Hi, How can I protect an SP network from ARP poisoning? I can't using DAI/DHCP snooping because no DHCP is activated on the servers segment and adding their MAC's manually seems great burden. Private VLAN are still exposed due to the fact that the gateway port is in promiscuous mode, or I'm wrong? Any suggestions? Thx, Tal