I am trying to figure out how to get ISE to not add endpoints on a subnet. We are currently using the trial version which limits to 100 endpoints. The issue is that ISE keeps adding our IP phones in before it adds any of our workstations. I would like to exclude the phones for now and if we decide to go ahead and purchase this then have the phones added. I can go in and delete them but they get added right back in.
@gcook0001 you'd have to remove the dot1x configuration from the switchport the phone is connected to, as ISE will create an endpoint in the internal database whenever a device attempts to authenticate.
OK. That isn't going to work. I will have to figure something else out. Also, my switches are not setup to use ISE for authentication, they are still using NPS. So ISE shouldn't be recieving anything from the phones.
Are you sending DHCP relay, Device Sensor, or any other profiling data to ISE? If your switchports aren't configured for 802.1X or MAB, then profiling would be the way ISE is learning about these endpoints.
