Device Sensor: Finding Feature Information

Device Sensor
Last Updated: June 26, 2012 Device Sensor feature is used to gather raw endpoint data from network devices using protocols such as Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and DHCP. The endpoint data is made available to registered clients in the context of an access session.
Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents of this Guide

Finding Feature Information, page 1 About Device Sensor, page 2 How to Configure Device Sensor, page 3 Restrictions for Device Sensor, page 8 Additional References, page 9 Device Sensor Commands, page 11
Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
20112012 Cisco Systems, Inc. All rights reserved.
About Device Sensor
About Device Sensor

Device Sensor introduces the device-sensor capability, which is used to gather raw endpoint data from network devices. The endpoint information aids in completing the profiling capability of switches. Profiling is the determination of the endpoint type based on information gleaned from various protocol packets from an endpoint during its connection to a network. The profiling capability consists of two parts:

Collector--Gathers endpoint data from network devices. Analyzer--Processes the data and determines the type of device.
Device Sensor represents the embedded collector functionality. The illustration below shows Device Sensor in the context of the profiling system and also features other possible clients of the sensor.
Figure 1 Device Sensor and Its Clients
A switch with sensor capability gathers endpoint information from network devices using protocols such as Cisco Discovery Protocol (CDP), LLDP, and DHCP, subject to statically configured filters, and makes this information available to its registered clients in the context of an access session. An access session represents an endpoint's connection to the network device. Device Sensor has internal and external clients. The internal clients include components such as the embedded Device Classifier (local analyzer), ASP, MSI-Proxy, and EnergyWise (EW). The external client, that is the Identity Services Engine (ISE) analyzer, will use RADIUS accounting to receive additional endpoint data. Client notifications and accounting messages containing profiling data along with the session events, and other session-related data, such as MAC address and ingress port are generated and sent to the internal and external clients (ISE). By default, for each supported peer protocol, client notifications and accounting events are only generated where an incoming packet includes a TLV that has not previously
OL-26564-01
How to Configure Device Sensor
been received in the context of a given session. You can enable client notifications and accounting events for all TLV changes, where either a new TLV has been received or a previously received TLV has been received with a different value using CLI commands. Device Sensor's port security protects the switch from consuming memory and crashing during deliberate or unintentional denial-of-service (DoS) type attack. The sensor limits the maximum device monitoring sessions to 32 per port (access ports and trunk ports). In case of lack of activity from hosts, the age session time is 12 hours.

Device Sensor is enabled by default. These tasks are applicable only if you want to configure the sensor based on your specific requirements.
Note
If you do not perform these configuration tasks, then the following TLVs are included by default:

Cisco Discovery Protocol filter--secondport-status-type and powernet-event-type (type 28 and 29) LLDP filter--organizationally-specific (type 127) DHCP filter--message-type (type 53)
Enabling Accounting Augmentation, page 3 Creating a Cisco Discovery Protocol Filter, page 4 Creating an LLDP Filter, page 5 Creating a DHCP Filter, page 5 Applying a Protocol Filter to Device Sensor Output, page 6 Tracking TLV Changes, page 7 Verifying Device Sensor Configuration, page 7 Troubleshooting Tips, page 8
Enabling Accounting Augmentation

For the sensor protocol data to be added to the accounting messages, you must enable session accounting by using the following standard Authentication, Authorization, and Accounting (AAA), and RADIUS configuration commands:
Switch(config)# aaa new-model Switch(config)# aaa accounting dot1x default start-stop group radius Switch(config)# radius-server host{hostname|ip-address}[auth-port port-number][acct-port port-number][timeout seconds][retransmit retries][key string] Switch(config)# radius-server vsa send accounting
Beginning in privileged EXEC mode, follow these steps to add Device Sensor protocol data to accounting records.
OL-26564-01
Command
Step 1
Purpose Enters global configuration mode.
configure terminal
Example:
Switch# configure terminal
Step 2
device-sensor accounting
Example:
Switch(config)# device-sensor accounting
Enables the addition of sensor protocol data to accounting records and also enables the generation of additional accounting events when new sensor data is detected.
Step 3
end
Example:
Switch(config)# end
Returns to privileged EXEC mode.
Creating a Cisco Discovery Protocol Filter

Beginning in privileged EXEC mode, follow these steps to create a Cisco Discovery Protocol filter containing a list of TLVs that can be included or excluded in Device Sensor output. Command
Step 1
configure terminal
Example:
Step 2
device-sensor filter-list cdp list tlv-list-name

Example:
Switch(config)# device-sensor filter-list cdp list cdp-list
Creates a TLV list and enters CDP sensor configuration mode, where you can configure individual TLVs.
Step 3
tlv {name'tlv-name | number tlv-number}

Example:
Switch(config-sensor-cdplist)# tlv number 10
Adds individual CDP TLVs to the TLV list. You can delete the TLV list without individually removing TLVs from the list by using the no device-sensor filter-list cdp list tlv-list-name command.
Step 4
end
Example:
Switch(config-sensor-cdplist)# end
OL-26564-01
Creating an LLDP Filter

Beginning in privileged EXEC mode, follow these steps to create an LLDP filter containing a list of TLVs that can be included or excluded in Device Sensor output. Command
Step 1
configure terminal
Example:
Step 2
device-sensor filter-list lldp list tlv-list-name

Example:
Switch(config)# device-sensor filter-list lldp list lldp-list
Creates a TLV list and enters LLDP sensor configuration mode, where you can configure individual TLVs.
Step 3
tlv {name tlv-name | number tlv-number}

Example:
Switch(config-sensor-cdplist)# tlv number 10
Adds individual LLDP TLVs to the TLV list. You can delete the TLV list without individually removing TLVs from the list by using the no device-sensor filter-list lldp list tlv-list-name command.
Step 4
end
Example:
Switch(config-sensor-lldplist)# end
Creating a DHCP Filter

Beginning in privileged EXEC mode, follow these steps to create a DHCP filter containing a list of options that can be included or excluded in Device Sensor output. Command
Step 1
configure terminal
Example:
Step 2
device-sensor filter-list dhcp list option-list-name

Example:
Switch(config)# device-sensor filter-list dhcp list dhcp-list
Creates an options list and enters DHCP sensor configuration mode, where you can configure individual options.
OL-26564-01
Command
Step 3
Purpose Adds individual DHCP options to the option list. You can delete the option list without individually removing options from the list by using the no device-sensor filter-list dhcp list option-list-name command.
option {name option-name | number option-number}

Example:
Switch(config-sensor-dhcplist)# option number 50
Step 4
end
Example:
Switch(config)# end
Applying a Protocol Filter to Device Sensor Output

Beginning in privileged EXEC mode, follow these steps to apply a CDP, LLDP, or DHCP filter to the sensor output. The output is session notifications to internal sensor clients and accounting requests. Command
Step 1
configure terminal
Example:
Step 2
device-sensor filter-spec {cdp | dhcp | lldp} {exclude {all | list list-name} | include list list-name}
Example:
Switch(config)# device-sensor filter-spec cdp include list list1
Applies a specific protocol filter containing a list of TLV fields to Device Sensor output.

cdp--Applies a CDP TLV filter list to Device Sensor output. lldp--Applies an LLDP TLV filter list to Device Sensor output. dhcp--Applies a DHCP TLV filter list to Device Sensor output. exclude--Specifies the TLVs that must be excluded from Device Sensor output. include--Specifies the TLVs that must be included from Device Sensor output. all--Disables all notifications for the associated protocol. list list-name--Protocol TLV filter list name.
Step 3
end
Example:
Switch(config)# end
OL-26564-01
Tracking TLV Changes

Beginning in privileged EXEC mode, follow these steps to enable client notifications and accounting events for all TLV changes. By default, for each supported peer protocol, client notifications and accounting events will only be generated where an incoming packet includes a TLV that has not previously been received in the context of a given session. Command
Step 1
configure terminal
Example:
Step 2
device-sensor notify all-changes

Example:
Switch(config)# device-sensor notify all-changes
Enables client notifications and accounting events for all TLV changes, that is, where either a new TLV is received or a previously received TLV is received with a new value in the context of a given session. Note Use the default device-sensor notify or the device-sensor notify new-tlvs command to return to the default TLV. Returns to privileged EXEC mode.
Step 3
end
Example:
Switch(config)# end
Verifying Device Sensor Configuration

Beginning in privileged EXEC mode, follow these steps to verify the sensor cache entries for all devices. Command
Step 1 Step 2
Purpose Displays sensor cache entries (the list of protocol TLVs or options received from a device) for a specific device. Displays sensor cache entries for all devices.
show device-sensor cache mac mac-address show device-sensor cache all

Example:
Switch(config)# device-sensor notify all-changes
Here is an example for the show device-sensor cache mac mac-address privileged EXEC command.
Switch# show device-sensor cache mac 0024.14dc.df4d Device: 0024.14dc.df4d on port GigabitEthernet1/0/24 -------------------------------------------------Proto Type:Name Len Value cdp 26:power-available-type 16 00 1A 00 10 00 00 00 01 00 00 00 00 FF FF FF FF cdp 22:mgmt-address-type 17 00 16 00 11 00 00 00 01 01 01 CC 00 04 09 1B 65 0E cdp 11:duplex-type 5 00 0B 00 05 01 cdp 9:vtp-mgmt-domain-type 4 00 09 00 04
OL-26564-01
Restrictions for Device Sensor
cdp cdp lldp lldp lldp lldp lldp dhcp dhcp dhcp dhcp
4:capabilities-type 1:device-name 0:end-of-lldpdu 8:management-address 7:system-capabilities 4:port-description 5:system-name 82:relay-agent-info 12:host-name 61:client-identifier 57:max-message-size
8 14 2 14 6 23 12 20 12 32 4
00 00 00 10 0E 08 74 0A 52 14 0C 3D 64 39
04 01 00 0C 04 15 31 0A 12 DC 0A 1E 63 02
00 08 00 00 00 28 00 0E 73 75 70 70 6C 69 63 61 6E 74 05 00 47 2F 73 01 DF 73 00 2E 04 01 14 69 30 75 06 80 75 63 64 80 09 00 67 2F 70 00 1B 04 61 32 70 04 65 0E 03 00 00 00 01 00 62 69 74 45 74 68 65 72 6E 65 34 6C 69 63 61 6E 74 00 18 01 18 02 08 00 06 00 24
70 70 6C 69 63 61 6E 74 69 73 63 6F 2D 30 30 32 34 2E 31 34 66 34 64 2D 47 69 31 2F 30 2F 32 34
Here is an example for the show device-sensor cache all privileged EXEC command.
Switch# show device-sensor cache all Device: 001c.0f74.8480 on port GigabitEthernet2/1 -------------------------------------------------Proto Type:Name Len Value dhcp 52:option-overload 3 34 01 03 dhcp 60:class-identifier 11 3C 09 64 6F 63 73 69 73 31 2E 30 dhcp 55:parameter-request-list 8 37 06 01 42 06 03 43 96 dhcp 61:client-identifier 27 3D 19 00 63 69 73 63 6F 2D 30 30 31 63 2E 30 66 37 34 2E 38 34 38 30 2D 56 6C 31 dhcp 57:max-message-size 4 39 02 04 80 Device: 000f.f7a7.234f on port GigabitEthernet2/1 -------------------------------------------------Proto Type:Name Len Value cdp 22:mgmt-address-type 8 00 16 00 08 00 00 00 00 cdp 19:cos-type 5 00 13 00 05 00 cdp 18:trust-type 5 00 12 00 05 00 cdp 11:duplex-type 5 00 0B 00 05 01 cdp 10:native-vlan-type 6 00 0A 00 06 00 01 cdp 9:vtp-mgmt-domain-type 9 00 09 00 09 63 69 73 63 6F
Troubleshooting Tips
The following commands can help troubleshoot Device Sensor.

debug device-sensor {errors | events} debug authentication all
Restrictions for Device Sensor

Only CDP, LLDP, and DHCP protocols are supported. The Session limit for profiling ports is 32. The length of one TLV must not be more than 1024 and the total length of TLVs (combined length of TLVs) of all protocols must not be more than 4096. The sensor profiles devices that are only one hop away.
OL-26564-01
Configuration Examples for Device Sensor Feature
Configuration Examples for Device Sensor Feature

The following example shows how to create a CDP filter containing a list of TLVs:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-list cdp list cdp-list Switch(config-sensor-cdplist)# tlv name address-type Switch(config-sensor-cdplist)# tlv name device-name Switch(config-sensor-cdplist)# tlv number 34 Switch(config-sensor-cdplist)# end
The following example shows how to create an LLDP filter containing a list of TLVs:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-list lldp list lldp-list Switch(config-sensor-lldplist)# tlv name chassis-id Switch(config-sensor-lldplist)# tlv name management-address Switch(config-sensor-lldplist)# tlv number 28 Switch(config-sensor-lldplist)# end
The following example shows how to create a DHCP filter containing a list of options:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-list dhcp list dhcp-list Switch(config-sensor-lldplist)# option name domain-name Switch(config-sensor-lldplist)# option name host-name Switch(config-sensor-lldplist)# option number 50 Switch(config-sensor-lldplist)# end
The following example shows how to apply a CDP TLV filter list to Device Sensor output:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-spec cdp include cdp-list1
The following example shows how to enable client notifications and accounting events for all TLV changes:
Switch> enable Switch# configure terminal Switch(config)# device-sensor notify all-changes
Additional References
Here are some additional references for Device Sensor feature.
OL-26564-01
Additional References
Related Documents
Related Topic Document Title Device Sensor with Cisco Identity Services Cisco Identity Services Engine User Guide: Configuring Endpoint Profiling Engine (ISE) Policies Cisco IOS Commands Security Commands Cisco IOS Master Commands List, All Releases

Cisco IOS Security Command Reference: Commands A to C Cisco IOS Security Command Reference: Commands D to L Cisco IOS Security Command Reference: Commands M to R Cisco IOS Security Command Reference: Commands S to Z
Technical Assistance
Description Link http://www.cisco.com/cisco/web/support/index.html The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature Information for Device Sensor

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name Device Sensor
Releases 15.0(1)SE1
Feature Information Device Sensor feature is used to gather raw endpoint data from network devices using protocols such as Cisco Discovery Protocol, Link Layer Discovery Protocol (LLDP), and DHCP. The endpoint data that is gathered is made available to registered clients in the context of an access session. The following commands were introduced or modified: debug device-sensor, device-sensor accounting, device-sensor filter-list cdp, device-sensor filter-list dhcp, device-sensor filter-list lldp, device-sensor filter-spec, device-sensor notify, and show device-sensor cache.
10
OL-26564-01
Device Sensor Commands

This section contains the command references for Device Sensor feature.

device-sensor accounting, page 12 device-sensor filter-spec, page 14 device-sensor filter-list dhcp, page 16 device-sensor filter-list lldp, page 18 device-sensor notify, page 20 device-sensor filter-list cdp, page 22 show device-sensor cache, page 24 debug device-sensor, page 26
OL-26564-01
11
device-sensor accounting
To add Device Sensor protocol data to accounting records and to generate additional accounting events when new sensor data is detected, use the device-sensor accounting command in global configuration mode. To disable adding Device Sensor protocol data to accounting records and to disable generating accounting events, use the no form of this command. device-sensor accounting no device-sensor accounting
Syntax Description
This command has no arguments or keywords.
Defaults
Device Sensor protocol data is added to the accounting records and additional accounting events are generated when new sensor data is detected.
Command Modes
Global configuration
Command History
Release 15.0(1)SE1
Modification This command was introduced.
Usage Guidelines
Device Sensor is used to glean endpoint information from Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and DHCP messages and make this information available to registered clients in the context of an access session. You can use the device-sensor accounting command to include the data gleaned by Device Sensor in RADIUS accounting messages. For the sensor-protocol data to be added to the accounting messages, you must enable session accounting by using the following standard AAA and RADIUS configuration commands:
Switch(config)# aaa new-model Switch(config)# aaa accounting dot1x default start-stop group radius Switch(config)# radius-server host{hostname|ip-address}[auth-port port-number][acct-port port-number][timeout seconds][retransmit retries][key string] Switch(config)# radius-server vsa send accounting
Examples
The following example shows how to add Device Sensor protocol data to the accounting records:
Switch> enable Switch# configure terminal Switch(config)# device-sensor accounting
12
OL-26564-01
Related Commands
Command debug device-sensor show device-sensor cache
Description Enables debugging for Device Sensor. Displays Device Sensor cache entries.
OL-26564-01
13
device-sensor filter-spec
To apply a specific protocol filter containing a list of Type-Length-Value (TLV) fields to Device Sensor output, use the device-sensor filter-spec command in global configuration mode. To remove the protocol filter list from Device Sensor output, use the no form of this command. device-sensor filter-spec {cdp | dhcp | lldp} {exclude {all | list list-name} | include list list-name}
Syntax Description
cdp dhcp lldp exclude all list list-name include
Applies a Cisco Discovery Protocol TLV filter list to Device Sensor output. Applies a DHCP TLV filter list to Device Sensor output. Applies a Link Layer Discovery Protocol (LLDP) TLV filter list to Device Sensor output. Specifies the TLVs that should be excluded from Device Sensor output. Disables all notifications for the associated protocol. Name of the protocol TLV filter list. Specifies the TLVs that should be included in Device Sensor output.
Defaults
All TLVs are included in notifications and will trigger notifications.
Command Modes
Command History
Release 15.0(1)SE1
Usage Guidelines
Use the device-sensor filter-spec command to specify the TLVs that must be included in all sensor outputs (session notifications sent to internal sensor clients and accounting requests). Certain TLVs and message types such as DISCOVER, OFFER, REQUEST, ACK, and IP address are unconditionally excluded because they are used as transport for higher layer protocols and will change frequently without conveying any useful information about the endpoint. OFFER messages will also be ignored as they may be received from multiple servers and will not convey any useful endpoint data.
Examples
The following example shows how to apply a Cisco Discovery Protocol TLV filter list to Device Sensor output:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-spec cdp include cdp-list1
14
OL-26564-01
Related Commands
Command debug device-sensor device-sensor accounting
Description Enables debugging for Device Sensor. Adds Device Sensor protocol data to accounting records and generates additional accounting events when new sensor data is detected.
device-sensor filter-list Creates a Cisco Discovery Protocol filter containing a list of options that can cdp be included or excluded in Device Sensor output. device-sensor filter-list Creates a DHCP filter containing a list of options that can be included or dhcp excluded in Device Sensor output. device-sensor filter-list Creates an LLDP filter containing a list of TLV fields that can be included or lldp excluded in Device Sensor output. show device-sensor cache Displays Device Sensor cache entries.
OL-26564-01
15
device-sensor filter-list dhcp

To create a Dynamic Host Configuration Protocol (DHCP) filter containing a list of options that can be included or excluded in Device Sensor output, use the device-sensor filter-list dhcp command in global configuration mode. To remove the DHCP filter containing the list of options, use the no form of this command. device-sensor filter-list dhcp list option-list-name no device-sensor filter-list dhcp list option-list-name
Syntax Description
list
Contains a DHCP options filter list.
option-list-name DHCP options filter list name.
Defaults
DHCP options filter list is not available.
Command Modes
Command History
Release 15.0(1)SE1
Usage Guidelines
Use the device-sensor filter-list dhcp list option-list-name command to configure the name of the DHCP options filter list and enter into DHCP sensor configuration mode. You can configure the list of options in DHCP sensor configuration mode using the option {name option-name | number option-number} command. Use the name option-name keyword-argument pair to specify the name of the TLV. Enter ? for querying the available TLV names. Use the number option-number keyword-argument pair to specify the TLV number to be added to the DHCP options filter list. Use the no option {name option-name | number option-number} command to remove individual options from the DHCP options filter list. Use the no device-sensor filter-list dhcp list option-list-name command to remove the entire TLV list containing all the TLVs.
Examples
The following example shows how to create a DHCP filter containing a list of options:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-list dhcp list dhcp-list Switch(config-sensor-dhcplist)# option name domain-name Switch(config-sensor-dhcplist)# option name host-name Switch(config-sensor-dhcplist)# option number 50 Switch(config-sensor-dhcplist)# end
16
OL-26564-01
Related Commands
device-sensor filter-list Creates a Cisco Discovery Protocol filter containing a list of options that can cdp be included or excluded in Device Sensor output. device-sensor filter-list lldp show device-sensor cache Creates an LLDP filter containing a list of TLV fields that can be included or excluded in Device Sensor output. Displays Device Sensor cache entries.
OL-26564-01
17
device-sensor filter-list lldp

To create a Link Layer Discovery Protocol (LLDP) filter containing a list of Type-Length-Value (TLV) fields that can be included or excluded in Device Sensor output, use the device-sensor filter-list lldp command in global configuration mode. To remove the LLDP filter containing the list of TLV fields, use the no form of this command. device-sensor filter-list lldp list tlv-list-name no device-sensor filter-list lldp list tlv-list-name
Syntax Description
list tlv-list-name
Contains an LLDP TLV filter list. Name of the LLDP TLV filter list.
Defaults
LLDP TLV filter list is not available.
Command Modes
Command History
Release 15.0(1)SE1
Usage Guidelines
Use the device-sensor filter-list lldp list tlv-list-name command to configure the name of the LLDP TLV filter list and enter LLDP sensor configuration mode. You can configure the list of TLVs in LLDP sensor configuration mode using the tlv {name' tlv-name | number tlv-number} command. Use the name tlv-name keyword-argument pair to specify the name of the TLV. Enter ? for querying the available TLV names. Use the number tlv-name keyword-argument pair to specify the TLV number to be added to the LLDP TLV filter list. Use the no tlv {name' tlv-name | number tlv-number} command to remove individual TLVs from the LLDP TLV filter list. Use the no device-sensor filter-list lldp list tlv-list-name command to remove the entire TLV list containing all the TLVs.
Examples
The following example shows how to create an LLDP filter containing a list of TLVs:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-list lldp list lldp-list Switch(config-sensor-lldplist)# tlv name address-type Switch(config-sensor-lldplist)# tlv name device-name Switch(config-sensor-lldplist)# tlv number 34 Switch(config-sensor-lldplist)# end
18
OL-26564-01
Related Commands
device-sensor filter-list Creates a Cisco Discovery Protocol filter containing a list of options that can cdp be included or excluded in Device Sensor output. device-sensor filter-list dhcp show device-sensor cache Creates a DHCP filter containing a list of options that can be included or excluded in Device Sensor output. Displays Device Sensor cache entries.
OL-26564-01
19
device-sensor notify
To enable client notifications and accounting events for Type-Length-Value (TLV) changes, use the device-sensor notify command in global configuration mode. To disable client notifications and accounting events for TLV changes, use the no form of this command. device-sensor notify all-changes new-tlvs no device-sensor notify all-changes new-tlvs
Syntax Description
all-changes new-tlvs
Enables client notifications and accounting events for all TLV changes. Enables client notifications and accounting events for only new TLV changes.
Defaults
Client notifications and accounting events are generated only for new TLVs.
Command Modes
Command History
Release 15.0(1)SE1
Usage Guidelines
By default, for each supported peer protocol, client notifications and accounting events will only be generated when an incoming packet includes a TLV that has not been previously received in the context of a given session. To enable client notifications and accounting events for all TLV changes, where either a new TLV has been received or a previously received TLV has been received with a different value, use the device-sensor notify all-changes command. To return to the default behavior, use the device-sensor notify new-tlvs or the default device-sensor notify command.
Examples
The following example shows how to enable client notifications and accounting events for all TLV change:
Switch> enable Switch# configure terminal Switch(config)# device-sensor notify all-changes
Related Commands
20
OL-26564-01
Command
Description
device-sensor filter-list Creates a Cisco Discovery Protocol filter containing a list of options that can cdp be included or excluded in Device Sensor output. device-sensor filter-list dhcp device-sensor filter-list lldp show device-sensor cache Creates a DHCP filter containing a list of options that can be included or excluded in Device Sensor output. Creates an LLDP filter containing a list of TLV fields that can be included or excluded in Device Sensor output. Displays Device Sensor cache entries.
OL-26564-01
21
device-sensor filter-list cdp

To create a Cisco Discovery Protocol filter containing a list of Type-Length-Value (TLV) fields that can be included or excluded in Device Sensor output, use the device-sensor filter-list cdp command in global configuration mode. To remove the Cisco Discovery Protocol filter containing the list of TLV fields, use the no form of this command. device-sensor filter-list cdp list tlv-list-name no device-sensor filter-list cdp list tlv-list-name
Syntax Description
list tlv-list-name
Contains a Cisco Discovery Protocol TLV filter list. Cisco Discovery Protocol TLV filter list name.
Defaults
Cisco Discovery Protocol TLV filter list is not available.
Command Modes
Command History
Release 15.0(1)SE1
Usage Guidelines
Use the device-sensor filter-list cdp list tlv-list-name command to configure the name of the Cisco Discovery Protocol TLV filter list and enter Cisco Discovery Protocol sensor configuration mode. You can configure the list of TLVs in Cisco Discovery Protocol sensor configuration mode using the tlv {name tlv-name | number tlv-number} command. Use the name tlv-name keyword-argument pair to specify the name of the TLV. Enter ? for querying the available TLV names. Use the number tlv-number keyword-argument pair to specify the TLV number to be added to the Cisco Discovery Protocol TLV filter list. Use the no tlv {name' tlv-name | number tlv-number} command to remove individual TLVs from the Cisco Discovery Protocol TLV filter list. Use the no device-sensor filter-list cdp list tlv-list-name command to remove the entire TLV list containing all the TLVs.
Examples
The following example shows how to create a Cisco Discovery Protocol filter containing a list of TLVs:
Switch> enable Switch# configure terminal Switch(config)# device-sensor filter-list cdp list cdp-list Switch(config-sensor-cdplist)# tlv name address-type Switch(config-sensor-cdplist)# tlv name device-name Switch(config-sensor-cdplist)# tlv number 34 Switch(config-sensor-cdplist)# end
22
OL-26564-01
Related Commands
Command debug device-sensor device-sensor accounting device-sensor filter-list dhcp device-sensor filter-list lldp show device-sensor cache
Description Enables debugging for Device Sensor. Adds Device Sensor protocol data to accounting records and generates additional accounting events when new sensor data is detected. Creates a DHCP filter containing a list of options that can be included or excluded in Device Sensor output. Creates an LLDP filter containing a list of TLV fields that can be included or excluded in Device Sensor output. Displays Device Sensor cache entries.
OL-26564-01
23
show device-sensor cache

To display Device Sensor cache entries, use the show device-sensor cache command in privileged EXEC mode. show device-sensor cache { mac mac-address | all }
Syntax Description
mac mac-address all
Specifies the MAC address of the device for which the sensor cache entries are to be displayed. Displays sensor cache entries for all devices.
Defaults
There are no defaults for this command.
Command Modes
Privileged EXEC
Command History
Release 15.0(1)SE1
Usage Guidelines
Use the show device-sensor cache command to display a list of Type-Length-Value (TLV) fields or options received from a particular device or from all devices.
Examples
The following is sample output from the show device-sensor cache mac mac-address command:
Router# show device-sensor cache mac 0024.14dc.df4d Device: 0024.14dc.df4d on port GigabitEthernet1/0/24 -------------------------------------------------Proto Type:Name Len Value cdp 26:power-available-type 16 00 1A 00 10 cdp 22:mgmt-address-type 17 00 16 00 11 0E cdp 11:duplex-type 5 00 0B 00 05 cdp 9:vtp-mgmt-domain-type 4 00 09 00 04 cdp 4:capabilities-type 8 00 04 00 08 cdp 1:device-name 14 00 01 00 0E lldp 0:end-of-lldpdu 2 00 00 lldp 8:management-address 14 10 0C 05 01 lldp 7:system-capabilities 6 0E 04 00 14 lldp 4:port-description 23 08 15 47 69 74 31 2F 30 lldp 5:system-name 12 0A 0A 73 75 dhcp 82:relay-agent-info 20 52 12 01 06 14 DC DF 80 dhcp 12:host-name 12 0C 0A 73 75 dhcp 61:client-identifier 32 3D 1E 00 63 64 63 2E 64 dhcp 57:max-message-size 4 39 02 04 80
00 00 00 01 00 00 00 00 FF FF FF FF 00 00 00 01 01 01 CC 00 04 09 1B 65 01 00 00 00 28 73 75 70 70 6C 69 63 61 6E 74 09 00 67 2F 70 00 1B 04 61 32 70 04 65 0E 03 00 00 00 01 00 62 69 74 45 74 68 65 72 6E 65 34 6C 69 63 61 6E 74 00 18 01 18 02 08 00 06 00 24
70 70 6C 69 63 61 6E 74 69 73 63 6F 2D 30 30 32 34 2E 31 34 66 34 64 2D 47 69 31 2F 30 2F 32 34
24
OL-26564-01
The following is sample output from the show device-sensor cache all command:
Router# show device-sensor cache all Device: 001c.0f74.8480 on port GigabitEthernet2/1 -------------------------------------------------Proto Type:Name Len Value dhcp 52:option-overload 3 34 01 03 dhcp 60:class-identifier 11 3C 09 64 dhcp 55:parameter-request-list 8 37 06 01 dhcp 61:client-identifier 27 3D 19 00 37 34 2E dhcp 57:max-message-size 4 39 02 04 Device: 000f.f7a7.234f on port GigabitEthernet2/1 -------------------------------------------------Proto Type:Name Len Value cdp 22:mgmt-address-type 8 00 16 00 cdp 19:cos-type 5 00 13 00 cdp 18:trust-type 5 00 12 00 cdp 11:duplex-type 5 00 0B 00 cdp 10:native-vlan-type 6 00 0A 00 cdp 9:vtp-mgmt-domain-type 9 00 09 00
6F 42 63 38 80
63 06 69 34
73 03 73 38
69 43 63 30
73 31 2E 30 96 6F 2D 30 30 31 63 2E 30 66 2D 56 6C 31
08 05 05 05 06 09
00 00 00 00 00 00 01 00 01 63 69 73 63 6F
The following table describes the significant fields shown in the display.
Field Device Proto Type Name Len Value
Description MAC address of the device and the interface which it is connected to. Protocol from which the endpoint device data is being gleaned. Type of TLV. Name of the TLV. Length of the TLV. Value of the TLV.
Related Commands
Command debug device-sensor device-sensor accounting device-sensor filter-list cdp device-sensor filter-list dhcp device-sensor filter-list lldp show device-sensor cache
Description Enables debugging for Device Sensor. Adds Device Sensor protocol data to accounting records and generates additional accounting events when new sensor data is detected. Creates a Cisco Discovery Protocol filter containing a list of options that can be included or excluded in Device Sensor output. Creates a DHCP filter containing a list of options that can be included or excluded in Device Sensor output. Creates an LLDP filter containing a list of TLV fields that can be included or excluded in Device Sensor output. Displays Device Sensor cache entries.
OL-26564-01
25
debug device-sensor
To enable debugging for Device Sensor, use the debug device-sensor command in privileged EXEC mode. debug device-sensor errors events
Syntax Description
errors events
Displays Device Sensor error messages Displays messages for events such as protocol packet arrivals, identity updates and release events sent to the session manager.
Defaults
There are no defaults for this command.
Command Modes
Privileged EXEC
Command History
Release 15.0(1)SE1
Usage Guidelines
Use the debug device-sensor command in conjunction with the debug authentication all command to troubleshoot scenarios where device sensor cache entries are not being created for the connected devices
Examples
The following is sample output from the debug device-sensor events command. The debug output shows how Cisco Discovery Protocol packets and Type-Length-Values (TLVs) are received from the device connected to the GigabitEthernet 2/1 interface:
Switch# debug device-sensor events Switch# *Nov 30 23:58:45.811: DSensor: Received cdp packet from GigabitEthernet2/1:00d0.2bdf.08a5 *Nov 30 23:58:45.811: DSensor: SM returned no or invalid session label for GigabitEthernet2/1:00d0.2bdf.08a5 *Nov 30 23:58:45.811: DSensor: Updating SM with identity attribute list cdp-tlv 0 00 01 00 0B 4A 41 45 30 37 34 31 31 50 53 32 cdp-tlv 0 00 03 00 03 32 2F 38 cdp-tlv 0 00 04 00 04 00 00 00 0A cdp-tlv 0 00 05 00 68 57 53 2D 43 32 39 34 38 20 53 6F 66 74 77 61 72 65 2C 20 56 65 72 73 69 6F 6E 20 4D 63 70 53 57 3A 20 36 2E 34 28 35 2E 30 29 20 4E 6D 70 53 57 3A 20 36 2E 34 28 35 29 0A 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 35 2D 32 30 30 33 20 62 79 20 43 69 73 63 6F 20 53 79 73 74 65 6D 73 2C 20 49 6E 63 2E 0A cdp-tlv 0 00 06 00 08 57 53 2D 43 32 39 34 38 cdp-tlv 0 00 09 00 00 cdp-tlv 0 00 0A 00 02 00 21 cdp-tlv 0 00 0B 00 01 01 cdp-tlv 0 00 12 00 01 00 cdp-tlv 0 00 13 00 01 00 cdp-tlv 0 00 14 00 00
26
OL-26564-01
cdp-tlv 0 00 15 00 0A 06 08 2B 06 01 04 01 09 05 2A cdp-tlv 0 00 16 00 16 00 00 00 02 01 01 CC 00 04 00 00 00 0001 01 CC 00 04 01 01 01 01 cdp-tlv 0 00 17 00 01 00 swidb 0 604702240 (0x240B0620) clid-mac-addr 0 00 D0 2B DF 08 A5 *Nov 30 23:58:46.831: DSensor: Received cdp packet from GigabitEthernet2/1:00d0.2bdf.08a5exi Switch# *Nov 30 23:58:51.171: %SYS-5-CONFIG_I: Configured from console by console
Related Commands
Command debug authentication all device-sensor accounting
Description Displays all debugging information about the Authentication Manager and all features. Adds Device Sensor protocol data to the accounting records and generates additional accounting events when new sensor data is detected.
OL-26564-01
27
Obtaining Documentation and Submitting a Service Request
Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the Obtaining Documentation and Submitting a Service Request section. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. 2012 Cisco Systems, Inc. All rights reserved.
28
OL-26564-01

Device Sensor: Finding Feature Information

Uploaded by

Copyright:

Available Formats

Device Sensor: Finding Feature Information

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Device Sensor: Finding Feature Information

Uploaded by

Copyright:

Available Formats

Device Sensor

Finding Feature Information

Contents of this Guide

20112012 Cisco Systems, Inc. All rights reserved.

About Device Sensor

About Device Sensor

How to Configure Device Sensor

How to Configure Device Sensor

Enabling Accounting Augmentation

How to Configure Device Sensor

Purpose Enters global configuration mode.

Returns to privileged EXEC mode.

Creating a Cisco Discovery Protocol Filter

Purpose Enters global configuration mode.

device-sensor filter-list cdp list tlv-list-name

tlv {name'tlv-name | number tlv-number}

Returns to privileged EXEC mode.

How to Configure Device Sensor

Creating an LLDP Filter

Purpose Enters global configuration mode.

device-sensor filter-list lldp list tlv-list-name

tlv {name tlv-name | number tlv-number}

Returns to privileged EXEC mode.

Creating a DHCP Filter

Purpose Enters global configuration mode.

device-sensor filter-list dhcp list option-list-name

How to Configure Device Sensor

option {name option-name | number option-number}

Returns to privileged EXEC mode.

Applying a Protocol Filter to Device Sensor Output

Purpose Enters global configuration mode.

Returns to privileged EXEC mode.

How to Configure Device Sensor

Tracking TLV Changes

Purpose Enters global configuration mode.

device-sensor notify all-changes

Verifying Device Sensor Configuration

show device-sensor cache mac mac-address show device-sensor cache all

Restrictions for Device Sensor

debug device-sensor {errors | events} debug authentication all

Restrictions for Device Sensor

Configuration Examples for Device Sensor Feature

Configuration Examples for Device Sensor Feature

Feature Information for Device Sensor

Feature Name Device Sensor

Device Sensor Commands

Device Sensor Commands

Device Sensor Commands

This command has no arguments or keywords.

Modification This command was introduced.

Device Sensor Commands

Command debug device-sensor show device-sensor cache

Device Sensor Commands

cdp dhcp lldp exclude all list list-name include

All TLVs are included in notifications and will trigger notifications.

Modification This command was introduced.

Device Sensor Commands

Command debug device-sensor device-sensor accounting

Device Sensor Commands