On Dec 12, 2006, at 10:08 AM, Javier Henderson wrote:
The ARP table only contains information about machines on the directly connected collision domain(s).

Are you sure it's not the same broadcast domain?

Yes. The term "collision domain" predates the wide deployment of switches, and switches have to treat ARPs in a special fashion:

A computer on port A on a switch would be on a different collision domain than a computer on port B on the same switch, yet as long as they're on the same VLAN (ie, broadcast domain), both would have each other in their resepctive ARP tables if they were exchanging Ethernet traffic.

...in particular, ARPOP_REQUEST traffic will be propagated to every port on the switch which is configured to be a part of that VLAN, or, quite possibly, other ports including "trunk ports" or sometimes even ports configured on other VLANs. [1]

Many switches will do this for all ethernet packets with an ether_dhost (ie, destination MAC) of all-ones.


[1]: And yes, Virginia, this has negatory implications if your security relies on VLANs to actually be completely hidden from each other.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to