11-29-2019 03:01 AM - edited 11-29-2019 03:04 AM
In endpoints list I see a lot of devices which I don't need to be managed by ISE such as IP phones. Even MAC addresses that coming from telecom providers are listed there. Those devices are not even in our network! Devices takes licenses, why should we pay for them? About 60% of endpoints are useless.
Is there any way to filter collected devices and can someone explain the gathering algorithm?
Solved! Go to Solution.
11-29-2019 09:47 AM
Extraneous MAC addresses in ISE do not count against licensing unless those devices are authenticating to ISE. It is common for ISE to pick up a bunch of MAC addresses that don't event authenticate to ISE. This can happen if you are doing SNMP Polling from ISE for profiling. With SNMP Polling, ISE hits a particular switch and grabs all MAC addresses that the switch knows about. On the Wireless side, it is possible that you only have one SSID authenticating to ISE but ISE is picking up MAC addresses from other SSIDs. That will happen if you have the ISE server setup as a Radius accounting server with the "Network User" option checked globally. Uncheck that and then only assign ISE nodes as accounting servers on the SSIDs that actually authenticate to ISE.
11-29-2019 08:37 AM
11-29-2019 09:47 AM
Extraneous MAC addresses in ISE do not count against licensing unless those devices are authenticating to ISE. It is common for ISE to pick up a bunch of MAC addresses that don't event authenticate to ISE. This can happen if you are doing SNMP Polling from ISE for profiling. With SNMP Polling, ISE hits a particular switch and grabs all MAC addresses that the switch knows about. On the Wireless side, it is possible that you only have one SSID authenticating to ISE but ISE is picking up MAC addresses from other SSIDs. That will happen if you have the ISE server setup as a Radius accounting server with the "Network User" option checked globally. Uncheck that and then only assign ISE nodes as accounting servers on the SSIDs that actually authenticate to ISE.
12-02-2019 04:34 AM - edited 12-02-2019 04:34 AM
Indeed collected endpoints don't affect license counter. I was confused because of warning but as it turned out it was related to other issue.
We currently have basic and device admin license used with some tacacs and radius policies. Average active endpoints count is miserable so there is nothing to worry about.
Thank you guys for comprehensive explanation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide