Re: Extended Device tracking in SDA

Michael Warren · ‎07-18-2023

Cisco DNA Center Version 2.3.3.7-72328

As I understand it standard Assurance Client information only goes back 7 days. I have a requirement from our CSIRT team to be able to tell them what client (MAC address) was using a specific IP address and where the device was seen on the network (for compliance / copyright infringement / security reasons) for the past 100 days.

Can DNAC be used for this or should we investigate a different tool, or develop our own?

thanks in advance - Michael

andy!doesnt!like!uucp · ‎07-25-2023

do u have this requirement only to ports protected by AAA? if u do u can take this info from ISE. assuming your operational DB on ISE has more than 100+ days of purge frequency

Michael Warren · ‎07-26-2023

Thanks for the reply Andy

Unfortunately we have this requirement for all end user hosts on the network. This is further complicated in that we have our switches set to no authentication atm (we hope to start using ISE in the very near future) and do not use Cisco wireless. The real problem we have is that we little control over much of the desktop clients (UK University with a highly fragmented federated IT environment - no single AD, multiple data sources of users, etc...) which will make things like 802.1X difficult to implement.

I think the answer to all this lies with a tool outside of DNAC - or a custom built system. Although ISE might be central to this once we figure out how to use it!

Mike

andy!doesnt!like!uucp · ‎07-26-2023

u need to use external logger then to keep history on-boarding entries along the ISE deployment option.

with ISE u may live on authentication open mode for infinity & still have endpoint-info at its full extent.

basically i'd expect a lot of whishes made already for this feature to be back in DNAC...