Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Clean Access arp-timeout question

In the process of getting Wake on LAN working so our support team can push packages at night, another engineer and myself got into a discussion about NAC and arp-timeout values.

For us this is relevant, as we are unable to do directed broadcast WoL due to the MPLS cloud we are part of, so we are looking at unicast for our WoL system. However, if the apr-timeout value is too low on our switches, they will have "forgotten" about the MAC addresses of the various computers attached to them by the time that we are pushing packages.

I have read through everything that I can find, and to me it appears that the arp-timeout value is irrelevant with regards to NAC, which uses SNMP Traps to figure out what's going on with each switch / device. The opposing viewpoint is you need to crank down the arp-timeout value pretty low in order for NAC to work correctly.

In other words, I want to crank the arp-timeout up to 7 hours, he wants it down at 20 minutes.

I'm not worried about 7 hours being too long, as our environment is almost completely desktop based, so we don't have very much of an issue with computers being moved around.

Anyone have any insight into this?



Everyone's tags (3)
CreatePlease to create content