12-21-2018 07:18 AM - edited 12-21-2018 07:19 AM
Hi, I run ISE 1.3 for Wireless, I will be creating a new SSID on my WLC's for a specific amount of users who will be authorised by MAC authentication using ISE.
Basically I will have a list of about 50 mac addresses that will be held on the ISE. Users will be directed from Anchor WLC's to ISE presented a page which will be the policy signon just a tick (not login/password)
From what I've read I need to create a Endpoint Identity Group, every time I create one I see a Server Success pop-up but no Endpoint Identity Group listed, there is no parent group to choose from? Where do I create the parent group?
This will be basically what I plan to configure:
Solved! Go to Solution.
12-21-2018 08:42 AM
12-21-2018 07:50 AM
You are correct that an endpoint identity group is required to do what you are trying to accomplish. Why you aren't seeing the endpoint identity group after creation could be browser related. You could reset your browser or try a different browser. It is also possible that you are hitting a bug but because 1.3 is end of life, there are no support options. I encourage you to consider upgrading to a newer version of ISE that with which you would be able to get support from the TAC.
Regards,
-Tim
12-21-2018 08:27 AM
I have tried IE and I have the same problem, maybe this is a bug in 1.3
I plan to upgrade next year to a newer supported version.
Is it possible to see this group creation from the command line, thought I'd ask but I guess not.
12-21-2018 08:42 AM
12-21-2018 08:50 PM
Cisco Identity Services Engine Software Version 1.3 Bulletin is missing the last date of support, which usually is 2 years after the end of software maintenance and would be Dec 31, 2019. Thus, you could try opening a Cisco TAC case and investigate this issue.
Although there is no CLI option, you may try External RESTful APIs for Endpoint Identity Groups
01-02-2019 06:50 AM
Thanks Tim. I plan to upgrade to 2.1.0 a direct upgrade is possible from 1.3 to 2.1.0
Not sure if this is a recommended version but at least a start and the quickest/easiest upgrade option. I did notice that during this VMware upgrade in my case RedHat verions are changed from 5.x to 7.x luckily we are running hardware ESXi6 x which is compatible with RH 7.x. Looks like you need to power down the VM instance and change OS version to 7.x after the upgrade. Lets see!
I'll post once upgraded and see if I see all the Groups I apparently created are there or not and the upgrade has indeed fixed my problem.
01-02-2019 07:29 AM
01-02-2019 10:45 AM
If you are comfortable with your ISE config I would build a brand new parallel deployment running 2.4 patch 5 and rebuild your entire deployment using current best practices. That is how we typically handle upgrades for customers running that old of a version of ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide