12-01-2023 03:13 AM
Hello Technical Support Community,
I am currently working on a project that involves adding endpoints in Cisco Identity Services Engine (ISE), and I'm seeking guidance or assistance from the knowledgeable members of this community.
I have installed Cisco ISE (2.7) on a Linux Virtual Machine. I am able to access the Cisco ISE system and its dashboard but I am unable to configure the endpoints in ISE.
Specifically, I would appreciate any insights, best practices, or step-by-step guides related to adding endpoints in Cisco ISE. If you have hands-on experience or can point me to relevant documentation, it would be immensely helpful.
Additionally, if you have any documents, tutorials, or resources that you think might be beneficial for someone working on a similar task, please feel free to share them.
Thank you in advance
Best regards,
Solved! Go to Solution.
12-01-2023 07:02 AM
Endpoints are "added" when ISE sees them attempt to authenticate for the first time.
You may view, add, update attributes, and more in ISE Context Visibility.
Select the endpoint MAC and view / edit it's attributes.
It is not clear what you want to "add" other than a MAC address but if you want to do custom attributes and endpoint group assignments, watch our ISE Webinars archived on our CiscoISE YouTube channel which also shows how to import & export endpoints via Context Visibility
00:50 Why Custom Attributes?
03:09 Endpoint Profiles, Endpoint Groups versus Custom Attributes
05:01 Defining User Custom Attributes for ISE Internal Users
06:10 Defining Endpoint Custom Attributes and their Common Uses
16:51 Demo: Endpoint Custom Attributes
19:29 Demo: Custom Attribute Policies for IOT Endpoints
39:30 Demo: Context Visibility updates with Python or curl
40:24 Demo: Context Visibilty CSV Export and Import
44:42 Custom Attributes from External Databases: AD, LDAP, ODBC, iPSK Manager, pxGrid Direct
You may also add, update, and delete endpoints via REST API:
▷ ISE REST APIs Introduction 2022/10/04
52:34 Demo: Create an endpoint with POST using --data for JSON data or @filename
12-01-2023 03:34 AM
Relevant points you raised.
I think that the first step you need to think when deploy a Cisco ISE is, what is the purpose for this?
Are you going to use Cisco ISE for TACACS or RADIUS? TACACS is for Network Administration, while RADIUS is to provide Network Access for users and endpoints.
You need also to consider in your design, if you are going to deploy that for wireless or wired network.
There are some principles that you need to consider before you only deploy Cisco ISE does not work alone in the network, it works in conjunction with different products/solutions in the network.
There is a dedicated Cisco ISE Community with a lot of contents and information. https://community.cisco.com/t5/security-knowledge-base/cisco-ise-amp-nac-resources/ta-p/3621621
The articles below, has information about the initial setup for Cisco ISE, like you starting from scratch. It's in Portuguese, however you can translate, li
You can find also similar information to the topics above on https://www.linkedin.com/in/jonasresende/recent-activity/articles/, english materials.
At YT channel Plus Labs you find also some contents, hands-on videos in Portuguse.
I hope it help you and give you a direction Cisco ISE. A powerful tool. Great choise!
12-01-2023 04:16 AM - edited 12-01-2023 04:18 AM
there is details guide already in the community :
ISE 2.7 is quite old and end of life also i guess - ISE 3.2 is latest i suggest to work on that version for Long live.
I am able to access the Cisco ISE system and its dashboard but I am unable to configure the endpoints in ISE.
not sure where did you stuck any screenshot show us what failing ?
end point i can guide you this video :
https://www.youtube.com/watch?v=nCD7LiX-XZU
there are many video cisco-ise (free and that will give you more knowledge)
https://www.youtube.com/cisco-ise
12-01-2023 07:02 AM
Endpoints are "added" when ISE sees them attempt to authenticate for the first time.
You may view, add, update attributes, and more in ISE Context Visibility.
Select the endpoint MAC and view / edit it's attributes.
It is not clear what you want to "add" other than a MAC address but if you want to do custom attributes and endpoint group assignments, watch our ISE Webinars archived on our CiscoISE YouTube channel which also shows how to import & export endpoints via Context Visibility
00:50 Why Custom Attributes?
03:09 Endpoint Profiles, Endpoint Groups versus Custom Attributes
05:01 Defining User Custom Attributes for ISE Internal Users
06:10 Defining Endpoint Custom Attributes and their Common Uses
16:51 Demo: Endpoint Custom Attributes
19:29 Demo: Custom Attribute Policies for IOT Endpoints
39:30 Demo: Context Visibility updates with Python or curl
40:24 Demo: Context Visibilty CSV Export and Import
44:42 Custom Attributes from External Databases: AD, LDAP, ODBC, iPSK Manager, pxGrid Direct
You may also add, update, and delete endpoints via REST API:
▷ ISE REST APIs Introduction 2022/10/04
52:34 Demo: Create an endpoint with POST using --data for JSON data or @filename
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide