Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Static Identity Group Assignment

                   Does anyone know a way to bring in an endpoint with the following attributes?

Endpoint Policy Name       Static = True

Static Group Assignment   Static = True

The 1.2 manual says;

If the file used for import contains endpoints that have their MAC addresses, and their assigned endpoint profiling policy is the static assignment, then they are not re-profiled during import. 

To change a dynamic assignment of an endpoint identity group to static, check the Static Group Assignment check box. If the check box is not checked, then the endpoint identity group is dynamic as assigned by the profiler based on policy configuration.

Statically Profiled Endpoints

An endpoint can be profiled statically when you create an endpoint with its MAC address and associate a profile to it along with an endpoint identity group in Cisco ISE. Cisco ISE does not reassign the profiling policy and the identity group for statically assigned endpoints.

A) Does anyone know a way to import from an LDAP database and maintain the Static Group Assignment = True.

I successfully do an LDAP import of the MAC and Endpoint Group (which comes in as True) but the Static Group Assignment has the Endpoint Group Assignment correct but static is false unchecked.  I don't want these profiling any more.  These are thousands of endpoints and I do not see any way to do a bulk change.  I have tried exporting and re-importing but that doesn't really scale.

B) Would creation of an endpoint group that is not part of the Profiled endpoint group change the behavior I see above when I do my LDAP import?

If there were a way to do the bulk selection and change the static property or the Static Group Assignment that would be of huge benefits.  The changes apply to the fields selected within the endpoints while maintaining the MAC property of the endpoint.

Thanks in advance for any suggestions.

CreatePlease to create content