Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2324
Views
5
Helpful
6
Replies

Question about ISE MAC Database

Go to solution
Terence Lockette
Level 1
Level 1

‎02-02-2021 08:35 AM

Hello all,

I hope I have the right board but wanted to ask a question about where ISE stores the MAC database for endpoints detected by ISE?  Is this database part of the config backup file, operational backup file, or neither?

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
martin.fischer
Level 1
Level 1

‎02-02-2021 10:01 AM

Hi @Terence Lockette 

The MAC address database is part of the configuration data backup.

The configuration data backup also includes the application-specific and ADE operations system configuration data.

The operational data backup includes log / monitoring data.

Keep in mind, that certificates are NOT included in either backup.

View solution in original post

0 Helpful

Go to solution
martin.fischer
Level 1
Level 1

‎02-02-2021 10:21 AM

You could export the MAC addresses from the 2.3 environment to a CSV file if you want to keep them. Then put the MAC addresses and other information which you want to keep in the CSV import template and import them to the 2.7 environment.

View solution in original post

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Terence Lockette

‎02-02-2021 11:12 AM

If you do it through the GUI Context Visibility "export all" option, or from the PAN CLI "application configure ise" option 16 "get all endpoints", it will include all endpoints as well as their group memberships among other things. 

The export and import follow different templates though so keep that in mind, you can't just export the endpoints and import the same CSV. You need to download the template from the Context Visibility endpoint import page and transpose some columns. Blank cells will be ignored. 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
martin.fischer
Level 1
Level 1

‎02-02-2021 10:01 AM

Hi @Terence Lockette 

The MAC address database is part of the configuration data backup.

The configuration data backup also includes the application-specific and ADE operations system configuration data.

The operational data backup includes log / monitoring data.

Keep in mind, that certificates are NOT included in either backup.

0 Helpful

Go to solution
Terence Lockette
Level 1
Level 1
In response to martin.fischer

‎02-02-2021 10:10 AM

Hi @martin.fischer 

I was afraid of that.  We are moving from version 2.3 to 2.7 and have rebuilt the entire system from the ground up rather than restoring from backup.  The reason for this is due to the bugginess of ISE 2.3 so we didn't want to risk bringing in something to the new build.  However, I've decided to let the new VMs rebuild the MAC database until we're ready to put it into production.

 

Thanks for your response.

Go to solution
martin.fischer
Level 1
Level 1

‎02-02-2021 10:21 AM

You could export the MAC addresses from the 2.3 environment to a CSV file if you want to keep them. Then put the MAC addresses and other information which you want to keep in the CSV import template and import them to the 2.7 environment.

0 Helpful

Go to solution
Terence Lockette
Level 1
Level 1
In response to martin.fischer

‎02-02-2021 11:02 AM

Will this contain all MAC addresses whether manually entered as well as learned by ISE?

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Terence Lockette

‎02-02-2021 11:12 AM

If you do it through the GUI Context Visibility "export all" option, or from the PAN CLI "application configure ise" option 16 "get all endpoints", it will include all endpoints as well as their group memberships among other things. 

The export and import follow different templates though so keep that in mind, you can't just export the endpoints and import the same CSV. You need to download the template from the Context Visibility endpoint import page and transpose some columns. Blank cells will be ignored. 

0 Helpful

Go to solution
Terence Lockette
Level 1
Level 1
In response to Damien Miller

‎02-02-2021 11:17 AM

Ahhhh ok.  Thanks for that insight!  I will wait til the day we are ready to cut over before exporting/importing.

 

Thanks all!

0 Helpful
Customers Also Viewed These Support Documents