02-27-2019 05:44 AM
I have read a couple of posts that state IPDT is automatically enabled when features on a switch are enabled that use it.
First, is that true? Are there features that get enabled and then automatically turn on IPDT?
Second, Does anybody know of the other features that need to be enabled to automatically enable IPDT? I just wanted to check if I need those features enabled or not so that I could remove them and see IPDT turn off automatically.
I appreciate any comments.
Please rate helpful posts.
Solved! Go to Solution.
02-27-2019 06:06 AM
Hi
Yes as per documentation some feature will enable it automatically
Some features that might trigger IPDT include NMSP, device sensor, dot1x/MAB, WebAuth, and IPSG. This solution is reserved for the most difficult or complex situations, where either all of the solutions previously available did not work as expected, or they created additional problems. This is, however, the only solution that allows extreme granularity when you disable IPDT, because you can turn off only the IPDT-related features that cause problems and leave everything else unaffected.
In the most recent Cisco IOS, Versions15.2(2)E and later, you see an output similar to this:
Switch#show ip device tracking interface gig 1/0/9
--------------------------------------------
Interface GigabitEthernet1/0/9 is: STAND ALONE
IP Device Tracking = Disabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 180000
IPv6 Device Tracking Client Registered Handle: 75
IP Device Tracking Enabled Features:
HOST_TRACK_CLIENT_ATTACHMENT
HOST_TRACK_CLIENT_SM
The two lines in all caps at the bottom of the output are those that use IPDT in order to work. Most of the problems created when you disable the device tracking can be avoided if you disable the single services that run in the interface.
In earlier versions of Cisco IOS, this 'easy' way to know which modules are enabled under an interface is not available yet, so you must go through a more involved process in order to get the same results. You must turn on debug ip device track interface, which is a low-frequency log that should be safe in most setups. Be careful not to turn on debug ip device tracking all because this, on the contrary, floods the console in scale situations.
Once the debug is on, bring an interface back to default, and then add and remove an IPDT service from the interface configuration. The results from the debugs tell you which service has been enabled/disabled with the command you used.
Here is an example:
Switch(config)#int gig 1/0/9
Switch(config-if)#ip device track max 10
Switch(config-if)#
*Mar 27 09:58:49.470: sw_host_track-interface:Feature 00000008 enabled on port
Gi1/0/9, mask now 0000004C, 65 ports enabled
*Mar 27 09:58:49.471: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max set to 10
Switch(config-if)#
What the output reveals is that you enabled feature 00000008, and that the new feature's mask is 0000004C.
Now, remove the configuration you just added:
Switch(config-if)#no ip device track max 10
Switch(config-if)#
*Mar 27 10:02:31.154: sw_host_track-interface:Feature 00000008 disabled on port
Gi1/0/9, mask now 00000044, 65 ports enabled
*Mar 27 10:02:31.154: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max cleared
*Mar 27 10:02:31.154: sw_host_track-interface:Max limit has been removed from
the interface GigabitEthernet1/0/9.
Switch(config-if)#
Once you remove feature 00000008, you can see the 00000044 mask, which must have been the original, default mask. This value of 00000044 is expected since AIM is 0x00000004 and SM is 0x00000040, which together result in 0x00000044.
There are several IPDT services that can run under an interface:
IPDT Service | Interface |
---|---|
HOST_TRACK_CLIENT_IP_ADMISSIONS | = 0x00000001 |
HOST_TRACK_CLIENT_DOT1X | = 0x00000002 |
HOST_TRACK_CLIENT_ATTACHMENT | = 0x00000004 |
HOST_TRACK_CLIENT_TRACK_HOST_UPTO_MAX | = 0x00000008 |
HOST_TRACK_CLIENT_RSVP | = 0x00000010 |
HOST_TRACK_CLIENT_CTS | = 0x00000020 |
HOST_TRACK_CLIENT_SM | = 0x00000040 |
HOST_TRACK_CLIENT_WIRELESS | = 0x00000080 |
02-27-2019 06:06 AM
Hi
Yes as per documentation some feature will enable it automatically
Some features that might trigger IPDT include NMSP, device sensor, dot1x/MAB, WebAuth, and IPSG. This solution is reserved for the most difficult or complex situations, where either all of the solutions previously available did not work as expected, or they created additional problems. This is, however, the only solution that allows extreme granularity when you disable IPDT, because you can turn off only the IPDT-related features that cause problems and leave everything else unaffected.
In the most recent Cisco IOS, Versions15.2(2)E and later, you see an output similar to this:
Switch#show ip device tracking interface gig 1/0/9
--------------------------------------------
Interface GigabitEthernet1/0/9 is: STAND ALONE
IP Device Tracking = Disabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 180000
IPv6 Device Tracking Client Registered Handle: 75
IP Device Tracking Enabled Features:
HOST_TRACK_CLIENT_ATTACHMENT
HOST_TRACK_CLIENT_SM
The two lines in all caps at the bottom of the output are those that use IPDT in order to work. Most of the problems created when you disable the device tracking can be avoided if you disable the single services that run in the interface.
In earlier versions of Cisco IOS, this 'easy' way to know which modules are enabled under an interface is not available yet, so you must go through a more involved process in order to get the same results. You must turn on debug ip device track interface, which is a low-frequency log that should be safe in most setups. Be careful not to turn on debug ip device tracking all because this, on the contrary, floods the console in scale situations.
Once the debug is on, bring an interface back to default, and then add and remove an IPDT service from the interface configuration. The results from the debugs tell you which service has been enabled/disabled with the command you used.
Here is an example:
Switch(config)#int gig 1/0/9
Switch(config-if)#ip device track max 10
Switch(config-if)#
*Mar 27 09:58:49.470: sw_host_track-interface:Feature 00000008 enabled on port
Gi1/0/9, mask now 0000004C, 65 ports enabled
*Mar 27 09:58:49.471: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max set to 10
Switch(config-if)#
What the output reveals is that you enabled feature 00000008, and that the new feature's mask is 0000004C.
Now, remove the configuration you just added:
Switch(config-if)#no ip device track max 10
Switch(config-if)#
*Mar 27 10:02:31.154: sw_host_track-interface:Feature 00000008 disabled on port
Gi1/0/9, mask now 00000044, 65 ports enabled
*Mar 27 10:02:31.154: sw_host_track-interface:Gi1/0/9[L2 DOWN, IPHOST DIS]IP
host tracking max cleared
*Mar 27 10:02:31.154: sw_host_track-interface:Max limit has been removed from
the interface GigabitEthernet1/0/9.
Switch(config-if)#
Once you remove feature 00000008, you can see the 00000044 mask, which must have been the original, default mask. This value of 00000044 is expected since AIM is 0x00000004 and SM is 0x00000040, which together result in 0x00000044.
There are several IPDT services that can run under an interface:
IPDT Service | Interface |
---|---|
HOST_TRACK_CLIENT_IP_ADMISSIONS | = 0x00000001 |
HOST_TRACK_CLIENT_DOT1X | = 0x00000002 |
HOST_TRACK_CLIENT_ATTACHMENT | = 0x00000004 |
HOST_TRACK_CLIENT_TRACK_HOST_UPTO_MAX | = 0x00000008 |
HOST_TRACK_CLIENT_RSVP | = 0x00000010 |
HOST_TRACK_CLIENT_CTS | = 0x00000020 |
HOST_TRACK_CLIENT_SM | = 0x00000040 |
HOST_TRACK_CLIENT_WIRELESS | = 0x00000080 |
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide