https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037803#M588015 <P>As&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;inferred in his previous response, you are not likely to get much detail from Profiling of an ATM endpoint. From my experience, most ATMs are built on generic platforms (like old Windows OS), so they would not provide any unique attributes.</P> <P>If you intend to pursue the Profiling route, you would need to determine what the network can glean from one of the ATM endpoints and build custom Profiling conditions/polices based on the <A href="https://community.cisco.com/t5/security-knowledge-base/ise-profiling-design-guide/ta-p/3739456" target="_blank" rel="noopener">ISE Profiling Design Guide</A>.</P> Mon, 11 Mar 2024 23:17:57 GMT Greg Gibbs 2024-03-11T23:17:57Z https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/3755136#M487645 <P>All,</P> <P>&nbsp;</P> <P>I am looking for ISE profiling attributes for ATMs for a banking customer. These devices are non-Dot1x capable and have a static IP address assigned.&nbsp;</P> <P>&nbsp;</P> <P>Has anyone done something similar before?</P> <P>&nbsp;</P> <P>Regards,</P> <P>Manasi Jain</P> Thu, 29 Nov 2018 13:55:33 GMT https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/3755136#M487645 manasjai 2018-11-29T13:55:33Z https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/3755728#M487646 <P>It's one thing to rely on ISE to profile an IOT device (like a light bulb) and work with a "certainty factor" percentage accuracy.&nbsp; But I would be worried if my bank used profiling to assign its ATMs to the correct VLAN or assign ACLs etc.&nbsp;</P> <P>What is the reason for using Radius here?&nbsp; if they don't do 802.1X to gain network access then could you not do MAB auth instead?&nbsp; That would mean putting all the ATM's MAC addresses into an Identity Group.&nbsp; But MAB auth for an ATM sounds dodgy too.&nbsp; I don't see what they use case is here.</P> Fri, 30 Nov 2018 11:00:12 GMT https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/3755728#M487646 Arne Bier 2018-11-30T11:00:12Z https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037786#M588010 <P>Hello,</P> <P>I am looking for the same. Kindly advise&nbsp;</P> Mon, 11 Mar 2024 22:40:15 GMT https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037786#M588010 SHABEEB KUNHIPOCKER 2024-03-11T22:40:15Z https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037799#M588013 <P>Hi Manasi,</P><P>The best way to handle non dot1x devices is to create a custom identity group for all atm machines. These devices do not need to be connected to be added to the group, they can be imported.&nbsp;</P><P>This solution has been explained in detail <A href="https://community.cisco.com/t5/network-access-control/handling-non-dot1x-devices/td-p/3586400" target="_self">here</A> from Timothy Abbott. I believe its applicable in this case for you.</P><P><FONT face="times new roman,times" size="2"><EM><STRONG>If you find this useful, please mark it helpful and Accept the Solution.</STRONG></EM></FONT></P> Mon, 11 Mar 2024 23:14:49 GMT https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037799#M588013 Pulkit Mittal 2024-03-11T23:14:49Z https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037800#M588014 <P>Hi Shabeeb,</P><P>It's answered, follow the same approach.</P><P>Regards,</P><P>Pulkit</P> Mon, 11 Mar 2024 23:18:58 GMT https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037800#M588014 Pulkit Mittal 2024-03-11T23:18:58Z https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037803#M588015 <P>As&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;inferred in his previous response, you are not likely to get much detail from Profiling of an ATM endpoint. From my experience, most ATMs are built on generic platforms (like old Windows OS), so they would not provide any unique attributes.</P> <P>If you intend to pursue the Profiling route, you would need to determine what the network can glean from one of the ATM endpoints and build custom Profiling conditions/polices based on the <A href="https://community.cisco.com/t5/security-knowledge-base/ise-profiling-design-guide/ta-p/3739456" target="_blank" rel="noopener">ISE Profiling Design Guide</A>.</P> Mon, 11 Mar 2024 23:17:57 GMT https://community.cisco.com/t5/network-access-control/atm-machine-profiling/m-p/5037803#M588015 Greg Gibbs 2024-03-11T23:17:57Z