In the process of getting Wake on LAN working so our support team can push packages at night, another engineer and myself got into a discussion about NAC and arp-timeout values.
For us this is relevant, as we are unable to do directed broadcast WoL due to the MPLS cloud we are part of, so we are looking at unicast for our WoL system. However, if the apr-timeout value is too low on our switches, they will have "forgotten" about the MAC addresses of the various computers attached to them by the time that we are pushing packages.
I have read through everything that I can find, and to me it appears that the arp-timeout value is irrelevant with regards to NAC, which uses SNMP Traps to figure out what's going on with each switch / device. The opposing viewpoint is you need to crank down the arp-timeout value pretty low in order for NAC to work correctly.
In other words, I want to crank the arp-timeout up to 7 hours, he wants it down at 20 minutes.
I'm not worried about 7 hours being too long, as our environment is almost completely desktop based, so we don't have very much of an issue with computers being moved around.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...