Does ISE support wild card entries for Network devices?
Working on a project for a large customer & i need to add close to 3000 Switches in Network devices. Rather than add each switch, I would prefer to enter a wild card entry of 10.x.x.30 = Switches for example.
When i did an import of 500+ switches, the network devices screen began to crawl. I had to manually delete the switches before the performance returned (at that took close to 45 minutes to delete them). I don't know if it was the # of devices i tried to import or it was the # of Network devices in general. What is the # of Network devices supported in ISE? These are the 3495 security appliances.
This is an active project so I'm adding devices as we go but i want to get way ahead of the schedule & just enter a few (or single) wild card entry to include all switches.
What version of ISE are you on? There isnt a maximum number of network devices listed anywhere but I am sure that exceeding 500 is no where near the threshold. What has worked for me in the past is adding one device manually and exporting that device using the csv method and use that csv to add the other devices ip address and copy and paste the same columns.
It could be something as simple as missing a field where the UI isnt catching or an undocumented issue that are hitting.
I haven't used wildcards like that before but I have been able to successfully add a whole subnet. For instance, if all switches in site A are on 192.168.0.0 /24 then you can input in the IP address field.
In addition to what Neno suggested. You can add the entire /8 network and set an authorization policy compound condition so that if NAS-IP-Address begins with 10. and NAS-IP-Address ends with .30 to allow it to hit your authorization rules.
I have the import file correct b/c it let me import 1/4 of the devices... the issue was the network devices screen became incredibly slow. When i would try to scroll down it would take so long for the screen to refresh & all the network devices would disappear & reappear. it was painful. It literally took me 45 minutes to delete those devices until it returned back to normal.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...