3560 Switch Show ARP

Unanswered Question
Dec 20th, 2007

I have a few 3560 switches and if I log into them via a console cable and type show arp, I only get the switches IP and one other system that pings everything on the network to verify it is up. All the other ports with systems connected and working do not show up. I thought as soon as you plugged a system into a port the switch should cache that info for a while to decreased broadcasts? Something else I can do to get that working? On a side note, if I ping the switch itself from my system, my IP will show up, but that is all.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mikepinto Thu, 12/20/2007 - 07:52

You can use the 'show mac-address-table' command to see devices connected to the switch. This is the table that gets populated to limit Layer 2 broadcasts. The show arp command will display results for devices that have sent an ARP and the SVI on the 3560 responds. Show arp will match IP and MAC address, and show mac-address-table will match MAC address with switch port learned from. Hope this helps.

kscanlan7420 Fri, 12/21/2007 - 05:49

Thanks, I have a follow on question to this and just focusing on say one 3560 switch. I see all the mac addresses when I do the show mac... but for some reason I still see a lot of broadcasts on this switch. I had someone more familiar with the switch doing a test for another subject. They had set up to monitor their laptop plugged into port 35 and their server plugged into port 40. Using ethereal to capture that traffic, it showed for about a minute of traffic 25% was broadcasts. Just trying to see why if the mac addresses are all in there, all those systems are still sending broadcasts.

Richard Burts Fri, 12/21/2007 - 12:16


If you have an ethereal packet capture of the traffic it might be helpful to look at some of the broadcasts frames and see what kind of traffic they are. There are several things that can produce broadcast traffic in a switched environment some of which are normal (not a problem) and some are abnormal. At a customer site they typically configure the router interface where end stations are connected with the command:ntp broadcast. This is to make it easier for any end station to maintain correct time. It accounts for a fair amount of broadcast traffic. It is possible that some station (it might be a router or it might be a Windows device with ip routing enabled) is running a protocol like RIP which sends out broadcast traffic. It could be that some station(s) are ARPing for some address that does not respond and they continue to generate the ARP request. I recently looked at a situation where a router was configured with a static default route which pointed to a FastEthernet interface (rather than pointing to the next hop address) and the result is that the router must ARP for the destination address of every packet that it forwards on that static route.

There might be other causes but this is enough to give you an idea of what might be causing the broadcast traffic.



dgahm Fri, 12/21/2007 - 12:31


Unknown mac address frames are flooded out all ports except the receive port, but the destination address is still the unicast mac. Broadcasts are frames with a destination mac of all 1s (FF-FF-FF-FF-FF-FF). The broadcast traffic you are seeing is not related to the presence, or absence, of mac addresses in the forwarding table.

Please rate helpful posts.



This Discussion