5.4 Troubleshooting Tools
Basic Network Device Commands
📘CompTIA Network+ (N10-009)
1. What is ARP?
- ARP stands for Address Resolution Protocol.
- Its main job is to map an IP address (logical address) to a MAC address (physical address) on a local network.
- Every device on a local network has:
- A MAC address – unique hardware address of the network interface card (NIC).
- An IP address – logical address used for sending data across networks.
Why it matters: Computers need to know the MAC address of a device to actually send data on the local network. IP addresses alone are not enough for local communication.
2. What does show arp do?
- The
show arpcommand is used on network devices (like switches and routers) to view the ARP table. - ARP table = a list that contains the mapping of IP addresses to MAC addresses.
- It shows which devices (IP) correspond to which hardware addresses (MAC) on your local network.
3. Typical show arp output
Here’s an example of what you might see:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.10 5 00:1A:2B:3C:4D:5E ARPA FastEthernet0/1
Internet 192.168.1.20 2 00:1B:3C:4D:5E:6F ARPA FastEthernet0/2
Explanation of columns:
| Column | Meaning |
|---|---|
| Protocol | Type of protocol (usually Internet for IPv4). |
| Address | The IP address of the device on the local network. |
| Age | How long the entry has been in the ARP table (in minutes). |
| Hardware Addr | The MAC address of the device. |
| Type | Type of ARP mapping (ARPA is standard Ethernet). |
| Interface | The local interface through which the device is reachable. |
4. Why is show arp important in troubleshooting?
The show arp command is very useful for network troubleshooting. Here’s how:
- Verify device connectivity on a local network
- If a device’s IP address is in the ARP table, the network device can reach it.
- If it’s missing, the device may be offline, disconnected, or there may be a network problem.
- Identify MAC addresses for security
- You can check if any unknown device is connected to your network.
- Example: A network administrator sees an unfamiliar MAC in the ARP table – could indicate a new device or unauthorized access.
- Resolve IP conflicts
- If two devices have the same IP address,
show arpcan help identify which MAC addresses are associated with the duplicate IP.
- If two devices have the same IP address,
- Check proper routing
- On routers, the ARP table confirms whether the device knows how to reach devices on directly connected networks.
5. How show arp is used in real IT environments
- Switch troubleshooting:
- A network engineer sees a device not communicating. They run
show arpto check if the switch has a MAC address for the device’s IP.
- A network engineer sees a device not communicating. They run
- Router troubleshooting:
- When a router cannot forward packets to a local subnet,
show arpconfirms if the router knows the device’s MAC address.
- When a router cannot forward packets to a local subnet,
- Security monitoring:
- Detect unknown devices by looking for unexpected IP-to-MAC mappings.
6. Important points for the exam
- Remember: ARP only works for devices on the same local network (LAN).
- Command variations:
- On Cisco devices:
show arp - On Windows:
arp -a - On Linux/Mac:
arp -norip neigh show
- On Cisco devices:
- You don’t need to memorize the full table format, but know the key purpose: mapping IP addresses to MAC addresses.
- Practical uses: verification of connectivity, troubleshooting local network issues, security monitoring.
7. Quick Summary
- Command:
show arp - Purpose: View ARP table (IP → MAC mapping)
- Why important: Helps troubleshoot LAN connectivity, detect unknown devices, and verify device communication
- Real IT use: Network admins check device connections, resolve IP conflicts, and monitor security.
