View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0271 - ISE 2.2 Device Profiling and Probing (Part 2)

SEC0271 - ISE 2.2 Device Profiling and Probing (Part 2)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
Video Download: 
Title: SEC0271 - Video Download $14.00
Purchase SEC0271 - Video Download $14.00
The video introduces you to the concept of device profiling and probing on Cisco ISE 2.2. We will start by going through different type of probes, and how devices get profiled with Profiling policies. We will also cover the latest type of probe; AD probe, how to increase profiling accuracy and number of profiled devices with manual NMAP scan, and custom profiling policy creation.
 
Part 2 of this video covers how to perform non-intrusive profiling
 
Topic:
  • Profiling
  • Probing
  • Network Devices
  • External Identity Source (AD Integration)
  • AD Probe
  • Custom Profiling Policy
Tag: 
ISE
ise 2.2
profiling
mab
nmap
probes

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

6 comments

Submitted by adixxx on Sat, 09/22/2018 - 19:48

Hello Sir, Question at 19:49.
DHCP server is 172.16.32.40. Isn't the IP helper should point to this IP address? Why we removed it and used the IP of the PSN node/ISE in this case?

Submitted by admin on Tue, 09/25/2018 - 16:56

The DHCP server is actually the switch and not win2012. We temporarily pointed DHCP helper to win2012 so we can see a copy of DHCP packet, then we removed it when we were done

Submitted by adixxx on Tue, 09/25/2018 - 23:31

Oh thanks, I though it was something different. But All good ! Thanks Sir / Meta / Admin :)

Submitted by orkhan.r on Tue, 01/22/2019 - 02:59

Hello, question regarding SNMP Query probe. I have 1 HP PC and 1 Dell Laptop. HP is configured with dot1x authentication and authenticated successfully. Dell`s port is not configured with authentication just port security. In endpoint section of profiler in ISE i could not see the Dell Laptop. I thought I would see it with snmp query probe. Another interesting point is that I see HP PC but with source as SNMP query. Shoudn`t it be Radius Probe? For ISE detecting device with SNMP query what are the requirements other than community string configured in switch?

Submitted by orkhan.r on Tue, 01/22/2019 - 04:27

I have added another switch to my network and another DELL laptop with no authentication configured. Switch configurations are same. Now ISE profiled this new laptop without authentication and with SNMP Query. What can be reason for profiling some devices and others not.

Submitted by admin on Tue, 01/22/2019 - 17:45

Not sure why it would work on one switch but not the other. A more reliable way is to use DHCP probe with the helper address. You probably also want to configure SNMP trap to be sent to ISE for MAC address Add/Move/Delete. At the end, it is better to have multiple probe works together in case one does not work.

Poll

Vote for the Next Video Series