cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7523
Views
5
Helpful
10
Replies

Why can't I Remove an Endpoint?

Arne Bier
VIP
VIP

Can someone please help me understand why I cannot Remove an Endpoint?  The screen below shows the result of a user logging into a Guest Portal.  However, I want to purge Endpoints on a regular basis - the automatic and immediate Purge fails (ISE 2.2p2) and when I looked closer I think I know why ... I can't even Remove the Endpoint below with the "Remove" action.  What does that button do ?

I already have a TAC case open on the Purging issue but no response after ten days now.

Can this forum please give me a quick sanity check?

When I choose Remove, then ISE reports "Server Response - Success" on bottom right of screen. The Endpoint is NOT removed, but the only thing that happened is that Static Group Assignment is now False:

I am able to move the Endpoint to another Group.  But I cannot Remove it from that Group either.

The only way I can kill an Endpoint is to go to the Home Metrics / Total Endpoints, and then put it in the trash can.

If this is working as designed then I missed something important in the documentation.

By the way, the above screen shows an active session - this happens on dead sessions too.

1 Accepted Solution

Accepted Solutions

paul
Level 10
Level 10

Context Visibility->Endpoints is how I do all the manipulation of MAC addresses.  You can add, remove, assign to identity groups, import, export, etc. on that screen.

View solution in original post

10 Replies 10

paul
Level 10
Level 10

Context Visibility->Endpoints is how I do all the manipulation of MAC addresses.  You can add, remove, assign to identity groups, import, export, etc. on that screen.

hslai
Cisco Employee
Cisco Employee

Paul is correct. At the endpoint group page, remove an endpoint there means to de-associate it with that group.

But what is the Remove button do?  It does nothing at all.

I am able to move endpoints to other Groups by Adding them to a Group - that has the effect of removing it from the current Group.

Did you try refresh the list? Or, navigate away and come back?

It's removing the endpoint from the group, in my test.

Video Link : 16505

Thanks for verifying in your lab.  I am using ISE 2.2p2

I have a TAC case open for this issue - no reply yet from the engineer.

Before I delete an endpoint, the 'Static Group Assignment' is True.  Then I select it and choose 'Remove' .  ISE reports Server Response Success on bottom right in green.  And the endpoint does not go away - but instead, 'Static Group Assignment' is now False.  Refresh as much as you like. Does not go away.

I seem to remember that in ISE 1.4 I could manually enter the MAC addresses (e.g. Cisco Phones) for MAB auth, without that MAC address even being in the ISE Endpoint tables  - but even that seems to be gone now.  When I click Add, I am only allowed to add an existing MAC address into the current Endpoint Identity Group.

Let's see what the TAC case finds.

It might be CSCuy41309. Please provide a copy of your CFG backup to TAC for recreate.

Hi Arne, did you manage to get any solution for this?

Hi Rahul,

Can you tell me the ISE version?

-Aravind

I am using ISE2.2

I know there were some bugs on 2.2, i just did a google search for ise 2.2 can't remove endpoint and one of them came up - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy41309/?rfs=iqvred

 

I would recommend running latest patch and working through http://cs.co/ise-help looking at how to ask the community for help, likely will require a tac case