Thankyou very much for your response. I am currently running LMS version 2.6 and Campus Manager 4.0.10, is it still possible or do I need to upgrade ?

You will need to upgrade to LMS 3.0 to get this new dot1x piece.

Thankyou for your advice, I have now upgraded to LMS 3.0. Could you please help me with another question, do I need to upgrade User Tracking to version 1.1.1. I currently have the UTLite33.exe running which does User Tracking for LMS 2.6. It will be quite a mission to remove the old version and install the new. Thanks in advance

UTU and UTLite are two different things. Yes, you need to upgrade to UTU 1.1.1 if you want the User Tracking Utility to work with LMS 3.0. No, you do not need to upgrade UTLite to continue to get usernames, but you really should as there are a lot of bug fixes in the latest version.

Hi, O.K now I am confused :) UTU which I assume is Utlite33.exe, is executed by PC's when they login, this is used by Cisco to do User Tracking on port 16236 and was used in LMS 2.6. Now with LMS 3.0 Cisco have released Cisco User Tracking Utility 1.1.1 which uses port 1741. Are you saying to remove Utlite33 from users PC's and replace with User Tracking utility 1.1.1, whch fixes bugs in Utlite33.exe and also provides other benefits...do you know what these other benefits are? I need an arguement to present to the business. Thankyou very much

As I said in my previous post, UTU and UTLite are two different things. UTU is the help desk utility that sits in the Windows task bar and allows one to do quick lookups of UT data. UTLite is the tool which sends Windows usernames to User Tracking. The UTLite33.exe which came with previous versions of LMS will still work with LMS 3.0, but you are encouraged to upgrade to get recent bug fixes.

UTU is completely optional. If no one is using it now, then there's nothing to do unless you want a quick way of looking up UT data from Windows clients.

The penny has dropped :) Thankyou for that...and my last question regarding this :) How do I know what the latest version of UTLite33.exe. Can I download it from Cisco website or is it on the LMS 3.0 CD, which I have done a search on but no results found

regarding 802.1x reporting. On my switches I have enabled 802.1x with the global command

dot1x system-auth-control and on each interface

dot1x pae authenticator

dot1x port-control auto

dot1x control-direction in

However when I run the 802.1x query in LMS 3.1 it reports every port is false. "dot1xEnabled" false. Can anyone let me know if I need additional 802.1x commands on my intefaces ?

The dot1x data is collected via dynamic User Tracking. So, for example, you will need to be sending MAC address notification traps from your switches to the Campus Manager server to trigger queries for dot1x information.

The dot1x information is obtained from the following SNMP objects from the IEEE8021-PAE-MIB:

dot1xAuthSessionTime

dot1xAuthSessionUserName

dot1xPaePortCapabilities

I am running IOS

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(35)SE1, RELEASE SOFTWARE (fc1)and am missing the first two MIB's. How do I get them ?

dot1xPaeSystemAuthControl

dot1xPaePortProtocolVersion

dot1xPaePortCapabilities

dot1xPaePortInitialize

dot1xPaePortReauthenticate

dot1xAuthPaeState

dot1xAuthBackendAuthState

dot1xAuthAdminControlledDirections

dot1xAuthOperControlledDirections

dot1xAuthAuthControlledPortStatus

dot1xAuthAuthControlledPortControl

dot1xAuthQuietPeriod

dot1xAuthTxPeriod

dot1xAuthSuppTimeout

dot1xAuthServerTimeout

dot1xAuthMaxReq

dot1xAuthReAuthPeriod

dot1xAuthReAuthEnabled

dot1xAuthKeyTxEnabled

dot1xAuthEapolFramesRx

dot1xAuthEapolFramesTx

dot1xAuthEapolStartFramesRx

dot1xAuthEapolLogoffFramesRx

dot1xAuthEapolRespIdFramesRx

dot1xAuthEapolRespFramesRx

dot1xAuthEapolReqIdFramesTx

dot1xAuthEapolReqFramesTx

dot1xAuthInvalidEapolFramesRx

dot1xAuthEapLengthErrorFramesRx

dot1xAuthLastEapolFrameVersion

dot1xAuthLastEapolFrameSource

I checked the IOS source code, and these objects are not available at all for this switch. As it turns out, it looks like dot1xAuthSessionTime is not nearly as important as dot1xAuthSessionUserName which is supported on 6500s, but not on the desktop switches. There is an open enhancement request (CSCsh68902) to add this object.

However, it doesn't appear that the missing object will be fatal to User Tracking. As long as the dot1xPaePortCapabilities is valid, and you are using Dynamic User Tracking, you should see dot1x enabled port details in UT.

Hello,O.K I am back to this problem again, I still have not got it working :) How do I know if I have dynamic user tracking on ? And while going through previous posts to find a solution I found the following -

"I want to configure ciscoworks, so that whenever there is a 802.1x security violation, I get an email. I already have ciscoworks setup to send me a mail when a port goes into err disabled.

below is the message I get when I get a 802.1x violation.

NMC Distribution 2> (enable) 2005 Aug 18 08:14:12 EDT -04:00 %SECURITY-1-DOT1X_PORT_SHUTDOWN:DOT1X: port 9/38 shutdown because of dot1x security violation by 00-b0-d0-7d-65-0d >"

Does anyone know how to do this ?