Hi, to be honest, I don't understand why losing the arp entry (btw in 5 minutes?) would make the device unreachable. Perhaps you block somewhere the broadcasts?
So if you put a static arp on the device, everything works fine? Regards, John On Thu, Oct 24, 2013 at 12:18 AM, Jason Lixfeld <ja...@lixfeld.ca> wrote: > Hi all, > > I'm using a combination of port security with static MAC addresses and > private VLANs on a 4500 in a particular deployment scenario. Each customer > facing port on the 4500 is a static mac, port security enabled private vlan > trunk where all the secondary VLANs on this trunk are isolated VLANs. One > of these isolated VLANs is being used as a management VLAN which we use to > manage the end-devices that hang off of these private vlan trunk ports. > > These end-devices don't generate any traffic on this management VLAN, so > what winds up happening is after 5 minutes, the ARP entry on these > end-devices' for it's default gateway (an SVI on the 4500) is expired from > the ARP table and the end-device becomes unreachable. Not being able to > access a device on it's management interface is, well, bad for management. > The question is what to do about it. > > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/