The Campus Manager User Tracking Report has the dot1xEnabled field that is always false.
It was my understanding that the switch will send SNMP Trap Notifications to Cisco Works regarding the status of 802.1x authentication per port.
We have configured per port:
snmp trap mac-notification added
snmp trap mac-notification removed
snmp-server host x.x.x.x abababa udp-port 1431 MAC-Notification
With no success, so we opened a TAC case, 614376387 and we were told by TAC and the Development Engineers that this "feature" does not work in LMS 3.2 and Campus Manager 5.2.1 and that this feature will be available in the next new release.
I thought I had read on this forum that some folks have this 'feature' working, where this field shows the current status of 802.1x per access port.
Has anyone been able to get this 'feature' to work? And if so, what versions are you running and what were the 'tricks' to get it working?
The MAC address notification traps only alert Campus to the fact that a MAC address has been learned or removed from a given port. That starts the dynamic UT process. With no other information, you will potentially see a new record appear in UT shortly after receiving the trap. However, that record will not have IP or username data associated with it.
To get the IP data, Campus will poll the CISCO-DHCP-SNOOPING-MIB to pull IP data. To get username data, Campus will poll the IEEE8021-PAE-MIB of the switch to get dot1x information. So, your switch must be configured for dot1x, and it must support this MIB (in particular, the objects dot1xAuthSessionTime, dot1xAuthSessionUserName, and dot1xPaePortCapabilities).
Without dot1x, hope is not lost. If the end host is running Windows and the UTLite tool, then when the user logs in, UTLite should start from their logon script, and send a UDP update to Campus with the username and IP of the host.
We're not so much interested in the username or IP, but more so whether or not the dot1xenabled 'field' within the User Tracking Report will or can show 'true' in the version we're running currently. TAC says it is not supported, but other posts herein seem to indicate otherwise. What are we missing?
If you are not using Dynamic User Tracking, the dot1xEnabled field will always show as false. This is due to CSCtg66941 which will be fixed in LMS 4.0 due out later this month. With Dynamic UT, this field will be updated based on the value of dot1xPaePortCapabilities.