3

I've got a Dell 5424 with about 20 machines directly attached to it. I did a ping sweep of my network (and got answers from all 20), then went to the CLI of the switch and did show arp. To my surprise, I only see two arp entries: one for my router, and one for the machine I'm SSHed into to do this work.

What the heck is going on here? It's not that there's another switch in place, these machines are directly connected to the switch. Is my expectation of all those arp entries on my switch mistaken?

If I use ping (machine) from the CLI, that machine's MAC shows up on the port I would expect it to in the arp table. The arp timeout is set to 3600, which seems a bit low to me, but is the default on this switch. The time between my ping sweep and my show arp was way lower than that.

Aaron
  • 2,968
  • 1
  • 22
  • 36
Bill Weiss
  • 10,782
  • 3
  • 37
  • 65
  • 2
    I'd expect there to be a MAC address entry in the table for every device directly connected to the switch.. As for what's happening, I've no idea. – Tom O'Connor Dec 08 '11 at 22:04
  • Ok, good, my expectation isn't wrong :) – Bill Weiss Dec 08 '11 at 22:05
  • 6
    It is. Use [`show mac-address-table`](http://support.dell.com/support/edocs/network/5p788/clig/address.htm) to see the learned MAC addresses - the switch does not care about IP addresses as long as it is just switching for Ethernet, thus, you would not have ARP entries. – the-wabbit Dec 08 '11 at 22:12
  • 4
    On this switch, it's `show bridge address-table`, it seems. – Bill Weiss Dec 08 '11 at 22:23

5 Answers5

7

Unless a switch is doing ARP snooping, it doesn't need to care about devices that aren't directly communicating with an IP address that it owns.

If it were the router for the subnet, then you could reasonably expect it to have an ARP entry for most of the nodes on the network (at least the ones communicating outside the subnet actively); since it doesn't sound like it is, all it needs to do is track which MAC address is behind which port and send each frame to the port that contains that MAC address. The MAC address table (translating MAC addresses to ports) is separate from the ARP table (translating IPs to MACs).

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
6

As Shane and Aaron stated, the ARP table is the ip address to MAC address mapping table and would only be populated with entries for hosts that were communicating WITH the switch, not for hosts communicating THROUGH the switch. What you're after is the MAC Address table, which is the MAC address to port mapping table, which is what the switch uses to forward frames to the correct port/host.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
4

You probably want show mac address instead of show arp - arp is the relation of L3 (IP) to L2 (MAC) addresses, and the switch doesn't generally care about IP addresses (some caveats apply, management, etc)

Aaron
  • 2,968
  • 1
  • 22
  • 36
1

PowerConnect 3448:

SW version    1.0.1.13 ( date  20-Feb-2006 time  09:52:44 )
Boot version    1.0.0.12 ( date  04-Apr-2005 time  15:46:33 )
HW version    00.00.01

This worked for me:

show bridge address-table vlan 1
Dominic Cleal
  • 3,120
  • 17
  • 16
Todd Killian
  • 11
  • 1
0

If you're specifically interested in the MAC addresses that correspond to the IP addresses on your network, you want your computer's arp cache, not the switch's. If that's the case, run arp -a after doing your ping sweep. As was mentioned in the other answers, the switch doesn't care about the IP addresses of hosts that are only communicating through it.

If you have a Linux host available, check out the arp-scan utility.

Charles Burge
  • 758
  • 6
  • 16