07-01-2018 09:56 PM
Hi All,
We are deploying ISE solution for Bank customer. Scope is about 150K systems with 7K switches. Customer has ISE 2.4 & Anyconnect 4.6.
Customer wants to see Anyconnect modules (VPN, NAM, ISE Posture, DART & Compliance) presence and their process status on ISE dashboard. Purpose for same is to make sure that AC is present on system and running status and no issue for authentication perspective.
They also want to know last connected time for AC shown on ISE.
We have configured AVC (Application Visibility Control) to get AC status on ISE dashboard.
But customer is asking following points:
07-01-2018 10:59 PM
On 1: Not an existing feature of ISE context visibility. Please check with our PM team.
On 2: This needs converted from milliseconds to date, using a tool like Milliseconds to Date
On 3: I do not see how you able to get [Context Visibility - Endpoint - Compliance - Unclassified category - Cisco AC]. You may try creating a new view with all these fields.
07-02-2018 08:54 PM
Thanks for reply. We could see update time and connected status in ISE dashlet after creating new view.
Regarding point 2 - Requirement is ISE should show appropriate "update time" in correct & readable format. And same for xls report. It is not feasible to use tool to get correct time for each entry. Is there any way that ISE will show it in correct format?
We observed that even if we select particular application, result window shows another mac address entries which do not have that application. These are old entries. How long ISE maintains these old entries (previously connected but currently not active) and is there any setting that ISE will purge them?
07-03-2018 06:22 AM
For #2 check out:
07-03-2018 09:42 PM
Thx a lot Paul. It helps.
07-03-2018 06:48 AM
Dnyaneshwar Gore wrote:
... even if we select particular application, result window shows another mac address entries which do not have that application. These are old entries. How long ISE maintains these old entries (previously connected but currently not active) and is there any setting that ISE will purge them?
This might be a buggy behavior if some irrelevant endpoint mac address showing up. If you have a TAC case on this, please ask TAC to recreate and log a bug. Otherwise, you may do the same yourself.
ISE has a configurable endpoint purge policy so it's up how that is configured in this deployment.
07-03-2018 08:51 PM
Sure.
Regarding point no 2 - Is there any way, ISE will show update time in appropriate format? Customer is asking for that.
07-03-2018 09:11 PM
Unix epoch time is an acceptable format that is easily converted. You are already pulling the data into excel. It is trivial to change it to another date time format.
Sent from my iPhone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide