Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
2
Replies

Automating imaging using ISE profiling

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-01-2019 11:23 AM

I am attempting to automate the imaging process in an environment by utilizing ISE profiling.
I have the following pieces working as expected:
Using the DHCP probe with the dhcp-class-identifier STARTSWITH PXEClient:Arch:.  The endpoint MACs move to a profiled endpoint group.

I have coa set to reauth which is where my issues are. Upon reauth the device gets re-profiled and removed from the endpoint group in ISE. Therefore the device hits a different policy upon reauth.  I would like to have hosts get profiled, added to a group, re-authenticate and get restricted authorization upon reauth to complete pxe boot process.  Then finally purge endpoints after 1-2 days, which I have setup now.

Does anyone have a better/easier way of utilizing device profiling to automate an imaging process?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-24-2019 05:40 AM

@Arne Bier nothing different from what you mentioned.  The current process leverages mab.  However, I am in the process of exploring ISE REST APIs, and my current environment is getting Ansible in a couple of months.  The hope is to potentially use Ansible and the ISE APIs to create a more automated workflow.  I can definitely let you know how that all plays out, but it will be a little bit of time.  Cheers

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Arne Bier
VIP
VIP

‎07-24-2019 05:06 AM

Hi @Mike.Cifelli 

 

Did you ever find a solution to this question offline?

 

I have to say I didn't know you could solve this via profiling, and in the past we used to tell customers to use MAB as a temporary workaround until the machine has been re-imaged (PXE Boot).

 

 

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-24-2019 05:40 AM

@Arne Bier nothing different from what you mentioned.  The current process leverages mab.  However, I am in the process of exploring ISE REST APIs, and my current environment is getting Ansible in a couple of months.  The hope is to potentially use Ansible and the ISE APIs to create a more automated workflow.  I can definitely let you know how that all plays out, but it will be a little bit of time.  Cheers

0 Helpful
Customers Also Viewed These Support Documents