topic Re: NMAP Printer Profiling in Network Access Control

NMAP Printer Profiling

paul — Wed, 27 Jul 2016 18:02:34 GMT

I am not sure in what version NMAP defaults changed, but now unknown devices and most of the Cisco predefined profiles use "SNMPPortsandOS-scan" for the NMAP scanning. Previously NMAP uses to scan all common ports. Normally I don't care about more than SNMP, but port 9100 was a huge part of my printer strategy.

After rolling out monitor mode, I would usually create a profiler to pull in all NMAP 9100 listeners into a group and start creating a printer profile. Now with common ports not on by default or even available in 2.1 (at least I don't see it) I am stuck with hopefully getting SNMP data or OUI. DHCP is not enabled for printers in most customers even though we encourage them to go with DHCP and static reservations.

Is there any other way to get port 9100 open information?

Thanks.

Re: NMAP Printer Profiling

Charlie Moreton — Wed, 27 Jul 2016 19:31:07 GMT

In ISE 2.1 you can create your own NMAP Scans, SNMP Port being one of them. Go to Policy > Policy Elements > Results and choose Profiling > Network Scan (NMAP) Actions. From there, Choose +Add to create your own.

Or, you might be able to use the SNMPPortsAndOS-scan default NMAP Scan Action.

From there, navigate to Policy > Profiling and choose the device profile for which you would like to add the NMAP Scan Action. Choose the Network Scan (NMAP) Action from the drop down and click Save.

Re: NMAP Printer Profiling

paul — Wed, 27 Jul 2016 19:39:34 GMT

Thanks I missed where you could define custom NMAP scans. I guess now we have to make a customer scan to get common ports then go and modify all the possible printer top level profiles to make sure 9100 is checked. Much easier before when common ports scan was the default.

Thanks for the quick feedback.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250