Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm moving toward low-impact mode and am trying to answer the question of "How many new users can we expect to see after we convert to low-impact?" so I'll know how to staff resources on day n to properly resolve issues. We have Splunk and can genera...
I have been investigating this issue for a while now. I have about 20-30 different switchports around my campus where thousands of bogus mac addresses show up in ISE attached to specific ports. We're talking about MACs like '00:00:00:00:00:01'. Ones ...
ISE v3.1p3I am getting thousands of endpoints clogging my context visibility. They have little-to-no attribute information and mostly seem to fail with 22056 Subject not found in the applicable identity store(s). I have purge policies in place, but I...
I am getting thousands (like tens of thousands) of weird MAC Addresses in ISE, many of them are getting profiled as 'Xerox-Device' or 'EquipTrans-Device' based on the OUI. The MAC Addresses mostly start with '00:01:00:00:*:*' and '00:00:00:00:00:*' a...
I would like to create a Python job using Jinja2 templates to create golden configs. This is easy enough, but my question is should I use one large template for the entirety of the config or split it into multiple templates (base, snmp, ntp, aaa, etc...
Ultimately, yes. We would want to properly classify any new endpoints into an already existing profile/rule. At this point, I'm trying to determine what the day 2 impact would be of moving our default rule action though.
In this case, it would mean new devices that come online. Ex: We have 50,000 endpoints and have properly classified all 50,000 and tomorrow we have 50,001 devices. I would like to be able to have a regular report of the new endpoints from that time p...
I am able to use groups, but part of my workflow is that each user OU that I want to use has to first be defined as such in my domain under External Identity Sources > Active Directory > domain > groups. Then my authorization rule can read "Tunnel gr...
Just found that one port that was showing this behavior has a Cisco phone connected. The behavior kind of reminded me of a loop of some kind, where thousands of endpoints were learned on a port at one time, then all were inactive after that.
