[c-nsp] maintaining 'interesting' traffic on a pvlan isolated port
John Kougoulos
john.kougoulos at gmail.com
Thu Oct 24 03:19:32 EDT 2013
Hi,
to be honest, I don't understand why losing the arp entry (btw in 5
minutes?) would make the device unreachable. Perhaps you block somewhere
the broadcasts?
So if you put a static arp on the device, everything works fine?
Regards,
John
On Thu, Oct 24, 2013 at 12:18 AM, Jason Lixfeld <jason at lixfeld.ca> wrote:
> Hi all,
>
> I'm using a combination of port security with static MAC addresses and
> private VLANs on a 4500 in a particular deployment scenario. Each customer
> facing port on the 4500 is a static mac, port security enabled private vlan
> trunk where all the secondary VLANs on this trunk are isolated VLANs. One
> of these isolated VLANs is being used as a management VLAN which we use to
> manage the end-devices that hang off of these private vlan trunk ports.
>
> These end-devices don't generate any traffic on this management VLAN, so
> what winds up happening is after 5 minutes, the ARP entry on these
> end-devices' for it's default gateway (an SVI on the 4500) is expired from
> the ARP table and the end-device becomes unreachable. Not being able to
> access a device on it's management interface is, well, bad for management.
> The question is what to do about it.
>
>
>
More information about the cisco-nsp
mailing list