02-28-2008 10:43 PM
Is there a way in CiscoWorks I can query or create a custom report that queries the ports of all our Cisco 3750's to see if each port has 802.1x enabled ?
Solved! Go to Solution.
03-26-2008 11:02 PM
The latest version of UTLite33.exe for any given version of Campus Manager can always be found under NMSROOT/campus/bin once Campus Manager has been installed.
02-28-2008 11:52 PM
You can do this with LMS 3.0 and Campus Manager 5.0. Create a new Use Tracking custom report matching on the attribute, dot1xEnabled.
03-03-2008 04:49 PM
Thankyou very much for your response. I am currently running LMS version 2.6 and Campus Manager 4.0.10, is it still possible or do I need to upgrade ?
03-03-2008 04:50 PM
You will need to upgrade to LMS 3.0 to get this new dot1x piece.
03-26-2008 12:34 AM
Thankyou for your advice, I have now upgraded to LMS 3.0. Could you please help me with another question, do I need to upgrade User Tracking to version 1.1.1. I currently have the UTLite33.exe running which does User Tracking for LMS 2.6. It will be quite a mission to remove the old version and install the new. Thanks in advance
03-26-2008 12:36 AM
UTU and UTLite are two different things. Yes, you need to upgrade to UTU 1.1.1 if you want the User Tracking Utility to work with LMS 3.0. No, you do not need to upgrade UTLite to continue to get usernames, but you really should as there are a lot of bug fixes in the latest version.
03-26-2008 04:34 PM
Hi, O.K now I am confused :) UTU which I assume is Utlite33.exe, is executed by PC's when they login, this is used by Cisco to do User Tracking on port 16236 and was used in LMS 2.6. Now with LMS 3.0 Cisco have released Cisco User Tracking Utility 1.1.1 which uses port 1741. Are you saying to remove Utlite33 from users PC's and replace with User Tracking utility 1.1.1, whch fixes bugs in Utlite33.exe and also provides other benefits...do you know what these other benefits are? I need an arguement to present to the business. Thankyou very much
03-26-2008 04:44 PM
As I said in my previous post, UTU and UTLite are two different things. UTU is the help desk utility that sits in the Windows task bar and allows one to do quick lookups of UT data. UTLite is the tool which sends Windows usernames to User Tracking. The UTLite33.exe which came with previous versions of LMS will still work with LMS 3.0, but you are encouraged to upgrade to get recent bug fixes.
UTU is completely optional. If no one is using it now, then there's nothing to do unless you want a quick way of looking up UT data from Windows clients.
03-26-2008 06:29 PM
The penny has dropped :) Thankyou for that...and my last question regarding this :) How do I know what the latest version of UTLite33.exe. Can I download it from Cisco website or is it on the LMS 3.0 CD, which I have done a search on but no results found
03-26-2008 11:02 PM
The latest version of UTLite33.exe for any given version of Campus Manager can always be found under NMSROOT/campus/bin once Campus Manager has been installed.
04-09-2008 07:07 PM
regarding 802.1x reporting. On my switches I have enabled 802.1x with the global command
dot1x system-auth-control and on each interface
dot1x pae authenticator
dot1x port-control auto
dot1x control-direction in
However when I run the 802.1x query in LMS 3.1 it reports every port is false. "dot1xEnabled" false. Can anyone let me know if I need additional 802.1x commands on my intefaces ?
04-09-2008 07:55 PM
The dot1x data is collected via dynamic User Tracking. So, for example, you will need to be sending MAC address notification traps from your switches to the Campus Manager server to trigger queries for dot1x information.
The dot1x information is obtained from the following SNMP objects from the IEEE8021-PAE-MIB:
dot1xAuthSessionTime
dot1xAuthSessionUserName
dot1xPaePortCapabilities
04-09-2008 09:45 PM
I am running IOS
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(35)SE1, RELEASE SOFTWARE (fc1)and am missing the first two MIB's. How do I get them ?
dot1xPaeSystemAuthControl
dot1xPaePortProtocolVersion
dot1xPaePortCapabilities
dot1xPaePortInitialize
dot1xPaePortReauthenticate
dot1xAuthPaeState
dot1xAuthBackendAuthState
dot1xAuthAdminControlledDirections
dot1xAuthOperControlledDirections
dot1xAuthAuthControlledPortStatus
dot1xAuthAuthControlledPortControl
dot1xAuthQuietPeriod
dot1xAuthTxPeriod
dot1xAuthSuppTimeout
dot1xAuthServerTimeout
dot1xAuthMaxReq
dot1xAuthReAuthPeriod
dot1xAuthReAuthEnabled
dot1xAuthKeyTxEnabled
dot1xAuthEapolFramesRx
dot1xAuthEapolFramesTx
dot1xAuthEapolStartFramesRx
dot1xAuthEapolLogoffFramesRx
dot1xAuthEapolRespIdFramesRx
dot1xAuthEapolRespFramesRx
dot1xAuthEapolReqIdFramesTx
dot1xAuthEapolReqFramesTx
dot1xAuthInvalidEapolFramesRx
dot1xAuthEapLengthErrorFramesRx
dot1xAuthLastEapolFrameVersion
dot1xAuthLastEapolFrameSource
04-09-2008 10:26 PM
I checked the IOS source code, and these objects are not available at all for this switch. As it turns out, it looks like dot1xAuthSessionTime is not nearly as important as dot1xAuthSessionUserName which is supported on 6500s, but not on the desktop switches. There is an open enhancement request (CSCsh68902) to add this object.
However, it doesn't appear that the missing object will be fatal to User Tracking. As long as the dot1xPaePortCapabilities is valid, and you are using Dynamic User Tracking, you should see dot1x enabled port details in UT.
06-04-2008 01:23 AM
Hello,O.K I am back to this problem again, I still have not got it working :) How do I know if I have dynamic user tracking on ? And while going through previous posts to find a solution I found the following -
"I want to configure ciscoworks, so that whenever there is a 802.1x security violation, I get an email. I already have ciscoworks setup to send me a mail when a port goes into err disabled.
below is the message I get when I get a 802.1x violation.
NMC Distribution 2> (enable) 2005 Aug 18 08:14:12 EDT -04:00 %SECURITY-1-DOT1X_PORT_SHUTDOWN:DOT1X: port 9/38 shutdown because of dot1x security violation by 00-b0-d0-7d-65-0d >"
Does anyone know how to do this ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide