Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
2
Replies

ISE 2.3.0.298 P3 - EndPoint Devices Automatically Re-Added to Blacklist Identity Group

Go to solution
moyersc
Level 1
Level 1

‎04-21-2019 10:39 PM

We're running ISE 2.3.0.298 P3 with Primary/Secondary Administration, Policy, and Monitoring nodes in a VMWare environment.

 

We manually add MAC addresses to the Blacklist Identity Group in order to quarantine non-compliant Windows workstations.  This process has been working fine until several weeks ago we discovered MAC addresses manually removed from the Blacklist would re-add themselves within several hours.

 

According to the guides we perform all updates from the Primary Node Application Node so not sure why the Blacklist is behaving this way.

 

Thank you,

Scott Moyer

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 08:33 PM

I am not sure what is the impact of the action you described in your network. Whether ISE is allowing non-compliant devices etc.  Please call TAC if you still have issues.

 

-Krishnan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 08:33 PM

I am not sure what is the impact of the action you described in your network. Whether ISE is allowing non-compliant devices etc.  Please call TAC if you still have issues.

 

-Krishnan

0 Helpful

Go to solution
moyersc
Level 1
Level 1
In response to kthiruve

‎04-22-2019 09:12 PM - edited ‎04-22-2019 09:16 PM

As I stated initially, we MANUALLY add/remove non-compliant devices from the Blacklist....there is no automatic blacklisting in place at this time.

 

The impact is that some systems are, for some reason, adding themselves back to the Blacklist (thereby disconnected from the network) after we MANUALLY remove them.  This ONLY happens to systems that were previously in the BLACKLIST group before.

0 Helpful
Customers Also Viewed These Support Documents