cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
238
Views
1
Helpful
5
Replies

Device Tracking probe with "auto-source" keyword...

rezaalikhani
Spotlight
Spotlight

Hi all;

Based on Cisco's documents, when using "auto-source" keyword for Device Tracking probilng operation, the following sequence of events occur:

  1. The first preference is to set the source address to the SVI, if an SVI is configured.
  2. The second preference is to locate an IP-MAC binding entry in Device Tracking table, from same subnet and use that as the source address.
  3. The third and last preference is to use 0.0.0.0 as the source address.

Unfortunately, I cannot understand the second operation. Can anyone explain it with some examples?

Thanks

1 Accepted Solution

Accepted Solutions

Yes, using an existing IP in an ARP probe would violate RFC 5227 and could cause issues by confusing other devices' ARP tables, leading to IP conflicts or network disruptions. The sender IP should always be 0.0.0.0 to avoid this.

-Enes

more Cisco?!
more Gym?!

View solution in original post

5 Replies 5

Enes Simnica
Level 1
Level 1

hello @rezaalikhani. The second operation refers to the switch looking for an existing IP-MAC binding in the same subnet when an svi isn't available. It checks the Device Tracking table for any known IP addresses and uses one as the source for probing/.

for example:

Let’s say you have devices on VLAN 10 (192.168.1.0/24), and there’s no SVI.

-The switch has learned IP-MAC pairs, like:

  • 192.168.1.10 → aa:bb:cc:dd:ee:01
  • 192.168.1.20 → aa:bb:cc:dd:ee:02. So, It will pick one of these IP addresses from the same subnet as the source for probing.

That's my understanding of it

-Enes

more Cisco?!
more Gym?!

Thanks for your reply;

Based on RFC 5227:

For ARP probes traffic, the endpoint should choose 0.0.0.0 in 'Sender IP Address' field. The 'Sender IP Address' field must be set to all zeroes; this is to avoid polluting ARP caches in other hosts on the same link in the case where the address turns out to be already in use by another host.

Does choosing an existing IP address (possibly from another endpoint) violate the RFC and possibly create problems for the existing client?

Thanks

Yes, using an existing IP in an ARP probe would violate RFC 5227 and could cause issues by confusing other devices' ARP tables, leading to IP conflicts or network disruptions. The sender IP should always be 0.0.0.0 to avoid this.

-Enes

more Cisco?!
more Gym?!

I already share doc about this case and You mentioned you check it!!!

MHM

Yes, I already checked that document thoroughly... But that document does not point to my question directly.

Review Cisco Networking for a $25 gift card