Max ARP Entries and Max Mac Addresses Are Different

In a datasheet I saw, the number of max arp entries are 4094. However, the maximum mac addresses are 16384.
Can anyone tell me why there is a difference in the number of mac and arp entries.
I thought that both work together?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

DCD

ARP is a layer 3 and MAC is later 2.

JDMurray

The maximum number of ARP entries where? The maximum number of MAC addresses in what? What is the context?

kaiju

ARP table bridges layer 2 to layer 3 by binding MAC addresses(L2) to IP addresses(L3).

MAC tables map MAC addresses to physical interfaces.

CAM tables track MAC addresses and on which ports they appear.

And then you have to look at the refresh and timeout for each table but generally dynamic ARP entries expire earlier to prevent them from becoming stale, causing conflicts when a device moves and/or wasting space. For those reason and more, the ARP table does not need as much space as the MAC table.

DCD

I’m guessing your using a Catalyst 9300 switch or similar switch and to add kaiju ARP maps to MAC address and and MAC is in the CAM table and ARP is in the TCAM table. CAM is layer 2 and TCAM is layer 3.

JDMurray

ARP and CAM Table

Cisco: CAM (Content Addressable Memory) VS TCAM (Ternary Content Addressable Memory)

foreverlearning

There should be a 1-1 correlation between the number of mac address and ip address right?
Each device has 1 NIC card which can only be assigned one ip address.
So why mac address much more than arp entries allowed?

DCD

What about the default gateway?, and if you are doing VoIP you have two mac address per port. How about this Cisco 2950 switch on a ROAS where does the arp table sit?

foreverlearning

DCD said:

What about the default gateway?, and if you are doing VoIP you have two mac address per port. How about this Cisco 2950 switch on a ROAS where does the arp table sit?

I dont understand what is ROAS?

DCD

Router on a stick. You connect your switch trunk port to a router interface with sub-interfaces.

foreverlearning

Image: https://us.v-cdn.net/6030959/uploads/editor/3j/qjequuyxina5.jpg

Isnt it peculiar, I can have 16384 mac addresses but 4094 arp entries.
Every device have a mac and ip address no?

JDMurray

16K total entries in the MAC table with up to 4K of those being dynamically assigned via the ARP protocol perhaps?

And every IP network interface has a MAC and IP address provisioned for it. Any IP network-capable device may have multiple network interfaces.

DCD

If you use port security with static or sticky address and a CAM attack. You won't use IP address if you do have the devices connected and a CAM attack doesn't require IP address.