disable ipv6 device tracking

gerdo1961 · ‎01-21-2020

Hello, I want to disable ipv6 device tracking (SISF) and have followed the instructions below, but I still see ipv6 addresses in the device tracking database.

The instructions below were taken from the document. I have created the policy correctly and applied it to the interfaces.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-5/configuration_guide/sec/b_165_sec_9300_cg/b_165_sec_9300_cg_chapter_010100.pdf

Disabling IPv6 device tracking when the target is attached to a custom policy:
Device(config)# device-tracking policy example-policy
Device(config-device-tracking)# no protocol ndp
Device(config-device-tracking)# no protocol dhcp6

Switch#
Switch#sho device-tracking policy no_ipv6_tracking
Policy no_ipv6_tracking configuration:
security-level guard
device-role node
NOT gleaning from Neighbor Discovery
NOT gleaning from DHCP
gleaning from ARP
gleaning from DHCP4
NOT gleaning from protocol unkn
Policy no_ipv6_tracking is applied on the following targets:
Target Type Policy Feature Target range
Gi1/0/3 PORT no_ipv6_tracking Device-tracking vlan all
Gi1/0/11 PORT no_ipv6_tracking Device-tracking vlan all
Gi1/0/15 PORT no_ipv6_tracking Device-tracking vlan all

Mark Malone · ‎01-21-2020

Hi
are you using ipv6 on the LAN switch ?
if not turn it off at global level no ipv6 unicast-routing

gerdo1961 · ‎01-22-2020

Thanks for the reply, I'll check that out to see if it will do what I need it to do.

Mark Malone · ‎01-22-2020

yes we had an issue like this before we were similarly seeing ipv6 traffic in packet captures and what we also noticed was the local pcs were set to allow ipv6 packets in TCP/IP section and were somehow generating some to our routers even though we didnt use ipv6 addresses anywhere we couldnt disable the ipv6 as it was owned by desktop teams so the easiest solution for us as we didnt use it was disable it from the routers altogether globally , that resolve it for us