IP device tracking

Answered Question
Oct 6th, 2013
User Badges:
  • Bronze, 100 points or more

Hi,


We have Cisco 3850 switches and we dont use dot1x but we need to turn off ip device tracking but when I do it from global config mode it pops up the below error:


Switch(config)#no ip device tracking        

% IP device tracking is disabled at the interface level by removing the relevant configs


I've tried disabling it under interface mode even though we don use it.


Can someone please show me how to disable it globally?


Thanks.

Correct Answer by Richard Primm about 3 years 8 months ago

Hi Ross,

This is a known issue that we are continually working towards a resoltuion.  To solve your issue, please run the following at the interface level.


switch(config)# int range gig1/0/1 - 24

switch(config-if)# nmsp attach suppress

end


Unfortunalty we cannot do this globally, so we have to do it at the port level.  Again, we are working on a better solution in an upcoming release, but this will solve your issue for now.


PS. version 3.3 is released for the 3850 (major release)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Leo Laohoo Sun, 10/06/2013 - 23:50
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

I've tried disabling it under interface mode even though we don use it.

Go to the interface and do "no ip device track max ".  If you can't delete it, you will have to issue the command "default interface ".

ross_rulz Mon, 10/07/2013 - 00:04
User Badges:
  • Bronze, 100 points or more

We dont use the " ip device track max " under the interface mode. We dont use device tracking it is only on by default with the new switch when it came out of the box from Cisco.


Here is a sample of our interface config:


interface GigabitEthernet2/0/22

description --- User/IP Phone Connection ---

switchport access vlan 18

switchport mode access

switchport voice vlan 209

trust device cisco-phone

spanning-tree portfast

service-policy input VoIP


Any ideas?

Leo Laohoo Mon, 10/07/2013 - 01:08
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

To remove IP Device Tracking from an interface, use the command "ip device tracking max 0".

ross_rulz Mon, 10/07/2013 - 16:52
User Badges:
  • Bronze, 100 points or more

Thanks but I tried the above command and "0" is not available. See below what is available:


SW(config-if)#ip device tracking max ?

  <1-10>  Maximum devices


Any other ideas?

Leo Laohoo Mon, 10/07/2013 - 17:03
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

That's bizarre.  I am able to get this in:


Switch(config-if)#ip device track max ?

<0-65535>  Maximum devices (0 means disabled)


Can you post the output to the command "sh version"?

What happens if you run the interface command "no ip device track max 10"?

ross_rulz Mon, 10/07/2013 - 17:16
User Badges:
  • Bronze, 100 points or more

I have tried the no ip device track max 10 in interface mode and it accepts it but when I issue " sh ip device tracking int gig 2/0/22 " it still says its enabled.


SW#show ip device tracking interface gig 2/0/22



Enabled interface Configs:

Global IP Device Tracking for clients = Enabled

Global IP Device Tracking Probe Count = 3

Global IP Device Tracking Probe Interval = 30

Global IP Device Tracking Probe Delay Interval = 10

-----------------------------------------------------------------------------------------------

  IP Address    MAC Address   Vlan  Interface           Probe-Timeout      State    Source

-----------------------------------------------------------------------------------------------



Total number interfaces enabled: 64

Enabled interfaces:

  Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7,

  Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14,

  Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21,

  Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4,

  Te1/1/1, Te1/1/2, Te1/1/3, Te1/1/4, Gi2/0/1, Gi2/0/2, Gi2/0/3,

  Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10,

  Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17,

  Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22, Gi2/0/23, Gi2/0/24,

  Gi2/1/1, Gi2/1/2, Gi2/1/3, Gi2/1/4, Te2/1/1, Te2/1/2, Te2/1/3,

  Te2/1/4


Here is the show version:


SW#show ver

Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Wed 20-Mar-13 17:10 by prod_rel_team







Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.

All rights reserved.  Certain components of Cisco IOS-XE software are

licensed under the GNU General Public License ("GPL") Version 2.0.  The

software code licensed under GPL Version 2.0 is free software that comes

with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such

GPL code under the terms of GPL Version 2.0.

(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the

documentation or "License Notice" file accompanying the IOS-XE software,

or the applicable URL provided on the flyer accompanying the IOS-XE

software.







ROM: IOS-XE ROMMON

BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)



SW uptime is 4 weeks, 1 day, 19 hours, 3 minutes

Uptime for this control processor is 4 weeks, 1 day, 19 hours, 6 minutes

System returned to ROM by reload at 12:43:29 WST Sun Sep 8 2013

System restarted at 13:08:55 WST Sun Sep 8 2013

System image file is "flash:packages.conf"

Last reload reason: Reload command







This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.



A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html



If you require further assistance please contact us by sending email to

[email protected].



License Level: Ipbase

License Type: Permanent

Next reload license Level: Ipbase



cisco WS-C3850-24P (MIPS) processor with 4194304K bytes of physical memory.

Processor board ID FOC1722Z4J9

2 Virtual Ethernet interfaces

56 Gigabit Ethernet interfaces

8 Ten Gigabit Ethernet interfaces

2048K bytes of non-volatile configuration memory.

4194304K bytes of physical memory.

250456K bytes of Crash Files at crashinfo:.

250456K bytes of Crash Files at crashinfo-2:.

1609272K bytes of Flash at flash:.

1609272K bytes of Flash at flash-2:.

0K bytes of Dummy USB Flash at usbflash0:.

0K bytes of Dummy USB Flash at usbflash0-2:.

0K bytes of  at webui:.



Base Ethernet MAC Address          : d0:c7:89:70:a7:00

Motherboard Assembly Number        : 73-12240-10

Motherboard Serial Number          : FOC17215VEG

Model Revision Number              : B0

Motherboard Revision Number        : D0

Model Number                       : WS-C3850-24P

System Serial Number               : FOC1722Z4J9





Switch Ports Model              SW Version        SW Image              Mode  

------ ----- -----              ----------        ----------            ----  

     1 32    WS-C3850-24P       03.02.01.SE       cat3k_caa-universalk9 INSTALL

     2 32    WS-C3850-24P       03.02.01.SE       cat3k_caa-universalk9 INSTALL





Switch 02

---------

Switch uptime                      : 4 weeks, 1 day, 19 hours, 6 minutes

Base Ethernet MAC Address          : d0:c7:89:70:96:80

Motherboard Assembly Number        : 73-12240-10

Motherboard Serial Number          : FOC17215V33

Model Revision Number              : B0

Motherboard Revision Number        : D0

Model Number                       : WS-C3850-24P

System Serial Number               : FOC1722V19Q



Configuration register is 0x102

Leo Laohoo Mon, 10/07/2013 - 17:39
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hmmmmm ... I read in another post that this could be one of the known IOS bugs.

ross_rulz Mon, 10/07/2013 - 17:41
User Badges:
  • Bronze, 100 points or more

So best to upgrade the IOS on the switch then?

Leo Laohoo Mon, 10/07/2013 - 17:49
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

So best to upgrade the IOS on the switch then?

Ummmmm ... In this case, I am not sure.  My 3560CG, where I am able to run the command, is running 15.2(1)E.  This version, also known as IOS XE 3.5.0E for 3560/3850, is not yet available for the 3560/3850.


Personally, I'll leave this up to you since I am not yet finish with my testing of this particular IOS version.

ross_rulz Mon, 10/07/2013 - 17:51
User Badges:
  • Bronze, 100 points or more

Ok thanks for your help.

Damien Miller Mon, 10/07/2013 - 17:52
User Badges:

I found ip device tracking was causing my clients grief due to conflicting ip addresses.  The switch ports were sending arps with a 0.0.0.0 ip at the same time the tcp stack was reinitializing and gave itself the same 0.0.0.0 ip.  Windows was not happy with that.


We performed an IOS downgrade on our access layer switches to 15.0(2)SE4, this version allowed us to disable ip device tracking.  It appears in newer versions of code(15.2) it was on by default and could not be disabled.



My experience was with 2960's though.

Leo Laohoo Mon, 10/07/2013 - 18:02
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Damien,


To disable IP Device Tracking on a per-interface-level, use the command "ip device tracking max 0".   "0" means disable.  Don't ask me why we had to result to this but I sure heck didn't like it.

Loek Canisius Tue, 02/21/2017 - 06:14
User Badges:

We had the same issue with a 2960s model. We also downgraded to another version and we could then change the no ip device tracking command with no issues.



Correct Answer
Richard Primm Mon, 10/07/2013 - 18:56
User Badges:
  • Cisco Employee,

Hi Ross,

This is a known issue that we are continually working towards a resoltuion.  To solve your issue, please run the following at the interface level.


switch(config)# int range gig1/0/1 - 24

switch(config-if)# nmsp attach suppress

end


Unfortunalty we cannot do this globally, so we have to do it at the port level.  Again, we are working on a better solution in an upcoming release, but this will solve your issue for now.


PS. version 3.3 is released for the 3850 (major release)

ross_rulz Mon, 10/07/2013 - 19:08
User Badges:
  • Bronze, 100 points or more


Thanks Richard that worked.

Richard Primm Mon, 10/07/2013 - 19:13
User Badges:
  • Cisco Employee,

yea, no problem. if you wouldn't mind marking it as "answer" so others can review it if needed.  thanks

Tom Vanhout Tue, 10/08/2013 - 01:10
User Badges:

Hi Richard and Ross,


in my case (models tested are 4900M and 4500-X) i don't see any change concerning the ip device tracking.

It is still enabled globally and on all interfaces, and i still can't remove it.


The table also still lists the discovered devices, and i can still see the switch sending probes with wireshark.

I have put nmsp attach suppress on all the interfaces. (the devices are not directly connected to the switch though)


Could it be i am missing something or does this workaround only help in certain cases?


Thanks,

Tom

CrackedJack1 Tue, 10/08/2013 - 11:42
User Badges:

Does the nmsp attachment suppress command have to be applied to the vlans and port-channels too or just the physical interfaces?

Richard Primm Tue, 10/08/2013 - 11:59
User Badges:
  • Cisco Employee,

just physical interfaces, including NM module interfaces (1g,10g)


-lp

Tom Vanhout Wed, 10/09/2013 - 02:15
User Badges:

Hi Richard,


it seems some features sort of automatically enable IPDT on an interface.

One of those features seems to be nmsp.

If it is enabled globally the interfaces are IPDT enabled. You can stop it per interface by setting the nmsp attachment suppress as you described.


Another feature, as pointed out by John French, (see https://supportforums.cisco.com/message/4061789#4061789)

seems to be "macro auto monitor" .


After disabling that IPDT was disabled on all my physical interfaces, however active Port-Channels are still enabled.

Junnie Sadler Wed, 02/25/2015 - 08:18
User Badges:
  • Cisco Employee,

What do you mean by:

 

PS. version 3.3 is released for the 3850 (major release)

 

is something fixed in the latest 3.3. version ?

Chris Hesketh Thu, 02/26/2015 - 09:16
User Badges:

Is there a Bug ID for this?  I am having the same issue just now on a stack of two 3850's...when my VM Hosts reboot they believe there is a duplicate IP due to the device tracking...the only way to fix it is nmsp attach suppress.

MPuyales20 Wed, 03/30/2016 - 19:36
User Badges:

Hi Richard.


Re-opening this case.


We have 3850. We did not configure "nmsp attachment suppress" on any interface.

We connected the links to the clients equipment and powered up the 3850 last November 2015.

Then this March 2016, the issue regarding IPDT occured.


My question is why do you think the issue only occurred 4 months since we rebooted the 3850 switch?


Thanks.

Mark Puyales 

Actions

This Discussion