Re: Cannot do Endpoint purge on ISE 3.1 P6

Da ICS16 · ‎05-29-2024

Dear Community,

There are lots of total endpoints amount on ISE dashboard.

As per reviews around 70% of endpoint are unknown.

We try to perform purge but cannot reduce above unknown devices.

Is it spice CPU issue regarding on ISE 3.1 P6?

In case we still cannot purge, does ISE become slow performance or leak another unavailable options/services?

Kindly share / advise how we can reduce the unknown device by do endpoint purge or else.

Thanks for your update and supporting.

Arne Bier · ‎05-30-2024

There is no harm in leaving unknown endpoints lying around in ISE. it does not make ISE slower. If you were to reach 2 million or more endpoints though, you would be reaching the maximum tested limit by Cisco. Don't let it get to that stage!

You can delete endpoints in Context Visibility - up to 500 at a time. Filter on the ones you want to delete and select the maximum (e.g. 500) from the Rows/Page drop-down. Then tick the very first checkbox that selects all 500. Click Delete. Deletion can take a few minutes. Be patient - the GUI will return to normal.

But if you have thousands to delete, then a purge job would be the way to go.

Purge Rule

If Unknown AND ENDPOINTPURGE ElapsedDays GREATERTHAN 0

The only trick with that purge rule is that you cannot use the Endpoint Identity Group "Unknown" in another purge rule - ISE will complain.

Be very certain that you are OK deleting endpoints that land in the Unknown Endpoint Identity Group. If you are running a Gust Wi-Fi solution in ISE, then you are probably collecting many Unknowns, because of MAC address privacy settings in devices. These MAC addresses will not have a MAC OUI vendor prefix and therefore are genuine unknowns.