Information About IP Device Tracking
The main IPDT task is to keep track of connected hosts (association of MAC and IP address). In order to do this, it sends unicast Address Resolution Protocol (ARP) probes with a default interval of 30 seconds; these probes are sent to the MAC address of the host connected on the other side of the link, and use Layer 2 (L2) as the default source the MAC address of the physical interface out of which the ARP goes and a sender IP address of 0.0.0.0, based on the ARP Probe definition listed in RFC 5227.
In this document, the term 'ARP Probe' is used to refer to an ARP Request packet, broadcast on the local link, with an all-zero 'sender IP address'. The 'sender hardware address' MUST contain the hardware address of the interface sending the packet. The 'sender IP address' field MUST be set to all zeroes, to avoid polluting ARP caches in other hosts on the same link in the case where the address turns out to be already in use by another host. The 'target IP address' field MUST be set to the address being probed. An ARP Probe conveys both a question ("Is anyone using this address?") and an implied statement ("This is the address I hope to use.").
The purpose of IPDT is for the switch to obtain and maintain a list of devices that are connected to the switch via an IP address. The probe does not populate the tracking entry; it is simply used in order to maintain the entry in the table after it is learned through an ARP request/reply from the host.
IP ARP Inspection is enabled automatically when IPDT is enabled; it detects the presence of new hosts when it monitors ARP packets. If dynamic ARP inspection is enabled, only the ARP packets that it validates are used in order to detect new hosts for the Device Tracking table.
IP DHCP Snooping, if enabled, detects the presence or removal of new hosts when DHCP assigns or revokes their IP addresses.
IPDT is a feature that has always been available. However, on more recent Cisco IOS releases, its interdependencies are enabled by default (see Cisco bug ID CSCuj04986). It can be extremely useful when its database of IP/MAC hosts associations is used in order to populate the source IP of dynamic Access Control Lists (ACLs), or to maintain a binding of an IP address to a security group tag.
The ARP probe is sent under two circumstances:
-
The link associated with a current entry in the IPDT database moves from a DOWN to an UP state, and the ARP entry has been populated.
-
A link already in the UP state that is associated with an entry in the IPDT database has an expired probe interval.