Hi

Following problem: I configured VRF-lite on Catalyst 3750x. Its working fine but now i have a strange behavior. If a Device, who is connected to the switch has to be replaced and the new device has the same fix IP address as the old one, the device is unrechable. The age Time in the arp table points to the replacement time but the mac address is still the old one. 

show arp vrf xxx

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.19.3.201           33   xxxx.xxxx.3112  ARPA   Vlanxxx

ping vrf xxx 172.19.3.201
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.3.201, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

To resolve the problem:

clear arp-cache vrf xxx 172.19.3.201

show arp vrf xxx
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.19.3.201            2   xxxx.xxxx.194f  ARPA   Vlanxxx

ping vrf xxx 172.19.3.201
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.3.201, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

The Port configuration is like this:

 switchport access vlan xxx

 switchport mode access
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 storm-control broadcast level 1.00
 storm-control action trap
 no cdp enable
 spanning-tree portfast
 spanning-tree bpduguard enable

This is now the third time it happend. I dont want to change the arp timer. IOS version on the Switchs  15.0(2)SE2.

Has Somebody any idea?

Thanks