Solved: Re: Problems with ISE identity Endpoint

nshirabakwaku · ‎09-13-2019

Dear All,

We have an ISE 2.4. One of the Endpoint Identity Group was mistakenly reset by a helpdesk and now all users of that profile are being asked to re authenticate. After re authentication, the user is allowed network access but disconnected after some few minutes. When we search for the MAC address of the user in the Endpoint group and manually add it, the problem is resolved.

The problem is that we have over 6000 users and we cannot go through this process for all of them. Is there any other way that this can be resolved?

#Endpoint Identity Group

Mike.Cifelli · ‎09-13-2019

https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

Good luck!

View solution in original post

Mike.Cifelli · ‎09-13-2019

You have a couple of options IMO to automate adding the MACs back to the endpoint group. One option is via profiling. Can you share the profile you are using? You have the option in profiling to automatically add the MACs to an endpoint group. Just note that if you push policy based on a profiled endpoint group that you will need base & plus licenses. Another way would be to leverage rest apis and automate via bulk adds. This link is gold and will help get you started in the right direction (https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623). I have found scripting to become pretty valuable now that I have a better grasp of what to do in order to accomplish a task. Good luck & HTH!

nshirabakwaku · ‎09-13-2019

Thanks for the response. I believe the profiling option will be best for me now. Can you point me to a resource on how the proceed?

Mike.Cifelli · ‎09-13-2019

https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

Good luck!