Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2542
Views
0
Helpful
1
Replies

VLAN assignment and IP device tracking

Go to solution
SMD28316
Level 1
Level 1

‎06-14-2021 01:14 PM

If device tracking isn't configured correctly, or if it can't track the MAC and the IP address mapping of an interface, dACL won't be applied correctly from ISE, what about VLAN assignment via ISE? will it be affected as well?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-27-2021 03:54 PM

VLAN assignment @ L2 is separate from ip device-tracking and should not affect it although IP subnets and assigned DHCP addresses are often tightly linked to VLANs.

From ISE Secure Wired Access Prescriptive Deployment Guide:

Device Tracking

Starting Cisco IOS XE Denali 16.1.1 version, the new Switch Integrated Security Features-based “IP Device Tracking” feature acts as a container policy that enables snooping and device-tracking features available with First Hop Security (FHS) in both IPv4 and IPv6, using IP agnostic CLI commands.

The device-tracking configuration is very critical to learn an endpoint’s IP address and map that to its network access session. The device-tracking configuration is also essential for many features, such as downloadable ACLs, device profiling, URL redirection, and more.Refer to the URL for More Information on Device tracking.

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-27-2021 03:54 PM

VLAN assignment @ L2 is separate from ip device-tracking and should not affect it although IP subnets and assigned DHCP addresses are often tightly linked to VLANs.

From ISE Secure Wired Access Prescriptive Deployment Guide:

Device Tracking

Starting Cisco IOS XE Denali 16.1.1 version, the new Switch Integrated Security Features-based “IP Device Tracking” feature acts as a container policy that enables snooping and device-tracking features available with First Hop Security (FHS) in both IPv4 and IPv6, using IP agnostic CLI commands.

The device-tracking configuration is very critical to learn an endpoint’s IP address and map that to its network access session. The device-tracking configuration is also essential for many features, such as downloadable ACLs, device profiling, URL redirection, and more.Refer to the URL for More Information on Device tracking.

 

0 Helpful
Customers Also Viewed These Support Documents