dc endpoint

Synopsis

netapi ise dc endpoint <MAC> [OPTIONS]

Description

Get detailed information for a specific endpoint from DataConnect. Provides richer data than ERS including hostname, IP address, and profiler details. Optionally includes authentication history.

Arguments

Argument Description

Argument	Description
`MAC`	MAC address of the endpoint (required)

MAC

MAC address of the endpoint (required)

Options

Option Default Description

Option	Default	Description
`--with-auth`, `-a`	(off)	Include authentication history

--with-auth, -a

(off)

Include authentication history

Use the global --format flag at the dc level:

netapi ise dc --format json endpoint 3C:EC:EF:43:50:42

Usage

# Basic endpoint info
netapi ise dc endpoint 3C:EC:EF:43:50:42

# Include auth history
netapi ise dc endpoint 3C:EC:EF:43:50:42 --with-auth

# JSON for scripts
netapi ise dc --format json endpoint 3C:EC:EF:43:50:42

Sample Output

Basic:

Endpoint: 3C:EC:EF:43:50:42
─────────────────────────────────────────────────────
MAC Address:      3C:EC:EF:43:50:42
Hostname:         DRSHAHAB-WS
IP Address:       10.50.10.42
Profiler Policy:  Linux-Workstation
Device Type:      Workstation
Identity Group:   Workstations
First Seen:       2026-01-15 08:30:00
Last Seen:        2026-01-23 10:45:12

With auth history (--with-auth):

Endpoint: 3C:EC:EF:43:50:42
─────────────────────────────────────────────────────
MAC Address:      3C:EC:EF:43:50:42
Hostname:         DRSHAHAB-WS
IP Address:       10.50.10.42
Profiler Policy:  Linux-Workstation
Device Type:      Workstation
Identity Group:   Workstations
First Seen:       2026-01-15 08:30:00
Last Seen:        2026-01-23 10:45:12

Recent Authentications:
─────────────────────────────────────────────────────
2026-01-23 10:45:12  PASS  EAP-TLS  Domus_Secure_Profile
2026-01-23 08:15:00  PASS  EAP-TLS  Domus_Secure_Profile
2026-01-22 17:30:45  PASS  EAP-TLS  Domus_Secure_Profile

Finding MAC from Identity

If you only have the EAP-TLS identity (e.g., hostname.domain) and need the MAC:

# Option 1: Search dc users (shows identity → MAC mapping)
netapi ise dc users --hours 24 | grep modestus

# Option 2: Use dc recent output (shows Username and MAC columns)
netapi ise dc recent --hours 4 | grep modestus

The endpoints --search queries the endpoint database hostname field, which may be empty. EAP-TLS identity (from certificate CN) is stored in auth logs, not the endpoint table. Use dc users or dc recent to find the MAC, then use dc endpoint or dc session.

Use Cases

Quick Device Lookup

# What is this MAC?
netapi ise dc endpoint AA:BB:CC:DD:EE:FF

Verify Profiler Classification

# Is the device profiled correctly?
netapi ise dc endpoint 3C:EC:EF:43:50:42 | grep "Profiler Policy"

Scripting

# Get hostname for a MAC
netapi ise dc --format json endpoint 3C:EC:EF:43:50:42 | jq -r '.hostname'

# Check if device is known
if netapi ise dc endpoint "$MAC" &>/dev/null; then
  echo "Device is registered"
else
  echo "Unknown device"
fi

dc endpoint vs dc session

| Command | Use Case | |---------|----------| | dc endpoint | Quick lookup of endpoint identity and profiler data | | dc session | Full picture including active session and auth timeline |

Use dc endpoint for quick lookups, dc session for troubleshooting.