Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4233
Views
5
Helpful
5
Replies

Unable to Delete Endpoint in an Endpoint Identity Group

Go to solution
Kelin Webb
Level 1
Level 1

‎12-07-2018 10:03 AM

ISE 2.4.0.357

 

I have a device that has been Profiled, by the Profiler, and is sitting in the root 'Profiled' EIG (Endpoint Identity Group). I am able to filter for the device using its MAC, however, when I select it I'm unable to 'Delete Selected' to remove it. 

I believe I need to remove this device from its current EIG so I can fully purge it, so it follows a new Policy Set I created that this device would/should be following. 

In short, the device should be flowing through a Guest Portal and be assigned to a Static EIG, but it's failing to do that. I believe because it's already in an EIG so I can't move it. Normally, I attempt to delete the device from the WLC, Endpoint Groups, and also in the Endpoint Context Authentication area in ISE so it's as close to a 'never before seen' device as possible. In other policies I have, this seems to work for testing.

 

In a live scenario, these devices would be onboarding for the first time and ISE would be seeing them for the first time, so I don't believe I would run into this issue. However, I don't have new devices coming in until next week, so I'm trying to verify/test this flow works before they arrive.

 

I do have a TAC Case open and after our first session, they are still investigating the issue.  I'm sure if anyone else has had issues removing a device from an Endpoint Identity Group. Maybe I'm over/under thinking a step... it happens, haha. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-07-2018 12:49 PM

You cannot remove an endpoint from an endpoint identity group if you have not added it to that endpoint identity group. For all the endpoints you see the static group assignment set to false, you cannot remove them from the respective groups.

As a workaround, you can go to Context Visibility > Endpoints > [MAC Address] > Edit > Set static assignment to true and save. Come back to the original group where you were trying to delete and then remove it from that group.

Also, check with TAC if an enhancement request can be made for this.

View solution in original post

5 Replies 5

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-07-2018 10:06 AM

Thanks, let us know the outcome, TAC is best for break/fix
0 Helpful

Go to solution
Kelin Webb
Level 1
Level 1
In response to Jason Kunst

‎12-07-2018 12:17 PM

I certainly agree with you Jason, however, I felt that reaching out to the community to see if anyone else has had an issue deleting a device from an Endpoint Identity Group could expedite the resolution for us. Especially if someone had/has been through that before and knows a solution.

Was I incorrect to post that discussion here?  

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Kelin Webb

‎12-07-2018 12:21 PM

No that’s fine . I am just setting expectation that if it’s a priority you should use tac. Likely might need database massaging as well.
0 Helpful

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎12-07-2018 12:49 PM

You cannot remove an endpoint from an endpoint identity group if you have not added it to that endpoint identity group. For all the endpoints you see the static group assignment set to false, you cannot remove them from the respective groups.

As a workaround, you can go to Context Visibility > Endpoints > [MAC Address] > Edit > Set static assignment to true and save. Come back to the original group where you were trying to delete and then remove it from that group.

Also, check with TAC if an enhancement request can be made for this.

Go to solution
Kelin Webb
Level 1
Level 1
In response to Surendra

‎12-07-2018 12:57 PM

That did the trick. After editing and assigning it via static assignment... I was able to delete the endpoint from said group and continue testing. Thanks!

0 Helpful
Customers Also Viewed These Support Documents