Re: ISE saving endpoint attributes that are no longer used

dweerheim · ‎04-16-2020

Currently ISE saves endpoint attributes that are collected even if they are no longer used. A specific example is around DHCP user class ID set on a Windows device and then later removed. ISE collects the DHCP class ID through the DHCP request, but later on if that DHCP class ID is removed from the Windows device the attribute will remain in the endpoint attributes in ISE. The new DHCP request does not contain any value for the DHCP class ID, if a new value is provided ISE would overwrite that attribute. Is there a way to get around this short of manually deleting the endpoint and having the probes rediscover the new attributes only?

Colby LeMaire · ‎04-16-2020

ISE will add attribute information to an endpoint in the database if it gets the information. If ISE receives an updated value for that attribute, it will update the endpoint. If that endpoint stops sending a particular attribute value, ISE will not assume that it should clean it up. So your only option is to delete the endpoint and have it learn it again. Absence of information is not a reason for ISE to reprofile a device.

dweerheim · ‎04-16-2020

Thanks Colby. That is what I was thinking as well, thanks for verifying this.

Anurag Sharma · ‎04-16-2020

Are you trying to test Anomalous EP detection?

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

dweerheim · ‎04-16-2020

I have custom profiles that leverage the dhcp-user-class-id attribute, during some processes we want devices to move out of that profile by removing the DHCP class id. As a workaround to removing the DHCP class ID from the endpoint I am going to change the class ID on the endpoint to another value so that it no longer matches the condition for the profile.