Ip device tracking probe delay
Hi,
"'ip device tracking probe delay 10 "" , will it means that , normally cisco device (switch or router or firewall) automatically generate the ARP and if this command given it delays for 10 sec ? or it will delay the the unknown flooding for 10 sec ?
Hi Jithu,
It actually delay the proble from switch or router for 10 seconds during that time Windows server can sort out the duplicate ip issue detection.
Explanation from Cisco Site:
ip device tracking probe delay 10
The RFC specifies a ten−second window for duplicate address detection, so if you delay the
device−tracking probe, it resolves the issue in nearly all cases. In addition to probe−delay, the delay
also resets when the switch detects a probe from the PC. For example, if the probe timer has counted
down to five seconds and detects an ARP Probe from the PC, the timer resets back to ten seconds. In
rare circumstances, the PC sends an ARP Probe milliseconds before the switch sends its probe, which
still triggers a duplicate address message to the end user. This command was introduced in Version
15.0(1)SE on 2900, 3500, and 3700 Series switch platforms, Version 15.0(2)SG on the 4500 Series
switch platform, and Version 12.2(33)SXI7 on the 6500 Series switch platform.
HTH
Regards
Karthik
Similar Messages
-
Version 15.2(1)E on 4900M globally enables ip device tracking and can't remove it
We wanted to upgrade our 4900M devices to version 15.2(1)E due to some feature for ipv6.
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 15.2(1)E, RELEASE SOFTWARE (fc3)
After the upgrade we started to get error-reports from users that they got duplicate-ip error messages.
The violating mac-address turned out to be from the upgraded switch where the vlan passed through, but the switch itself does not have an ip-address in that vlan. The devices reporting the error are also not connected to the switch.
We were a bit puzzled about that but then we found that after the upgrade there is an extra line in the config
"ip device tracking"
which is something we do not use, but we can't seem to remove it.
switchname(config)#no ip device tracking
% IP device tracking is disabled at the interface level by removing the relevant configs
however, there is no config defined on interface level, and even tried to disable it on interface level anyway, it makes no difference.
All the interfaces are enabled for ip device tracking as well, and we are also not able to remove an interface.
Searching the web we find that ip device tracking has been known to be responsable for duplicate-ip errors.
I have now configured the "workaround"
ip device tracking probe delay 10
Don't know yet if it will make a difference but i don't want to finetune or configure a feature we don't use, i would like to disable something which shouldn't have been there in the first place.
Any thoughts on how to disable the ip device tracking?Thanks John,
after configuring "no macro auto monitor" all the physical interfaces are removed from being IPDT enabled.
On the 4500-x switch in the lab that even meant all the interfaces and IPDT was disabled globally as well.
On our production switch (4900M) i seemed to see some different behaviour.
At first when i tried it, all the physical interfaces where "nmsp attachment suppress" was in place were removed from the IPDT.
After some investigation it turns out i also had placed globally "nmsp enable", since the suppress didn't seem to do anything.
Having "nmsp enabled" is thus a feature that makes ipdt active on a port, but you can counter it by setting nmsp attachment suppress.
In my case, since i originally didn't have nmsp enabled, i just disabled it again globally.
The "macro auto monitor" is apparently, as you point out, also a feature that will enable IPDT on a port.
Turning it off disabled IPDT on all the physical interfaces.
Which means i am close to a workaround but not quite, because it doesn't seem to work for the active port-channels.
It's a bit weird for the port-channels at first sight.
- configured port-channel, state not-connected -> not IPDT enabled
- configured port-channel, state up -> IPDT enabled
- if I shut down a port-channel , so state admin down -> the port-channel as well as the physical member-interfaces are made IPDT enabled. (which considering they are down shouldn't matter much, it is just odd)
Any thoughts on IPDT with port-channels? -
Hi,
We have Cisco 3850 switches and we dont use dot1x but we need to turn off ip device tracking but when I do it from global config mode it pops up the below error:
Switch(config)#no ip device tracking
% IP device tracking is disabled at the interface level by removing the relevant configs
I've tried disabling it under interface mode even though we don use it.
Can someone please show me how to disable it globally?
Thanks.I have tried the no ip device track max 10 in interface mode and it accepts it but when I issue " sh ip device tracking int gig 2/0/22 " it still says its enabled.
SW#show ip device tracking interface gig 2/0/22
Enabled interface Configs:
Global IP Device Tracking for clients = Enabled
Global IP Device Tracking Probe Count = 3
Global IP Device Tracking Probe Interval = 30
Global IP Device Tracking Probe Delay Interval = 10
IP Address MAC Address Vlan Interface Probe-Timeout State Source
Total number interfaces enabled: 64
Enabled interfaces:
Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7,
Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14,
Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21,
Gi1/0/22, Gi1/0/23, Gi1/0/24, Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4,
Te1/1/1, Te1/1/2, Te1/1/3, Te1/1/4, Gi2/0/1, Gi2/0/2, Gi2/0/3,
Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10,
Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17,
Gi2/0/18, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22, Gi2/0/23, Gi2/0/24,
Gi2/1/1, Gi2/1/2, Gi2/1/3, Gi2/1/4, Te2/1/1, Te2/1/2, Te2/1/3,
Te2/1/4
Here is the show version:
SW#show ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 20-Mar-13 17:10 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
SW uptime is 4 weeks, 1 day, 19 hours, 3 minutes
Uptime for this control processor is 4 weeks, 1 day, 19 hours, 6 minutes
System returned to ROM by reload at 12:43:29 WST Sun Sep 8 2013
System restarted at 13:08:55 WST Sun Sep 8 2013
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipbase
License Type: Permanent
Next reload license Level: Ipbase
cisco WS-C3850-24P (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1722Z4J9
2 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
250456K bytes of Crash Files at crashinfo-2:.
1609272K bytes of Flash at flash:.
1609272K bytes of Flash at flash-2:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of at webui:.
Base Ethernet MAC Address : d0:c7:89:70:a7:00
Motherboard Assembly Number : 73-12240-10
Motherboard Serial Number : FOC17215VEG
Model Revision Number : B0
Motherboard Revision Number : D0
Model Number : WS-C3850-24P
System Serial Number : FOC1722Z4J9
Switch Ports Model SW Version SW Image Mode
1 32 WS-C3850-24P 03.02.01.SE cat3k_caa-universalk9 INSTALL
2 32 WS-C3850-24P 03.02.01.SE cat3k_caa-universalk9 INSTALL
Switch 02
Switch uptime : 4 weeks, 1 day, 19 hours, 6 minutes
Base Ethernet MAC Address : d0:c7:89:70:96:80
Motherboard Assembly Number : 73-12240-10
Motherboard Serial Number : FOC17215V33
Model Revision Number : B0
Motherboard Revision Number : D0
Model Number : WS-C3850-24P
System Serial Number : FOC1722V19Q
Configuration register is 0x102 -
IP device tracking and idle timer problem
Hi,
We are deploying 802.1X in our network and have encountered problem with a type of payment terminal.
The problem is that the terminal do not 'speak' to the network after the first initial DHCP request, the terminal waits for incoming packets from a counter to start the payment process. After the idle-time the MAC is flushed from the switch and the port is not authorized any more.
To solve this we set 'authentication control-direction in' on the port and use 'ip device tracking' to keep the client on the network, ip device tracking sends an arp request every 30 seconds to clients.
Our ISE is sending Radius:Idle-Timeout = 300 and the timer start to count down when the client is authenticated.
In Wireshark, I can see that the ARP request is going out and the ARP reply coming back in but this does not update the inactivity timer for the client. So after 5 minutes the port is gone, and there is no way to get the port up again from the network. Traffic from the client brings up the network.
This looks like a bug to me, anyone seen this, or a similar behaviour?
Running:
ISE 1.2p6
IOS 12.2(55)SE6
From Trustsec 1.99 Wired 802.1X Deployment Guide:
Tip Enable IP Device Tracking with inactivity timers to keep quiet endpoints connected. When IP Device Tracking is enabled, the switch periodically sends ARP probes to endpoints in the IP Device Tracking table (which is initially populated by DHCP requests or ARP from the end point). As long as the endpoint is connected and responds to these probes, the inactivity timer is not triggered and the endpoint is not inadvertently removed from the network.
From CLI output
SW03#sh auth sessions int fa0/4
Interface: FastEthernet0/4
MAC Address: xxxx.xxxx.5289
IP Address: 10.10.10.64
User-Name: XX-XX-XX-XX-52-89
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: 300s (server), Remaining: 2s
Common Session ID: 0A17BD07000000A925152A7B
Acct Session ID: 0x00000458
Handle: 0x090000A9
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
SW03#
SW03#
SW03#
SW03#sh auth sessions int fa0/4
Interface: FastEthernet0/4
MAC Address: Unknown
IP Address: Unknown
Status: Running
Domain: UNKNOWN
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A17BD07000000AA251A0019
Acct Session ID: 0x00000462
Handle: 0x800000AA
Runnable methods list:
Method State
dot1x Running
mab Not runHere is the port config.
Just to clarify, everything is working except that the terminal is losing the authentication. The terminal works again if traffic is initiated from the terminals menu, like with ping.
interface FastEthernet0/4
description Standard
switchport access vlan xxx
switchport mode access
switchport block unicast
switchport voice vlan xxx
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 5
switchport port-security violation restrict
priority-queue out
authentication control-direction in
authentication event fail action next-method
authentication event server dead action reinitialize vlan xxx
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server
authentication violation restrict
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 5
storm-control broadcast level pps 100
storm-control multicast level pps 100
storm-control action trap
spanning-tree portfast
service-policy input users -
"device tracking limit 2" + ip alias == only one IPDT binding
When I turn on ip device tracking, then set the tracking limit to 2 on a port, then connect a host that is using an ip alias address (same mac, different IP a-la "ip address secondary") then there is only one IP address entry under "show ip device tracking interface XX". It alternates between the two addresses. Note one address is not reachable from the switch SVI, so probes might not work, but the switch seems to pick the address up readily from passive ARP.
Is this normal behavior? Am I missing a hidden setting?This topic is probably better suited in another Infrastructure forum, but I suppose it depends on which features are supported by your Cisco hardware and software. This doc discusses a variety of options:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html
For example, with the older CAR (committed access rate) approach:
interface FastEthernet5/0
rate-limit input access-group 101 20000000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
rate-limit input access-group 102 5120000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
access-list 101 permit ip 10.10.10.3 0.0.0.0
access-list 102 permit ip 10.10.10.4 0.0.0.0
You can observe CAR in action with "show interfaces fa5/0 rate-limit" for example. -
Why the command "ip device tracking" can't use in IA 15.2SY0a
hello
i configure C6880 with VSS,and use C6800IA with IA,which version is 15.2SY0a,i found a question,when C6800IA run alone without IA uplink to C6880,the command "ip device tracking" can be found and use,but when C6800IA link to C6880 with IA,and C6880 confiure VSS,the command "ip device tracking" can't found and no config,why?yes
-
Track/report delayed sales order
Dear Experts,
Do you have a simple solution to track/report delayed sales order with reason code? (I'd like to see delays in days and a reason code in a list.) Is there anyone who generate this KPI from SAP?
Thanks in advance,Dear Roland
Besides going down order by order, if you want to see the changes made to sale orders in bulk, I dont think there is a standard TCode available.
As you would be aware, for sales documents, the change object is VERKBELEG and you have to develop a report considering tables VBAK and VBAP. Of course, you are aware, changed history are recorded in CDHDR and CDPOS but both will eat your time.
May be you can check this link and develop a zee report accordingly.
[Sales Order Changed History Display |http://www.sap-img.com/ab024.htm]
thanks
G. Lakshmipathi -
Control settings at start of track cause delay in first note
I want to set my MSB and LSB bank, and instrument settings at the very beginning of my tracks. But I find that doing so causes a delay in the first notes of the track. If I remove the control data, the first note starts on beat one, so I am sure that it is the control data which causes the delay.
Any suggestions?Hi,
Set your song start before bar 1 by dragging this little square 1 or more bars to the left:
Now Logic has a 'runup' and you can move your initial bank settings so they're read & processed before any notes start.
regards, Erik. -
I've got a 15" MBP Core Duo,
The track pad has recently being a bit buggy. If i close a window (with command +W), any window (system, safari...) and try to move the mouse VIA the track pad there is a 1-2 second delay before the track pad starts responding.
I don't know if it has any relevance, but i recently installed a wireless mighty mouse, and the problem seems to have started since then.
Has anyone else had this? Does anyone have a solution?Try this:
Systm preferences > Keyboard & Mouse > Trackpad
Now uncheck the option for 'Ignore accidental trackpad input' under 'Trackpad Options'. -
Zen Vision: M - MTP device driver prob
Hey there, I have just recently encountered a problem with using my zen on my computer.
My system is hot stuff so its not gonna be the problem.
Basically I plug it in and get "MTP Device Found"
then I am prompted to install MTP drivers through windows update - Problem, file from the installation was not found after it checks to find drivers for me.
Windows media doesnt recognize the device as MTP (this is WM im using) nor does Zen vision: m media explorer.
Is there a driver package I can download that will let windows know what on earth to install to recognize this MTP device? I have tried all the downloads under the vision: m downloads section, none do a thing to help. I've reinstalled, deleted old registries and copied ones across from a computer that works with it. WTH lol
Any help apreciated: This is Windows XPMTP Drivers are actually user space drivers ( a new Microsoft idea/mistake)? If the Windows Driver Foundation service isn't running, its not going to recognize the device or load the driver. It should be set to "automatically" start up.
If its stopped there is a problem of some kind, either it has been set to not startup on boot or there was a failure of some kind at boot and you should check the event logs in eventvwr to see what kind of failure there was.
If the service was set to start at boot and did not, then there should be an error message in eventvwr that will give you an idea of why. -
Cisco 3850 Switch and Windows 7 IP Conflicts
Team,
Last evening (Christmas eve) we setup a pair of Cisco 3850 with IP Base version 3.3.35SE (recommended) and 3.7.0E (very latest).
We got these to replace a very old switch that had died. Attached to this network are windows 7 PC's with all the standard patches, service packs, etc.
with standard port configs - no PC would work - and in fact on each screen we got the windows 7 IP Conflict pop up box.
This seemed very odd to us, as we know these IP's are all static (no dhcp on this segment at all)
we went with a very vanilla config on each port
interface g1/0/1
switchport host
that is it - nothing special at all.
well, after hours of research we found the 3850 has a problem where its "ip device tracking" (even though disabled, by way of NOT being enabled on any interface) will effect the windows 7 PC's ip address in use detection port start up phase!
This is a very big problem. I am frankly SHOCKED Cisco would release a major switch that is going to not work when connected to the average network with windows 7 PC's.
we tried 3+ hours of prescribed work-arounds found when researching this issue -
ip device tracking probe delay 10 (global config)
ip device tracking max 0 (disabed, on interface)
finally,
nmsp attach suppress (interface, however this appears to be a default command in all IOS-XE versions we tried, as the command did NOT show in the show run) . this effected many different nic card vendors (laptops, desktops) and nic card drivers levels from old to very recent.
Finally,
we compared a 3850 in another location to this one - and we never got HIT by this problem before because that 3850 only as TRUNK ports and no windows 7 hosts directly attached.
Doing more research, I found out this also can effect vmware guests running windows SERVER.
this is now a huge issue as we have a scheduled deployment of 3850's throughout our network which is going to be put on hold.
the work-around I came up with which is not great is -
Make ALL the "access" ports connected to PC TRUNK ports and leave the NATIVE vlan (untagged) as the vlan you want the PC's to be in
interface g1/0/1
switchport mode trunk
switchport trunk native vlan 1
this is NOT an acceptable workaround as this presents security issues even with
switchport trunk allowed vlan 1, etc. as the only allowed vlan.
Note: this issue manifested itself and windows 7 PC's were UNABLE to use the network. if you do "ipconfig /all | more" you would see
192.168.0.140(duplicate) and the interface would actually use 169.254.0.239(duplicate) so the duplicate message appeared twice in the output.
1) With and without an SVI interface on each 3850 for the vlan where the windows 7 machines had a duplicate
2) when we had an SVI and the command ip device tracking probe use-svi (or whatever the hidden command is I forget now, but it took it)
3) when we had aaa new-model configured - and not configured - thinking this was some artifact of having aaa turn on something like 802.1x port state
4) when could confirm NO DHCP SNOOPING
5) when we DID not use static IP's - and had the switch assign DHCP addresses - the Windows 7 PC's STILL had duplicates and didnt work for their "Just leased" ip's.
6) when we could confirm ios-xe ip device tracking = disabled with show ip device tracking status, etc.
This is a major problem for this 3850 and unless we get a definitive answer on why this is happening and how we can rectify we are going to have to return our 3850's and get HP Procurve's something I would rather avoid doing. There is NO REASON I can imagine other than older switches who's ports default to ROUTED ports (i.e.. no ip switchport) where a switch should not at least function as a bare switch with essentially a default configuration out of the box.
Any ideas? I'm working well now with the ports ALL in trunking mode with vlan 1 native, but this is not a scalable workaround we can live with as we have security risks of a port not blocking certain vlans from going out ports to pc's, etc. that attackers could send tags on at that point, etc.
thanks,
Joe Brunner
#19366thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -
Answers in line -
This all stems from a switch replacement correct?
yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.
Are these 3850's in a stack?
>yes, tested all aspects of the stack many times.
Does it have a managment ip address -If so, is it using the old switch ip address
>old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.
What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
>various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.
How are they connected( L3 interface/L2 trunk/access port)
>all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!
Are thse switches performing inter-vlan routing or just acting as host switches?
>dumb flat network, no routing.
Is ip routing enabled?
>not unless enabled on 3850 by default. I didnt type "ip routing"
Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?
Your 7 pcs = are they just client pcs not servers?
client PC's - no servers OS per say.
can you confirm something like ICS isnt enabled (Internet connection sharing) on any of them?
>yes not enabled.
Are the just using one NIC each?
> one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -
default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.
sh switch
2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin
tested all power and general 3850 stacking. saw no issues.
sh int trunk
>all ports are now trunks (hence the workaround used to get it up).
has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native
sh vlan brief
>just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.
sh vtp status
not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.
sh cdp neighbours
cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.
sh ip route
just the L and C routes for the vlan 1 ip address 192.168.17.1/24
no static routes
no vlan interfaces other than int vlan 1
no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.
int g0/0/0
ip vrf forwarding Switch_Mgmt
i can get over there if you think of anything else key to show the group.
thanks,
Joe -
Duplicate IP 0.0.0.0 Conflict on 802.1X Windows 7 Clients
Hi,
Ever since we implemented ISE 1.x with 802.1X authentication about two years ago, a number of our Windows 7 user stations occassionally report the well known error message: "duplicate ip 0.0.0.0" . Only wired stations are affected and it happens randomly but not frequently. On further investigation I found that the conflicting device mac address in every case is in fact the bia of the switch port that the Windows 7 PC client is connected. The characteristics of each case is consistent with the Cisco device tracking process as detailed in TAC Document ID: 116529, Updated: Oct 09, 2013
http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
We have Cisco C6500 access switches with IOS Ver: 12.2(33)SXJ1.The output of "Show ip device track all" command on the switches:
access-switch#sh ip device track all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
I found that Cisco recommends three Solution options as follows:
1. ip device tracking probe delay 10
2. ip device tracking probe use-svi
3. ip device tracking probe interval <seconds>
However, the ios only shows track probe "count" and "interval" for change. There is no option to change the probe delay or use-svi in this IOS.
What is your advice?
Many thanks.
SankungYou may have a look at this document if you have not seen it yet. It goes over device tracking a little more in detail and possible workarounds.
http://tekdigest.blogspot.com/2013/11/windows-7-with-address-conflict-for-ip.html
HTH
luke -
ISE/802.1x - IP Conflict at 0.0.0.0?
Has anyone seen this issue?
We have Windows 7 clients running 802.1x that will pop up a message in the eventlog that there is an IP conflict with 0.0.0.0. This seems to cause an infinite loop of DHCP NACK and BAD_ADDRESS in the scope.
I am on code 1.1.1.268.
Thanks in advance.
-RyanHello i have the same issue only on a windows7 computer (all other computers are windows7 WindowsXP and are working fine)
switches : 3750-X in version 15.0.1.SE2
dot1x activated on switches, not on computer
sometimes, a duplicate message IP 0.0.0.0 appear on the W7 computer, and it is not able to commmunicate after that, even it has a FIXED ip
This is not a real duplicate Ip, the MAC AMC that has taken the IP 0.0.0.0 is a4:4c:11:44:xx:xx (seems to be a cisco switch ....)
I have found at : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/command/reference/cli1.html#wp9596478
that
The ARP probe default source IP address is the Layer 3 interface and 0.0.0.0 for switchports.
Since i have no IP for the user vlan on the 3750-x switch where ip device tracking is done, i assume this 0.0.0.0 Ip is viewed because of ARP probe requests sent by the switch ....
But we don't have the ip device tracking probe delay parameter on 3750 switches ... only seen on 4500
If anyone can confirm that ...
Perhaps adding an IP in the user vlan could be a workaround as it won't use 0.0.0.0 IP for arp probes ?
Ce message a été modifié par: Guillaume BARBEROT -
IP address conflict on Windows 7 clients after change 3560 to 3650
Hi,
after a switch change 3560 to 3650 some Windows 7 clients show a popup with the message "IP address conflict". Because of using manual DHCP (MAC reserve an IP address) i would exclude the possibilitiy of using an duplicate IP address. After search i found this document:
http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
I tried the command
ip device tracking probe delay 10
on the 3650 sw. Till now there are no messages with duplicate IP addresses on clients which connected to 3650 sw.
But on on 3560 sw th command does not exist. Anybody who has a similar problem or an idea to solve the problem on the 3560 sw.
The command "sh ip device tracking all" on 3560 shows that ip device tracking is disabled.
Thx for any help.IOS version 12.2.(46) SE
the suggested command does not exist.
btw the ip address conflict popup appears on clients which are connect to the 3560 too.
any other ideas? -
Can't pull an IP address via DHCP
I recently replaced a legacy 6513 with a 4510R+E running cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin
Upon booting up a handful of workstations connected to the 4510 are unable to pull IP addresses. Once booted up, if you unplug and then plug the network cable back into workstation it pulls an IP address.
The config is pretty vanilla. The only thing I did that I wouldn't usually do was add this command "ip device tracking probe delay 5" to address this issue... https://supportforums.cisco.com/discussion/11621386/ise8021x-ip-conflict-0000 I get the same results even if I remove this command
Any suggestions?Thanks for your input.
Portfast is configured globally. Just to be double certain I even configured it on the inteface.but it made no difference.
Maybe you are looking for
-
HT4799 Rented a movie on my appletv but it's stuck on loading page
I rented a movie on my Apple TV and it's stuck on the page that says loading...
-
I have a layer of a quicktime file on top of a jpeg image. In Safari 3.1, there is nothing but the jpeg. In Firefox 2.0.0.14, the quicktime box is off to the left and works, though off-center. In Internet Explorer 5.2 (Mac), the quicktime file works
-
I suddenly can't access the firewall tab in the sharing preferences neither
After doing this for hundreds ot times I tried to connect with an Ethernet connection to another computer and could not do it. I went to system preferences/ sharing and found the firewall tab is not accessible and when I try to activate the services
-
Handling collections in coherence cache
hi, In a mutithreaded environment, how does coherence cache handles collection like HashMap in a multithreaded environment where the large majority of method calls are read-only, instead of structural changes? Are the read calls non-synchronized by c
-
Over riding hashtable get and put method
Hi all Anyone have any idea about over ride HashTable get() and put(). Is it possible to over ride HashTable methods.