About Josh Morris

Josh Morris · 01-14-2025

I'm moving toward low-impact mode and am trying to answer the question of "How many new users can we expect to see after we convert to low-impact?" so I'll know how to staff resources on day n to properly resolve issues. We have Splunk and can genera...

Josh Morris · 10-29-2024

I have been investigating this issue for a while now. I have about 20-30 different switchports around my campus where thousands of bogus mac addresses show up in ISE attached to specific ports. We're talking about MACs like '00:00:00:00:00:01'. Ones ...

Josh Morris · 08-28-2023

ISE v3.1p3I am getting thousands of endpoints clogging my context visibility. They have little-to-no attribute information and mostly seem to fail with 22056 Subject not found in the applicable identity store(s). I have purge policies in place, but I...

Josh Morris · 07-10-2023

I am getting thousands (like tens of thousands) of weird MAC Addresses in ISE, many of them are getting profiled as 'Xerox-Device' or 'EquipTrans-Device' based on the OUI. The MAC Addresses mostly start with '00:01:00:00:*:*' and '00:00:00:00:00:*' a...

Josh Morris · 04-26-2023

I would like to create a Python job using Jinja2 templates to create golden configs. This is easy enough, but my question is should I use one large template for the entirety of the config or split it into multiple templates (base, snmp, ntp, aaa, etc...

Josh Morris · 01-15-2025

Ultimately, yes. We would want to properly classify any new endpoints into an already existing profile/rule. At this point, I'm trying to determine what the day 2 impact would be of moving our default rule action though.

Josh Morris · 01-15-2025

In this case, it would mean new devices that come online. Ex: We have 50,000 endpoints and have properly classified all 50,000 and tomorrow we have 50,001 devices. I would like to be able to have a regular report of the new endpoints from that time p...

Josh Morris · 04-19-2024

I am able to use groups, but part of my workflow is that each user OU that I want to use has to first be defined as such in my domain under External Identity Sources > Active Directory > domain > groups. Then my authorization rule can read "Tunnel gr...

Josh Morris · 09-25-2023

In this case, I added it to the profile for the device type. As seen below.

Josh Morris · 07-10-2023

Just found that one port that was showing this behavior has a Cisco phone connected. The behavior kind of reminded me of a loop of some kind, where thousands of endpoints were learned on a port at one time, then all were inactive after that.

Member Since	‎05-12-2011 06:26 AM
Date Last Visited	‎01-22-2025 12:09 AM
Posts	291
Total Helpful Votes Received	125

User Statistics

User Activity

Report for new devices only?

Bogus MAC addresses generated from docks/dongles

Endpoints with failure 22056 clogging database

Virtual MAC Addresses?

Best way to create golden configs with Python/Jinja2?

Re: Report for new devices only?

Re: Report for new devices only?

Re: Best way to integrate ASA/ISE/Azure AD for MFA?

Re: Endpoints getting IP from switchport VLAN before ISE changes VLAN

Re: Virtual MAC Addresses?