Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1208
Views
0
Helpful
3
Replies

IP device tracking on 3850 Switches (Reposting - Need help)

Jason Flory
Level 1
Level 1

‎08-14-2015 01:44 PM - edited ‎03-08-2019 01:22 AM

Hello Everyone

I am reposting this question because it seems like the posts are generating more questions then answers and really need to get some expert guidance around this issue. 

We have 2 3850 stacks in our corporate office.  One stack is for users and the other is for severs.  We have been having alot of false positive duplicate IPs errors on our servers and have been finding many others out there having issues with IPDT on 3850s.  The recommendation is to disable.  I want first fully understand this and second make sure I am not creating other issues down the line.

In our environment the server stack is the one that has the SVIs and does all layer 3.  We also have several other stand alone switches that connect our blade servers to the server stack.

As an update I have change tracking delay to 10 and added command ip device tracking probe delay use-svi 

First question:

In a multi switch environment which switch manages IP Device Tracking?  When I do show IP device tracking all on each switch it seems that a lot of the IPs being tracked are not directly connected nor are they only on the layer 3 switch.  Is there a way to control which switch does the tracking?  

Second question:

If we turn this off using nmsp attach suppress on each interface what are the implications?

 

Labels:
0 Helpful
3 Replies 3

paul driver
VIP
VIP

‎08-14-2015 02:32 PM

Hello

Can you post the config 3850 stacks?

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Jason Flory
Level 1
Level 1
In response to paul driver

‎08-14-2015 04:23 PM

Here is summarized config for server stack.  This is our core for this site and handles all routing.  This switch has all the SVIs for the user stack.   Stacks are trunked together via 10 GB link.

The second config is the user stack which does not have any SVIs and only does layer 2.

Server stack:

version 15.0
no service pad
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
service compress-config
!
hostname sfn-sw1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!

aaa session-id common
clock timezone PST -8 0
clock summer-time PDT recurring
switch 1 provision ws-c3850-48t
switch 2 provision ws-c3850-48t
switch 3 provision ws-c3850-48t
!
flow record NETFLOW-RECORD-IN
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 collect transport tcp flags
 collect interface output
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
 collect counter bytes layer2 long
!
!
flow record NETFLOW-RECORD-OUT
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface output
 collect transport tcp flags
 collect interface input
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
 collect counter bytes layer2 long
!
!
flow exporter NTAexport
 destination x.x.x.x
 source Vlan2
 transport udp 2055
 template data timeout 60
!
!
flow monitor NETFLOW-MON-IN
 exporter NTAexport
 cache timeout active 60
 record NETFLOW-RECORD-IN
!
!
flow monitor NETFLOW-MON-OUT
 exporter NTAexport
 cache timeout active 60
 record NETFLOW-RECORD-OUT
!
ip routing
!
ip multicast-routing
ip domain-name ia-global.com
ip name-server x.x.x.x
ip name-server x.x.x.x
ip device tracking probe use-svi
ip device tracking probe delay 10
ip device tracking
!
!
qos wireless-default-untrust
!
crypto pki trustpoint TP-self-signed-0
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-0
 revocation-check none
 rsakeypair TP-self-signed-0

!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 8192
!
redundancy
 mode sso
!

class-map match-any non-client-nrt-class
  match non-client-nrt
!
policy-map port_child_policy
 class non-client-nrt-class
    bandwidth remaining ratio 10

interface Loopback0
 ip address 10.2.255.5 255.255.255.0
 ip mtu 1500
!

!
interface Port-channel18
 description SFS-CITRIX-XS3 Team
 switchport mode trunk
!
interface Port-channel19
 description sfn-ucs-a
 switchport mode trunk
!
interface Port-channel20
 description sfn-ucs-b
 switchport mode trunk
!
interface Port-channel21
 description SFS-CITRIX-XS10 Team
 switchport mode trunk

!
interface GigabitEthernet1/0/1
 description Masergy MPLS
 switchport mode access
 ip flow monitor NETFLOW-MON-IN input
 ip flow monitor NETFLOW-MON-OUT output
 speed 100
 duplex full
!
interface GigabitEthernet1/0/2
 description ASA Lan
 switchport access vlan 254
 switchport mode access
 ip flow monitor NETFLOW-MON-IN input
 ip flow monitor NETFLOW-MON-OUT output
 duplex full
!
interface GigabitEthernet1/0/3
 description TMG
 switchport access vlan 254
 switchport mode access
!

interface TenGigabitEthernet3/1/1
 description sfn-ucs-a
 switchport mode trunk
 channel-group 19 mode active
!
interface TenGigabitEthernet3/1/2
 description sfn-ucs-a
 switchport mode trunk
 channel-group 19 mode active

!
interface Vlan1
 ip address x.x.x.x 255.255.255.0
 ip helper-address x.x.x.x
!
interface Vlan2
 description Management
 ip address x.x.x.x 255.255.255.0
 ip helper-address x.x.x.x
!
interface Vlan3
 description Data
 ip address x.x.x.x 255.255.255.0
 ip helper-address x.x.x.x
!
interface Vlan4
 description Server VLAN
 ip address x.x.x.x 255.255.255.0

interface Vlan5
 description Printer VLAN
 ip address x.x.x.x 255.255.255.0
!
interface Vlan6
 description Voice VLAN
 ip address x.x.x.x 255.255.255.0

interface Vlan7
 description Video VLAN
 ip address x.x.x.x 255.255.255.0
!
interface Vlan8
 description iSCSI VLAN
 ip address x.x.x.x 255.255.255.0
!
interface Vlan9
 description BYOD
 ip address x.x.x.x 255.255.255.0
 
 ip pim dense-mode
!
interface Vlan10
 description Guest VLAN
 ip address x.x.x.x 255.255.255.0
 
!
interface Vlan11
 description IA_WIFI
 ip address x.x.x.x 255.255.255.0
!
interface Vlan12
 ip address x.x.x.x 255.255.255.0
!
interface Vlan14
 description Cluster
 ip address x.x.x.x 255.255.255.0
!
interface Vlan15
 description Live Migration
 ip address x.x.x.x 255.255.255.0
!
interface Vlan254
 description Internet Transit
 ip address x.x.x.x 255.255.255.248
!
router ospf 1
 redistribute static subnets route-map STATIC-TO-OSPF-MAP
 network x.x.x.x
 network x.x.x.x
 network x.x.x.x
 network x.x.x.x
 default-information originate metric 1
!
no ip http server
ip http authentication aaa
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 x.x.x.x

!
ip access-list standard STATIC-TO-OSPF
 permit x.x.x.x
 permit x.x.x.x
 permit x.x.x.x
 permit x.x.x.x

ip radius source-interface Vlan2
logging trap warnings
logging source-interface Vlan2
logging host x.x.x.x
arp x.x.x.x 0100.5e71.0446 ARPA
arp  x.x.x.x 03bf.0a02.04a9 ARPA
!
route-map STATIC-TO-OSPF-MAP permit 10
 match ip address STATIC-TO-OSPF
!

ntp server nist-time-server.eoni.com
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
ap group default-group
end

 

User Stack

This is the user stack which is only does layer 2 functions

no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging console emergencies

aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius local
!
!
!
!
!
!
aaa session-id common
clock timezone PST -8 0
clock summer-time PDT recurring
switch 1 provision ws-c3850-48p
switch 2 provision ws-c3850-48p
ip routing
!
ip domain-name ia-global.com
ip name-server x.x.x.x
ip name-server x.x.x.x
ip device tracking probe use-svi
ip device tracking probe delay 10
ip device tracking
!
!
qos wireless-default-untrust
!
crypto pki trustpoint TP-self-signed-723753763
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-723753763
 revocation-check nonexxxxx
!
!
crypto pki certificate chain TP-self-signed-723753763
 certificate self-signed 01
 xxxxx
        quit
!
!
!
!
!
diagnostic bootup level minimal
identity policy webauth-global-inactive
 inactivity-timer 3600
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 16384
!
redundancy
 mode sso
!
lldp run
!
!
class-map match-any non-client-nrt-class
  match non-client-nrt
!
policy-map port_child_policy
 class non-client-nrt-class
    bandwidth remaining ratio 10
!
!
!
!
!
!
interface Loopback0
 ip address 10.x.x.x 255.255.255.0
 ip mtu 1500

Interfaces removed

interface Port-channel1
 description Uplink to SFN-SW3
 switchport mode trunk
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 description Reception 1
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!

!
interface Vlan1
 no ip address
!
interface Vlan2
 ip address 10.x.x.x 255.255.255.0
!
interface Vlan11
 no ip address
!
interface Vlan12
 no ip address
!
ip default-gateway 10.x.x.x
no ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.x.x.x
!
!
ip radius source-interface Vlan2
logging trap warnings
logging source-interface Vlan2
logging host 10.x.x.x

!
!
!
!

 length 0
!
ntp server 10.x.x.x version 2
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
ap group default-group
end

sfn-sw2#

0 Helpful

Jason Flory
Level 1
Level 1
In response to paul driver

‎08-14-2015 04:32 PM

Something to note:

Another thing that has been happening which I thought was unrelated was that our management interfaces on our UCS environment have been crashing.  While looking through some logs I found a new server build that did not have any static or DHCP addresses assigned came up with a duplicate IP with our UCS management IP.  Very strange.  

 

Thanks for looking at this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card