Re: Anyconnect presence visibility on ISE Dashboard

dngore · ‎07-01-2018

Hi All,

We are deploying ISE solution for Bank customer. Scope is about 150K systems with 7K switches. Customer has ISE 2.4 & Anyconnect 4.6.

Customer wants to see Anyconnect modules (VPN, NAM, ISE Posture, DART & Compliance) presence and their process status on ISE dashboard. Purpose for same is to make sure that AC is present on system and running status and no issue for authentication perspective.

They also want to know last connected time for AC shown on ISE.

We have configured AVC (Application Visibility Control) to get AC status on ISE dashboard.

But customer is asking following points:

A single window which shows all endpoints on which AC modules are installed along with information like connected time, Date and modules status.
When we export report in csv format from Context Visibility - Endpoint - Compliance - Unclassified category - Cisco AC, "update Time" column data is shown in "1.53027E+12". We changed cell format to time format but still no luck. What should be cell format that will show correct time?
Though above excel report shows "update Time" & "Message Code" (Connected or not connected) columns, ISE dashboard does not show that information. There is no option to add those fields in Context Visibility - Endpoint - Compliance - Unclassified category - Cisco AC. How we can add that fields?

hslai · ‎07-01-2018

On 1: Not an existing feature of ISE context visibility. Please check with our PM team.

On 2: This needs converted from milliseconds to date, using a tool like Milliseconds to Date

On 3: I do not see how you able to get [Context Visibility - Endpoint - Compliance - Unclassified category - Cisco AC]. You may try creating a new view with all these fields.

dngore · ‎07-02-2018

Thanks for reply. We could see update time and connected status in ISE dashlet after creating new view.

Regarding point 2 - Requirement is ISE should show appropriate "update time" in correct & readable format. And same for xls report. It is not feasible to use tool to get correct time for each entry. Is there any way that ISE will show it in correct format?

We observed that even if we select particular application, result window shows another mac address entries which do not have that application. These are old entries. How long ISE maintains these old entries (previously connected but currently not active) and is there any setting that ISE will purge them?

paul · ‎07-03-2018

For #2 check out:

Convert milliseconds to date (in Excel) - Stack Overflow

dngore · ‎07-03-2018

Thx a lot Paul. It helps.

hslai · ‎07-03-2018

Dnyaneshwar Gore wrote:

... even if we select particular application, result window shows another mac address entries which do not have that application. These are old entries. How long ISE maintains these old entries (previously connected but currently not active) and is there any setting that ISE will purge them?

This might be a buggy behavior if some irrelevant endpoint mac address showing up. If you have a TAC case on this, please ask TAC to recreate and log a bug. Otherwise, you may do the same yourself.

ISE has a configurable endpoint purge policy so it's up how that is configured in this deployment.

dngore · ‎07-03-2018

Sure.

Regarding point no 2 - Is there any way, ISE will show update time in appropriate format? Customer is asking for that.

paul · ‎07-03-2018

Unix epoch time is an acceptable format that is easily converted. You are already pulling the data into excel. It is trivial to change it to another date time format.

Sent from my iPhone