Disabling device tracking to support NAC devices
A device tracking disablement is a network configuration feature that
-
controls the flow of traffic between wireless clients using a network access control (NAC) device
-
blocks direct traffic between wireless clients through ARP spoofing, and
-
disables wireless client device tracking to support NAC devices.
Command usage for disabling device tracking
Use the no ip mac-binding command to enable ARP spoofing from the NAC. This command also disables wireless client device tracking.
 Note |
You can use this feature only with IPv4 addresses. |
Feature history for disable device tracking support for NAC devices
|
Release |
Feature |
Feature Information |
|---|---|---|
|
Cisco IOS XE Cupertino 17.8.1 |
Disabling Device Tracking to Support NAC Devices |
This feature helps to control the flow of traffic between wireless clients using network access control (NAC) device. |
Restrictions for disabling device tracking to support NAC devices
Restrictions for disabling device tracking to support NAC devices
-
The wireless client ip deauthenticate command refers directly to the IP table binding entries. The command does not work if the client’s IP address is not learned.
-
Layer 3 web authentication and other L3 policies are not supported.
-
When IP Source Guard (IPSG) is enabled and multiple binding information with the same address and preference level (such as DHCP or ARP) is sent to Cisco Packet Processor (CPP), the CPP ignores later bindings after creating the first binding. Do not configure IPSG and no ip mac-binding together. If you configure IPSG and no ip mac-binding together, IPSG does not work.
Disable device tracking for wireless clients (CLI)
Procedure
|
Step 1 |
Enter global configuration mode. Example: |
|
Step 2 |
Configure the wireless profile policy. Example:Example: |
|
Step 3 |
Disable the wireless policy profile. Example:Disabling the policy profile results in associated AP and client to rejoin. |
|
Step 4 |
Disable the IP-MAC address binding. Example: |
|
Step 5 |
Enable the wireless policy profile. Example: |
|
Step 6 |
Exit wireless policy configuration mode. Example: |
|
Step 7 |
Configure a VLAN and enter VLAN configuration mode. Example:Example: |
|
Step 8 |
Enable ARP broadcast on the VLAN. Example: |
|
Step 9 |
Return to privileged EXEC mode. Example: |
Verify ARP broadcast
Use this task to confirm whether ARP broadcast is enabled on your device. Confirming ARP broadcast helps ensure proper network communication and assists in troubleshooting connectivity issues.
Procedure
|
Use the show platform software arp broadcast command. Example:This command displays the ARP broadcast status and lists the VLANs where ARP broadcast is enabled. |
View the ARP broadcast status and the VLANs on which it is enabled. If troubleshooting is required, proceed to the relevant troubleshooting task.
Feedback