the messages (as noted in the question). It might show up for other reasons, eg, if R2 needed to forward a packet to the switch’s management IP address.


Hello Wendell !!
I got tricked into answering C and E. I only looked at the nearest gear that needs ARP to work, and completely ignored everything else!
With my 100-105 exam so close, this was once again invaluable!
Thank you for all of this!

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Would love your thoughts, please comment.x