Guest

Preview Tool

Cisco Bug: CSCun59832 - IP DEVICES Tracking not populating on interface.

Last Modified

Sep 19, 2018

Products (142)

  • Cisco IOS
  • Cisco Catalyst 3560E-48PD-E Switch
  • Cisco ME 3400-24TS-A Switch
  • Cisco Catalyst 3560-12PC-S Compact Switch
  • Cisco Catalyst 3560G-48PS Switch
  • Cisco Catalyst 2960-24TC-L Switch
  • Cisco Catalyst 3560E-48PD-SF Switch
  • Cisco Catalyst 2960-48TT-S Switch
  • Cisco Catalyst 2960-24-S Switch
  • Cisco Catalyst 3750V2-24PS Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

12.2(55)SE8

Description (partial)

Symptom:
IP Device Tracking is not populating the static IP address to the interface.

ISSUES WITH IP DEVICE TRACKING POPULATING THE IP ADDRESS OF A CLIENT AFTER AUTHENTICATION.

The pc has static ip address and receives an authc and authz success from the Radius server but the IP Address is never populated so the dACL doesn't match the pc and all access is granted to the PC.

Conditions:
3750X running code: 12.2(55)SE8

Stacked and non stacked environment.

The PC has a pingable IP address bu ton the interface of the switch tin the show auth session you dont see an IP address populated. 

Because of this the dACL is never populated and updated with PC IP and all traffic is denied.

AAA Config:

aaa new-model
!
!
aaa authentication login default group bmh-acs local
aaa authentication enable default group bmh-acs enable
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec default group bmh-acs local if-authenticated 
aaa authorization commands 15 default group bmh-acs if-authenticated 
aaa authorization network default group radius 
aaa accounting update newinfo
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group bmh-acs
aaa accounting commands 15 default start-stop group bmh-acs
aaa accounting connection default start-stop group bmh-acs
aaa accounting system default start-stop group bmh-acs
no aaa accounting system guarantee-first
!

Interface Config:

interface FastEthernet X/X/X
switchport mode access
 switchport access vlan XXX
ip device tracking maximum 10
 no logging event link-status
 srr-queue bandwidth share 1 70 25 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out 
 authentication event fail action next-method
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 mab
 snmp trap mac-notification change added
 dot1x pae authenticator
 dot1x timeout tx-period 10
 dot1x max-req 1
 storm-control broadcast level 2.00
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input IPPHONE+PC
 ip dhcp snooping limit rate 15
end
!

Other Configs:

ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcp-snooping.dat
ip dhcp snooping
ip device tracking probe delay 10
ip device tracking
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.