Hi,
This is the return of our long usage of ISE and MAB for IoT/OT devices on segmented networks. All our "important" devices as company desktops and such are EAP/TLS auth.
We have for a few years used an external LDAP cluster for MAB auth, and are now looking to import all devices into ISE own backend/store.
Adding, deleting and getting with the macaddress is no problem with CRUD against the API, but as soon as we want to add a few more fields to filter with things gets interesting.
We tried to do a "synced" fastapi/psqldb where the devices were located in psqldb with the extra fields in, but that got paused for the complexity of having things in sync with ISE..
And now I start again to try to implement it directly against the ERS Rest API, but filtering on custom attributes is sadly non existent.
The best scenario is to have all devices only in ISE and a use a small webui to for helpdesk to add/delete/search for devices.
But I don't know how to get the ISE api to scale when searching. Perhaps trying to cache the Custom Attribute fields, for search.
I am curious how you have solved this, and if you want to share ideas before I dig in to much again :)
--
Regards Falk
https://github.com/falkowich