Solved: Re: Endpoint Attribute Filter

umahar · ‎08-15-2016

Hi,

Craig Hypes explains the importance of enabling Endpoint Attribute Filter clearly in Cisco Live.

On explaining the same to the customer we have been asked the below questions. Appreciate your help on them.

1. If it is recommended to enable it in a large deployment why is there an option for to disable it ? Basically the customer is looking for a use case or scenario in which it is necessary to disable it such that we are syncing non-significant attributes and collecting all attributes which are not used in profiling policies.

2. If Endpoint Attribute Filter is enabled and endpoint is moved from one switch to another the NAD attribute wont be collected by the PSNs. Does this mean that it will also not show up in the reports generated in order to track the endpoint movement ?

Timothy Abbott · ‎08-16-2016

It is disabled by default. As Craig states, it is a best practice to enable it in large deployments to reduce global replication. If the customer wants to replicate attributes other than those necessary to support cisco provided profiles, then leave it disabled.

If the endpoint moves across NADs, a new RADIUS session will occur which will be logged by the MnT node. This will show up if an authentication report is run.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎08-16-2016

It is disabled by default. As Craig states, it is a best practice to enable it in large deployments to reduce global replication. If the customer wants to replicate attributes other than those necessary to support cisco provided profiles, then leave it disabled.

If the endpoint moves across NADs, a new RADIUS session will occur which will be logged by the MnT node. This will show up if an authentication report is run.

Regards,

-Tim