
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2019 04:45 PM - edited 02-21-2020 11:03 AM
I am deploying 802.1x and the command access-session template monitor was in a best practices configuration I came across. I placed this command on a C3560CX 8 port switch and it caused the switch to turn on IP Device Tracking on the trunk port immediately. A show ip device tracking before entering the access-session template monitor command, showed a couple of devices. Afterwards, the show ip device tracking command displayed hundreds within seconds. Has anybody ran across this? Can anybody explain this?
I entered commands in 1 at a time and ran the show ip device tracking all command after each one so I know that command caused the issue. I can even remove that command, and the show ip device tracking all removes all of the entries immediately.
I look forward to any response.
Please rate helpful posts.
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
-
Wired
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2019 08:38 PM
device tracking is required for dot1x to work especially with dacls. If you
have it enabled on trunk then there are many devices behind the trunk which
are learnt through device tracking.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2019 08:28 PM
Hi, in some of guides there was best practice command on trunk port:
ip device tracking maximum 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2019 08:38 PM
device tracking is required for dot1x to work especially with dacls. If you
have it enabled on trunk then there are many devices behind the trunk which
are learnt through device tracking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2019 11:50 PM
a little bit late, but i hope it will help. i am using a template and enroll it on the uplink interface (9400 Switches)
the "device-role switch" cut all MAC addresses on the
!
device-tracking policy device_tracking_uplink
trusted-port
device-role switch
no protocol udp
!
Good Luck
