ip client-tracker

Syntax

ip client-tracker [trusted | untrusted]

no ip client-tracker [trusted | untrusted]

Description

Enables the visibility of statically and dynamically assigned IPv4 and IPv6 addresses for both authenticated and unauthenticated client.

The no form of this command disables the visibility of statically and dynamically assigned IPv4 and IPv6 addresses for both authenticated and unauthenticated client.

Command context

config

Parameters

trusted

Enables or disables the visibility of statically and dynamically assigned IPv4 and IPv6 addresses for authenticated clients.

untrusted

Enables or disables the visibility of statically and dynamically assigned IPv4 and IPv6 addresses for unauthenticated client.

Usage

  • Enabling this feature will send ARP probes to the client at regular intervals. This interval is determined by setting arp-age timeout. By default arp-age timeout is 20 minutes however the default timeout can be changed by using the command ip arp-age <timeout value in minutes>.

    • The periodic ARP probe aids in detecting any change of IP addresses on end clients.

    • The periodic probe aids silent clients to stay connected to the switch. Silent clients do not send any traffic to the switch after authentication which causes de-authenticated after a logoff period of 5 minutes (default value) due to inactivity. The periodic ARP probe triggers the end client to send response packets and aids the client in staying connected. The customer must manually configure the IP arp-age value to 1 minute with the command ip arp-age 1 to avoid being de-authenticated.

  • When the ip client-tracker command is executed more than once, it takes the last commands' behavior. For example when the command ip client-tracker trusted is run after the command ip client-tracker, the behavior will follow the last command, ip client-tracker trusted.

    • When the administrator tries to execute the no command that has not been configured (does not exist in running configuration), an error will appear.

Example

Show port-access client with multiple addresses. 

switch#  show port-access clients

Port Access Client Status

Port    Client Name    MAC Address           IP Address      User Role Type  VLAN
----   -------------- -------------- ---------------------- ---------- ----- ----
1       005056bd3ff7  005056-bd3ff7  3ffe:501:ffff:100::5e               MAC  1

Example

Show the port-access IPv4 client. 

Switch-Stack(config)# show port-access clients             

 Port Access Client Status

  Port  Client Name   MAC Address   IP Address      User Role         Type  VLAN
  ----- ------------- ------------- --------------- ----------------- ----- ----
  1/3   000002b85001  000002-b85001 10.1.1.30                         MAC   10

Example

Show the port-access IPv6 client. 

switch(config)# show port-access clients 22

Port Access Client Status

  Port  Client Name   MAC Address   IP Address      User Role         Type  VLAN
  ----- ------------- ------------- --------------- ----------------- ----- ----
  22    0000005daa34  000000-5daa34 n/a                               MAC   20

Example

Show the port-access client detail. 

switch(config)# show port-access clients 22 detailed

Port Access Client Status Detail

  Client Base Details :
   Port            : 22                    Authentication Type : mac-based
   Client Status   : authenticated         Session Time        : 64 seconds
   Client Name     : 0000005daa34          Session Timeout     : 0 seconds
   MAC Address     : 000000-5daa34
   IP              : n/a

  Access Policy Details :
   COS Map         : Not Defined           In Limit Kbps       : Not Set
   Untagged VLAN   : 20                    Out Limit Kbps      : Not Set
   Tagged VLANs    : No Tagged VLANs
   Port Mode       : 1000FDx
   RADIUS ACL List : No Radius ACL List
   IPV6 Address    : 2000::10