cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2019
Views
0
Helpful
3
Replies

Ability for ISE to track endpoint history

pacavell
Cisco Employee
Cisco Employee

Does ISE 2.4 have the ability to track an endpoint's history, as in its movement, over time. For example, an endpoint connected to AP ABC yesterday and today it connected to AP XYZ. Im thinking the only way to do this might be to scrub the ISE logs. Correct? This really seems to be a task more suited to DNA Center Assurance.

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
As you probably already assumed, this is not a feature ISE has. DNA Assurance starts heading in the right direction though, just on a troubleshooting centric approach.

The radius authentication logs would capture this for wired quite well. I'm not sure how well wireless radius logs would work to begin with since most leverage fast transition roaming between APs. I don't recall seeing the called station ID in the ISE radius authentication report, so while WLC's could be configured to send AP:SSID for location tracking, it isn't a key field that is exportable/tracked.

You could submit it as a feature request, but seeing as ISE is not designed to be a tracking database I wouldn't hold my breath for anything resembling it to show up there. You need features found in CMX+Prime and ISE to be aggregated in to a single platform, maybe Assurance could get there.

View solution in original post

3 Replies 3

Damien Miller
VIP Alumni
VIP Alumni
As you probably already assumed, this is not a feature ISE has. DNA Assurance starts heading in the right direction though, just on a troubleshooting centric approach.

The radius authentication logs would capture this for wired quite well. I'm not sure how well wireless radius logs would work to begin with since most leverage fast transition roaming between APs. I don't recall seeing the called station ID in the ISE radius authentication report, so while WLC's could be configured to send AP:SSID for location tracking, it isn't a key field that is exportable/tracked.

You could submit it as a feature request, but seeing as ISE is not designed to be a tracking database I wouldn't hold my breath for anything resembling it to show up there. You need features found in CMX+Prime and ISE to be aggregated in to a single platform, maybe Assurance could get there.

ma.alsaffar
Level 1
Level 1
It will not do that function but just one way in my mind is to create remote syslog in ISE to allow ISE to send radius session to remote syslog, so you will be able to see users connectivity with your network for great amount of days depend on how appropriate is your syslog server.
you can create this by going to :
Administration > System > Logging > Remote Logging Targets.

You should be able to track the wireless movement as well.  If the wireless SSID is running 802.1x every time the device roams to a new AP there will be an authentication event.  If you set your RADIUS called station ID under RADIUS authentication on the WLC to AP Name:SSID you will see the AP names as they roam around.  The issue is the records will probably be blue session records so I don't think you will see all of them in the RADIUS authentication reports, but you may see them in accounting or syslog messages.