You can do this with LMS 3.0 and Campus Manager 5.0. Create a new Use Tracking custom report matching on the attribute, dot1xEnabled.
Thankyou very much for your response. I am currently running LMS version 2.6 and Campus Manager 4.0.10, is it still possible or do I need to upgrade ?
Thankyou for your advice, I have now upgraded to LMS 3.0. Could you please help me with another question, do I need to upgrade User Tracking to version 1.1.1. I currently have the UTLite33.exe running which does User Tracking for LMS 2.6. It will be quite a mission to remove the old version and install the new. Thanks in advance
UTU and UTLite are two different things. Yes, you need to upgrade to UTU 1.1.1 if you want the User Tracking Utility to work with LMS 3.0. No, you do not need to upgrade UTLite to continue to get usernames, but you really should as there are a lot of bug fixes in the latest version.
Hi, O.K now I am confused :) UTU which I assume is Utlite33.exe, is executed by PC's when they login, this is used by Cisco to do User Tracking on port 16236 and was used in LMS 2.6. Now with LMS 3.0 Cisco have released Cisco User Tracking Utility 1.1.1 which uses port 1741. Are you saying to remove Utlite33 from users PC's and replace with User Tracking utility 1.1.1, whch fixes bugs in Utlite33.exe and also provides other benefits...do you know what these other benefits are? I need an arguement to present to the business. Thankyou very much
As I said in my previous post, UTU and UTLite are two different things. UTU is the help desk utility that sits in the Windows task bar and allows one to do quick lookups of UT data. UTLite is the tool which sends Windows usernames to User Tracking. The UTLite33.exe which came with previous versions of LMS will still work with LMS 3.0, but you are encouraged to upgrade to get recent bug fixes.
UTU is completely optional. If no one is using it now, then there's nothing to do unless you want a quick way of looking up UT data from Windows clients.
The penny has dropped :) Thankyou for that...and my last question regarding this :) How do I know what the latest version of UTLite33.exe. Can I download it from Cisco website or is it on the LMS 3.0 CD, which I have done a search on but no results found
regarding 802.1x reporting. On my switches I have enabled 802.1x with the global command
dot1x system-auth-control and on each interface
dot1x pae authenticator
dot1x port-control auto
dot1x control-direction in
However when I run the 802.1x query in LMS 3.1 it reports every port is false. "dot1xEnabled" false. Can anyone let me know if I need additional 802.1x commands on my intefaces ?
The dot1x data is collected via dynamic User Tracking. So, for example, you will need to be sending MAC address notification traps from your switches to the Campus Manager server to trigger queries for dot1x information.
The dot1x information is obtained from the following SNMP objects from the IEEE8021-PAE-MIB:
I am running IOS
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(35)SE1, RELEASE SOFTWARE (fc1)and am missing the first two MIB's. How do I get them ?
I checked the IOS source code, and these objects are not available at all for this switch. As it turns out, it looks like dot1xAuthSessionTime is not nearly as important as dot1xAuthSessionUserName which is supported on 6500s, but not on the desktop switches. There is an open enhancement request (CSCsh68902) to add this object.
However, it doesn't appear that the missing object will be fatal to User Tracking. As long as the dot1xPaePortCapabilities is valid, and you are using Dynamic User Tracking, you should see dot1x enabled port details in UT.
Hello,O.K I am back to this problem again, I still have not got it working :) How do I know if I have dynamic user tracking on ? And while going through previous posts to find a solution I found the following -
"I want to configure ciscoworks, so that whenever there is a 802.1x security violation, I get an email. I already have ciscoworks setup to send me a mail when a port goes into err disabled.
below is the message I get when I get a 802.1x violation.
NMC Distribution 2> (enable) 2005 Aug 18 08:14:12 EDT -04:00 %SECURITY-1-DOT1X_PORT_SHUTDOWN:DOT1X: port 9/38 shutdown because of dot1x security violation by 00-b0-d0-7d-65-0d >"
Does anyone know how to do this ?
You can go to Campus Manager > User Tracking > Administration > Dynamic Updates to see if the Dynamic UT daemon is running. You must also configure MAC address notification traps on all of your switches. This can be done through Campus Manager > User Tracking > Administration > Dynamic Updates > Device Trap Configuration.
To get an email when this syslog message is generated, you can go to RME > Tools > Syslog > Automated Actions, and create a new email automated action.
When I go to Device Trap configuration and select my device a Cisco 2960 I get this message "There are no ports to configure for the selected device(s).
Check whether you have selected any router(s)."
It could be that Data Collection has not been done properly for this device, or there are no access ports on this switch. Check the NMSROOT/campus/etc/cwsi/portData.xml file for this switch. If it is not there, you need to run another Campus Data Collection. If it is there, make sure there are access ports listed.
This looks okay. I don't know why you're seeing the error, but it doesn't appear that you need to configure MAC address traps on this switch as they're already enabled. If you connect a host to a port on this switch, it should send a trap to the CiscoWorks server. If you've configured DFM to forward traps to localhost port 1431, then Campus will get the trap. Else, you need to configure:
snmp-server host x.x.x.x traps COMMUNITY udp-port 1431 mac-notification
Then the switch will sned traps directly to Campus.