Hi Leo,

it will be 9200L. But I would prefer to run it once in 24 hours, not everytime the interface flaps.

thank you

what is the use case here. ISE already knows the information on what user connected to that port with IP address ?

why are you looking to login to each switch and check the interface description ?

more manual work  and more script, which unnecessary overhead on switch CPU

I know that ISE knows all the information, but the problem is that when customer calls to check the user on switch X but he doesn't know the interface the user is connected to, so checking the interface description is much faster than logging in to the ISE and searching for the user. So I was thinking that if I had the username in the description than it would be much faster to find the user.

Hello,

this should be fairly easy to accomplish. I am not sure what is showing up in the logs when a user authenticates, can you post the log entry (or entries), as the EEM script would be based on that

I think you need to enable:

dot1x logging verbose

authentication logging verbose

in order to see these entries in the logs.

EDIT: I think the below is what you would see in the logs. The actual username does not seem to be logged (or there must be an additional setting to actually display that)...

%AUTHMGR-5-START: Starting 'dot1x' for client (XXXX.XXXX.XXXX) on Interface GiX/Y
%DOT1X-5-SUCCESS: Authentication successful for client (XXXX.XXXX.XXXX.XXXX) on Interface GiX/Y
%AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (XXXX.XXXX.XXXX) on Interface GiX/Y

Sure but this more human task, as we are moving  more dashboard system to make it simple. If you have 100 of switches, how do you know where the user connected ? its hard to track, when the roaming in place.

yes this is feasible, if the user sit in same desk all the time and same port connected.

Personally - I still use ISE to minimise login to devices - or you can make simple API ( this quries ISE and give you on browser information)

by the way what is the goal here - (sorry to deviated above topic) -- when the user called ? what is the purpose of the call ? having issue ?

Hi,

when customer calls (L1 support), the problem description is usually: "facebook is not working" He already knows the switch so he tells me the hostname, I log in and the only thing that I need to find out is the interface in order to check the authentication. So I was thinking whether it is possible to change the description to speed up the searching process. I dont want to change it every time the user logs in since they dont share desks. 

Is the username logged ?

If there is a show command that displays the username and port number then it can be automated every 24 hours.   Do you have an example of the show command output that contains the username and port number?

I think you should ping @Joe Clarke internally.

if the users not share the desk - 

there are couple of way to do it to automate.

1. in the DHCP you may be leased time, if that is more than day, then when the user come back and loging i am sure he get same IP

2. get all the information populated example :

   - user

    - mac address

   - port information 

    - input this in CSV format

    - use Python get information add to desription 

Other options

Personally - I still use ISE to minimise login to devices - or you can make simple API ( this queries ISE and give you on browser information)

Hope this make sense ?