ARP (Address Resolution Protocol)

  • Resolves a MAC address for a given IP address.
Detailed Description
  • Time-Outs in the ARP cache:

The entries in an ARP cache have a limited lifetime. Entries are deleted unless they are refreshed. The typical lifetime of an ARP entry is 2 minutes, but much longer lifetimes (up to 20 minutes) have been observed. You may want to verify when your Linux system does remove ARP entries automatically after a certain amount of time.

  • Refreshing the ARP cache:

In Linux you will observe that a host occasionally sends out ARP requests to interfaces that are already in the ARP cache.

Example: Suppose that a host with IP address has an ARP cache entry:

<> is-at <00:02:83:39:2C:42>

This host occasionally sends a unicast ARP Request to MAC address 00:02:83:39:2C:42 of the form

Who has Tell 

to verify that the IP address is still present before deleting the entry from the ARP cache.

Useful Commands

Common IOS uses of the ARP command

show ip arp

-Displays the contents of the ARP cache

clear arp

-Deletes the entire ARP cache

arp IPaddress

-Adds an entry for IPaddressto the ARP cache

no arp IPaddress

-Deletes the ARP entry for IPaddressfrom the ARP cache

Common Linux uses of the ARP command

arp -a
-Displays the content of the ARP cache
arp -d IPAddress
Example: arp -s 00:02:2D:0D:68:C1

-Deletes the entry with the IP address IPAddress.

arp -s IPAddress MACAddress

-Adds a static entry to the ARP cache that is never overwritten by network events. The MAC address is entered as 6 hexadecimal bytes separated by colons.

ip neighbor flush all

-Deletes all ARP entries from the ARP cache.