09-04-2018 09:21 AM
A customer has many (~30k) clients that are being learned in the early stages of a (profiling) deployment, and while they are guest devices, they are not ISE guest clients (yet). To remove the profiling 'noise' from the deployment, they would like to be purged everyday.
Endpoint purge rules have been configured with an IP address as a condition, but have no impact:
Unknown AND (ENDPOINTPURGE ElapsedDays LESSTHAN 9999 AND IP ip STARTSWITH 10.10.)
(Guest subnet = 10.10.x.x/16)
Additional rules with a configured EndpointGroup from a Profiling Policy matching:
Expression IP:ip STARTSWITH 10.10.
also has no effect.
Is there a better way to purge by subnet? Are there any limitations to purging a large number of endpoints at once? Ideally this would be automated daily during the endpoint purge schedule.
TIA
Solved! Go to Solution.
09-04-2018 01:51 PM
What is ISE version? Please take a look at the discussions below & make sure the version has the fix for some of the known purge issues mentioned.
Please work with TAC if you need any additional help.
- Krish
09-04-2018 01:51 PM
What is ISE version? Please take a look at the discussions below & make sure the version has the fix for some of the known purge issues mentioned.
Please work with TAC if you need any additional help.
- Krish
09-04-2018 02:08 PM
ISE version 2.2 patch9--so none of the referenced BugIDs seem applicable.
09-04-2018 02:28 PM
Another thing to note:
These guest endpoints shouldn't affect your profiling work. You should be profiling things that are actually authenticating in the specific use case you are profiling, i.e. wired MAB, specific wireless SSIDs, etc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide