05-29-2024 09:08 PM
Dear Community,
There are lots of total endpoints amount on ISE dashboard.
As per reviews around 70% of endpoint are unknown.
We try to perform purge but cannot reduce above unknown devices.
Is it spice CPU issue regarding on ISE 3.1 P6?
In case we still cannot purge, does ISE become slow performance or leak another unavailable options/services?
Kindly share / advise how we can reduce the unknown device by do endpoint purge or else.
Thanks for your update and supporting.
05-30-2024 04:20 PM
There is no harm in leaving unknown endpoints lying around in ISE. it does not make ISE slower. If you were to reach 2 million or more endpoints though, you would be reaching the maximum tested limit by Cisco. Don't let it get to that stage!
You can delete endpoints in Context Visibility - up to 500 at a time. Filter on the ones you want to delete and select the maximum (e.g. 500) from the Rows/Page drop-down. Then tick the very first checkbox that selects all 500. Click Delete. Deletion can take a few minutes. Be patient - the GUI will return to normal.
But if you have thousands to delete, then a purge job would be the way to go.
Purge Rule
If Unknown AND ENDPOINTPURGE ElapsedDays GREATERTHAN 0
The only trick with that purge rule is that you cannot use the Endpoint Identity Group "Unknown" in another purge rule - ISE will complain.
Be very certain that you are OK deleting endpoints that land in the Unknown Endpoint Identity Group. If you are running a Gust Wi-Fi solution in ISE, then you are probably collecting many Unknowns, because of MAC address privacy settings in devices. These MAC addresses will not have a MAC OUI vendor prefix and therefore are genuine unknowns.
08-01-2024 02:53 AM
Dear @Arne Bier ,
Endpoint Purge
we need to purge all UNKNOWN device with below condition.
- Unknown AND ENDPOINTPURGR InactiveDays GREATERTHAN 30
- ENDPOINTPURGE InactiveDays GRATHERTHAN 90
Which condtion we can perform purge?
To ensure no impact to other Active Endpoint PCs and MAB profiling.
Best Regards,
08-01-2024 01:47 PM
If I understand correctly, you want to purge inactive < 90 days endpoints that are in ANY Endpoint Identity Group - this is not possible because ISE expects you to select from the list of available Endpoint Identity Groups (or Profiling policies) - maybe select the Profiled Endpoints Identity Group, since you already took care of the Unknown ones.
08-01-2024 06:34 PM
Yes, you are right.
Is it possible extend scope to this purge condition " Unknown AND ENDPOINTPURGR InactiveDays GREATERTHAN 30"?
Thanks,
08-08-2024 05:13 PM
what do you mean by "extend scope" ?
08-12-2024 09:13 PM
Is there any way to delete Older ""Disconnected"" endpoints ? we can delete endpoints in Context Visibility - up to 500 at a time but manually it is an time consuming as we have multiple older disconnected endpoints.
Regards
Rakesh
08-15-2024 01:52 PM
The purge rules don't have a limit on how many endpoints they will process. The purge rule will be processed against every endpoint, and if the rule is True, then the endpoint is deleted. That's why you must think carefully about what you're deleting - I always ensure that I never delete any endpoint that I have statically assigned to an endpoint (other than, say, ones for PXE Boot). There is a section above the purge rule that says "Never Purge" and I add those rules there - that protects them.
You've reminded me to look at my own rules now to see if they are working well - I reckon in most customer ISE deployments there are more stale/dead endpoints than necessary and could use a bit of housekeeping.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide