09-23-2019 09:49 AM
I have a customer who's wanting to pull a report of all of his endpoints showing how long they've been inactive. It looks like I can see that attribute individually when looking at an endpoint, but that's not a field available when you export the endpoints.
Solved! Go to Solution.
09-23-2019 11:21 AM
You can export the endpoints and there is a column for "Update Time". That tells you the last time ISE saw anything for the endpoint. You might have to calculate the field from a Unix timestamp to normal date/time. Depends on your version of Excel or what you use to open the CSV file with.
09-23-2019 12:14 PM
DHCP lease times wouldn't affect anything if you are doing IOS device sensor (as all modern installs should be doing) and you have aaa accounting new info only enabled. Also again if you are doing IOS device sensor you really don't need to SNMP poll either (I still do as a backup). We set our reauthentication timers to 65,000 seconds.
09-23-2019 11:21 AM
You can export the endpoints and there is a column for "Update Time". That tells you the last time ISE saw anything for the endpoint. You might have to calculate the field from a Unix timestamp to normal date/time. Depends on your version of Excel or what you use to open the CSV file with.
09-23-2019 12:04 PM
Few notes... The inactivity time is only valid if your customer has one of two things properly configured:
We do #1 on our customers and have aaa accounting only set for new info.
Also, if you have devices that have never authenticated (i.e. they were learned through profiling discovery) their inactive days will be always 0 making you think they are active. It takes an authentication from a MAC address to start the inactive clock timer.
09-23-2019 12:09 PM
DHCP updates, SNMP polling updates, or any other profiling information changes would also change the "Update Time". So even with a default DHCP lease time of 8 days, there would be a new DHCP request at 4 days.
I do recommend doing some sort of reauthentication timer, just not too low. Something like every 12 hours is fine so that you can always see the endpoint information in Live Logs.
09-23-2019 12:14 PM
DHCP lease times wouldn't affect anything if you are doing IOS device sensor (as all modern installs should be doing) and you have aaa accounting new info only enabled. Also again if you are doing IOS device sensor you really don't need to SNMP poll either (I still do as a backup). We set our reauthentication timers to 65,000 seconds.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: