07-02-2018 12:25 PM
I am trying to figure out the most efficient to get an IP address of a devices that are authenticating programmatically.
The RADIUS authentication report which I have a macro to process doesn't contain IP addresses. The RADIUS accounting report may not show IPs of devices that have been on the network for a long period of time as we do "newinfo" only RADIUS accounting. You can't get any decent information from Rest API from the endpoints.
I was able to get the IP information via Rest calls to the M&T API, but the session lookup for a MAC address takes a long time. I did a test of about 15 MAC addresses and it took around10 minutes to process those 15 MAC addresses doing M&T last session lookups.
Is there any other way to get this information? I can't think of any other way.
Thanks.
07-02-2018 12:37 PM
Why not pxGrid?
ISE 2.4 has a complete implementation of pxGrid 2.0 so it seems a good thing for you to try out.
07-02-2018 12:50 PM
That would be for more persistent data gathering wouldn’t it. I am processing RADIUS authentication report CSVs with an Excel macro to look for MAC addresses hitting my Catch All MAB rule. Once I find those MAC addresses I want to find their associated IP without having to manually go into Context Visibility and find each MAC address. There could be 100s of MAC addresses hitting the Catch All rule in the early stages of the ISE project. I have XML calls working in Excel to the M&T Rest API to gather the IP, but that call takes a long time.
I have confirmed with Postman that the call does take a long time.
https://@<M&T IP>/ise/mnt/Session/MACAddress/<MACAddress>
It takes about 8-12 seconds per call on a busy M&T. I guess my initial timing wasn’t as bad as I thought. I just timed the 15 MACs again and it was around 2 minutes This may be the best I can do.
Paul Haferman
Office- 920.996.3011
Cell- 920.284.9250
07-02-2018 01:52 PM
How about running a report on current active sessions and exporting that result to a CSV in a repo?
07-02-2018 01:57 PM
That could work, but usually I am running a report for the last 7 days looking for stuff hitting my Catch All. The active sessions would only show me devices currently on the network.
The M&T API will probably work okay. I just added it to my macro and processed 150 Catch All hits. It took some time but I got the IP for each of the MACs.
Paul Haferman
Office- 920.996.3011
Cell- 920.284.9250
07-02-2018 02:03 PM
Not the live sessions one.
07-02-2018 02:11 PM
Yes but doesn’t active sessions mean there hasn’t been a RADIUS stop message for a given MAC? If there has been a RADIUS stop message for a MAC, i.e. the device is no longer on the network it shouldn’t be in that report. I need to see all devices on the network and devices that have left the network, because they could come back.
Paul Haferman
Office- 920.996.3011
Cell- 920.284.9250
07-02-2018 02:17 PM
M&T Session API also needs the sessions still active. For inactive sessions, then we need to scrap the RADIUS auth and accounting reports like you did earlier.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide