06-14-2021 01:14 PM
If device tracking isn't configured correctly, or if it can't track the MAC and the IP address mapping of an interface, dACL won't be applied correctly from ISE, what about VLAN assignment via ISE? will it be affected as well?
Solved! Go to Solution.
06-27-2021 03:54 PM
VLAN assignment @ L2 is separate from ip device-tracking and should not affect it although IP subnets and assigned DHCP addresses are often tightly linked to VLANs.
From ISE Secure Wired Access Prescriptive Deployment Guide:
Starting Cisco IOS XE Denali 16.1.1 version, the new Switch Integrated Security Features-based “IP Device Tracking” feature acts as a container policy that enables snooping and device-tracking features available with First Hop Security (FHS) in both IPv4 and IPv6, using IP agnostic CLI commands.
The device-tracking configuration is very critical to learn an endpoint’s IP address and map that to its network access session. The device-tracking configuration is also essential for many features, such as downloadable ACLs, device profiling, URL redirection, and more.Refer to the URL for More Information on Device tracking.
06-27-2021 03:54 PM
VLAN assignment @ L2 is separate from ip device-tracking and should not affect it although IP subnets and assigned DHCP addresses are often tightly linked to VLANs.
From ISE Secure Wired Access Prescriptive Deployment Guide:
Starting Cisco IOS XE Denali 16.1.1 version, the new Switch Integrated Security Features-based “IP Device Tracking” feature acts as a container policy that enables snooping and device-tracking features available with First Hop Security (FHS) in both IPv4 and IPv6, using IP agnostic CLI commands.
The device-tracking configuration is very critical to learn an endpoint’s IP address and map that to its network access session. The device-tracking configuration is also essential for many features, such as downloadable ACLs, device profiling, URL redirection, and more.Refer to the URL for More Information on Device tracking.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide