ISE Rejected Endpoints
netapi ise get-rejected-endpoints✓ Found 2 rejected endpoint(s) Rejected Endpoints ┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┓ ┃ MAC Address ┃ Reason ┃ ┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━┩ │ 04:5F:B9:78:02:20 │ EndPoint │ │ 64:32:A8:C4:C7:19 │ EndPoint │ └───────────────────┴──────────┘
netapi ise release-rejected 04:5F:B9:78:02:20
netapi ise release-rejected 64:32:A8:C4:C7:19✓ Released rejected endpoint: 04:5F:B9:78:02:20 ✓ Released rejected endpoint: 64:32:A8:C4:C7:19
netapi ios exec "show access-session interface gi1/0/4 details"|
need to address this later Error: netmiko not installed. Run: uv sync --extra cisco |
netapi ios exec "show access-session interface gi1/0/4 details"
Interface: GigabitEthernet1/0/4
MAC Address: 045f.b978.0220
IPv6 Address: Unknown
IPv4 Address: Unknown
User-Name: 045fb9780220
Status: Unauthorized
Domain: UNKNOWN
Oper host mode: multi-auth
Oper control dir: in
Session timeout: N/A
Restart timeout: 60s (local), Remaining: 30s
Periodic Acct timeout: N/A
Session Uptime: 30s
Common Session ID: 0A32010A000006F805DD9739
Acct Session ID: Unknown
Handle: 0x1D00021C
Current Policy: PMAP_DefaultWiredDot1xClosedAuth_1X_MAB
Method status list:
Method State
dot1x Stopped
mab Stopped|
need to address this later: netapi ise dc query "SELECT USERNAME, POLICY_SET_NAME, AUTHORIZATION_RULE, FAILURE_REASON, PASSED FROM RADIUS_AUTHENTICATIONS WHERE CALLING_STATION_ID LIKE '%045FB9780220%' ORDER BY TIMESTAMP_TIMEZONE DESC FETCH FIRST 10 ROWS ONLY" Error: oracledb not installed. Run: uv sync --extra ise |
netapi ise dc query "SELECT USERNAME, POLICY_SET_NAME, AUTHORIZATION_RULE, FAILURE_REASON, PASSED FROM RADIUS_AUTHENTICATIONS WHERE CALLING_STATION_ID LIKE '%045FB9780220%' ORDER BY TIMESTAMP_TIMEZONE DESC FETCH FIRST 10 ROWS ONLY"
❯ netapi ise dc auth-history 04:5F:B9:78:02:20
╭──────────────────────────────── Auth History ─────────────────────────────────╮ │ 04:5F:B9:78:02:20 │ ╰───────────────────────────────────────────────────────────────────────────────╯ ┏━━━━━━━━━━━┳━━━━━━━━┳━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━┓ ┃ ┃ ┃ ┃ ┃ AuthZ ┃ ┃ Failure ┃ ┃ Time ┃ Status ┃ Method ┃ Policy Set ┃ Profile ┃ NAD ┃ Reason ┃ ┡━━━━━━━━━━━╇━━━━━━━━╇━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━┩ │ 2026-02-… │ FAILED │ mab │ Domus-Wir… │ - │ 10.50.1.10 │ 22056 │ │ 09:04:01 │ │ │ 802.1X │ │ │ Subject │ │ │ │ │ │ │ │ not found │ │ │ │ │ │ │ │ in the │ │ │ │ │ │ │ │ appl… │ │ 2026-02-… │ FAILED │ mab │ Domus-Wir… │ - │ 10.50.1.10 │ 22056 │ │ 09:01:12 │ │ │ 802.1X │ │ │ Subject │ │ │ │ │ │ │ │ not found │ │ │ │ │ │ │ │ in the │ │ │ │ │ │ │ │ appl… │ │ 2026-02-… │ FAILED │ mab │ Domus-Wir… │ - │ 10.50.1.10 │ 22056 │ │ 08:33:41 │ │ │ 802.1X │ │ │ Subject │ │ │ │ │ │ │ │ not found │ │ │ │ │ │ │ │ in the │ │ │ │ │ │ │ │ appl… │ └───────────┴────────┴────────┴────────────┴───────────┴────────────┴───────────┘
0 passed | 3 failed | 3 total
netapi ise get-endpoint-groups
Endpoint Groups (Page 1, Size 100)
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Name ┃ ID ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ Android │ ffa36b00-8bff-11e6-996c-525400b48521 │
│ Apple-iDevice │ 0a4a50f0-8c00-11e6-996c-525400b48521 │
│ Axis-Device │ 0c4eac70-8c00-11e6-996c-525400b48521 │
│ BlackBerry │ 0cc7ad00-8c00-11e6-996c-525400b48521 │
│ Blocked List │ aa000c30-8bff-11e6-996c-525400b48521 │
│ BYOD-Registered │ 127f7b10-f95b-11f0-b76e-52c54a1d1f56 │
│ Cisco-Collaboration-Device │ 5419e220-b704-11f0-bb2c-fe123a7c9ece │
│ Cisco-IP-Phone │ 14f5cac0-8c00-11e6-996c-525400b48521 │
│ Cisco-Meraki-Device │ 1e2700a0-8c00-11e6-996c-525400b48521 │
│ Cisco-Room-Device │ c99baba0-b704-11f0-bb2c-fe123a7c9ece │
│ Cisco-Webex-Board-Device │ db6755a0-b704-11f0-bb2c-fe123a7c9ece │
│ Cisco-Webex-Codec-Device │ d4cd6c70-b704-11f0-bb2c-fe123a7c9ece │
│ Cisco-Webex-Desk-Device │ d343e640-b704-11f0-bb2c-fe123a7c9ece │
│ ecobee-Device │ b93a0e60-b703-11f0-bb2c-fe123a7c9ece │
│ Epson-Device │ 22c6c780-8c00-11e6-996c-525400b48521 │
│ GuestEndpoints │ aa178bd0-8bff-11e6-996c-525400b48521 │
│ Juniper-Device │ 2b07d100-8c00-11e6-996c-525400b48521 │
│ Linux-Research-Workstations │ 48dcb5a0-fd8f-11f0-9bb2-fafc6167f873 │
│ Linux-Workstations │ 4833f280-fd8f-11f0-9bb2-fafc6167f873 │
│ MGMT_DEVICES │ f6aad2e0-cce6-11f0-be5c-3a04bfe421e9 │
│ OS_X_BigSur-Workstation │ aeb29380-4fbf-11ed-a871-0050568f5811 │
│ Profiled │ aa10ae00-8bff-11e6-996c-525400b48521 │
│ RegisteredDevices │ aa13bb40-8bff-11e6-996c-525400b48521 │
│ Research_Onboard │ 272c6590-f164-11f0-b76e-52c54a1d1f56 │
│ Sony-Device │ 38a73670-8c00-11e6-996c-525400b48521 │
│ STORAGE │ 9dff3ad0-d341-11f0-be5c-3a04bfe421e9 │
│ Synology-Device │ 3a1b38d0-8c00-11e6-996c-525400b48521 │
│ test-child │ 09a6a3d0-fd8c-11f0-9bb2-fafc6167f873 │
│ test-parent │ ca8ac960-fd8b-11f0-9bb2-fafc6167f873 │
│ Trendnet-Device │ 3a88eec0-8c00-11e6-996c-525400b48521 │
│ Trusted_Access_Points │ 253d70f0-b9b8-11f0-bb2c-fe123a7c9ece │
│ Unknown │ aa0e8b20-8bff-11e6-996c-525400b48521 │
│ Verifone-Payment-Terminal │ f39d69d0-b703-11f0-bb2c-fe123a7c9ece │
│ Vizio-Device │ 3b113190-8c00-11e6-996c-525400b48521 │
│ Windows11-Workstation │ b81c38b0-a1c2-11f0-bf2b-022bf5b6e326 │
│ Workstation │ 3b76f840-8c00-11e6-996c-525400b48521 │
│ Xerox-AltaLink-B8245-MFP │ f47277a0-b704-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-B8255-MFP │ f30971c0-b704-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-B8270-MFP │ f192d750-b704-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-C8230-Color-MFP │ 17a73940-b705-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-C8235-Color-MFP │ 11c57c80-b705-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-C8245-Color-MFP │ 1046f2d0-b705-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-C8255-Color-MFP │ 14cc2cd0-b705-11f0-bb2c-fe123a7c9ece │
│ Xerox-AltaLink-C8270-Color-MFP │ 16230a40-b705-11f0-bb2c-fe123a7c9ece │
└────────────────────────────────┴──────────────────────────────────────┘
Total: 44 results# find auth history
netapi ise dc query "
SELECT
TIMESTAMP_TIMEZONE,
CALLING_STATION_ID,
POLICY_SET_NAME,
AUTHORIZATION_PROFILES,
IDENTITY_GROUP,
PASSED
FROM RADIUS_AUTHENTICATIONS
WHERE CALLING_STATION_ID LIKE '%04:5F:B9:78:02:20%'
ORDER BY TIMESTAMP_TIMEZONE DESC
FETCH FIRST 10 ROWS ONLY
"
Query Results
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━┓
┃ TIMESTAMP_TIMEZONE ┃ CALLING_STATION_ID ┃ POLICY_SET_NAME ┃ AUTHORIZATION_PROFILES ┃ IDENTITY_GROUP ┃ PASSED ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━┩
│ 2026-02-09 │ 04:5F:B9:78:02:20 │ Domus-Wired 802.1X │ │ │ Fail │
│ 09:04:01.564000 │ │ │ │ │ │
│ 2026-02-09 │ 04:5F:B9:78:02:20 │ Domus-Wired 802.1X │ │ │ Fail │
│ 09:01:12.889000 │ │ │ │ │ │
│ 2026-02-09 │ 04:5F:B9:78:02:20 │ Domus-Wired 802.1X │ │ │ Fail │
│ 08:33:41.311000 │ │ │ │ │ │
│ 2026-02-02 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 07:09:08.521000 │ │ │ │ │ │
│ 2026-02-02 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 07:08:12.964000 │ │ │ │ │ │
│ 2026-02-01 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 22:32:02.797000 │ │ │ │ │ │
│ 2026-02-01 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 22:31:08.650000 │ │ │ │ │ │
│ 2026-01-28 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 08:07:27.474000 │ │ │ │ │ │
│ 2026-01-28 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 08:06:31.901000 │ │ │ │ │ │
│ 2026-01-28 │ 04:5F:B9:78:02:20 │ Corp LAN MAB │ AP_Secure_VLAN10_Profile │ Trusted_Access_Points │ Pass │
│ 00:13:46.569000 │ │ │ │ │ │
└───────────────────────────┴────────────────────┴────────────────────┴──────────────────────────┴───────────────────────┴────────┘Yes, sed can insert without clobbering:
# Insert BEFORE line 220 sed -i '220i\Your text here' file.adoc
# Insert AFTER line 220 sed -i '220a\Your text here' file.adoc
For multi-line content, easier to use a heredoc with sed:
sed -i '220r /dev/stdin' ise-rejected-endpoint.adoc << 'EOF'
[source,bash] ---- netapi ise get-endpoint 04:5F:B9:78:02:20 ----
.Output ---- Group: Trusted_Access_Points Static Assignment: True ----
EOF
Or use ed (line editor):
ed ise-rejected-endpoint.adoc << 'EOF' 220a [source,bash] ---- netapi ise get-endpoint 04:5F:B9:78:02:20 ---- . w q EOF
Safest approach - check first, then edit:
# Preview line 220 and context sed -n '218,222p' ise-rejected-endpoint.adoc
# Then insert after you confirm location
The endpoint is in correct group (Trusted_Access_Points, static=true). So check if it's still rejected:
netapi ise get-rejected-endpoints
If still rejected, release it:
netapi ise release-rejected 04:5F:B9:78:02:20
#find calling station ID format
netapi ise dc query "
SELECT DISTINCT CALLING_STATION_ID
FROM RADIUS_AUTHENTICATIONS
WHERE TIMESTAMP_TIMEZONE > SYSDATE - 1
FETCH FIRST 20 ROWS ONLY
"netapi ise dc query "SELECT TIMESTAMP_TIMEZONE, POLICY_SET_NAME, AUTHORIZATION_RULE, IDENTITY_GROUP, PASSED, FAILURE_REASON FROM RADIUS_AUTHENTICATIONS WHERE CALLING_STATION_ID LIKE '%045FB9780220%' ORDER BY TIMESTAMP_TIMEZONE DESC FETCH FIRST 20 ROWS ONLY"