Just adding my two cents, just in case someone thinks this is an 'old' issue. We are a manufacturer and our PLC's stopped comms with our HMI's as our PLC's reported duplicate IP's. No IPDT was enabled on the VLAN in question, and, it only happened on one VLAN. This propagated through 3850's, 3750's, 2960's and Stratix switches. It started after I introduced (2) 3850's as aggregate switches, and a 4503 with a Sup7, which has a bug associated with it to the network. The VLAN which had the issue was routed at the 3850, which is below the 4503 in the hierarchy.  Working with Rockwell and Cisco, no one can tell me what triggered the IPDT to enable itself, but I did enable macro auto processing on the 4503 right before the issue began. Please note - the 4503 does not show IP device tracking enabled in the config - you have to look for it. I heard that adding the device tracking 0 on all interfaces is the cure, but, I have a lot of disparate switches in the network, some unmananged (but manageable - working on that)  port channels,  etc, and the device tracking 0 is on the stratix switches (connected to the PLC's) but the problem persisted anyway. Still working with Rockwell & CIsco on best way to mitigate my network. This has the potential to cross all vlans, and even WAN links if I understand correctly. No windows devices were impacted and no animals were hurt.

To remove IP Device Tracking from an interface, use the command "ip device tracking max 0".

Folks,

Please see Richard Primm's response here.  He's posted a work-around.

Thanks for the link Leo.

Unfortunately the workaround doesn't seem to work for me.

Starting in 15.2(1)E, device sensor uses IPDT.  You can disable device sensor using "no macro auto monitor".  Assuming you have no other non-default features configured that trigger IPDT, that should eliminate IPDT from being active on the port.

Thanks John,

after configuring "no macro auto monitor" all the physical interfaces are removed from being IPDT enabled.

On the 4500-x switch in the lab that even meant all the interfaces and IPDT was disabled globally as well.

On our production switch (4900M) i seemed to see some different behaviour.

At first when i tried it, all the physical interfaces where "nmsp attachment suppress" was in place were removed from the IPDT. 

After some investigation it turns out i also had placed globally "nmsp enable", since the suppress didn't seem to do anything.

Having "nmsp enabled" is thus a feature that makes ipdt active on a port, but you can counter it by setting nmsp attachment suppress.

In my case, since i originally didn't have nmsp enabled, i just disabled it again globally.

The "macro auto monitor"  is apparently, as you point out, also a feature that will enable IPDT on a port.

Turning it off disabled IPDT on all the physical interfaces.

Which means i am close to a workaround but not quite, because it doesn't seem to work for the active port-channels.

It's a bit weird for the port-channels at first sight.

- configured port-channel, state not-connected -> not IPDT enabled

- configured port-channel, state up -> IPDT enabled

- if I shut down a port-channel , so state admin down -> the port-channel as well as the physical member-interfaces are made IPDT enabled. (which considering they are down shouldn't matter much, it is just odd)

Any thoughts on IPDT with port-channels?

The workaround found on http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuj04986 is working on portchannels.

It's fixed by using 'ip device tracking max 0' on the interfaces,