I'm not exactly sure what you're looking for here as far as "identifying" specific MACs, but Campus Manager's User Tracking does allow you to pull a report of all MAC addresses (end hosts) connected to your switches. Is that what you're looking for?
Thanks for responding.
I wish it was that simple.
The organisation want to block all MAC addresses from gaining access to the network that have not been on the network for a period of 3 months.
As you state we can run a report on MAC addresses that were last seen on the network (eg. showing these addresses over 3 months old).
But the tricky bit is how can we be alerted when one of these old MAC addresses comes on the network again.
Hope you understand what I am trying to achieve.
Really would appreciate your views, even if you think it cannot be done.
Without being very creative in creating your own scripts that would on a periodic basis diff old reports to new, I'm not sure how you could do this. Maybe someone else here knows, but yeah, sounds very difficult...at least with LMS.
I'm wondering if there is a better way of going about this using your DHCP server. I've no idea what you use for DHCP in your network, but maybe there is a way that once a lease is expired for a certain MAC, you can configure that no new IP's are given to that MAC if it hasn't been seen in over 30 days??? Just a swag.
You can enable MAC notification traps on the switch. These traps will be sent each time a new MAC address is learned by the switch. While you cannot specify which MACs trigger the trap on the devices, you could do filtering of these traps on your NMS to just look for the MACs you care about.
LMS 3.0 makes use of MAC address notification traps to support its dynamic User Tracking feature. This feature allows UT to report about new users in the network in near-realtime. However, this feature would not give you exactly what you want. For what you want, you would need a trap receiver that you could script to act upon the MAC notification traps that contain the specific old MAC addresses. Trap receivers like HPOV NNM and even net-snmp can do this.
To configure MAC notification traps on an IOS switch, for example, add the following under each interface:
snmp trap mac-notification added
And then, make sure MAC notification traps are globally enabled:
snmp-server enable traps mac-notification