cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1803
Views
0
Helpful
2
Replies
Highlighted
Beginner

ISE automatic purge of endpoints in a specific group

I'm not sure if this possible so if someone could help me that would be good.

 

We want to lock down our ISE policies so that unauthenticated machines get very limited access. However our desktop support team still wants to be able to build PCs at desks.

 

To do this they need access to loads of AD and SCCM servers, which the unauth acl will not allow them to access.

 

They are happy to add the endpoints manually into a specific group. But may forget to take them out after the machine has been built - is it possible to automatically remove any endpoint in a specified group on a scheduled basis?

2 REPLIES 2
Highlighted
Beginner

Re: ISE automatic purge of endpoints in a specific group

Under Administration -> Identity management -> Settings -> Endpoint Purge you can create rules that remove old endpoints from the database completely (used mainly to clear up old guest users, etc.), but I believe there is no functionality to just remove endpoint from a particular group automatically.

Highlighted
Frequent Contributor
Frequent Contributor

Re: ISE automatic purge of endpoints in a specific group

If you are running 2.2 version, the purge does not work properly when the Endpoint Group = BLANK (which is automatically assigned no matter if you have profiling enabled or not in the PSN's (failed or successful authentications does not matter, the MAC address is still added to the ISE DB).

 

Another detail, IF the purge process requires to remove a significant number of entries (+20K), the process fails and the entries are not deleted completely as expected.

 

I have not tried what happens if I try to delete the entries in the UNKNOWN Endpoint Group.