Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1404
Views
5
Helpful
6
Replies

Does ISE support wild card entries for Network devices?

Gary Culler
Level 1
Level 1

‎07-21-2014 06:59 AM - last edited on ‎03-25-2019 05:32 PM by Community Manager

Working on a project for a large customer & i need to add close to 3000 Switches in Network devices.  Rather than add each switch, I would prefer to enter a wild card entry of 10.x.x.30 = Switches for example.   

When i did an import of 500+ switches, the network devices screen began to crawl.  I had to manually delete the switches before the performance returned (at that took close to 45 minutes to delete them).  I don't know if it was the # of devices i tried to import or it was the # of Network devices in general.  What is the # of Network devices supported in ISE?  These are the 3495 security appliances.  

This is an active project so I'm adding devices as we go but i want to get way ahead of the schedule & just enter a few (or single) wild card entry to include all switches. 

Labels:
0 Helpful
6 Replies 6

Tarik Admani
VIP Alumni
VIP Alumni

‎07-21-2014 04:06 PM

What version of ISE are you on? There isnt a maximum number of network devices listed anywhere but I am sure that exceeding 500 is no where near the threshold. What has worked for me in the past is adding one device manually and exporting that device using the csv method and use that csv to add the other devices ip address and copy and paste the same columns.

It could be something as simple as missing a field where the UI isnt catching or an undocumented issue that are hitting.

Thanks,

Tarik Admani

 

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Tarik Admani

‎07-21-2014 06:23 PM

I haven't used wildcards like that before but I have been able to successfully add a whole subnet. For instance, if all switches in site A are on 192.168.0.0 /24 then you can input in the IP address field. 

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to nspasov

‎07-21-2014 06:35 PM

In addition to what Neno suggested. You can add the entire /8 network and set an authorization policy compound condition so that if NAS-IP-Address begins with 10. and NAS-IP-Address ends with .30 to allow it to hit your authorization rules.

Thanks,

Tarik Admani

Gary Culler
Level 1
Level 1
In response to nspasov

‎07-22-2014 06:06 AM

Hey Neno,

 

The 2nd & 3rd Octet are different at every store... For example:

Store A = 10.1.1.30

Store B = 10.30.245.30

Store C = 10.222.16.30

So the only thing consistent is the 1st & 4th Octets.    Hence why i wanted to do a range using wildcards rather than enter or even import that many devices. 

0 Helpful

Gary Culler
Level 1
Level 1
In response to Tarik Admani

‎07-22-2014 06:10 AM

Tarik,

1.2 patch 5

I have the import file correct b/c it let me import 1/4 of the devices... the issue was the network devices screen became incredibly slow.  When i would try to scroll down it would take so long for the screen to refresh & all the network devices would disappear & reappear.  it was painful.  It literally took me 45 minutes to delete those devices until it returned back to normal. 

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Gary Culler

‎07-24-2014 11:01 PM

That is definitely not normal. Let us know if you find the cause. Also, if you want, share your template and I can try importing it in my lab and see if I get the same results. 

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents