cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

288
Views
5
Helpful
8
Replies
Highlighted

User movement notification

Hi!

I have an ISE server and switch environment with dot1x enabled and configured

Is it possible to receive email every time when user authenticates on one port then unplugs cable, plug it in another port (on the same or on the different switch) and authenticates again?

If so, then how could i complete this?

Switches could send snmp traps on ISE and ISE could notify me on some alerts via email, but i can't find mac move alerts in ISE configuration

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Contributor

Re: User movement notification

The requirement doesn’t make a lot of sense, but I think you can do it with something like Splunk by correlating logs and alerting based on specific rules. Why does it matter if they move as long as they get the same access to the network anywhere they connect?

View solution in original post

8 REPLIES 8
Cisco Employee

Re: User movement notification

This is not a capability of ISE

What are you trying to prevent?

Re: User movement notification

Trying to prevent users from moving on their own from one switch port to another one

Contributor

Re: User movement notification

I think this is not possible ,but the main question is why users have access to the switch and unplug cables or something else . And 1 more thing i mention if they plug or unplug from one port to another you can create authorization policy in ISE always to be assosiated on Vlan you want to use ( if ports are in different VLANS).

Cisco Employee

Re: User movement notification

This is a network management function and not an ISE function

On the switch you can restrict Mac addresses allowed I believe by first learning and only allowing that MAC address

Re: User movement notification

It's not a useful solution... we have a plenty of users and they move from one office to another (with it support help - officially and without support - that's what we want to eliminate). Every user has PC and ip-phone. And also there is port-security on switch ports with maximum of 2 mac-adresses (any). I don't want to bind mac-adresses to switch ports because it will be a nightmare to administer such environment with officially migrating users. And that's why i'm looking for another solution.

If it's not an ISE then what should it be?

Cisco Employee

Re: User movement notification

Like the others said, this is not a feature in ISE. Please investigate it on Cisco IOS platform support. It might be possible to use EEM (Cisco EEM Basic Overview and Sample Con... - Cisco Support Community) and Cisco Prime Infrastructure or Cisco DNA Center might help in deploying the scripts.

Contributor

Re: User movement notification

The requirement doesn’t make a lot of sense, but I think you can do it with something like Splunk by correlating logs and alerting based on specific rules. Why does it matter if they move as long as they get the same access to the network anywhere they connect?

View solution in original post

Re: User movement notification

Thanks