Solved: Re: Access-session Template Monitor Command and IP Device Tracking

Alex Pfeil · ‎02-27-2019

I am deploying 802.1x and the command access-session template monitor was in a best practices configuration I came across. I placed this command on a C3560CX 8 port switch and it caused the switch to turn on IP Device Tracking on the trunk port immediately. A show ip device tracking before entering the access-session template monitor command, showed a couple of devices. Afterwards, the show ip device tracking command displayed hundreds within seconds. Has anybody ran across this? Can anybody explain this?

I entered commands in 1 at a time and ran the show ip device tracking all command after each one so I know that command caused the issue. I can even remove that command, and the show ip device tracking all removes all of the entries immediately.

I look forward to any response.

Please rate helpful posts.

Mohammed al Baqari · ‎02-27-2019

Hi.

device tracking is required for dot1x to work especially with dacls. If you
have it enabled on trunk then there are many devices behind the trunk which
are learnt through device tracking.

View solution in original post

ognyan.totev · ‎02-27-2019

Hi, in some of guides there was best practice command on trunk port:

ip device tracking maximum 0

Mohammed al Baqari · ‎02-27-2019

Hi.

device tracking is required for dot1x to work especially with dacls. If you
have it enabled on trunk then there are many devices behind the trunk which
are learnt through device tracking.

Oron Yaniv · ‎12-30-2019

a little bit late, but i hope it will help. i am using a template and enroll it on the uplink interface (9400 Switches)

the "device-role switch" cut all MAC addresses on the

!

device-tracking policy device_tracking_uplink
trusted-port
device-role switch
no protocol udp
!

Good Luck