Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
5
Replies

Created EndPoint Custom Attribute not visible in ISE GUI

Go to solution
omuller
Level 1
Level 1

‎10-25-2023 02:54 AM

I have created 2 EndPoint Custom Attributes by going to Administration -> Identity Management -> Settings -> EndPoint Custom Attributes in the ISE GUI:

omuller_0-1698226446188.png

But when I try to create an EndPoint and edit it to set these Custom Attributes, they are not visible:

omuller_1-1698226693121.png

Pressing the link in "No data found. Add custom attributes here" redirects to the page to add Custom Attributes, but here they are still visible. Also, when I try to create an EndPoint using the ERS API with these Custom Attributes, I don't get an error message, but the resulting EndPoint doesn't have the Custom Attribute.

JSON for creating the EndPoint:

{
   "ERSEndPoint":{
      "name":"00:00:00:00:00:01",
      "mac":"00:00:00:00:00:01",
      "groupId":"730c4a70-6da9-11ee-81db-ee5dd0a9085b",
      "staticGroupAssignment":true,
      "staticProfileAssignment":false,
      "customAttributes":{
         "customAttributes":{
            "CMDBStatus":"Test",
            "CMDBConfigurationItem":"Test"
         }
      }
   }
}


Response when fetching the just created EndPoint:

{
   "ERSEndPoint":{
      "id":"6bbc7c50-731b-11ee-81db-ee5dd0a9085b",
      "name":"00:00:00:00:00:01",
      "mac":"00:00:00:00:00:01",
      "profileId":"",
      "staticProfileAssignment":false,
      "groupId":"730c4a70-6da9-11ee-81db-ee5dd0a9085b",
      "staticGroupAssignment":true,
      "portalUser":"",
      "identityStore":"",
      "identityStoreId":"",
      "link":{
         "rel":"self",
         "href":"https://[DNS]:9060/ers/config/endpoint/name/00:00:00:00:00:01",
         "type":"application/json"
      }
   }
}

I am running ISE version 2.4.0.357 with patches 4,5,6,8,11,13. Any help would be appreciated!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
omuller
Level 1
Level 1
In response to Charlie Moreton

‎10-30-2023 07:37 AM

The issue in the end turned out to be a license issue. Doing Profiling requires a "Plus" license and we only have the "Base" license. So it was possible to declare Endpoint Custom Attributes, but not actually assign them values for a specific Endpoint through the GUI or ERS API. Kind of weird in my opinion that ISE allows you to declare the attributes, but not assign values to them, when it knows you don't have the right license, but maybe this was addressed in a version that isn't so out-of-date as version 2.4. Thanks everybody for the suggestions

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎10-25-2023 07:40 AM

Hi @omuller , I run the same test with the custom attribute on ISE 3.3 and in my case the attribute appeared check below: 

RodrigoDiaz_1-1698244745030.png

RodrigoDiaz_0-1698244708231.png

I would suggest going towards one of the newest versions of ISE and test out your behavior again, as it could be a defect in that version.

Let me know if that helped. 

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎10-25-2023 07:55 AM

ISE 2.4 has been End of Support for nearly a year (https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-743964.html).

That and the fact that you are adding CMDB attributes, I would suggest an upgrade to version 3.2

0 Helpful

Go to solution
omuller
Level 1
Level 1

‎10-25-2023 12:24 PM

@Charlie Moreton @Rodrigo Diaz Thank you both for the suggestions. I agree with you both, an upgrade to a higher version of Cisco ISE is probably the right solution. However, I'm forced to work with this version and upgrading to a higher version is not in my control, so I will have to try and get this to work using version 2.4 (for now).

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee
In response to omuller

‎10-25-2023 01:13 PM

This was supposed to be fixed in Patch 8 for 2.4 CSCvo28092 - ISE Custom Endpoint Attributes - Will not save or delete , but it seems you are still experiencing it

0 Helpful

Go to solution
omuller
Level 1
Level 1
In response to Charlie Moreton

‎10-30-2023 07:37 AM

The issue in the end turned out to be a license issue. Doing Profiling requires a "Plus" license and we only have the "Base" license. So it was possible to declare Endpoint Custom Attributes, but not actually assign them values for a specific Endpoint through the GUI or ERS API. Kind of weird in my opinion that ISE allows you to declare the attributes, but not assign values to them, when it knows you don't have the right license, but maybe this was addressed in a version that isn't so out-of-date as version 2.4. Thanks everybody for the suggestions

0 Helpful
Customers Also Viewed These Support Documents