I've got a Dell 5424 with about 20 machines directly attached to it. I did a ping sweep of my network (and got answers from all 20), then went to the CLI of the switch and did show arp. To my surprise, I only see two arp entries: one for my router, and one for the machine I'm SSHed into to do this work.
What the heck is going on here? It's not that there's another switch in place, these machines are directly connected to the switch. Is my expectation of all those arp entries on my switch mistaken?
If I use ping (machine) from the CLI, that machine's MAC shows up on the port I would expect it to in the arp table. The arp timeout is set to 3600, which seems a bit low to me, but is the default on this switch. The time between my ping sweep and my show arp was way lower than that.
Best Answer
Unless a switch is doing ARP snooping, it doesn't need to care about devices that aren't directly communicating with an IP address that it owns.
If it were the router for the subnet, then you could reasonably expect it to have an ARP entry for most of the nodes on the network (at least the ones communicating outside the subnet actively); since it doesn't sound like it is, all it needs to do is track which MAC address is behind which port and send each frame to the port that contains that MAC address. The MAC address table (translating MAC addresses to ports) is separate from the ARP table (translating IPs to MACs).