Module 9: Address Resolution

Module Objectives
Module Title: Address Resolution

Module Objective: Explain how ARP and ND enable communication on a network .

Topic Title Topic Objective

MAC and IP Compare the roles of the MAC address and the IP address.

ARP Describe the purpose of ARP.

Neighbor Discovery Describe the operation of IPv6 neighbor discovery.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
9.1 MAC and IP

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
MAC and IP
Destination on Same Network
There are two primary addresses assigned to a device on an Ethernet LAN:
• Layer 2 physical address (the MAC address) – Used for NIC to NIC communications
on the same Ethernet network.
• Layer 3 logical address (the IP address) – Used to send the packet from the source
device to the destination device.
Layer 2 addresses are used to deliver frames from one NIC to another NIC on the same
network. If a destination IP address is on the same network, the destination MAC address
will be that of the destination device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
MAC and IP
Destination on Remote Network
When the destination IP address is on a remote network, the destination MAC address is
that of the default gateway.
• ARP is used by IPv4 to associate the IPv4 address of a device with the MAC address
of the device NIC.
• ICMPv6 is used by IPv6 to associate the IPv6 address of a device with the MAC
address of the device NIC.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
9.2 ARP

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
ARP
ARP Overview
A device uses ARP to determine the
destination MAC address of a local
device when it knows its IPv4 address.

ARP provides two basic functions:

• Resolving IPv4 addresses to MAC
addresses
• Maintaining an ARP table of IPv4
to MAC address mappings

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
ARP
ARP Functions
To send a frame, a device will search its ARP table for a destination IPv4 address and a
corresponding MAC address.
• If the packet’s destination IPv4 address is on the same network, the device will
search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network, the device will search the
ARP table for the IPv4 address of the default gateway.
• If the device locates the IPv4 address, its corresponding MAC address is used as the
destination MAC address in the frame.
• If there is no ARP table entry is found, then the device sends an ARP request.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
ARP
Removing Entries from an ARP Table
• Entries in the ARP table are not permanent and are removed when an ARP cache
timer expires after a specified period of time.
• The duration of the ARP cache timer differs depending on the operating system.
• ARP table entries can also be removed manually by the administrator.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
ARP
ARP Tables on Networking Devices
• The show ip arp command displays the ARP table on a Cisco router.
• The arp –a command displays the ARP table on a Windows 10 PC.

R1# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.1 - a0e0.af0d.e140 ARPA GigabitEthernet0/0/0

C:\Users\PC> arp -a

Interface: 192.168.1.124 --- 0x10

Internet Address Physical Address Type
192.168.1.1 c8-d7-19-cc-a0-86 dynamic
192.168.1.101 08-3e-0c-f5-f7-77 dynamic

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
ARP
ARP Issues – ARP Broadcasting and ARP Spoofing
• ARP requests are received and processed by every device on the local network.
• Excessive ARP broadcasts can cause some reduction in performance.
• ARP replies can be spoofed by a threat actor to perform an ARP poisoning attack.
• Enterprise level switches include mitigation techniques to protect against ARP attacks.

• Use wireshark to capture ARP

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
ARP
Packet Tracer – Examine the ARP Table

In this Packet Tracer, you will complete the following objectives:

• Examine an ARP Request
• Examine a Switch MAC Address Table
• Examine the ARP Process in Remote Communications

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery Messages
IPv6 Neighbor Discovery (ND) protocol provides:
• Address resolution
• Router discovery
• Redirection services
• ICMPv6 Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages are used for device-to-device messaging such as address
resolution.
• ICMTPv6 Router Solicitation (RS) and Router Advertisement (RA) messages
are used for messaging between devices and routers for router discovery.
• ICMPv6 redirect messages are used by routers for better next-hop selection.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery – Address Resolution
• IPv6 devices use ND to resolve
the MAC address of a known
IPv6 address.
• ICMPv6 Neighbor Solicitation
messages are sent using
special Ethernet and IPv6
multicast addresses.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Presentation title
15

Prior to lab wireshark

• Use ipconfig /all to get the following information:
• PC IP Address
• PC MAC Address
• Gateway IP Address
• Gateway MAC Address
• DNS IP Address

• It is good to capture ICMP or ARP Packet

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15