We have a static network run with two separate switches (not connected to eachother).
Because the PC's, routers, firewalls etc. are hardly ever moved, does anyone know if we may run into problems if we increase the arp cache and timeout entries on our switches, PC's and routing equipment?
Our intention is to minimize the arp broadcasts within the various LAN's. We are not having performance problems and I understand 'if it ain't broke, don't touch' but I'd like to hear your comments on this subject.
What you see is pretty normal.
ARP timeout = 4 hours
MAC timeot = 5 minutes
The MAC table will lose track of "some" devices that went inactive for a while and now some other device wants to talk to them, since the ARP entry is still valid but the MAC was lost, the switch will flood the packet (or some consecutive packets) but as soon as the host replies back, the MAC will be learned again and the flooding stops.
This is normal in any network so what you want to keep track is the time (normally in miliseconds or less) between the first flooded packet and the last. If the timeframe is really short then don't worry. In your capture is only 0.001 sec. But if the same flow continues for a long time then it would be worth to expore further.
In you case increasing the ARP won't help at all, maybe increasing the MAC timer but I will keep it as it is if I were you