05-10-2019 06:42 AM
I am running into a situation where I have some WDS PXE endpoints in my environment that are triggering the anomalous behavior flag. Reviewing the logs in ISE shows that the DHCP class-id changes from MSFT 5.0 to PXEClient; I am assuming when they reboot. Is there a way to exclude endpoints from being flagged as anomalous behavior? I am running ISE 2.6, and don't see much in terms of configuration except for a check box to enable; documentation doesn't show any additional options either.
-Thanks
Solved! Go to Solution.
05-10-2019 08:48 AM
actually its hard to find a work around on this since,
the anomalous detection uses only 3 things
nas-port-type, class ID for dhcp and endpoint policy change.
these parameters are not configurable, maybe we can address this for enhancement to give the admin more control on the conditions for anomalous detection.
05-10-2019 08:48 AM
actually its hard to find a work around on this since,
the anomalous detection uses only 3 things
nas-port-type, class ID for dhcp and endpoint policy change.
these parameters are not configurable, maybe we can address this for enhancement to give the admin more control on the conditions for anomalous detection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide