Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP device tracking

Hi,

We have Cisco 3850 switches and we dont use dot1x but we need to turn off ip device tracking but when I do it from global config mode it pops up the below error:

Switch(config)#no ip device tracking        

% IP device tracking is disabled at the interface level by removing the relevant configs

I've tried disabling it under interface mode even though we don use it.

Can someone please show me how to disable it globally?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

IP device tracking

Hi Ross,

This is a known issue that we are continually working towards a resoltuion.  To solve your issue, please run the following at the interface level.

switch(config)# int range gig1/0/1 - 24

switch(config-if)# nmsp attach suppress

end

Unfortunalty we cannot do this globally, so we have to do it at the port level.  Again, we are working on a better solution in an upcoming release, but this will solve your issue for now.

PS. version 3.3 is released for the 3850 (major release)

23 REPLIES
Hall of Fame Super Gold

IP device tracking

I've tried disabling it under interface mode even though we don use it.

Go to the interface and do "no ip device track max ".  If you can't delete it, you will have to issue the command "default interface ".

New Member

IP device tracking

We dont use the " ip device track max " under the interface mode. We dont use device tracking it is only on by default with the new switch when it came out of the box from Cisco.

Here is a sample of our interface config:

interface GigabitEthernet2/0/22

description --- User/IP Phone Connection ---

switchport access vlan 18

switchport mode access

switchport voice vlan 209

trust device cisco-phone

spanning-tree portfast

service-policy input VoIP

Any ideas?

Hall of Fame Super Gold

Re: IP device tracking

To remove IP Device Tracking from an interface, use the command "ip device tracking max 0".

New Member

IP device tracking

Thanks but I tried the above command and "0" is not available. See below what is available:

SW(config-if)#ip device tracking max ?

  <1-10>  Maximum devices

Any other ideas?

Hall of Fame Super Gold

IP device tracking

That's bizarre.  I am able to get this in:

Switch(config-if)#ip device track max ?

<0-65535>  Maximum devices (0 means disabled)

Can you post the output to the command "sh version"?

What happens if you run the interface command "no ip device track max 10"?

New Member

IP device tracking

I have tried the no ip device track max 10 in interface mode and it accepts it but when I issue " sh ip device tracking int gig 2/0/22 " it still says its enabled.

SW#show ip device tracking interface gig 2/0/22

Enabled interface Configs:

Global IP Device Tracking for clients = Enabled

Global IP Device Tracking Probe Count = 3

Global IP Device Tracking Probe Interval = 30

Global IP Device Tracking Probe Delay Interval = 10

-----------------------------------------------------------------------------------------------

  IP Address    MAC Address   Vlan  Interface           Probe-Timeout      State    Source

-----------------------------------------------------------------------------------------------

Total number interfaces enabled: 64

Enabled interfaces:

  Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7,

  Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14,

  Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21,

  Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4,

  Te1/1/1, Te1/1/2, Te1/1/3, Te1/1/4, Gi2/0/1, Gi2/0/2, Gi2/0/3,

  Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10,

  Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17,

  Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22, Gi2/0/23, Gi2/0/24,

  Gi2/1/1, Gi2/1/2, Gi2/1/3, Gi2/1/4, Te2/1/1, Te2/1/2, Te2/1/3,

  Te2/1/4

Here is the show version:

SW#show ver

Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Wed 20-Mar-13 17:10 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.

All rights reserved.  Certain components of Cisco IOS-XE software are

licensed under the GNU General Public License ("GPL") Version 2.0.  The

software code licensed under GPL Version 2.0 is free software that comes

with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such

GPL code under the terms of GPL Version 2.0.

(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the

documentation or "License Notice" file accompanying the IOS-XE software,

or the applicable URL provided on the flyer accompanying the IOS-XE

software.

ROM: IOS-XE ROMMON

BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)

SW uptime is 4 weeks, 1 day, 19 hours, 3 minutes

Uptime for this control processor is 4 weeks, 1 day, 19 hours, 6 minutes

System returned to ROM by reload at 12:43:29 WST Sun Sep 8 2013

System restarted at 13:08:55 WST Sun Sep 8 2013

System image file is "flash:packages.conf"

Last reload reason: Reload command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

License Level: Ipbase

License Type: Permanent

Next reload license Level: Ipbase

cisco WS-C3850-24P (MIPS) processor with 4194304K bytes of physical memory.

Processor board ID FOC1722Z4J9

2 Virtual Ethernet interfaces

56 Gigabit Ethernet interfaces

8 Ten Gigabit Ethernet interfaces

2048K bytes of non-volatile configuration memory.

4194304K bytes of physical memory.

250456K bytes of Crash Files at crashinfo:.

250456K bytes of Crash Files at crashinfo-2:.

1609272K bytes of Flash at flash:.

1609272K bytes of Flash at flash-2:.

0K bytes of Dummy USB Flash at usbflash0:.

0K bytes of Dummy USB Flash at usbflash0-2:.

0K bytes of  at webui:.

Base Ethernet MAC Address          : d0:c7:89:70:a7:00

Motherboard Assembly Number        : 73-12240-10

Motherboard Serial Number          : FOC17215VEG

Model Revision Number              : B0

Motherboard Revision Number        : D0

Model Number                       : WS-C3850-24P

System Serial Number               : FOC1722Z4J9

Switch Ports Model              SW Version        SW Image              Mode  

------ ----- -----              ----------        ----------            ----  

     1 32    WS-C3850-24P       03.02.01.SE       cat3k_caa-universalk9 INSTALL

     2 32    WS-C3850-24P       03.02.01.SE       cat3k_caa-universalk9 INSTALL

Switch 02

---------

Switch uptime                      : 4 weeks, 1 day, 19 hours, 6 minutes

Base Ethernet MAC Address          : d0:c7:89:70:96:80

Motherboard Assembly Number        : 73-12240-10

Motherboard Serial Number          : FOC17215V33

Model Revision Number              : B0

Motherboard Revision Number        : D0

Model Number                       : WS-C3850-24P

System Serial Number               : FOC1722V19Q

Configuration register is 0x102

Hall of Fame Super Gold

IP device tracking

Hmmmmm ... I read in another post that this could be one of the known IOS bugs.

New Member

IP device tracking

So best to upgrade the IOS on the switch then?

Hall of Fame Super Gold

IP device tracking

So best to upgrade the IOS on the switch then?

Ummmmm ... In this case, I am not sure.  My 3560CG, where I am able to run the command, is running 15.2(1)E.  This version, also known as IOS XE 3.5.0E for 3560/3850, is not yet available for the 3560/3850.

Personally, I'll leave this up to you since I am not yet finish with my testing of this particular IOS version.

New Member

IP device tracking

Ok thanks for your help.

New Member

Re: IP device tracking

I found ip device tracking was causing my clients grief due to conflicting ip addresses.  The switch ports were sending arps with a 0.0.0.0 ip at the same time the tcp stack was reinitializing and gave itself the same 0.0.0.0 ip.  Windows was not happy with that.

We performed an IOS downgrade on our access layer switches to 15.0(2)SE4, this version allowed us to disable ip device tracking.  It appears in newer versions of code(15.2) it was on by default and could not be disabled.

My experience was with 2960's though.

Hall of Fame Super Gold

IP device tracking

Damien,

To disable IP Device Tracking on a per-interface-level, use the command "ip device tracking max 0".   "0" means disable.  Don't ask me why we had to result to this but I sure heck didn't like it.

New Member

We had the same issue with a

We had the same issue with a 2960s model. We also downgraded to another version and we could then change the no ip device tracking command with no issues.

Cisco Employee

IP device tracking

Hi Ross,

This is a known issue that we are continually working towards a resoltuion.  To solve your issue, please run the following at the interface level.

switch(config)# int range gig1/0/1 - 24

switch(config-if)# nmsp attach suppress

end

Unfortunalty we cannot do this globally, so we have to do it at the port level.  Again, we are working on a better solution in an upcoming release, but this will solve your issue for now.

PS. version 3.3 is released for the 3850 (major release)

New Member

IP device tracking


Thanks Richard that worked.

Cisco Employee

IP device tracking

yea, no problem. if you wouldn't mind marking it as "answer" so others can review it if needed.  thanks

New Member

Re: IP device tracking

Hi Richard and Ross,

in my case (models tested are 4900M and 4500-X) i don't see any change concerning the ip device tracking.

It is still enabled globally and on all interfaces, and i still can't remove it.

The table also still lists the discovered devices, and i can still see the switch sending probes with wireshark.

I have put nmsp attach suppress on all the interfaces. (the devices are not directly connected to the switch though)

Could it be i am missing something or does this workaround only help in certain cases?

Thanks,

Tom

New Member

Re: IP device tracking

Does the nmsp attachment suppress command have to be applied to the vlans and port-channels too or just the physical interfaces?

Cisco Employee

Re: IP device tracking

just physical interfaces, including NM module interfaces (1g,10g)

-lp

New Member

IP device tracking

Hi Richard,

it seems some features sort of automatically enable IPDT on an interface.

One of those features seems to be nmsp.

If it is enabled globally the interfaces are IPDT enabled. You can stop it per interface by setting the nmsp attachment suppress as you described.

Another feature, as pointed out by John French, (see https://supportforums.cisco.com/message/4061789#4061789)

seems to be "macro auto monitor" .

After disabling that IPDT was disabled on all my physical interfaces, however active Port-Channels are still enabled.

Cisco Employee

What do you mean by: PS.

What do you mean by:

 

PS. version 3.3 is released for the 3850 (major release)

 

is something fixed in the latest 3.3. version ?

New Member

Is there a Bug ID for this?

Is there a Bug ID for this?  I am having the same issue just now on a stack of two 3850's...when my VM Hosts reboot they believe there is a duplicate IP due to the device tracking...the only way to fix it is nmsp attach suppress.

New Member

Hi Richard.

Hi Richard.

Re-opening this case.

We have 3850. We did not configure "nmsp attachment suppress" on any interface.

We connected the links to the clients equipment and powered up the 3850 last November 2015.

Then this March 2016, the issue regarding IPDT occured.

My question is why do you think the issue only occurred 4 months since we rebooted the 3850 switch?

Thanks.

Mark Puyales 

40049
Views
10
Helpful
23
Replies