cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

227
Views
0
Helpful
2
Replies
Highlighted
Beginner

Update of custom attribute is not taken nor sync'ed immediately

Greetings,

I am creating an endpoint custom attribute together with few authorization profiles that will be applied upon each value assigned to the custom attribute.  It's been verified that the solution works and corresponding authorization profile as been applied accordingly when the endpoint is reauthenticated.

However, occasionally I notice that although the custom attribute has been set, the updated value of that attribute is not  always being picked up during the re-authentication process. Sometime I had to delay 5 seconds after updating the value of the attribute before triggering the reauth, sometime even 20-25 seconds to make it worked.

The custom attribute is updated by issuing a PUT operation via "/ers/config/endpoint" API and session reauth is done via "/admin/API/mnt/CoA/Reauth", and I'm using ISE release 2.1. I'm suspecting when setting the custom variable, the value is not immediately being updated at the same place where the authentication would look at to decide which authorization profile(s) being applied.  Is there anyway to set or get the value of  the attributes similar to how the authentication process does to ensure that the value has been updated?


Thanks a lot in advance,

Binh

1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: Update of custom attribute is not taken nor sync'ed immediately

System must replicate data so once updated at Primary PAN via ERS, the information is propagated to the PSNs where policy takes place.  Replication should occur within seconds.  30 seconds seems a bit long, but that could be due to other factors.  There have also been a number of fixes on profile replication in recent ISE 2.x patches.

Craig

2 REPLIES 2
Advocate

Re: Update of custom attribute is not taken nor sync'ed immediately

System must replicate data so once updated at Primary PAN via ERS, the information is propagated to the PSNs where policy takes place.  Replication should occur within seconds.  30 seconds seems a bit long, but that could be due to other factors.  There have also been a number of fixes on profile replication in recent ISE 2.x patches.

Craig

Beginner

Re: Update of custom attribute is not taken nor sync'ed immediately

Thanks a lot Craig. I realized that we didn't have our system patched which could be the issue. I will do that and update the community if I found further issue on this.