Solved: how to disable IPDT on Cisco 3850

DuJin0509 · ‎05-06-2018

Dear all,

@Our DHCP server is undergoing BAD_ADDRESS issue so we would like to disable IPDT feature on the switch but we found the command "ip device tracking" no longer existing on our 3850 switch, then how to proceed? Your prompt reply would be highly appreciated.

the 3850 switch is with code as below:

Sw>sho version
Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.6.3, RELEASE SOFTWARE (fc8)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Wed 28-Feb-18 21:49 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 3.58, RELEASE SOFTWARE (P)

skfl-sw-atsty-e104-01-01 uptime is 3 weeks, 18 hours, 8 minutes
Uptime for this control processor is 1 week, 6 days, 6 hours, 23 minutes
System returned to ROM by SSO Switchover at 03:20:13 CST Sun Apr 15 2018
System restarted at 15:23:54 CST Mon Apr 23 2018
System image file is "flash:cat3k_caa-universalk9.16.06.03.SPA.bin"
Last reload reason: Power Failure or Unknown

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Technology Package License Information:

-----------------------------------------------------------------
Technology-package                   Technology-package
Current             Type             Next reboot
------------------------------------------------------------------
ipservicesk9        Permanent        ipservicesk9

cisco WS-C3850-48XS (MIPS) processor (revision G0) with 853158K/6147K bytes of memory.
Processor board ID FOC2030Z6LD
11 Virtual Ethernet interfaces
128 Ten Gigabit Ethernet interfaces
8 Forty Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
8388608K bytes of physical memory.
256091K bytes of Crash Files at crashinfo:.
7284411K bytes of Flash at flash:.
0K bytes of WebUI ODM Files at webui:.
256091K bytes of Crash Files at crashinfo-1:.
7284411K bytes of Flash at flash-1:.

Base Ethernet MAC Address          : d4:2c:44:1c:9d:00
Motherboard Assembly Number        : 73-16622-05
Motherboard Serial Number          : FOC20239RL5
Model Revision Number              : G0
Motherboard Revision Number        : A0
Model Number                       : WS-C3850-48XS
System Serial Number               : FOC2030Z6LD

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
     1 68    WS-C3850-48XS      16.6.3            CAT3K_CAA-UNIVERSALK9 BUNDLE
*    2 68    WS-C3850-48XS      16.6.3            CAT3K_CAA-UNIVERSALK9 BUNDLE

Switch 01
---------
Switch uptime : 6 days, 17 hours, 45 minutes

Base Ethernet MAC Address          : d4:2c:44:1c:e0:80
Motherboard Assembly Number        : 73-16622-05
Motherboard Serial Number          : FOC202782TM
Model Revision Number              : G0
Motherboard Revision Number        : A0
Model Number                       : WS-C3850-48XS
System Serial Number               : FOC2030Z6LE

Configuration register is 0x102

Many thanks.

Francesco Molino · ‎05-07-2018

Usually, we deploy it where hosts are connected to, this means access switches.
On the link I forwarded, there is an example " Examples : How to Disable SISF-based Device Tracking".

To avoid any issues with device-tracking and 0.0.0.0 IP, you can use the probe with auto-source when deployed on L2 switches without data svi. Take a look here: https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html#anc9
It explains how this command works.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎05-06-2018

Hi

Take a look here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-1/configuration_guide/b_161_consolidated_3650_cg/b_161_consolidated_3650_cg_chapter_01001010.html#concept_E39C0430D4F148F2937FCAFD2757A4B5

The legacy command is now replaced by SISF-based device-tracking cli command.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

DuJin0509 · ‎05-06-2018

Hi Francesco,
thanks a lot for your prompt reply.
Would you give out an example configuration and advise where is the proper place to deploy SISF in my case? the core switch (Layer 3 with SVI) or access switch (Layer 2 without SVI) ?
Or I have to deploy it on all switches in my network perhaps ?
Many thanks.

Francesco Molino · ‎05-07-2018

Usually, we deploy it where hosts are connected to, this means access switches.
On the link I forwarded, there is an example " Examples : How to Disable SISF-based Device Tracking".

To avoid any issues with device-tracking and 0.0.0.0 IP, you can use the probe with auto-source when deployed on L2 switches without data svi. Take a look here: https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html#anc9
It explains how this command works.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

DuJin0509 · ‎05-07-2018

Totally understood, thank you very much!

Francesco Molino · ‎05-07-2018

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Leo Laohoo · ‎05-06-2018

In global mode, "no ip device track" will disable the feature.

DuJin0509 · ‎05-06-2018

Hi Leo,

thank you for your reply as well.
But the command you provided doesn't exist in my gear...
Maybe it was an obsolete command...

tristanr · ‎11-14-2018

We ran into this problem when IPDT started causing Windows to falsely detect duplicate IPs and report DHCPDECLINE to our DHCP server. This led to DHCP pool exhaustion.

The way to fix this issue depends on your hardware and version of code. For older devices like 2960, 3750, 4500, you can simply add this command:

ip device tracking probe delay 10

If you are running new code on new devices such as 9300 and 3650, you need to use this command (which reverses the policy that was created by DNA Center):

no device-tracking policy IPDT_MAX_10

Good luck!