More detailed reports for Guest access users

Madura Malwatte · ‎05-14-2019

ISE 2.3 patch 5

Hi all, I am trying to understand how to get detailed reports about the guest users accessing the ISE guest portals. I am using self-register portal and wireless guest access.

In Operations > Reports > Reports > Guest all I can see of some usefulness are is the Master guest report. But it just has basic info such as username, mac, ip address, portal name etc.

How can I see a guest report just for users who have accessed a specific portal and where they connect from? i.e. the access point where the guest is accessing from? Ideally I want to be able to pull up a report that has a breakdown of the guest users per site (i.e. the access point which guests are connecting to)? I know that in context visibility for a wireless endpoint there is an attribute called "SSID" which has the AP Name and SSID, as I have configured the "Auth Called Station ID Type" on my Cisco WLC for the ISE radius servers to send both AP Name and SSID. So how can I pull up a report for guest users with the breakdown of the AP they came in from?

And is Master guest report the only report I can get some info about the guest user accesses?

RaffyLindogan · ‎05-15-2019

Hi mate,

I am not sure if ISE is capable of providing that detailed report.

I would usually go to Prime to extract the user per AP.

Anything with more relation to wireless association and not just authentication, it would be good to go with Prime.

CHeers,

Raffy

Jason Kunst · ‎05-15-2019

You’re going to need to offload that to a SIEM like splunk to have any such type of advanced reporting capabilities

Also yes the only report that shows you what sites visited is the master guest report

Madura Malwatte · ‎05-15-2019

Thanks for the response Jason. That's a shame. Master guest report is very basic in terms of the info. What about getting a report of the context visibility endpoints, and filtering for certain psn's (i.e dmz psn's that have all the guest traffic)? Is there such a way?

Jason Kunst · ‎05-15-2019

You could perhaps try out the API to see if you can gather info that way and correlate.

Madura Malwatte · ‎05-15-2019

yeah, that could be the only option.

I enabled all the available columns in the master guest report, unfortunately Auth Called Station ID is not one of them. We do have a column for NAD address but for wireless it will be the same controller.

Is there a way to add a custom column type to the report?

Jason Kunst · ‎05-16-2019

No you can’t add to the reports

You can try exporting authentication reports and try correlating information there. You would likely need to change the called-station-id to suit your needs

https://community.cisco.com/t5/identity-services-engine-ise/wlc-called-station-id-radius-authentication-and-accounting/td-p/3684045

Madura Malwatte · ‎05-20-2019

Hi Jason, Thanks. Yep I have got called-station-id to show AP, which tell us the location where users are connecting from.

Is there any plans in the future to have the report fields customisable to let us add other radius attributes and other fields contained in the context visibility?

Jason Kunst · ‎05-20-2019

You would need to ask the product managers. We don’t talk futures or feature requests In public forum. Please reach out to them via http://cs.co/ise-feedback

You might see if Cisco DNA assurance gives you any added value? Or adding in splunk for advanced reporting