cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4298
Views
15
Helpful
7
Replies

IP helper for ISE DHCP profiling

scsc_tech
Level 1
Level 1

All of our switches are configured via LAN automation in DNA-C.

I noticed that our ISE nodes were not getting DHCP profiling info on endpoints. I checked the config on the switch and there is no ip helper-address for ISE, only for the DHCP servers.

Is it expected that DNA-C should have deployed the ip helper-address config for ISE nodes or is this a manual config that must be pushed via templates?

7 Replies 7

Farhan Mohamed
Cisco Employee
Cisco Employee

The DHCP forwarding is a unicast forwarded packet. There is no tagging involved. Remember DHCP forwarding only worked with a clients initial broadcast DHCP request. DHCP renewals are unicast packets to the DHCP. ISE will never see those from DHCP forwarding.

I dont think you understood my question at all.

grabonlee
Level 4
Level 4

I don't know much about DNA Center, but I do know that device sensor compatible network devices don't require ip helper with ISE IP address. So IP helper for ISE profiling may not have been part of the automation process.

 

There are 2 options for DHCP profiling - IP helper (ISE PSN Address) and Device sensor (using the dhcp binding database). Preferred and most common is Device Sensor.

Thanks

I have device sensor. I guess that is sufficient.

 

Screen Shot 2019-06-14 at 11.34.38 AM.png

alberx
Level 1
Level 1

Hi, I'm in the same issue.

I'm interested having "ip helper-address" of the ISE in the SVI for profiling purposes.

 

I add it on DNAC Network Settings as "additional DHCP" but after provision switches, SVI interfaces only have the primary dhcp as ip helper-address. Could you add it without creating a template?

 

Thanks.

Mike.Cifelli
VIP Alumni
VIP Alumni

I'm interested having "ip helper-address" of the ISE in the SVI for profiling purposes.

-Devices inside the SDA fabric should be provisioned as device sensors, you can see this in any edge node run config.  With NADs as sensors they are sending attributes collected from the filters within radius accounting packets.  No need to enable ISE as helper for dhcp probe.  In doing so you are just sending/collecting information twice, which in theory will consume additional resources.

Thanks Mike.

Agree, switches are device sensors. I made a packet capture and as you say in Radius accounting is all the info.

I will check my profiling policies.

 

Review Cisco Networking for a $25 gift card