https://community.cisco.com/t5/network-access-control/endpoint-attribute-filter-enabling-for-additional-device/m-p/3730918#M489162 <P>A customer of mine has a deployment with approx 10k active devices.&nbsp; Some of the medical devices with static IP addresses are not profiling beyond the ethernet vendor code.&nbsp; Some of these devices share the same ethernet NIC vendor and it is hard to determine what the device is from that perspective.&nbsp; We are looking at different ways to find more attributes.&nbsp; The first one is NMAP and then SNMP. The customer has the Endpoint Attribute Filter enabled (EAF).&nbsp;</P> <P>&nbsp;</P> <P>Questions:</P> <P>&nbsp;</P> <P>1) With EAF enabled, does context visibility just show the Whitelist and mandatory attributes?</P> <P>2) Would there be any benefit to disabling EAF to see if there are other attributes available for unique profile creating?</P> <P>3) How much of a performance impact would there be by disabling the EAF?&nbsp;</P> <P>4) Would there be a mass update or would the updates occur just when the endpoint's PSN ownership changes?</P> <P>&nbsp;</P> <P>I've watched several of Craig's BRKSEC 3699 but still have these questions.</P> <P>&nbsp;</P> <P>Thanks.</P> <P>Sam.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp; </P> Tue, 23 Oct 2018 17:27:55 GMT scamarda 2018-10-23T17:27:55Z https://community.cisco.com/t5/network-access-control/endpoint-attribute-filter-enabling-for-additional-device/m-p/3730918#M489162 <P>A customer of mine has a deployment with approx 10k active devices.&nbsp; Some of the medical devices with static IP addresses are not profiling beyond the ethernet vendor code.&nbsp; Some of these devices share the same ethernet NIC vendor and it is hard to determine what the device is from that perspective.&nbsp; We are looking at different ways to find more attributes.&nbsp; The first one is NMAP and then SNMP. The customer has the Endpoint Attribute Filter enabled (EAF).&nbsp;</P> <P>&nbsp;</P> <P>Questions:</P> <P>&nbsp;</P> <P>1) With EAF enabled, does context visibility just show the Whitelist and mandatory attributes?</P> <P>2) Would there be any benefit to disabling EAF to see if there are other attributes available for unique profile creating?</P> <P>3) How much of a performance impact would there be by disabling the EAF?&nbsp;</P> <P>4) Would there be a mass update or would the updates occur just when the endpoint's PSN ownership changes?</P> <P>&nbsp;</P> <P>I've watched several of Craig's BRKSEC 3699 but still have these questions.</P> <P>&nbsp;</P> <P>Thanks.</P> <P>Sam.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp; </P> Tue, 23 Oct 2018 17:27:55 GMT https://community.cisco.com/t5/network-access-control/endpoint-attribute-filter-enabling-for-additional-device/m-p/3730918#M489162 scamarda 2018-10-23T17:27:55Z https://community.cisco.com/t5/network-access-control/endpoint-attribute-filter-enabling-for-additional-device/m-p/3731180#M489181 <BLOCKQUOTE><HR /> <P>1) With EAF enabled, does context visibility just show the Whitelist and mandatory attributes?</P> </BLOCKQUOTE> <P>No, there are some attributes for context visibility only.</P> <P>&nbsp;</P> <BLOCKQUOTE> <P>2) Would there be any benefit to disabling EAF to see if there are other attributes available for unique profile creating?</P> <P>&nbsp;</P> </BLOCKQUOTE> <P>Unless we are certain they are being filtered out as a result.</P> <P>&nbsp;</P> <BLOCKQUOTE> <P>3) How much of a performance impact would there be by disabling the EAF?&nbsp;</P> </BLOCKQUOTE> <P>Huge. The very reason why we have EAF</P> <P>&nbsp;</P> <BLOCKQUOTE> <P>4) Would there be a mass update or would the updates occur just when the endpoint's PSN ownership changes?</P> <HR /></BLOCKQUOTE> <P>Potentially a mass update. I do not think it related to ownership changes.</P> Wed, 24 Oct 2018 02:50:11 GMT https://community.cisco.com/t5/network-access-control/endpoint-attribute-filter-enabling-for-additional-device/m-p/3731180#M489181 hslai 2018-10-24T02:50:11Z