Ip device tracking probe delay

Hi,
 "'ip device tracking probe delay 10 "" , will it means that ,  normally   cisco device (switch or router or firewall) automatically generate the ARP and if this command given it delays for 10 sec ? or it will delay the the unknown flooding for 10 sec ?

Hi Jithu,
It actually delay the proble from switch or router for 10 seconds during that time Windows server can sort out the duplicate ip issue detection.
Explanation from Cisco Site:
ip device tracking probe delay 10
The RFC specifies a ten−second window for duplicate address detection, so if you delay the
device−tracking probe, it resolves the issue in nearly all cases. In addition to probe−delay, the delay
also resets when the switch detects a probe from the PC. For example, if the probe timer has counted
down to five seconds and detects an ARP Probe from the PC, the timer resets back to ten seconds. In
rare circumstances, the PC sends an ARP Probe milliseconds before the switch sends its probe, which
still triggers a duplicate address message to the end user. This command was introduced in Version
15.0(1)SE on 2900, 3500, and 3700 Series switch platforms, Version 15.0(2)SG on the 4500 Series
switch platform, and Version 12.2(33)SXI7 on the 6500 Series switch platform.
HTH
Regards
Karthik

Similar Messages

  • Version 15.2(1)E on 4900M globally enables ip device tracking and can't remove it

    We wanted to upgrade our 4900M devices to version 15.2(1)E due to some feature for ipv6.
    Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 15.2(1)E, RELEASE SOFTWARE (fc3)
    After the upgrade we started to get error-reports from users that they got duplicate-ip error messages.
    The violating mac-address turned out to be from the upgraded  switch where the vlan passed through, but the switch itself does not  have an ip-address in that vlan. The devices reporting the error are also not connected to the switch.
    We were a bit puzzled about that but then we found that after the upgrade there is an extra line in the config
    "ip device tracking"
    which is something we do not use, but we can't seem to remove it.
    switchname(config)#no ip device tracking
    % IP device tracking is disabled at the interface level by removing the relevant configs
    however, there is no config defined on interface level, and even tried to disable it on interface level anyway, it makes no difference.
    All the interfaces are enabled for ip device tracking as well, and we are also not able to remove an interface.
    Searching the web we find that ip device tracking has been known to be responsable for duplicate-ip errors.
    I have now configured the "workaround"
    ip device tracking probe delay 10
    Don't know yet if it will make a difference but i don't want to finetune or configure a feature we don't use, i would like to disable something which shouldn't have been there in the first place.
    Any thoughts on how to disable the ip device tracking?

    Thanks John,
    after configuring "no macro auto monitor" all the physical interfaces are removed from being IPDT enabled.
    On the 4500-x switch in the lab that even meant all the interfaces and IPDT was disabled globally as well.
    On our production switch (4900M) i seemed to see some different behaviour.
    At first when i tried it, all the physical interfaces where "nmsp attachment suppress" was in place were removed from the IPDT. 
    After some investigation it turns out i also had placed globally "nmsp enable", since the suppress didn't seem to do anything.
    Having "nmsp enabled" is thus a feature that makes ipdt active on a port, but you can counter it by setting nmsp attachment suppress.
    In my case, since i originally didn't have nmsp enabled, i just disabled it again globally.
    The "macro auto monitor"  is apparently, as you point out, also a feature that will enable IPDT on a port.
    Turning it off disabled IPDT on all the physical interfaces.
    Which means i am close to a workaround but not quite, because it doesn't seem to work for the active port-channels.
    It's a bit weird for the port-channels at first sight.
    - configured port-channel, state not-connected -> not IPDT enabled
    - configured port-channel, state up -> IPDT enabled
    - if I shut down a port-channel , so state admin down -> the port-channel as well as the physical member-interfaces are made IPDT enabled. (which considering they are down shouldn't matter much, it is just odd)
    Any thoughts on IPDT with port-channels?

  • IP device tracking

    Hi,
    We have Cisco 3850 switches and we dont use dot1x but we need to turn off ip device tracking but when I do it from global config mode it pops up the below error:
    Switch(config)#no ip device tracking        
    % IP device tracking is disabled at the interface level by removing the relevant configs
    I've tried disabling it under interface mode even though we don use it.
    Can someone please show me how to disable it globally?
    Thanks.

    I have tried the no ip device track max 10 in interface mode and it accepts it but when I issue " sh ip device tracking int gig 2/0/22 " it still says its enabled.
    SW#show ip device tracking interface gig 2/0/22
    Enabled interface Configs:
    Global IP Device Tracking for clients = Enabled
    Global IP Device Tracking Probe Count = 3
    Global IP Device Tracking Probe Interval = 30
    Global IP Device Tracking Probe Delay Interval = 10
      IP Address    MAC Address   Vlan  Interface           Probe-Timeout      State    Source
    Total number interfaces enabled: 64
    Enabled interfaces:
      Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7,
      Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14,
      Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21,
      Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4,
      Te1/1/1, Te1/1/2, Te1/1/3, Te1/1/4, Gi2/0/1, Gi2/0/2, Gi2/0/3,
      Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10,
      Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17,
      Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22, Gi2/0/23, Gi2/0/24,
      Gi2/1/1, Gi2/1/2, Gi2/1/3, Gi2/1/4, Te2/1/1, Te2/1/2, Te2/1/3,
      Te2/1/4
    Here is the show version:
    SW#show ver
    Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2013 by Cisco Systems, Inc.
    Compiled Wed 20-Mar-13 17:10 by prod_rel_team
    Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
    All rights reserved.  Certain components of Cisco IOS-XE software are
    licensed under the GNU General Public License ("GPL") Version 2.0.  The
    software code licensed under GPL Version 2.0 is free software that comes
    with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
    GPL code under the terms of GPL Version 2.0.
    (http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
    documentation or "License Notice" file accompanying the IOS-XE software,
    or the applicable URL provided on the flyer accompanying the IOS-XE
    software.
    ROM: IOS-XE ROMMON
    BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
    SW uptime is 4 weeks, 1 day, 19 hours, 3 minutes
    Uptime for this control processor is 4 weeks, 1 day, 19 hours, 6 minutes
    System returned to ROM by reload at 12:43:29 WST Sun Sep 8 2013
    System restarted at 13:08:55 WST Sun Sep 8 2013
    System image file is "flash:packages.conf"
    Last reload reason: Reload command
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    License Level: Ipbase
    License Type: Permanent
    Next reload license Level: Ipbase
    cisco WS-C3850-24P (MIPS) processor with 4194304K bytes of physical memory.
    Processor board ID FOC1722Z4J9
    2 Virtual Ethernet interfaces
    56 Gigabit Ethernet interfaces
    8 Ten Gigabit Ethernet interfaces
    2048K bytes of non-volatile configuration memory.
    4194304K bytes of physical memory.
    250456K bytes of Crash Files at crashinfo:.
    250456K bytes of Crash Files at crashinfo-2:.
    1609272K bytes of Flash at flash:.
    1609272K bytes of Flash at flash-2:.
    0K bytes of Dummy USB Flash at usbflash0:.
    0K bytes of Dummy USB Flash at usbflash0-2:.
    0K bytes of  at webui:.
    Base Ethernet MAC Address          : d0:c7:89:70:a7:00
    Motherboard Assembly Number        : 73-12240-10
    Motherboard Serial Number          : FOC17215VEG
    Model Revision Number              : B0
    Motherboard Revision Number        : D0
    Model Number                       : WS-C3850-24P
    System Serial Number               : FOC1722Z4J9
    Switch Ports Model              SW Version        SW Image              Mode  
         1 32    WS-C3850-24P       03.02.01.SE       cat3k_caa-universalk9 INSTALL
         2 32    WS-C3850-24P       03.02.01.SE       cat3k_caa-universalk9 INSTALL
    Switch 02
    Switch uptime                      : 4 weeks, 1 day, 19 hours, 6 minutes
    Base Ethernet MAC Address          : d0:c7:89:70:96:80
    Motherboard Assembly Number        : 73-12240-10
    Motherboard Serial Number          : FOC17215V33
    Model Revision Number              : B0
    Motherboard Revision Number        : D0
    Model Number                       : WS-C3850-24P
    System Serial Number               : FOC1722V19Q
    Configuration register is 0x102

  • IP device tracking and idle timer problem

    Hi,
    We are deploying 802.1X in our network and have encountered problem with a type of payment terminal.
    The problem is that the terminal do not 'speak' to the network after the first initial DHCP request, the terminal waits for incoming packets from a counter to start the payment process. After the idle-time the MAC is flushed from the switch and the port is not authorized any more.
    To solve this we set 'authentication control-direction in' on the port and use 'ip device tracking' to keep the client on the network, ip device tracking sends an arp request every 30 seconds to clients.
    Our ISE is sending Radius:Idle-Timeout = 300 and the timer start to count down when the client is authenticated.
    In Wireshark, I can see that the ARP request is going out and the ARP reply coming back in but this does not update the inactivity timer for the client. So after 5 minutes the port is gone, and there is no way to get the port up again from the network. Traffic from the client brings up the network.
    This looks like a bug to me, anyone seen this, or a similar behaviour?
    Running:
    ISE 1.2p6
    IOS 12.2(55)SE6
    From Trustsec 1.99 Wired 802.1X Deployment Guide:
    Tip Enable IP Device Tracking with inactivity timers to keep quiet endpoints connected. When IP Device Tracking is enabled, the switch periodically sends ARP probes to endpoints in the IP Device Tracking table (which is initially populated by DHCP requests or ARP from the end point). As long as the endpoint is connected and responds to these probes, the inactivity timer is not triggered and the endpoint is not inadvertently removed from the network.
    From CLI output
    SW03#sh auth sessions int fa0/4
                Interface:  FastEthernet0/4
              MAC Address:  xxxx.xxxx.5289
               IP Address:  10.10.10.64
                User-Name:  XX-XX-XX-XX-52-89
                   Status:  Authz Success
                   Domain:  DATA
           Oper host mode:  multi-auth
         Oper control dir:  both
            Authorized By:  Authentication Server
               Vlan Group:  N/A
          Session timeout:  N/A
             Idle timeout:  300s (server), Remaining: 2s
        Common Session ID:  0A17BD07000000A925152A7B
          Acct Session ID:  0x00000458
                   Handle:  0x090000A9
    Runnable methods list:
           Method   State
           dot1x    Failed over
           mab      Authc Success
    SW03#
    SW03#
    SW03#
    SW03#sh auth sessions int fa0/4
                Interface:  FastEthernet0/4
              MAC Address:  Unknown
               IP Address:  Unknown
                   Status:  Running
                   Domain:  UNKNOWN
           Oper host mode:  multi-auth
         Oper control dir:  both
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0A17BD07000000AA251A0019
          Acct Session ID:  0x00000462
                   Handle:  0x800000AA
    Runnable methods list:
           Method   State
           dot1x    Running
           mab      Not run

    Here is the port config.
    Just to clarify, everything is working except that the terminal is losing the authentication. The terminal works again if traffic is initiated from the terminals menu, like with ping.
    interface FastEthernet0/4
     description Standard
     switchport access vlan xxx
     switchport mode access
     switchport block unicast
     switchport voice vlan xxx
     switchport port-security maximum 2
     switchport port-security
     switchport port-security aging time 5
     switchport port-security violation restrict
     priority-queue out
     authentication control-direction in
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan xxx
     authentication event server dead action authorize voice
     authentication event server alive action reinitialize
     authentication host-mode multi-auth
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication timer inactivity server
     authentication violation restrict
     mab
     no snmp trap link-status
     dot1x pae authenticator
     dot1x timeout tx-period 5
     storm-control broadcast level pps 100
     storm-control multicast level pps 100
     storm-control action trap
     spanning-tree portfast
     service-policy input users

  • "device tracking limit 2" + ip alias == only one IPDT binding

    When I turn on ip device tracking, then set the tracking limit to 2 on a port, then connect a host that is using an ip alias address (same mac, different IP a-la "ip address secondary") then there is only one IP address entry under "show ip device tracking interface XX".  It alternates between the two addresses.  Note one address is not reachable from the switch SVI, so probes might not work, but the switch seems to pick the address up readily from passive ARP.
    Is this normal behavior?  Am I missing a hidden setting?

    This topic is probably better suited in another Infrastructure forum, but I suppose it depends on which features are supported by your Cisco hardware and software. This doc discusses a variety of options:
    http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html
    For example, with the older CAR (committed access rate) approach:
    interface FastEthernet5/0
         rate-limit input access-group 101 20000000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
         rate-limit input access-group 102 5120000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
    access-list 101 permit ip 10.10.10.3 0.0.0.0
    access-list 102 permit ip 10.10.10.4 0.0.0.0
    You can observe CAR in action with "show interfaces fa5/0 rate-limit" for example.

  • Why the command "ip device tracking" can't use in IA 15.2SY0a

    hello
          i configure C6880 with VSS,and use C6800IA with IA,which version is 15.2SY0a,i found a question,when C6800IA run alone without IA uplink to C6880,the command "ip device tracking" can be found and use,but when C6800IA link to C6880 with IA,and C6880 confiure VSS,the command "ip device tracking" can't found and no config,why?

    yes

  • Track/report delayed sales order

    Dear Experts,
    Do you have a simple solution to track/report delayed sales order with reason code? (I'd like to see delays in days and a reason code in a list.) Is there anyone who generate this KPI from SAP?
    Thanks in advance,

    Dear Roland
    Besides going down order by order, if you want to see the changes made to sale orders in bulk, I dont think there is a standard TCode available.
    As you would be aware, for sales documents, the change object is VERKBELEG and you have to develop a report considering tables VBAK and VBAP.  Of course, you are aware, changed history are recorded in CDHDR and CDPOS but both will eat your time.
    May be you can check this link and develop a zee report accordingly.
    [Sales Order Changed History Display |http://www.sap-img.com/ab024.htm]
    thanks
    G. Lakshmipathi

  • Control settings at start of track cause delay in first note

    I want to set my MSB and LSB bank, and instrument settings at the very beginning of my tracks. But I find that doing so causes a delay in the first notes of the track. If I remove the control data, the first note starts on beat one, so I am sure that it is the control data which causes the delay.
    Any suggestions?

    Hi,
    Set your song start before bar 1 by dragging this little square 1 or more bars to the left:
    Now Logic has a 'runup' and you can move your initial bank settings so they're read & processed before any notes start.
    regards, Erik.

  • Track Pad Delay

    I've got a 15" MBP Core Duo,
    The track pad has recently being a bit buggy. If i close a window (with command +W), any window (system, safari...) and try to move the mouse VIA the track pad there is a 1-2 second delay before the track pad starts responding.
    I don't know if it has any relevance, but i recently installed a wireless mighty mouse, and the problem seems to have started since then.
    Has anyone else had this? Does anyone have a solution?

    Try this:
    Systm preferences > Keyboard & Mouse > Trackpad
    Now uncheck the option for 'Ignore accidental trackpad input' under 'Trackpad Options'.

  • Zen Vision: M - MTP device driver prob

    Hey there, I have just recently encountered a problem with using my zen on my computer.
    My system is hot stuff so its not gonna be the problem.
    Basically I plug it in and get "MTP Device Found"
    then I am prompted to install MTP drivers through windows update - Problem, file from the installation was not found after it checks to find drivers for me.
    Windows media doesnt recognize the device as MTP (this is WM im using) nor does Zen vision: m media explorer.
    Is there a driver package I can download that will let windows know what on earth to install to recognize this MTP device? I have tried all the downloads under the vision: m downloads section, none do a thing to help. I've reinstalled, deleted old registries and copied ones across from a computer that works with it. WTH lol
    Any help apreciated: This is Windows XP

    MTP Drivers are actually user space drivers ( a new Microsoft idea/mistake)? If the Windows Driver Foundation service isn't running, its not going to recognize the device or load the driver. It should be set to "automatically" start up.
    If its stopped there is a problem of some kind, either it has been set to not startup on boot or there was a failure of some kind at boot and you should check the event logs in eventvwr to see what kind of failure there was.
    If the service was set to start at boot and did not, then there should be an error message in eventvwr that will give you an idea of why.

  • Cisco 3850 Switch and Windows 7 IP Conflicts

    Team,
    Last evening (Christmas eve) we setup a pair of Cisco 3850 with IP Base version 3.3.35SE (recommended) and 3.7.0E (very latest).
    We got these to replace a very old switch that had died. Attached to this network are windows 7 PC's with all the standard patches, service packs, etc.
    with standard port configs - no PC would work - and in fact on each screen we got the windows 7 IP Conflict pop up box.
    This seemed very odd to us, as we know these IP's are all static (no dhcp on this segment at all)
    we went with a very vanilla config on each port
    interface g1/0/1
    switchport host
    that is it - nothing special at all.
    well, after hours of research we found the 3850 has a problem where its "ip device tracking" (even though disabled, by way of NOT being enabled on any interface) will effect the windows 7 PC's ip address in use detection port start up phase!
    This is a very big problem. I am frankly SHOCKED Cisco would release a major switch that is going to not work when connected to the average network with windows 7 PC's.
    we tried 3+ hours of prescribed work-arounds found when researching this issue -
    ip device tracking probe delay 10 (global config)
    ip device tracking max 0 (disabed, on interface)
    finally,
    nmsp attach suppress (interface, however this appears to be a default command in all IOS-XE versions we tried, as the command did NOT show in the show run) . this effected many different nic card vendors (laptops, desktops) and nic card drivers levels from old to very recent.
    Finally,
    we compared a 3850 in another location to this one - and we never got HIT by this problem before because that 3850 only as TRUNK ports and no windows 7 hosts directly attached.
    Doing more research, I found out this also can effect vmware guests running windows SERVER.
    this is now a huge issue as we have a scheduled deployment of 3850's throughout our network which is going to be put on hold.
    the work-around I came up with which is not great is -
    Make ALL the "access" ports connected to PC TRUNK ports and leave the NATIVE vlan (untagged) as the vlan you want the PC's to be in
    interface g1/0/1
    switchport mode trunk
    switchport trunk native vlan 1
    this is NOT an acceptable workaround as this presents security issues even with
    switchport trunk allowed vlan 1, etc. as the only allowed vlan.
    Note: this issue manifested itself and windows 7 PC's were UNABLE to use the network. if you do "ipconfig /all | more" you would see
    192.168.0.140(duplicate) and the interface would actually use 169.254.0.239(duplicate) so the duplicate message appeared twice in the output.
    1) With and without an SVI interface on each 3850 for the vlan where the windows 7 machines had a duplicate
    2) when we had an SVI and the command ip device tracking probe use-svi (or whatever the hidden command is I forget now, but it took it)
    3) when we had aaa new-model configured - and not configured - thinking this was some artifact of having aaa turn on something like 802.1x port state
    4) when could confirm NO DHCP SNOOPING
    5) when we DID not use static IP's - and had the switch assign DHCP addresses - the Windows 7 PC's STILL had duplicates and didnt work for their "Just leased" ip's.
    6) when we could confirm ios-xe ip device tracking = disabled with show ip device tracking status, etc.
    This is a major problem for this 3850 and unless we get a definitive answer on why this is happening and how we can rectify we are going to have to return our 3850's and get HP Procurve's something I would rather avoid doing. There is NO REASON I can imagine other than older switches who's ports default to ROUTED ports (i.e.. no ip switchport) where a switch should not at least function as a bare switch with essentially a default configuration out of the box.
    Any ideas? I'm working well now with the ports ALL in trunking mode with vlan 1 native, but this is not a scalable workaround we can live with as we have security risks of a port not blocking certain vlans from going out ports to pc's, etc. that attackers could send tags on at that point, etc.
    thanks,
    Joe Brunner
    #19366

    thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -
    Answers in line -
    This all stems from a switch replacement correct?
    yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.
    Are these 3850's in a stack?
    >yes, tested all aspects of the stack many times.
    Does it have a managment ip address -If so, is it using the old switch ip address
    >old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.
    What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
    >various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.
    How are they connected( L3 interface/L2 trunk/access port)
    >all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!
    Are thse switches performing inter-vlan routing or just acting as host switches?
    >dumb flat network, no routing.
    Is ip routing enabled?
    >not unless enabled on 3850 by default. I didnt type "ip routing"
    Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?
    Your 7 pcs = are they just client pcs not servers?
    client PC's - no servers OS per say.
    can you confirm something like ICS isnt enabled (Internet connection sharing)  on any of them?
    >yes not enabled.
    Are the just using one NIC each?
    > one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -
    default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.
    sh switch
    2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin
    tested all power and general 3850 stacking. saw no issues.
    sh int trunk
    >all ports are now trunks (hence the workaround used to get it up).
    has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native
    sh vlan brief
    >just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.
    sh vtp status
    not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.
    sh cdp neighbours
    cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.
    sh ip route
    just the L and C routes for the vlan 1 ip address 192.168.17.1/24
    no static routes
    no vlan interfaces other than int vlan 1
    no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.
    int g0/0/0
    ip vrf forwarding Switch_Mgmt
    i can get over there if you think of anything else key to show the group.
    thanks,
    Joe

  • Duplicate IP 0.0.0.0 Conflict on 802.1X Windows 7 Clients

    Hi,
    Ever since we implemented ISE 1.x with 802.1X authentication about two years ago, a number of our Windows 7 user stations occassionally report the well known error message: "duplicate ip 0.0.0.0" . Only wired stations are affected and it happens randomly but not frequently. On further investigation I found that the conflicting device mac address in every case is in fact the bia of the switch port that the Windows 7 PC client is connected. The characteristics of each case is consistent with the Cisco device tracking process as detailed in TAC Document ID: 116529, Updated: Oct 09, 2013
         http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
    We have Cisco C6500 access switches with IOS Ver: 12.2(33)SXJ1.The output of "Show ip device track all" command on the switches:
     access-switch#sh ip device track all
     IP Device Tracking = Enabled
     IP Device Tracking Probe Count = 3
     IP Device Tracking Probe Interval = 30
    I found that Cisco recommends three Solution options as follows:
     1. ip device tracking probe delay 10
     2. ip device tracking probe use-svi
     3. ip device tracking probe interval <seconds>
    However, the ios only shows track probe "count" and "interval" for change. There is no option to change the probe delay or use-svi in this IOS.
    What is your advice?
    Many thanks.
    Sankung

    You may have a look at this document if you have not seen it yet. It goes over device tracking a little more in detail and possible workarounds.
    http://tekdigest.blogspot.com/2013/11/windows-7-with-address-conflict-for-ip.html
    HTH
    luke

  • ISE/802.1x - IP Conflict at 0.0.0.0?

    Has anyone seen this issue?
    We have Windows 7 clients running 802.1x that will pop up a message in the eventlog that there is an IP conflict with 0.0.0.0. This seems to cause an infinite loop of DHCP NACK and BAD_ADDRESS in the scope.
    I am on code 1.1.1.268.
    Thanks in advance.
    -Ryan

    Hello i have the same issue only on a windows7 computer (all other computers are windows7 WindowsXP and are working fine)
    switches : 3750-X in version 15.0.1.SE2
    dot1x activated on switches, not on computer
    sometimes, a duplicate message IP 0.0.0.0 appear on the W7 computer, and it is not able to commmunicate after that, even it has a FIXED ip
    This is not a real duplicate Ip, the MAC AMC that has taken the IP 0.0.0.0 is a4:4c:11:44:xx:xx (seems to be a cisco switch ....)
    I have found at : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/command/reference/cli1.html#wp9596478
    that
    The ARP probe default source IP address is the Layer 3 interface and 0.0.0.0 for switchports.
    Since i have no IP for the user vlan on the 3750-x switch where ip device tracking is done, i assume this 0.0.0.0 Ip is viewed because of ARP probe requests sent by the switch ....
    But we don't have the ip device tracking probe delay parameter on 3750 switches ... only seen on 4500
    If anyone can confirm that ...
    Perhaps adding an IP in the user vlan could be a workaround as it won't use 0.0.0.0 IP for arp probes ?
    Ce message a été modifié par: Guillaume BARBEROT

  • IP address conflict on Windows 7 clients after change 3560 to 3650

    Hi,
    after a switch change 3560 to 3650 some Windows 7 clients show a popup with the message "IP address conflict". Because of using manual DHCP (MAC reserve an IP address) i would exclude the possibilitiy of using an duplicate IP address. After search i found this document:
    http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
    I tried the command 
    ip device tracking probe delay 10
    on the 3650 sw. Till now there are no messages with duplicate IP addresses on clients which connected to 3650 sw.
    But on on 3560 sw th command does not exist. Anybody who has a similar problem or an idea to solve the problem on the 3560 sw.
    The command "sh ip device tracking all" on 3560 shows that ip device tracking is disabled.
    Thx for any help.

    IOS version 12.2.(46) SE
    the suggested command does not exist.
    btw the ip address conflict popup appears on clients which are connect to the 3560 too.
    any other ideas?

  • Can't pull an IP address via DHCP

    I recently replaced a legacy 6513 with a 4510R+E running cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin
    Upon booting up a handful of workstations connected to the 4510 are unable to pull IP addresses. Once booted up, if you unplug and then plug the network cable back into workstation it pulls an IP address.
    The config is pretty vanilla. The only thing I did that I wouldn't usually do was add this command "ip device tracking probe delay 5" to address this issue... https://supportforums.cisco.com/discussion/11621386/ise8021x-ip-conflict-0000 I get the same results even if I remove this command
    Any suggestions?

    Thanks for your input.
    Portfast is configured globally. Just to be double certain I even configured it on the inteface.but it made no difference.

Maybe you are looking for