Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
427
Views
0
Helpful
1
Replies

802.1X and SysLog

BlueyVIII
Level 1
Level 1

ā€Ž05-04-2011 01:17 PM

Appologies for the duplicate post if you've already seen this, but I'm hoping that someone is this community may also be able to help.

We're using 3750 and 3550 switches with 802.1X for authenticating devices to our network and I'd like to know how many times people try to connect unauthorised devices to the network.

Ideally, I'd like the switch to send a SysLog message to our CiscoWorks Syslog server each time a device or user fails authentication. Is this possible?

I can see that it's possible to syslog all authentication attempts but we have a large network and sending successful authentications would seem pointless, and the failed ones would probably just get lost in the "noise".

If the Syslog method isn't possible is there another way to acheive this, possibly using CiscoWorks.

Labels:
0 Helpful
1 Reply 1

Nael Mohammad
Level 5
Level 5

ā€Ž05-05-2011 01:53 PM

Use DFM active alerts and display to monitor Failed Authentication based on SNMP. Ensure the devices have "snmp-server enable traps authenticate-fail" enabled with the "snmp-server  host"pointing to LMS.

0 Helpful
Customers Also Viewed These Support Documents