Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1562
Views
0
Helpful
3
Replies

Endpoint purge by IP address

Go to solution
rmotzer
Level 1
Level 1

‎09-04-2018 09:21 AM

A customer has many (~30k) clients that are being learned in the early stages of a (profiling) deployment, and while they are guest devices, they are not ISE guest clients (yet).  To remove the profiling 'noise' from the deployment, they would like to be purged everyday.

 

Endpoint purge rules have been configured with an IP address as a condition, but have no impact:

 

Unknown AND (ENDPOINTPURGE ElapsedDays LESSTHAN 9999 
AND IP ip STARTSWITH 10.10.)

 

(Guest subnet = 10.10.x.x/16)

 

Additional rules with a configured EndpointGroup from a Profiling Policy matching: 

Expression IP:ip STARTSWITH 10.10.

 also has no effect.

 

Is there a better way to purge by subnet?  Are there any limitations to purging a large number of endpoints at once?  Ideally this would be automated daily during the endpoint purge schedule.

TIA

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎09-04-2018 01:51 PM

What is ISE version? Please take a look at the discussions below & make sure the version has the fix for some of the known purge issues mentioned.

https://community.cisco.com/t5/identity-services-engine-ise/purge-inactive-days-idea-of-purging/td-p/3507407

https://community.cisco.com/t5/identity-services-engine-ise/current-behavior-of-endpoint-purge-in-ise-2-3/td-p/3554183

 

Please work with TAC if you need any additional help.

 

- Krish

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎09-04-2018 01:51 PM

What is ISE version? Please take a look at the discussions below & make sure the version has the fix for some of the known purge issues mentioned.

https://community.cisco.com/t5/identity-services-engine-ise/purge-inactive-days-idea-of-purging/td-p/3507407

https://community.cisco.com/t5/identity-services-engine-ise/current-behavior-of-endpoint-purge-in-ise-2-3/td-p/3554183

 

Please work with TAC if you need any additional help.

 

- Krish

 

 

0 Helpful

Go to solution
rmotzer
Level 1
Level 1
In response to kvenkata1

‎09-04-2018 02:08 PM

ISE version 2.2 patch9--so none of the referenced BugIDs seem applicable.

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to rmotzer

‎09-04-2018 02:28 PM

Another thing to note:

 

These guest endpoints shouldn't affect your profiling work.  You should be profiling things that are actually authenticating in the specific use case you are profiling, i.e. wired MAB, specific wireless SSIDs, etc.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents