cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3112
Views
10
Helpful
11
Replies

Cisco ISE 2.1 endpoints loose static group and description

kerstin-534
Level 1
Level 1

Endpoints authenticated with MAB sporadically (after some days or weeks) loose their Static Group Assignment and the Description.

In the window Work Center -> Identities -> Endpoints the Static Group Assignment and the Description the endpoints are shown correctly. When editing the endpoint there is no Static Group Assignment and no Description anymore, so specific MAB authorization policies do not work.

The static group that is assigned manually is configured is directly under "Endpoint Identity groups".

 

What could be the issue ?  Could this be a specific ISE feature ?

 

 

11 Replies 11

paul
Level 10
Level 10

Double check  your purge policies (Administration->Identity Management->Settings->Purge) and see if you have a purge policy setup that you may have forgot about.  You can also check the purge reports for specific MAC addresses to see if they are being removed from the system.  Finally if you pull up the MAC addresses on the Context Visibility you can look for the Elapsed Days field to see how long the MAC address has been in the system.

The purge reports for the last 30 days are empty and the ElapsedDays for the specific enpoint is 386. This means that the endpoint is not purged ?

 

 

Yep if the elapsed days is that long then it hasn't been purged.  When it changes from a static group assignment where is it getting put?  I mean what profile group and endpoint identity group is it getting moved to.  

If i check in 

Work Centers -> Network Access -> Identity Groups -> 

Group-for-WLAN on the content (right) pane with the list I can see

MAC Adresse       / EndPoint Profile / Static Group Assignment
90:xx:xx:xx:xx:xx / Unknown            / false

The other members are static assigned, some of them have an endpoint profile other then unknown.

 

 

Hi Kerstin-534,

 

I have the same issue, do you found any solution?

 

Thanks,

 

Ricardo Nardi.

Hi,

there is a defect CSCvg7326 in ISE, the workaround described in bug notes did not work. So we have no solution yet. The next step is to new install ISE on 2.4 latest patch.

br Kerstin

Kerstin, would you double-check that bug ID? When I search that I do not get any bugs related to ISE. 

the ID is CSCvg73626, maybe Cisco internal

Yes there is a bug for it . Please work with TAC to check the workaround and any patch recommendation 

Yes there is a bug for it . Please work with TAC to check the workaround and any patch recommendation 

there is no patch for Version 2.1 ?