How to Configure Auto Tracking Authentication

Auto tracking is a form of authentication that is used to track session information for traffic that is not authenticated by the other supported authentication types (802.1x, PWA, MAC, CEP, and Quarantine). With auto tracking enabled, these sessions are entered into the session table, allowing network administrators to determine which end-systems on which ports are not being authenticated through traditional authentication methods.

When an end-system connects and does not authenticate using any of the other authentication methods, an auto tracking session is created. The end-system is assigned the appropriate policy as configured in Policy Manager, such as the port's default role.

Auto tracking provides the administrator with increased visibility into who is on the network and where. Because these sessions are tracked, an administrator can determine whether and how to provision them in the future, allowing for increased security and control.

There are two main steps to configuring auto tracking authentication:

  CAUTION: Auto tracking authentication should not be used in domains that use MAC to role mappings or IP to role mappings that are based on destination MAC or IP addresses. For more information, see Auto Tracking and Destination Role Mappings Compatibility.

Enable Auto Tracking Authentication

Use the following steps to enable auto tracking authentication on the device and port. These instructions use the Device Authentication tab and Port Properties window. However, if you are configuring multiple devices and ports, you can use the Device Configuration Wizard and the Port Configuration Wizard.

On the device:

  1. Select the device in the left-panel Network Elements tab.
  2. Select the right-panel Authentication tab.
  3. In the General Settings section, under Multi-User Authentication type, select the Auto Tracking checkbox.
  4. Set Authentication Status to Enabled.
  5. Click Apply.

On the port:

  1. Select the device in the left-panel Network Elements tab.
  2. In the right-panel Ports tab, select a port and click the Port Properties button.
  3. In the Port Properties window, select the Authentication Configuration tab (in the top row of tabs).
  4. Select the General tab (in the lower row of tabs).
  5. Verify that the Port Mode Authentication Behavior is set to Active.
  6. Verify that the Disable Auto Tracking Authentication for this port checkbox is not selected.
  7. If you made any changes, click Apply.

Set Session Properties

Use the following steps to configure session timeout and user count values on the device and port. These instructions use the Device Authentication tab and Port Properties window.

On the device:

  1. Select the device in the left-panel Network Elements tab.
  2. Select the right-panel Authentication tab.
  3. Select the Global Authentication Settings subtab.
  4. Set the session timeout and session idle timeout values for Auto Tracking authentication.
  5. Click Apply.

On the port:

  1. Select the device in the left-panel Network Elements tab.
  2. In the right-panel Ports tab, select a port and click the Port Properties button.
  3. In the Port Properties window, select the Authentication Configuration tab (in the top row of tabs).
  4. Select the Login Settings tab (in the lower row of tabs).
  5. Set the session timeout and session idle timeout values for Auto Tracking authentication.
  6. Click Apply.
  7. Select the Authenticated User Counts tab (in the lower row of tabs).
  8. Set the user count value for Auto Tracking authentication.
  9. Click Apply.

Related Information

For information on related tasks: