cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2433
Views
0
Helpful
6
Replies

Ciscoworks user tracking-chase mac-address

raza555
Level 3
Level 3

Hi,

It is required by our company to chase the mac-address of the devices, how its possible in CM, please advice?

e.g. PC1 is connected to Switch1 port F1/0/12 and then after few days the person move his PC to Switch2 port F1/0/10. Is is possibile to see that at which switch port the PC1 was previously connected and if its relocated to some other port whats the details are for the new switch port.

I am using

Campus Manager Version: 5.2.1

RME:4.3.0

LMS:3.2

Thanks

2 Accepted Solutions

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

What it sounds like you want is Dynamic User Tracking.  Dynamic User Tracking uses SNMP traps to alert Campus every time a user connects or disconnects from the network.  This will allow UT to update in near real-time without needing to run an acquisition.  Dynamic UT is enabled by default, so all you would need to do is configure the switches to send the MAC address notification traps.  This can be done under Campus Manager > User Tracking > Administration > Dynamic Updates > Device Trap Configuration.  More help on Dynamic UT is available from the context-sensitive online help at this same location.

View solution in original post

Yes, there is a properties file which maps software revision to the appropriate CLI command syntax.

View solution in original post

6 Replies 6

Jason Fraioli
Level 3
Level 3

Yes, but I don't know of an automatic way to do it.  The accuracy will be based on how often you run the "User Tracking Acquisition" job.  It should be on the home screen of CM.  I don't think you would see the MAC on two ports unless you happened to run the acquisition job in between MAC aging on the first switch.

You can use the following command to help control the MAC aging...

mac-address-table aging-time seconds

MAC address table entry maximum age. Valid values are 0, and from 10 to 1000000 seconds. Aging time is counted from the last time that the switch saw the mac-address. The default value is 300 seconds

Info gathered from -> http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m1.html#wp1085773

Hope that helps.

Thanks for reply.

Is User Tracking Utility v2.0 is faster than to chase the mac-address or can it find the user old connection details and also it current connection details as described above in my 1st question.

Rizwan,

I think there are a couple of issues at play here.

The User Tracking Tool is a schedule based application.  In other words, on a scheduled basis it goes out and scans for end hosts.  The problem then becomes gathering the details of where the host was previously, because the default mac address aging is 300 seconds.  That is not a whole lot of time to gather details.

I suggest some form of "computer/asset to switchport" database which can help you document your baseline.  Then you can use the User Tracking Tool to help you locate rogue devices.

HTH

Joe Clarke
Cisco Employee
Cisco Employee

What it sounds like you want is Dynamic User Tracking.  Dynamic User Tracking uses SNMP traps to alert Campus every time a user connects or disconnects from the network.  This will allow UT to update in near real-time without needing to run an acquisition.  Dynamic UT is enabled by default, so all you would need to do is configure the switches to send the MAC address notification traps.  This can be done under Campus Manager > User Tracking > Administration > Dynamic Updates > Device Trap Configuration.  More help on Dynamic UT is available from the context-sensitive online help at this same location.

Mr. Clarke,

The help section on the Dynamic User Tracking page shows the following commands as necessary to enable the SNMP traps.

  • mac-address-table notification interval 15
  • Is CiscoWorks smart enough to deploy the correct commands for each IOS version it encounters?  On a 12.2 IOS I would need it to run the following command instead of the command listed above.

    mac address-table notification change interval 15

    I'm just curious what happens behind the scenes.

    Thanks!

    Yes, there is a properties file which maps software revision to the appropriate CLI command syntax.

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Innovations in Cisco Full Stack Observability - A new webinar from Cisco