Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1539
Views
0
Helpful
1
Replies

IP Device Tracking - Auto Enabled With Certain Features

Go to solution
Alex Pfeil
Level 7
Level 7

‎02-27-2019 05:44 AM

I have read a couple of posts that state IPDT is automatically enabled when features on a switch are enabled that use it. 

First, is that true? Are there features that get enabled and then automatically turn on IPDT?

Second, Does anybody know of the other features that need to be enabled to automatically enable IPDT? I just wanted to check if I need those features enabled or not so that I could remove them and see IPDT turn off automatically.

I appreciate any comments.

 

Please rate helpful posts.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎02-27-2019 06:06 AM

Hi

Yes as per documentation some feature will enable it automatically

 

https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html#anc14

Turn Off Active Features that Trigger IPDT

Some features that might trigger IPDT include NMSP, device sensor, dot1x/MAB, WebAuth, and IPSG. This solution is reserved for the most difficult or complex situations, where either all of the solutions previously available did not work as expected, or they created additional problems. This is, however, the only solution that allows extreme granularity when you disable IPDT, because you can turn off only the IPDT-related features that cause problems and leave everything else unaffected.

 

In the most recent Cisco IOS, Versions15.2(2)E and later, you see an output similar to this:

Switch#show ip device tracking interface gig 1/0/9
--------------------------------------------
Interface GigabitEthernet1/0/9 is: STAND ALONE
IP Device Tracking = Disabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 180000
IPv6 Device Tracking Client Registered Handle: 75
IP Device Tracking Enabled Features:
       HOST_TRACK_CLIENT_ATTACHMENT
       HOST_TRACK_CLIENT_SM

The two lines in all caps at the bottom of the output are those that use IPDT in order to work. Most of the problems created when you disable the device tracking can be avoided if you disable the single services that run in the interface.

In earlier versions of Cisco IOS, this 'easy' way to know which modules are enabled under an interface is not available yet, so you must go through a more involved process in order to get the same results. You must turn on debug ip device track interface, which is a low-frequency log that should be safe in most setups. Be careful not to turn on debug ip device tracking all because this, on the contrary, floods the console in scale situations.

Once the debug is on, bring an interface back to default, and then add and remove an IPDT service from the interface configuration. The results from the debugs tell you which service has been enabled/disabled with the command you used.

Here is an example:

Switch(config)#int gig 1/0/9
Switch(config-if)#ip device track max 10
Switch(config-if)#
*Mar 27 09:58:49.470: sw_host_track-interface:Feature 00000008 enabled on port
Gi1/0/9, mask now 0000004C, 65 ports enabled
*Mar 27 09:58:49.471: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max set to 10
Switch(config-if)#

What the output reveals is that you enabled feature 00000008, and that the new feature's mask is 0000004C.

Now, remove the configuration you just added:

Switch(config-if)#no ip device track max 10
Switch(config-if)#
*Mar 27 10:02:31.154: sw_host_track-interface:Feature 00000008 disabled on port
Gi1/0/9, mask now 00000044, 65 ports enabled
*Mar 27 10:02:31.154: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max cleared
*Mar 27 10:02:31.154: sw_host_track-interface:Max limit has been removed from
the interface GigabitEthernet1/0/9.
Switch(config-if)#

Once you remove feature 00000008, you can see the 00000044 mask, which must have been the original, default mask. This value of 00000044 is expected since AIM is 0x00000004 and SM is 0x00000040, which together result in 0x00000044.

There are several IPDT services that can run under an interface:

IPDT Service Interface
HOST_TRACK_CLIENT_IP_ADMISSIONS     = 0x00000001  
HOST_TRACK_CLIENT_DOT1X     = 0x00000002
HOST_TRACK_CLIENT_ATTACHMENT  = 0x00000004
HOST_TRACK_CLIENT_TRACK_HOST_UPTO_MAX = 0x00000008
HOST_TRACK_CLIENT_RSVP = 0x00000010
HOST_TRACK_CLIENT_CTS = 0x00000020
HOST_TRACK_CLIENT_SM  = 0x00000040
HOST_TRACK_CLIENT_WIRELESS  = 0x00000080

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎02-27-2019 06:06 AM

Hi

Yes as per documentation some feature will enable it automatically

 

https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html#anc14

Turn Off Active Features that Trigger IPDT

Some features that might trigger IPDT include NMSP, device sensor, dot1x/MAB, WebAuth, and IPSG. This solution is reserved for the most difficult or complex situations, where either all of the solutions previously available did not work as expected, or they created additional problems. This is, however, the only solution that allows extreme granularity when you disable IPDT, because you can turn off only the IPDT-related features that cause problems and leave everything else unaffected.

 

In the most recent Cisco IOS, Versions15.2(2)E and later, you see an output similar to this:

Switch#show ip device tracking interface gig 1/0/9
--------------------------------------------
Interface GigabitEthernet1/0/9 is: STAND ALONE
IP Device Tracking = Disabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 180000
IPv6 Device Tracking Client Registered Handle: 75
IP Device Tracking Enabled Features:
       HOST_TRACK_CLIENT_ATTACHMENT
       HOST_TRACK_CLIENT_SM

The two lines in all caps at the bottom of the output are those that use IPDT in order to work. Most of the problems created when you disable the device tracking can be avoided if you disable the single services that run in the interface.

In earlier versions of Cisco IOS, this 'easy' way to know which modules are enabled under an interface is not available yet, so you must go through a more involved process in order to get the same results. You must turn on debug ip device track interface, which is a low-frequency log that should be safe in most setups. Be careful not to turn on debug ip device tracking all because this, on the contrary, floods the console in scale situations.

Once the debug is on, bring an interface back to default, and then add and remove an IPDT service from the interface configuration. The results from the debugs tell you which service has been enabled/disabled with the command you used.

Here is an example:

Switch(config)#int gig 1/0/9
Switch(config-if)#ip device track max 10
Switch(config-if)#
*Mar 27 09:58:49.470: sw_host_track-interface:Feature 00000008 enabled on port
Gi1/0/9, mask now 0000004C, 65 ports enabled
*Mar 27 09:58:49.471: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max set to 10
Switch(config-if)#

What the output reveals is that you enabled feature 00000008, and that the new feature's mask is 0000004C.

Now, remove the configuration you just added:

Switch(config-if)#no ip device track max 10
Switch(config-if)#
*Mar 27 10:02:31.154: sw_host_track-interface:Feature 00000008 disabled on port
Gi1/0/9, mask now 00000044, 65 ports enabled
*Mar 27 10:02:31.154: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max cleared
*Mar 27 10:02:31.154: sw_host_track-interface:Max limit has been removed from
the interface GigabitEthernet1/0/9.
Switch(config-if)#

Once you remove feature 00000008, you can see the 00000044 mask, which must have been the original, default mask. This value of 00000044 is expected since AIM is 0x00000004 and SM is 0x00000040, which together result in 0x00000044.

There are several IPDT services that can run under an interface:

IPDT Service Interface
HOST_TRACK_CLIENT_IP_ADMISSIONS     = 0x00000001  
HOST_TRACK_CLIENT_DOT1X     = 0x00000002
HOST_TRACK_CLIENT_ATTACHMENT  = 0x00000004
HOST_TRACK_CLIENT_TRACK_HOST_UPTO_MAX = 0x00000008
HOST_TRACK_CLIENT_RSVP = 0x00000010
HOST_TRACK_CLIENT_CTS = 0x00000020
HOST_TRACK_CLIENT_SM  = 0x00000040
HOST_TRACK_CLIENT_WIRELESS  = 0x00000080
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card