cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2624
Views
1
Helpful
11
Replies

All Endpoint View in 2.1

paul
Level 10
Level 10

In 2.1, the Administration->Identity Management->Identities was removed (not sure why).  What screen can now be used in ISE to show all the Endpoints in the system?  I just imported 1000 MAC addresses into ISE and while I can see them on the Identity Group I imported them into they do not appear on any of the Context Visibility screens or the Work Centers.  The CV and WC screens only seem to show endpoints ISE has discovered or has authenticated.  Imported ones don't seem to show up anywhere other than the Identity Group screen.  Was the imported use case overlooked when the Administration menu for Identities removed or am I missing the screen to show all endpoint identities in the system?


Thanks.

1 Accepted Solution

Accepted Solutions

No i did not authenticate but i manually added them.

Did you try the new template? i just tried it by filling in the mac 04 and description that's it and it worked

Screen Shot 2016-08-31 at 10.28.38 AM.png

View solution in original post

11 Replies 11

Jason Kunst
Cisco Employee
Cisco Employee

I just tested a live system i added 03 mac address and it shows on the screen under the authentications

Screen Shot 2016-08-31 at 10.09.17 AM.png

Jason,

Did you authenticate with those MACs?

I haven’t authenticated with the 10000 MACs I added.  You can see the Authentication screen shows only 5 MACs:

Here is all the MACs I added:

Where are those supposed to show up?  Also did you import or manually Add?  I imported from a CSV.

Paul Haferman

No i did not authenticate but i manually added them.

Did you try the new template? i just tried it by filling in the mac 04 and description that's it and it worked

Screen Shot 2016-08-31 at 10.28.38 AM.png

Jason,

That was it.  I used the CSV format that we have used since 1.0 to import EndPoints.  ISE didn’t complain about it and the EndPoints went into the database (sort of).  IMO 2.1 should either accept the legacy 3 column template fully or reject the import.

Thanks for the quick responses.

Paul Haferman

Jason,

Interestingly enough I also had to import some network devices from a 1.x deployment into my 2.1 deployment and the import failed saying "Incorrect number of headers" because I was missing the TACACS columns added in 2.0.  So the network device import has data validation to ensure you are using the new CSV format, but the Endpoint import doesn't or allows the old 3 column format but doesn't quite import the data correctly.

thanks are you able to open a tac case on this?

Also I should note that I used the 3 column CSV format from pre-2.1 for the import.  Not sure if that is causing the issue.  The system put the MAC addresses in just fine as they show up under the Identity Group.

Paul Haferman

hslai
Cisco Employee
Cisco Employee

The 3-column CSV import template is still supported in ISE 2.1. In fact, these columns (MACAddress, EndPointPolicy, and  IdentityGroup) are the minimal required in the CSV file for endpoint import.

After reviewing your screenshots, you need to view them under the [ Endpoint Classification ] View or create your own view.

Screen Shot 2016-09-02 at 3.50.24 PM.png

The Authentication view shows only those gone through authentications.

That actually isn't true. If you do a 3 column import they don't show up anywhere except under the identity group they were imported into. To fix it I took the 3 columns put them into the 2.1 template and imported again and they all showed up under Endpoint->Authentications.

Sent from my iPhone

hslai
Cisco Employee
Cisco Employee

Please turn DEBUG on profiler, try it again, and check the debug log file profiler.log. The word is from our engineering team and it's definitely supported with the 3 column format.

Below is my sample CSV file:

MACAddress,EndPointPolicy,IdentityGroup

"00:00:00:00:00:00",,

"00:00:00:00:00:01",,

"00:00:00:00:00:02",,

"00:00:00:00:00:03",,

After import, you would see a toaster pop-up at the lower right corner.

Screen Shot 2016-09-02 at 4.50.01 PM.png

When you navigate the different CV views, there are different numbers of endpoints.

That is strange. I just tried it again with a smaller set of data to see if I could replicate the issue and it worked perfectly. I am going to chalk it up to gremlins I guess. I will use the full format in the future just to be sure.

Thanks for the help!

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250