07-18-2023 04:41 AM
Cisco DNA Center Version 2.3.3.7-72328
As I understand it standard Assurance Client information only goes back 7 days. I have a requirement from our CSIRT team to be able to tell them what client (MAC address) was using a specific IP address and where the device was seen on the network (for compliance / copyright infringement / security reasons) for the past 100 days.
Can DNAC be used for this or should we investigate a different tool, or develop our own?
thanks in advance - Michael
07-25-2023 07:19 AM
do u have this requirement only to ports protected by AAA? if u do u can take this info from ISE. assuming your operational DB on ISE has more than 100+ days of purge frequency
07-26-2023 03:25 AM
Thanks for the reply Andy
Unfortunately we have this requirement for all end user hosts on the network. This is further complicated in that we have our switches set to no authentication atm (we hope to start using ISE in the very near future) and do not use Cisco wireless. The real problem we have is that we little control over much of the desktop clients (UK University with a highly fragmented federated IT environment - no single AD, multiple data sources of users, etc...) which will make things like 802.1X difficult to implement.
I think the answer to all this lies with a tool outside of DNAC - or a custom built system. Although ISE might be central to this once we figure out how to use it!
Mike
07-26-2023 04:49 AM - edited 07-26-2023 04:51 AM
u need to use external logger then to keep history on-boarding entries along the ISE deployment option.
with ISE u may live on authentication open mode for infinity & still have endpoint-info at its full extent.
basically i'd expect a lot of whishes made already for this feature to be back in DNAC...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide