Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2499
Views
20
Helpful
2
Replies

Not getting IP address - MAB

Srinivasan Nagarajan
Level 1
Level 1

‎07-26-2021 07:46 AM - edited ‎07-26-2021 07:47 AM

Hi Experts,

We're using MAB authentication where one of the device is not getting the IP address. I see, the dACL is being pushed from the ISE but doesn't seems to be enforced on the switch port. Switch (2960) version is 15.2 and device tracking is enabled.

When I enter the below command, I don't see any IP Address/MAC address for that switch port. Any idea, what to check further? Thanks in advance

Switch #show ip device tracking interface GigabitEthernet1/0/5

Interface GigabitEthernet1/0/5 is: STAND ALONE
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
IPv6 Device Tracking Client Registered Handle: 171
IP Device Tracking Enabled Features:
HOST_TRACK_CLIENT_SM

0 Helpful
2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

‎07-26-2021 04:13 PM

More detailed information is needed to provide useful assistance.

Is the switch capturing the IP address bindings for other connected endpoints and this is the only one that is not working? Is the endpoint using DHCP or static IP addressing? Do you have other endpoints using the same IP addressing method that are working? Is the endpoint getting an IP address from the DHCP server but the switch is not capturing it?

See this technote for an overview of how IPDT works for the 15.x code.

IP Device Tracking (IPDT) Overview 

If the endpoint uses DHCP, you might verify that DHCP Snooping is configured globally, on the VLAN, and trust is enabled on your uplink.

If the endpoint is using static IP, you might need to mirror the port to see if an ARP probe is being sent by the switch and the endpoint is responding.

Srinivasan Nagarajan
Level 1
Level 1
In response to Greg Gibbs

‎07-27-2021 10:56 PM

Hi Mate

Thanks for the reply.

All other connected endpoints connected to this switch is getting IP address and I'm able to see the relevant MAC address binding for device tracking. Yeah, we do use DHCP for the IP address connectivity and this is the only interface that seems to have problem with.

DHCP Snooping and ARP inspection has been configured for this VLAN and allowed on the Trunk links.

This is a MAB connection and we're pushing Dynamic VLAN in addition to dACL but for some reason, switch isn't able to enforce the dACL (VLAN is enforced).

Customers Also Viewed These Support Documents