46
16
In my TL-WR1043ND I have these functionalities and both of them pair an IP address to a MAC address. What is the difference?
I read that ARP is for security reasons, others say it is for Wake-on-LAN. I also read there is no difference, but in that case, why do we have both?
totymedli
Posted 10 years ago
Reputation: 4 004
47
"DHCP address reservation" specifically means that the router will always offer the given address whenever the host asks for one using the DHCP auto-configuration protocol.
However, only DHCP offers were made static, but the router's IP→MAC neighbour cache (aka the ARP cache) is still filled in dynamically using ARP.
Meaning, if you bypass DHCP and manually configure another host to use the reserved address, it'll work. As soon as the "IP → old MAC" cache entry expires, the router sends a new ARP query, learns the new MAC address, adds "IP → new MAC" to the ARP cache, and packets go to the 'new' host.
"ARP binding" won't necessarily affect DHCP, but it does add a fixed IP→MAC entry to the router's neighbour cache.
If another host tries to use the same IP address, the router won't know that. It will trust the fixed IP→MAC binding, and will always send packets to the "bound" MAC address, even if the host is actually offline.
(Note, though: When two hosts within the same subnet communicate, they don't go through the router but send packets directly to each other. So they'll use their own neighbour caches, but will not be affected by the ARP binding done on the router. Only Internet traffic will be affected.)
So far, ARP binding primarily sounds like a security feature – it partially avoids "ARP spoofing" attacks, and works even if DHCP is turned off entirely.
At the same time, though, it can cause even greater confusion, if the router thinks IP address X was bound to MAC X, but the rest of the LAN has learned that it is in fact MAC Y...
It is also not terribly secure since Ethernet MAC addresses are trivial to change or spoof. To make it useful, all switches on the LAN would also need the "sticky MAC address" feature enabled.
I can see it being somewhat useful for Wake-on-LAN, though probably not much better than just broadcasting the magic wake packet.
user1686
Posted 10 years ago
Reputation: 283 655
2Finally an answer where I can see what is the difference and not just see a description what the two thing does. Thanks! – totymedli – 10 years ago
Based on your question i didn't think that you want a big answer. – Suzana – 10 years ago
Is the verdict that it's not needed for the average user, then? The only purpose is for enhanced security? I don't particularly need the security, I just like to do things right. – felwithe – 9 years ago
@felwithe: DHCP reservation can be useful, for example if you have a Wi-Fi printer that tends to "forget" its lease otherwise. But ARP binding is useless for most people. – user1686 – 9 years ago
So, is it safe to configure both entries (only need it for port forwarding and WOL)? – Alek Davis – 7 years ago
4
In some networks, there are some hosts that need to have fixed IPs addresses, say for example : a server, printer... etc which will facilitate the access to them for users and applications, and in order for your network to use the Dynamic Host Configuration Protocol (DHCP) which attribute IPS to hosts) and for those fixed hosts to use a fixed IP, there is this option of "MAC to IP" in your router which reserves those IPs and never give them to other hosts whom they will have different IPs over time.
ARP is : Address Resolution protocol, it is used to get the MAC address from an IP address and is mostly used in Local Area Networks (LAN), and is known to be used by attackers to redirect network traffic as in the Man-in-the-Middle attacks.
The Wake-on-LAN depends on the MAC address to function because when a PC is off and WOL is enabled, the only access to it is thought its MAC address.
Suzana
Posted 10 years ago
Reputation: 399
Not sure if duplicate of https://superuser.com/questions/633945/dhcp-reservation-vs-mac-address-filtering-are-they-the-same-security?rq=1
– user1686 – 10 years ago@grawity No. MAC address filtering and ARP binding are different things. The first is for managing who can access the network, while the second is for assigning IP addresses. – totymedli – 9 years ago