Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1827
Views
15
Helpful
3
Replies

IP Device-Tracking (IPDT) vs. ARP cache

Go to solution
vv0bbLeS
Level 1
Level 1

‎09-28-2021 10:56 AM

Hello all,

 

This may be a silly question, but I've been reading up on IP Device-Tracking, and per Cisco's description, "The main IPDT task is to keep track of connected hosts (association of MAC and IP address)."

 

I guess I'm trying to see why we need IPDT when we already have an ARP cache that associates MAC and IP addresses for hosts. I suppose IPDT does send out periodic ARP probes so the IPDT table is perhaps more "current" than the ARP cache, but aside from that I'm not sure why we need IPDT when we already have ARP (I mean, I know there must be a reason as that's a lot of code to write for IPDT, but I just need help seeing the reason   ).

0xD2A6762E
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
pieterh
VIP
VIP

‎09-29-2021 03:56 AM

short answer is arp responses ( relation MAC-address IP-address) can be spoofed!

goal for IPDT is to keep MAC + IP consistent with MAC + switchport, to increase security

ARP by itself has no registration of switchport

View solution in original post

Go to solution
rasmus.elmholt
Level 7
Level 7

‎09-29-2021 06:22 AM

If you don't have any features enabled that need IPDT then it is only a nice-to-have database of IP-MAC-Port.

But if you are running any of the following features IPDT is needed:

"IPDT and its ARP probes sent out of a given interface are used for these features:

  • Network Mobility Services Protocol (NMSP), Versions 3.2.0E, 15.2(1)E, 3.5.0E and later
  • Device sensor, Versions 15.2(1)E, 3.5.0E and later
  • 1X, MAC Authentication Bypass (MAB), session manager
  • Web-based authentication
  • Auth-proxy
  • IP Services Gateway (IPSG) for static hosts
  • Flexible netflow
  • Cisco TrustSec (CTS)
  • Media trace
  • HTTP redirects"

https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html

View solution in original post

3 Replies 3

Go to solution
pieterh
VIP
VIP

‎09-29-2021 03:56 AM

short answer is arp responses ( relation MAC-address IP-address) can be spoofed!

goal for IPDT is to keep MAC + IP consistent with MAC + switchport, to increase security

ARP by itself has no registration of switchport

Go to solution
rasmus.elmholt
Level 7
Level 7

‎09-29-2021 06:22 AM

If you don't have any features enabled that need IPDT then it is only a nice-to-have database of IP-MAC-Port.

But if you are running any of the following features IPDT is needed:

"IPDT and its ARP probes sent out of a given interface are used for these features:

  • Network Mobility Services Protocol (NMSP), Versions 3.2.0E, 15.2(1)E, 3.5.0E and later
  • Device sensor, Versions 15.2(1)E, 3.5.0E and later
  • 1X, MAC Authentication Bypass (MAB), session manager
  • Web-based authentication
  • Auth-proxy
  • IP Services Gateway (IPSG) for static hosts
  • Flexible netflow
  • Cisco TrustSec (CTS)
  • Media trace
  • HTTP redirects"

https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html

Go to solution
vv0bbLeS
Level 1
Level 1

‎09-29-2021 08:07 AM

Great! Thanks so much for the replies! I see now that IPDT also tracks the switchport and also what looks like a privilege level, so much different than ARP, and i see how IPDT could be used for the services mentioned. Thanks again!

0xD2A6762E
0 Helpful
Customers Also Viewed These Support Documents