cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

User movement notification

Sergey Sakharov
Beginner
Beginner

Hi!

I have an ISE server and switch environment with dot1x enabled and configured

Is it possible to receive email every time when user authenticates on one port then unplugs cable, plug it in another port (on the same or on the different switch) and authenticates again?

If so, then how could i complete this?

Switches could send snmp traps on ISE and ISE could notify me on some alerts via email, but i can't find mac move alerts in ISE configuration

1 ACCEPTED SOLUTION

Accepted Solutions

The requirement doesn’t make a lot of sense, but I think you can do it with something like Splunk by correlating logs and alerting based on specific rules. Why does it matter if they move as long as they get the same access to the network anywhere they connect?

View solution in original post

8 REPLIES 8

Jason Kunst
Cisco Employee
Cisco Employee

This is not a capability of ISE

What are you trying to prevent?

Trying to prevent users from moving on their own from one switch port to another one

I think this is not possible ,but the main question is why users have access to the switch and unplug cables or something else . And 1 more thing i mention if they plug or unplug from one port to another you can create authorization policy in ISE always to be assosiated on Vlan you want to use ( if ports are in different VLANS).

This is a network management function and not an ISE function

On the switch you can restrict Mac addresses allowed I believe by first learning and only allowing that MAC address

It's not a useful solution... we have a plenty of users and they move from one office to another (with it support help - officially and without support - that's what we want to eliminate). Every user has PC and ip-phone. And also there is port-security on switch ports with maximum of 2 mac-adresses (any). I don't want to bind mac-adresses to switch ports because it will be a nightmare to administer such environment with officially migrating users. And that's why i'm looking for another solution.

If it's not an ISE then what should it be?

Like the others said, this is not a feature in ISE. Please investigate it on Cisco IOS platform support. It might be possible to use EEM (Cisco EEM Basic Overview and Sample Con... - Cisco Support Community) and Cisco Prime Infrastructure or Cisco DNA Center might help in deploying the scripts.

The requirement doesn’t make a lot of sense, but I think you can do it with something like Splunk by correlating logs and alerting based on specific rules. Why does it matter if they move as long as they get the same access to the network anywhere they connect?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: