Updating an attribute in ISE when a device connects?

Jason Salmans · ‎05-30-2024

I'm just curious if there is a way to trigger an attribute change when a device connects. Just for example, if I wanted to create a custom attribute on endpoints and then have ISE record or update a value from the AAA request it receives from the WLC when the endpoint connects?

Assuming the answer is no and that I'd need an external service to do this through the API, would the solution be to have ISE forward something through syslog?

Thanks!

Arne Bier · ‎05-30-2024

All custom endpoint attributes must be manually created (via GUI or API). The only attributes that are dynamically updated after an Authentication are the usual things you see in Context Visibility. SYSLOG sounds like a suitable trigger mechanism to cause an external system to add/create/update a custom endpoint attribute in ISE.

Out of curiosity, can you please explain a bit more about your use case and why this would be useful to you?

thomas · ‎06-18-2024

@Jason Salmans ,

An alternative to using syslog is to use pxGrid to get near real-time updates as endpoints are authenticated then you may filter the session data and run a REST API to update the endpoint with whatever you need.

What is the problem you are trying to solve with a custom attribute that you cannot do with profiling or other existing attributes in ISE?