
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2016 10:00 PM
Hi,
Craig Hypes explains the importance of enabling Endpoint Attribute Filter clearly in Cisco Live.
On explaining the same to the customer we have been asked the below questions. Appreciate your help on them.
1. If it is recommended to enable it in a large deployment why is there an option for to disable it ? Basically the customer is looking for a use case or scenario in which it is necessary to disable it such that we are syncing non-significant attributes and collecting all attributes which are not used in profiling policies.
2. If Endpoint Attribute Filter is enabled and endpoint is moved from one switch to another the NAD attribute wont be collected by the PSNs. Does this mean that it will also not show up in the reports generated in order to track the endpoint movement ?
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2016 08:37 AM
It is disabled by default. As Craig states, it is a best practice to enable it in large deployments to reduce global replication. If the customer wants to replicate attributes other than those necessary to support cisco provided profiles, then leave it disabled.
If the endpoint moves across NADs, a new RADIUS session will occur which will be logged by the MnT node. This will show up if an authentication report is run.
Regards,
-Tim

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2016 08:37 AM
It is disabled by default. As Craig states, it is a best practice to enable it in large deployments to reduce global replication. If the customer wants to replicate attributes other than those necessary to support cisco provided profiles, then leave it disabled.
If the endpoint moves across NADs, a new RADIUS session will occur which will be logged by the MnT node. This will show up if an authentication report is run.
Regards,
-Tim
