Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
0
Replies

Triggering IP Device Tracking

andrewswanson
Level 7
Level 7

‎06-29-2017 11:08 AM - edited ‎03-08-2019 11:09 AM

Hi

I'm in the middle of a TrustSec deployment (static SGT classification and Enforcement at the access layer) using WS-C3650-48PD switches running 03.06.05E.

The deployment was a a success at the first site - this site had dot1x for wired clients enabled. These dot1x clients would get an SGT classification as they had an entry in the IP device tracking table.

I started having issues at the second site where dot1x for wired clients is currently not enabled (same switch models and ios). The wired clients wouldn't be classified with an SGT because the clients didn't have an entry in the IP device tracking table.

The Cisco documentation below states:

"when IPDT is enabled globally, other features actually determine whether it is active on a specific interface"

http://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html#anc14

The second site is not at a point where I can enable wired dot1x which would trigger device tracking. I had a look at the other features that trigger IPDT and found that the global command "nmsp enable" triggered ipdt for all interfaces on the switch (with the exception of the switch uplinks).

I'm still looking at the implications of using this workaround to trigger ipdt. Does anyone know of a better way of doing this?

Thanks
Andy

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card