04-11-2018 02:00 PM - edited 03-08-2019 02:37 PM
Hello,
We are experiencing a lot of BAD_ADDRESSES in our DHCP scopes where 802.1x is enabled. The problem seems to stem from IPDT or Device Tracking depending on the version of IOS you have. This is not a unique issue to me.
There have been several proposed solutions:
So far nothing has worked in our environment.
The "probe delay" seems like it would be the easiest solution and it seems like that works mostly but only when there is a single switch/management-point for the site. When there are multiple switches or "stacks" each sending their own device tracking probes the problem seems to surface again.
The "use-svi" method does not work because our switches are L2-only so there is no SVI in the same VLAN/subnet as the 802.1x authenticated devices. We have the management SVI on a seprate/dedicated VLAN.
We have also disabled GARP on our Windows machines trying to stem this DHCP BAD_ADDRESS issue but we are coming up with nothing.
I was wondering if anyone else has seen and could confirm that what I am seeing is expected.
The "auto-source fallback override" solution MIGHT be the only working solution in our type of environment where there are multiple L2-only access switches. I have not gotten myself enough of the 3850 switches to verify this but I am working on that. The plan is to use a single assigned address for all device tracking probes. I really hope that works so I dont need to use an seprate auto-source fallback address for each switch.
Solved! Go to Solution.
10-24-2019 01:01 PM
Its a problem with the IOS. If your switch can be upgraded to a fixed one then just upgrade the IOS. Our switch did not support a new enough/fixed IOS so we had to replace all our switches with ones that had a newer IOS.
08-15-2018 05:58 AM
08-15-2018 06:28 AM
This seemed to only be a problem at sites with multiple 3750 stacks. If you can put all your access switches into a single stack then the issue seemed to go away.
Depending on what 3750 series you have you might be able to upgrade the IOS to a version that is fixed.
Unfortunately we had mostly original 3750 series switches so we could not update to any version of IOS that is fixed. So we upgraded everything to Catalyst 3850s. Everything is working great now.
10-19-2019 09:39 PM
Hi yaplej
you mean for 3850 stack can solved?
I was found problem on 2960X Stack.
10-24-2019 01:01 PM
Its a problem with the IOS. If your switch can be upgraded to a fixed one then just upgrade the IOS. Our switch did not support a new enough/fixed IOS so we had to replace all our switches with ones that had a newer IOS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide