Cisco ISE 2.0.1 Network Device Group -> Device Type creation bug


I found a weird behavior when editing a created device type, and I was wondering if anybody could confirm this:

I tried to change the description to "Device group for Cisco switches", bit I couldn't save the change because the error:
"Failed to edit group: invalid NDG attribute passed."

At first I thought that maybe the description string is too long, so i tried "Device group for switches", which didn't work either.

Next try was "test test test test test test test test test" which worked.

So I tried different variations from my old string "Device group for Cisco switches", and came to the conclusion that the word "for" followed by any other word causes the problem.

What is also mentionable: when playing around with the string variations, my virtual machine had a CPU peak to around 30% (usually around 2.5 %), and the machine didn't respond für around 10 minutes.

Let me know if you need more information, like logging, and where to find it, as I am relatively new to the Cisco ISE.

Eric Hansen

I responded to your reddit post, basically there is a programmatic operator in the description field when you use "OR" followed by a space. Any combination I tested where OR was present but not followed by a space worked. bug.

Hi Eric,
thanks again for your reply, as I said on reddit, I will let you know when I have news regarding this issue

Input validation is all over the shop on ISE 2. Just in the process of installing .1 to see if we can use a SCEP URL that contains a number in the hostname...

Matthew Martin

Looks like the same issue occurs when "and" is in the name or description field too. And the word "and" doesn't seem to have to be by itself either, it can also appear at the end of a word too...

For example, entering "Grand Rapids" gives an error. But, inserting an underscore between the 2 words was allowed. However, using a dash "-" instead of the underscore gives the same error.

Do we know if this has been fixed?


