06-28-2023 02:47 AM
Hello,
I'm currently in process of migrating old ISE 2.7 to ISE 3.1. Old ISE is actually filled with garbage from old ACS.
Do you have any recommendations how to find and clean unused/obsolete:
1. TACACS/RADIUS: network devices and device admin policy sets
2. Network access: policy elements (authorization profiles, downloadable ACL's, etc.)
06-28-2023 04:45 AM
Try please to look at Operations > Reports, you might find some useful reports templates in there.
06-28-2023 08:15 AM
Hello Aref,
I'm aware of Reports but unfortunately I'm unable to generate anything that's usefull to me. That's why I created this post.
06-28-2023 10:21 AM
There is no tool to clear unused network devices and policy elements.
For the policy elements, you may try deleting it manually, if it gets deleted without any error that means it's not being referred in any policy.
06-28-2023 11:44 AM
Thank you Nancy.
We have script which daily uses ssh to login to the device and to copy running configuration to linux server.
Is there possibility of creating report which will tell me which network devices werent accessed for last month or were timedout?
06-29-2023 11:06 AM
You can check last 30 days RADIUS/TACACS authentication report on ISE and filter by network device name to check which devices were logged in.
02-12-2024 06:28 PM
@valentinrosic The hit for each policy set and policy rule should help identify which policy set or rule is actively used. Once the policy sets are clean, then we may tackle the policy elements. Exporting the policies to an XML file might help with that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide