Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11692
Views
14
Helpful
6
Replies

ISE Import Endpoints via CSV

r.martins
Level 1
Level 1

‎02-13-2013 02:22 AM - edited ‎03-10-2019 08:05 PM

Hello,

i have an problem importing endpoints via CSV. I need to group the endpoints in "Endpoint Identity Groups", but the template doesn't have this field!

The deployment is just base licensed, so i can't do it on behalf of "Endpoint profile"

Is there any way to mass import endpoints with identity group information?

regards,

Roberto

2 people had this problem
Labels:
0 Helpful
6 Replies 6

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-17-2013 02:10 PM

This is known issue.

CSCua05433    Import of identity groups and identities does not maintain membership

Symptom:

Identity group data is missing when exporting and importing endpoints.

Conditions:

User attempts to export endpoints and import into ISE using csv import.

Workaround:

Edit each endpoint and add identity group.

Additional Information:

Currently  endpoint identity group is not being exported as part of endpoint data  when exporting endpoints and there is no option to import endpoint  identity group as part of bulk (csv) import of endpoints.

Regards,

Jatin Katyal

- Do rate helpful posts -

~Jatin

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎06-25-2013 10:49 AM

I think Mass import and export of endpoints with Identity groups information is not possible . CSV file such as the MAC address and Endpoint Policy etc

If you are importing from LDAP these are fields contained in it.

Field   Name

Description

Host

Enter the hostname or the IP address of an LDAP server.

Port

Enter the configured port of an LDAP server.

Note To   import from an LDAP server, use port number 389. To import from an LDAP   server over SSL, use port number 636.

Enable Secure Connection

To import from an LDAP server over SSL, check the Enable Secure   Connection check box.

Root CA Certificate Name

Click the drop-down arrow to view the trusted CA certificates.

Anonymous Bind

To enable the anonymous bind, check the Anonymous Bind check   box.

Admin DN

Enter the distinquished name (DN) configured for the LDAP   administrator in the slapd.conf configuration file.

Password

Enter the password configured for the LDAP administrator in the   slapd.conf configuration file.

Base DN

Enter the distinguished name of the parent entry.

Note You   can find the distinguished name of the parent entry from the LDIF file that   you use for import. For example, dc=cisco, dc=com

MAC Address objectClass

Enter the query filter from the LDIF file, which is used for   importing the MAC address, for example, ieee802Device.

MAC Address Attribute Name

Enter the returned attribute name from the LDIF file, which you   use for import. For example, macAddress.

Profile Attribute Name

Enter the surname of the parent entry.

Note You   can find the surname of the parent entry in the LDIF file that you use for   import. For example, sn.

Time Out [seconds]

Enter the time in seconds between 1 and 60 seconds.

0 Helpful

routerhand99
Level 1
Level 1

‎10-17-2013 09:40 AM

I guess that makes sense.  I was unaware that the base license had a different template format for import/export.

I am working mostly with a wireless license ISE deployment.  I routinely import endpoints using the following template;

I create a 3 column CSV like this;

MAC                  Endpoint Policy             Endpoint Identity Group

MAC in hex           Tablets                                  Tablets            

MAC in hex           Tablets                                  Tablets            

This works fine for me.

I am first importing from LDAP and having some issues regarding static assignment of the Endpoint Identity Group. 

The endpoints come in with static = false (unchecked). So, after I bring them in my workaround has been to export the entire database of enpoints to a .csv.  Delete the selected endpoints.  Now I re-import them from the .csv I exported and Enpoint Identity Group static is true now (checked). 

The group selection and change features for endpoints like so many things in ISE are extremely limited.

I have a base license install as well so I will have to look at the difference.

0 Helpful

Henderson Land - ITD Net team
Level 1
Level 1

‎09-11-2017 02:47 AM - edited ‎09-11-2017 02:49 AM

My case is that we patched the ISE 1.4.253 to patch10 (or 11) and the importing endpoints via CSV will not update static group assignment.  The static group assignment is either unchecked or sticked to the old static group assignment.

 

I tried to delete all endpoints and import them again via CSV, the static group assignment is still either unchecked or sticked to the old static group assignment.

 

Once I removed patch 10 (or 11), the importing endpoints can carry the new static group assignment.

geder
Level 1
Level 1
In response to Henderson Land - ITD Net team

‎11-15-2017 04:34 AM

Many thanks, uninstall patch 11 helped me too!
Now running Path 9.
Hopefully they fix it once more with patch 12 on ISE 1.4
0 Helpful

ajc
Level 7
Level 7
In response to geder

‎11-15-2017 07:44 AM - edited ‎11-15-2017 07:45 AM

Be aware that support on 1.4.0.253 version expires in 1 year approximately. I have had multiple issues running 2.2 version so if you are planning an upgrade in the near future, use 2.3.

 

Second, 3395 ISE does not support 2.x version.

0 Helpful
Customers Also Viewed These Support Documents