Probes sent by remote switches connected to the local switch via trunk ports maybe received that could increase the chance of the duplicate IP Address issue introduced by IPDT probes.Activities of hosts connected indirectly over a trunk may not come to this switch at all but will still be probed. Probes are sent every 30 seconds so a large table will increase network traffic.The IPDT database for a trunk port will be very large as you are tracking the whole ARP table.Cisco recommendations regards trunks are based on it potentially effecting switch performance: This seems a bit shortcoming by Cisco as they recommend not to enable IPDT on trunk links, but if you use one of these features on a trunk link you can’t disable it. IPv6 Device Tracking Client Registered Handle: 75 IP Device Tracking Probe Interval = 180000 Interface GigabitEthernet1/0/9 is: STAND ALONE Switch# show ip device tracking interface gig 1/0/9 You can see on an interface which features use IPDT, so to disable it for that interface you need to disable those feature on that interface. It is enabled dependent on the features that use it, so if a feature that relies on it is enabled, IPDT is also enabled. On earlier code IPDT is apparently disabled by default (not always true), but from 15.2(1)E upwards it can`t be enabled or disabled manually. For example with MAB, the port is first authenticated then in a subsequent RADIUS update packet the device tracking info (IP of device) is passed onto ACS.Īs it uses ARP, even if you don’t use this feature for anything else it is a great way to check ARP entries without having to log into the device that is the gateway for the subnet. This information is used by features that have dependencies on it such as 802.1x, MAB (ACS & ISE), Netflow, Trustsec and web-auth. IPDT uses ARP inspection to maintain a database of MAC/IP per VLAN off every switchport. This post is designed to give more reasoning on why this happens. Although there are lots of posts about people having a similar issue and the workarounds, I couldn’t find much information on the exact reason why this happened. Ever thought about how ACS gets an end users IP or how when showing an interfaces authentication sessions it had the IP of the host attached? This all stems from IP Device Tracking. I only recently came across it when troubleshooting an issue we had with windows machines not getting a DHCP address due collision detection involving the 0.0.0.0 address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |