https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4440061#M568743 <P>Hi Mate</P><P>Thanks for the reply.</P><P>All other connected endpoints connected to this switch is getting IP address and I'm able to see the relevant MAC address binding for device tracking. Yeah, we do use DHCP for the IP address connectivity and this is the only interface that seems to have problem with.</P><P>DHCP Snooping and ARP inspection has been configured for this VLAN and allowed on the Trunk links.</P><P>This is a MAB connection and we're pushing Dynamic VLAN in addition to dACL but for some reason, switch isn't able to enforce the dACL (VLAN is enforced).</P> Wed, 28 Jul 2021 05:56:39 GMT Srinivasan Nagarajan 2021-07-28T05:56:39Z https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4438945#M568707 <P>Hi Experts,</P><P>We're using MAB authentication where one of the device is not getting the IP address. I see, the dACL is being pushed from the ISE but doesn't seems to be enforced on the switch port. Switch (2960) version is 15.2 and device tracking is enabled.</P><P>When I enter the below command, I don't see any IP Address/MAC address for that switch port. Any idea, what to check further? Thanks in advance</P><P>Switch #show ip device tracking interface GigabitEthernet1/0/5</P><P>Interface GigabitEthernet1/0/5 is: STAND ALONE<BR />IP Device Tracking = Enabled<BR />IP Device Tracking Probe Count = 3<BR />IP Device Tracking Probe Interval = 30<BR />IPv6 Device Tracking Client Registered Handle: 171<BR />IP Device Tracking Enabled Features:<BR />HOST_TRACK_CLIENT_SM</P> Mon, 26 Jul 2021 14:47:21 GMT https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4438945#M568707 Srinivasan Nagarajan 2021-07-26T14:47:21Z https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4439151#M568719 <P>More detailed information is needed to provide useful assistance.</P> <P>Is the switch capturing the IP address bindings for other connected endpoints and this is the only one that is not working? Is the endpoint using DHCP or static IP addressing? Do you have other endpoints using the same IP addressing method that are working? Is the endpoint getting an IP address from the DHCP server but the switch is not capturing it?</P> <P>See this technote for an overview of how IPDT works for the 15.x code.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html" target="_blank" rel="noopener">IP Device Tracking (IPDT) Overview</A>&nbsp;</P> <P>If the endpoint uses DHCP, you might verify that DHCP Snooping is configured globally, on the VLAN, and trust is enabled on your uplink.</P> <P>If the endpoint is using static IP, you might need to mirror the port to see if an ARP probe is being sent by the switch and the endpoint is responding.</P> Mon, 26 Jul 2021 23:13:35 GMT https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4439151#M568719 Greg Gibbs 2021-07-26T23:13:35Z https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4440061#M568743 <P>Hi Mate</P><P>Thanks for the reply.</P><P>All other connected endpoints connected to this switch is getting IP address and I'm able to see the relevant MAC address binding for device tracking. Yeah, we do use DHCP for the IP address connectivity and this is the only interface that seems to have problem with.</P><P>DHCP Snooping and ARP inspection has been configured for this VLAN and allowed on the Trunk links.</P><P>This is a MAB connection and we're pushing Dynamic VLAN in addition to dACL but for some reason, switch isn't able to enforce the dACL (VLAN is enforced).</P> Wed, 28 Jul 2021 05:56:39 GMT https://community.cisco.com/t5/network-access-control/not-getting-ip-address-mab/m-p/4440061#M568743 Srinivasan Nagarajan 2021-07-28T05:56:39Z