Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
174
Views
1
Helpful
4
Replies

Query Regarding Endpoint Visibility via Cisco ISE

snbw16
Level 1
Level 1

‎07-13-2025 11:55 PM

Certainly! Here's a rephrased version of your message in a more formal and concise tone:

Subject: Query Regarding Endpoint Visibility via Cisco ISE

Hello All,

In our environment, CLI access for network devices (switches, routers, etc.) is authenticated using TACACS+ through Cisco ISE. I would like to understand whether Cisco ISE can provide visibility into the number of endpoints currently connected to the switches.

RADIUS authentication for endpoints is handled by a separate solution. Kindly advise on this.

Labels:
4 Replies 4

Torbjørn
VIP
VIP

‎07-14-2025 12:24 AM

This should be possible by sending radius accounting to ISE, though I must admit that I have never tried this myself and can't find any examples of this on the web. Please report back if you do try this though!

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

wajidhassan
Level 4
Level 4

‎07-14-2025 02:58 AM

Hi @snbw16 ,

Cisco ISE primarily handles authentication and authorization (TACACS+ for device admin access, RADIUS for endpoint access) but does not directly provide detailed visibility on the number of endpoints connected to switches.

For endpoint visibility, you typically need to integrate ISE with network devices and use features like SNMP polling, NetFlow, or Cisco DNA Center, which can collect endpoint information from switches.

So, while ISE controls access, detailed endpoint counts and visibility usually come from complementary network management or monitoring tools.

Hope this helps!

0 Helpful

Arne Bier
VIP
VIP

‎07-14-2025 01:29 PM

That questions sounds like a reply from a chatbot. But regardless, you can use a standalone ISE to poll switches to extract the endpoints (MAC addresses). This would require you telling ISE what all you switches are, and enabled SNMP on them to allow ISE to run a scan against. It's an audit option for customers to get an insight into a point-in-time endpoint status. 

0 Helpful

MHM Cisco World
VIP
VIP

‎07-14-2025 01:33 PM

Did you check report ?

OperationsReportsTACACS Authentication/Authorization

MHM

0 Helpful
Customers Also Viewed These Support Documents