Solved: Re: ISE 2.2 - Custom NDG Hierarchy

heurungj · ‎10-08-2018

Hello,

I'm curious if anyone else has noticed this behavior or if I'm doing something incorrectly with my configuration.

I've created new root NDGs and Data Access Permissions as a work around for CSCvb55884. However, users assigned with the appropriate permissions can only view the NDG hierarchy to a depth of 3 levels when browsing via Network Resources>Network Device Groups. The NDGs are still available to be assigned when creating/editing Network Devices.

Using the example below, groups contained under City1 and City2 are not visible.

>Location Tree

>Org1
>City1
>Campus

>Facil1
>City2
>Campus2

I tested this in ISE 2.4 and do not encounter the same issue.

Has anyone else noticed this? It seems to be purely cosmetic.

thomas · ‎10-08-2018

Cisco Identity Services Engine Administrator Guide, Release 2.4 > Network Device Groups says

There is no limit on the maximum number of NDGs that can be created. You can create up to 6 levels of hierarchy (including the parent group) for the NDGs.

ISE Admin Guide for ISE 2.2 says the same thing.

Call TAC if you suspect a bug.

View solution in original post

thomas · ‎10-08-2018

Cisco Identity Services Engine Administrator Guide, Release 2.4 > Network Device Groups says

There is no limit on the maximum number of NDGs that can be created. You can create up to 6 levels of hierarchy (including the parent group) for the NDGs.

ISE Admin Guide for ISE 2.2 says the same thing.

Call TAC if you suspect a bug.