07-08-2020 11:48 AM
After I run a discover on my network, DNA center randomly applies the IPDT policy to interfaces. It has never successfully applied the IPDT policy to all of the interfaces. It always ends up missing a few interfaces. Has anyone ran into this problem before?
Thanks!
07-08-2020 12:21 PM - edited 07-08-2020 12:28 PM
Hi,
I have noticed this behaviour as well. As far as I'm aware, DNAC only enables IPDT (IPDT_MAX_10) on what it determines are host ports and not on infrastructure ports, such as ports that connect to other switches and access points. It uses CDP info to determine this.
If your run 'show cdp neighbors' on your switch, can you see if the ports with IPDT missing are connected to other switches/access points as reported by CDP?
07-08-2020 12:40 PM
That is a good point. I will look into that.
I wonder if DNA sees multiple devices sharing one access port (VoiP + Desktop) and then determines that port an infrastructure port.
07-08-2020 01:04 PM - edited 07-08-2020 01:11 PM
I've just checked two of my Cat9k switches and IPDT_MAX_10 has been configured on ports that are connected to Cisco IP phones (the Cisco IP Phones appear as CDP/LLDP neighbors). The only ports with IPDT missing are core uplink ports and ports connected to access points. I believe this is because the IPDT_MAX_10 profile is limited to a maximum of 10 addresses which could easily be exceeded on these ports. This is behaviour consistent on both switches.
I cant find any documentation that backs this up so this is my assumption based on the behaviour that I have observed. Let me know what you find as I would be interested to see if this behaviour matches on your switches as well.
07-09-2020 05:29 AM
I did more tests and it still seems completely random. Lets say I discover 5 9000 series switches. At least 3 of them will have not applied IPDT properly to the interfaces. Example of interfaces that did net get the IPDT policy. One port only had a phone connected, one port had a phone and a PC connected and one port had nothing connected to it. Every port that had just a pc connected to it received the policy correctly. These are 9200 and 9300 series switches.
Side note - 2960s and 3560s will receive the IPDT policy but the maximum is set to 0 rather that 10.
07-09-2020 05:27 PM - edited 07-10-2020 12:28 PM
Ok that's interesting.
I took the time to test the behaviour on a new switch that had 2 x APs and 2 x laptops connected, and IPDT was provisioned immediately once the switch was added to the DNAC inventory on all host/access ports except the AP ports (which are also configured as access ports). This is consistent with what I have observed previously
I then deleted the new switch from DNAC, wiped and rebuilt it but disabled CDP globally. Once the switch was discovered and added to the inventory, IPDT was again enabled on all host/access ports but this time it was also enabled on the AP ports.
For completeness, I also tested the behaviour on the uplink port that connects to my core switch
With CDP enabled
With CDP disabled
So this proves that DNAC will only enable IPDT on access ports (never on trunk or routed ports), but also proves that DNAC will not enable IPDT on access ports that connect to APs and other switches using CDP data.
Unfortunately I dont have an IP phone to test with so I'm not sure why you are seeing the behaviour that you described. Someone else from the community will need to comment on this or you may need to raise a case with Cisco TAC to find the answer
Hope this helps
07-10-2020 12:22 PM
Generally it should be applying IPDT to non-access ports as discussed above. If it's applying IPDT "randomly" then there is something wrong and I would recommend a TAC case.
03-09-2021 03:15 PM - edited 03-09-2021 03:32 PM
"The purpose of IPDT is for the switch to obtain and maintain a list of devices that are connected to the switch via an IP address. The probe does not populate the tracking entry; it is simply used in order to maintain the entry in the table after it is learned through an ARP request/reply from the host."
as soon as device is discovered in the fabric by DNAC, IPDT telemetry config pushed by DNAC to all the switches and it should be applied to all access port "excluding the uplink" which caused high CPU in the switch / It has limitation on connection of 10 devices
on the new release DNAC 2.1.2.x this will be optional to enable or disable IPDT telemetry and it can be applied to global or site level in the network hierarchy inside DNAC > Network Setting
hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide