I just find someone using the command "ip device tracking probe auto-source fallback 0.0.0.0 255.255.255.255", so I would like to know the meaning of using 0.0.0.0 255.255.255.255 instead of 0.0.0.1

I don't know how the 0.0.0.0 255.255.255.255 would even work because that would set the source IP of the ARP to the client IP which I think would cause duplicate IP message issues.  Yep you have to make sure to set the autosource to an unused IP in the client subnets.  Usually .1 is the DGs so I ask customers if .254 is a used IP address in their scheme.

I think this is what you're looking for:

This latest CLI command was introduced through Cisco bug ID CSCtn27420 in Cisco IOS Version 15.2(2)E. It was added in order to allow a user-defined ARP request source IP address instead of the requirement to use the default source IP address of 0.0.0.0. The new global command ip device tracking probe auto-source fallback 0.0.0.x 255.255.255.0 override allows the user to use the host address of 0.0.0.x in the subnet in order to avoid any duplicate IP address problems.  If there is no SVI for a particular VLAN the fallback host-ip will be used to source the probe instead.

Found on this page: Troubleshoot " Duplicate IP Address 0.0.0.0" Error Messages

We had the same issue. It should be written somewhere to reserve the IP for probes. Endhost learn arp entries for default gw ( in our case ) with mac address of switchport and this causes intermittent network connectivity issues.

We only figured out after some issues in the network what was the cause of it.

Since this command is a global one that applies to all vlans, we are wondering what happens when you have different vlan masks for your client vlans.

Let's say you have vlan with subnet 10.1.1.32/28 and second one 10.2.2.0/22, which ips will be used in this case?

ip device tracking probe auto-source fallback 0.0.0.1 255.255.255.0 Command

I can imagine that for the first case we will have :

11111111 11111111 11111111 11110000

10.1.1.33

0001010 00000001 00000001 00100001

you will get

0000000 00000000 00000000 00000001

10.1.1.1

and 10.1.1.1 is not in the same subnet as our host 10.1.1.33/28 and I suppose host might ignore this request? Did somebody test this?

For the second example 10.2.2.0/22

If host ip would be 10.2.2.2 we would use 10.2.2.1 and for host in the same subnet with ip 10.2.3.1 we would use 10.2.3.1. 

Which means for /22 subnet we would need to reserve 4 ips for probes when we have mask for the IPDT command with mask /24. 

To solve both issues we would need to make the mask as small as smallest subnet which uses NAC and reserver multiple ip addresses for big subnets, which would be really strage.

I guess it would be nice to have this command per vlan.

Creating SVI on each access swich would be bad idea because without vrfs on 2960 you would create l3 path without any firewall on access switches.

We tested also the command with delayed probe, but for us it doesnt work, we still get the issue with duplicated ip addresses ( client sends DHCP decline towards DHCP server and we depleate our DHCP pool )

Hi,

The question you raise, do you have a solution to the problem?

I had the same problem, but there was no test environment.

(C2960CX-UNIVERSALK9-M), Version 15.2(4)E7,

In fact, I have read this document. Since the customer is running IPDT in the L2 switch, all other commands in the document have been tested, but the problem still exists, so I suggest the customer configure "IP device tracking probe auto-source fallback 0.0.0.x 255.255.255.0".

So I want to know when you have different VLAN masks for your client VLANs, how should we configure this command?

Thanks