cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1144
Views
0
Helpful
4
Replies
Enthusiast

Cisco ISE MAC Move and host movement

Hello,

I read that SNMPTraps should not be sent to ISE when using the RADIUS probe, because it will only trigger a duplicate SNMPQuery. If so, how do you support a use case whereby a device can successfully deauthorize from a switch port and authorize on another port. Is it the one of the following in exclusion of others?

1. authentication mac-move permit

2. IP device tracking

3. mac address-table notification change, mac address-table notification mac-move, snmp-server trap (global config) and snmp trap mac-notification (interface config)

 

I understand that for a device behind a non-cisco IP phone, CDP or LLDP or EAPOL Proxy logoff will inform the switch.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

mac-move permit is the

mac-move permit is the solution.

View solution in original post

4 REPLIES 4
Beginner

Hi,when using dot1x

Hi,

when using dot1x auttentication behind a phone, some vendors support EAPOL Proxy logoff and the session will be terminatet. When using MAB you need to work with idle time out for the appropriate vlan

 

 

Enthusiast

Hi,Thanks for responding.

Hi,

Thanks for responding. However, my question was not about MAB or dot1x behind a phone. I had already mentioned about EAPOL proxy logoff.

What I really wanted to know was about a dot1x device authorised on a switch port and then moved to another port. Do you have to add the global command authentication mac-move permit to support this or IP device tracking is enough, so that there is no port security violation.

 

Thanks

Beginner

mac-move permit is the

mac-move permit is the solution.

View solution in original post

Highlighted
Enthusiast

Ok. Thanks

Ok. Thanks