View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Quick Tip: ISE 2.x Unquarantine EPS Endpoint

Rating: 
0
No votes yet

This is something that we learnt while we were doing some testing on ISE 2.x pxGrid integration with Lancope Stealthwatch. If you have your endpoints quarantined  from Lancope Stealthwatch (or any other EPS subscriber systems) but for some reason fail to unquarantine them, you might find your endpoints being stuck in the EPS-Quarantine state forever. As of ISE 2.0 Patch2 and 2.1, you can manually unquarantine any endpoints from ISE using their MAC addresses. Problem solved!!!

Go to Operations > ANC > Endpoint Assignment then click EPS Unquarantine

eps_1.png

Enter the endpoint MAC address and click Unquarantine. This should cause a CoA to go out and force the endpoint to reauthenticate, hopefully no longer hit your quarantine authorization policy.

eps_2.png

 

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.