Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2179
Views
10
Helpful
4
Replies

Total endpoints never purgering - Cisco ISE

LKL4
Level 1
Level 1

‎03-14-2022 10:12 AM

Hello team,

 

My total endpoints does not decrease and when i try to purge endpoints nothing happens.

Version 2.7.0.356

Installed Patches 2,3,4,5,6,7

Attached are the print of my total endpoints. 

 

Following this path "Administration > Identity Management > Settings > Endpoint Purge" i have changed the default purge from 30 to 1day, but noting happens after 1 day. I have tried to use the button "Purge Imeddiately" too but nothing happens again.

I don't know if I'm doing it wrong or if we have a bug.

1 person had this problem
Preview file
75 KB
0 Helpful
4 Replies 4

Arne Bier
VIP
VIP

‎03-14-2022 01:29 PM

Hi @LKL4 

 

Endpoints are purged according to some defined Purge Rules. What rules do you have in place?

 

You may want to keep important endpoints (e.g. statically defined and put into Endpoint Identity Groups for MAB) and then you may wish to purge endpoints that were used for guest access and where the 1 Day guest access has expired (e.g. if GuestEndpoints AND ElapsedDays Greater than 0)

 

 

LKL4
Level 1
Level 1
In response to Arne Bier

‎03-16-2022 05:08 AM

Hello @Arne Bier 

 

All my rules are default, i just changed the ElapsedDays Greater than 30 to 1 day, but nothing happens. 

Attached are the rules.

Preview file
28 KB
0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to LKL4

‎03-16-2022 03:29 PM

The GuestEndpoints and RegisteredDevices in the default Purge policies are Endpoint Identity Groups (for Guest and BYOD flows, respectively). The endpoint MAC addresses must be associated with these Groups to match the criteria for being purged.

I would suggest navigating to Administration > Identity Management > Groups > Endpoint Identity Groups, selecting each of these Groups and confirming if any MAC addresses are present within them.

If there are MAC addresses associated with those groups that are not being purged, you might need to open a TAC case to investigate why.

If you want to purge endpoints that are not associated with these Groups, you would need to create another Purge policy that uses the endpoint criteria you want to match for purging.

Marcelo Morais
VIP
VIP
In response to LKL4

‎03-16-2022 04:37 PM - edited ‎03-16-2022 05:43 PM

Hi @LKL4 ,

 beyond what @Greg Gibbs and @Arne Bier said, please take a look at: Operations > Reports > Reports > Audit > Endpoint Purge Activities, check if your Purge Rule is working.

 

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents