Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
2
Replies

IP Device Tracking - Command Difference Causing Missing Authentication Session

KaigeG
Level 1
Level 1

‎07-07-2021 05:19 PM

Hello,

I wanted to inquire if anyone has seen an issue where when IP Device Tracking command is enabled on ports [globally on Catalyst 3000 and 9000 switches] the endpoint does not appear in the auth session and fails to pull an IP from DHCP. When the command is removed the endpoint almost immediately pulls a good IP. Below is our current global configuration on any given switch with the device tracking command in place:

 

interface GigabitEthernetX/X/XX
switchport access vlan XX
switchport mode access
switchport voice vlan XX
device-tracking
authentication control-direction in
authentication event fail action next-method
authentication event server alive action reinitialize 
authentication host-mode multi-domain
authentication order dot1x mab
authentication port-control auto
authentication periodic
mab
dot1x pae authenticator
dot1x timeout tx-period 2
dot1x timeout supp-timeout 10
spanning-tree portfast

 

Any advice or reference to known caveats would be greatly appreciated!

Thank you.

Labels:
0 Helpful
2 Replies 2

Mohsin Alam
Cisco Employee
Cisco Employee

‎07-07-2021 08:52 PM

What IOS are you running?

Also are you using SISF based tracking or traditional IPDT? 

 





## Make sure to mark post as helpful, If it resolved your issue. ##
0 Helpful

KaigeG
Level 1
Level 1
In response to Mohsin Alam

‎07-08-2021 06:20 PM

Thank you for the response.

The iOS is XE 16.12.3a for 3Ks and XE 17.04.01.

We are using traditional IPDT.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card