6/15/22, 3:43 PM False Duplicate IP detection on Ethernet modules when used with Cisco or Stratix switches with IP Device

IP Device Tracking (IPDT) f…

Rockwell Automation
Rockwell logo
Automation
Listen
Think
Solve Center

Support Get Support


Training & Webinars
Online Forum
pavaneee11@… 
My TechConnect
logo
 
Customer Care

03-Feb-2022 - Important product notice regarding Microsoft vulnerability patch (MS KB5004442)

Feedback
 
0



ID: BF2882 | Access Levels: Everyone

False Duplicate IP detection on Ethernet modules

when used with Cisco or Stratix switches with IP
Device Tracking (IPDT) feature enabled
READ LATER:

Email this page

Print

To find an answer using a previous Answer ID, click here

Search Knowledgebase... SEARCH

ADD TO FAVORITES

Document ID
BF2882

Published Date
08/05/2020

Summary
False Duplicate IP detection on Ethernet modules when used with Cisco or Stratix
switches with IP Device Tracking (IPDT) feature enabled

Problem
 

When Rockwell Automation EtherNet/IP modules or other automation devices are

connected to a subnet containing Cisco or Stratix switches with IPDT feature enabled,
depending on the switch settings, the modules may go into a duplicate IP address state
after a restart/reset. The fault can be detected by the blinking red / off Network Status


LED, scrolling display message or solid red NS light on CompactLogix processors.

Top

 
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/568750 1/5
6/15/22, 3:43 PM False Duplicate IP detection on Ethernet modules when used with Cisco or Stratix switches with IP Device Tracking (IPDT) f…

Environment
Any Layer 2 network that contains both Rockwell Automation EtherNet/IP modules and
Cisco or Stratix switches running IPDT, when switches use 0.0.0.0 as the source IP
address in the IPDT ARP probes.

IPDT is much more likely to be implemented on Cisco Catalyst switches running IOS
versions released in 2013 or later because of a behavior change which enables this
command if any feature which requires it is enabled. This behavior change also removes

Feedback
the ability to turn off IPDT without first turning off any features which require IPDT.

The issue is less likely to occur on Stratix or Cisco IE switches because IPDT is disabled on 

those platforms by default. In addition, Stratix switches change IPDT probe settings after
Express Setup starting in IOS 15.2(7)E to mitigate the issue.

Cause
The IPDT feature sends probe ARP packets with a source IP address of 0.0.0.0, the source MAC ID of the switch,
and the target IP and MAC ID for the device being probed to check that it is still connected and responsive.

IPDT, when activated on a Cisco switch, will try to probe for every detected IP address connected on the subnet,
regardless of whether it is directly connected to that switch or not.

When a device becomes disconnected, and then is reconnected within the configurable IPDT timeout period,
probe ARP packets may be received by an EtherNet/IP module at the same time as it is in its Address Conflict
Detection (ACD) mechanism. If this happens, the EtherNet/IP module will immediately go into a duplicate IP
state, and stop communicating.

Testing has shown that this affects majority of EtherNet/IP modules sold by Rockwell Automation.

Solution
To prevent the false duplicate IP issue, several solutions can be implemented on switches that run IPDT:

1. Disable IPDT on any ports that connect to Rockwell Automation EtherNet/IP

modules.
2. If IPDT feature is required on the switch ports and cannot be disabled:
1. Configure the switch to use the Switch Virtual Interface (SVI) address in the ARP
probes
2. Configure the switch to use a fallback IP address (other than 0.0.0.0) if the SVI is
not configured for the VLAN.
3. Configure initial probe delay greater than 10 seconds to avoid conflicting with
the duplicate IP detection mechanism on power-up.

IPDT is disabled by default on Stratix switches. IPDT is enabled automatically when a feature requiring IPDT is
enabled. 

Top
1. To disable IPDT on a switch port, use this CLI command:

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/568750 2/5
6/15/22, 3:43 PM False Duplicate IP detection on Ethernet modules when used with Cisco or Stratix switches with IP Device Tracking (IPDT) f…

1. (config-if)#ip device tracking maximum 0

2. To configure IPDT to use the SVI or the fallback address, use these CLI commands:
1. (config)#ip device tracking probe auto-source fallback 169.254.1.100 0.0.0.0 override

2. (config)#ip device tracking probe delay 15

Starting in IOS 15.2(7)E, the IPDT probe settings can be modified in Device Manager:

Feedback



Starting in IOS 15.2(7)E, Stratix switches apply the IPDT probe settings as shown
above automatically during the Express Setup. IPDT will remain disabled globally.
When upgrading the Stratix switch from older IOS version to 15.2(7)E or later, the
existing IPDT settings will not be changed automatically, and must be modified
manually using CLI or Device Manager.
After applying these settings, the switch will use the SVI address in the probe (if
configured for the VLAN), or the fallback address if the SVI is not configured.
The fallback address 169.254.1.100 has been selected from the link-local reserved
address space to minimize the chance of having the same address in the network.
Any address can be used as the fallback address, as long as it is not used by any
other device.
Starting in IOS 15.2(7)E, a warning is displayed when IPDT-dependent feature, such as
NetFlow, is enabled

             .

IPDT may be disabled or enabled by default on Cisco Catalyst switches, depending on the
IOS version. IPDT is enabled automatically when a feature requiring IPDT is enabled. Some
IOS versions allow disabling IPDT globally while other only allow IPDT to be disabled per
port. This Cisco tech article describes IPDT behavior and configuration options: IP Device
Tracking (IPDT) Overview

Starting from IOS XE 16.5.1, Cisco Catalyst switches implement the new Switch Integrated
Security Features based (SISF-based) device tracking mechanism. SISF-based tracking 

Top
uses CLI configuration and tracking methods that are different from legacy IPDT. More

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/568750 3/5
6/15/22, 3:43 PM False Duplicate IP detection on Ethernet modules when used with Cisco or Stratix switches with IP Device Tracking (IPDT) f…

information on SISF can be found here: Configuring SISF-Based Device Tracking.

If Cisco DNA Center software is used to manage Cisco switches, IPDT or SISF must be
enabled on the switches. Switch configurations may be changed automatically by the
DNA Center to enable device tracking. If a switch does not have the SVI address in the
VLAN, it may start using 0.0.0.0 address in the probes thus creating the issue.

Examples of CLI commands to configure workarounds for IPDT are shown below. Refer to
the Cisco resources above for most up-to-date information.
1. To disable IPDT on a switch port:
1. (config-if)#ip device tracking maximum 0

2. To configure IPDT probe settings to use the SVI or the fallback address, starting in IOS
15.2(2)E:
1. (config)#ip device tracking probe auto-source fallback 169.254.1.100 0.0.0.0 override

2. (config)#ip device tracking probe delay 15

3. To configure IPDT probe settings to use the SVI in IOS prior to 15.2(2)E:
1. (config)# ip device tracking probe use-svi

2. (config)#ip device tracking probe delay 15

4. To configure SISF-based tracking to use the SVI or the fallback address starting in
IOS XE 16.5.1:
1. (config)# device-tracking tracking auto-source fallback 0.0.0.<X> 255.255.255.0 override

Note: In this example, the switch will use the part of the target IP address (first three
octets) based on the provided mask and use <X> as the last octet. Make sure that the
resulting address is not used by any other device.

Attachments

Was this answer helpful?

Yes
No

RATE CONTENT


Top

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/568750 4/5
 6/15/22, 3:43 PM False Duplicate IP detection on Ethernet modules when used with Cisco or Stratix switches with IP Device Tracking (IPDT) f…

DISCLAIMER
This knowledge base web site is intended to provide general technical information on a particular subject or subjects and is not an
exhaustive treatment of such subjects. Accordingly, the information in this web site is not intended to constitute application,
design, software or other professional engineering advice or services. Before making any decision or taking any action, which
might affect your equipment, you should consult a qualified professional advisor.

ROCKWELL AUTOMATION DOES NOT WARRANT THE COMPLETENESS, TIMELINESS OR ACCURACY OF ANY OF THE DATA
CONTAINED IN THIS WEB SITE AND MAY MAKE CHANGES THERETO AT ANY TIME IN ITS SOLE DISCRETION WITHOUT NOTICE.
FURTHER, ALL INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS "AS IS." IN NO EVENT SHALL ROCKWELL BE LIABLE FOR
ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT OR DAMAGE, EVEN IF
ROCKWELL AUTOMATION HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES.

ROCKWELL AUTOMATION DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED IN RESPECT OF THE INFORMATION
(INCLUDING SOFTWARE) PROVIDED HEREBY, INCLUDING THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE,
MERCHANTABILITY, AND NON-INFRINGEMENT. Note that certain jurisdictions do not countenance the exclusion of implied
warranties; thus, this disclaimer may not apply to you.

www.rockwellautomation.com

Copyright © 2022 Rockwell Automation, Inc. All Rights Reserved.

  

Top

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/568750 5/5