Re: IP Device Tracking - Command Difference Causing Missing Authentication Session

KaigeG · ‎07-07-2021

Hello,

I wanted to inquire if anyone has seen an issue where when IP Device Tracking command is enabled on ports [globally on Catalyst 3000 and 9000 switches] the endpoint does not appear in the auth session and fails to pull an IP from DHCP. When the command is removed the endpoint almost immediately pulls a good IP. Below is our current global configuration on any given switch with the device tracking command in place:

interface GigabitEthernetX/X/XX
switchport access vlan XX
switchport mode access
switchport voice vlan XX
device-tracking
authentication control-direction in
authentication event fail action next-method
authentication event server alive action reinitialize 
authentication host-mode multi-domain
authentication order dot1x mab
authentication port-control auto
authentication periodic
mab
dot1x pae authenticator
dot1x timeout tx-period 2
dot1x timeout supp-timeout 10
spanning-tree portfast

Any advice or reference to known caveats would be greatly appreciated!

Thank you.

Mohsin Alam · ‎07-07-2021

What IOS are you running?

Also are you using SISF based tracking or traditional IPDT?

## Make sure to mark post as helpful, If it resolved your issue. ##

KaigeG · ‎07-08-2021

Thank you for the response.

The iOS is XE 16.12.3a for 3Ks and XE 17.04.01.

We are using traditional IPDT.