10-10-2017 05:44 PM
Hello everyone,
One of my customer is looking for best practices for biomed devices profiling, does any one know which probe(s) can we use for this purpose? which type of information does a biomed device can send to ISE?.
Your answer is really appreciated.
thank you very much.
Solved! Go to Solution.
10-11-2017 04:31 AM
ISE has the same tricks in its bag for profiling biomed devices as it does for any device:
DHCP attributes from IOS device sensor or IP helper forwarding
LLDP/CDP attributes from IOS device sensor or SNMP polling
NMAP scans
DNS reverse lookups
OUI mappings
Active Directory (wouldn't apply here)
You can take a look at the ISE Medical NAC profile library as a place to start:
Cisco ISE Medical NAC Profile Library
But really it comes down to looking at what ISE can learn about devices using its standard profiling techniques, find common attributes and crafting your profiling policies.
10-11-2017 04:31 AM
ISE has the same tricks in its bag for profiling biomed devices as it does for any device:
DHCP attributes from IOS device sensor or IP helper forwarding
LLDP/CDP attributes from IOS device sensor or SNMP polling
NMAP scans
DNS reverse lookups
OUI mappings
Active Directory (wouldn't apply here)
You can take a look at the ISE Medical NAC profile library as a place to start:
Cisco ISE Medical NAC Profile Library
But really it comes down to looking at what ISE can learn about devices using its standard profiling techniques, find common attributes and crafting your profiling policies.
10-11-2017 07:17 AM
Hi Paul,
That makes sense from the profiling perspective, will try two or three probes and will share the results.
Thank you very much .
Regards.
10-11-2017 07:38 AM
I usually run all of those profilers and see what information I learn to help develop my profiling policies.
Paul Haferman
Office- 920.996.3011
Cell- 920.284.9250
10-12-2017 04:35 AM
I also recommend reviewing the whitepaper under www.cisco.com/go/medicalnac as I explain in more detail the profiling methods currently available and their pros and cons. Stay tuned!
10-12-2017 07:40 AM
Awesome resource! Thanks a lot
10-12-2017 07:36 AM
Alright Paul, sounds like a good strategy to get as much information as possible, Im wondering if I run all the probes the CPU load will increase considerably?
10-12-2017 07:45 AM
I haven’t had an issues on any of my many deployments running the profilers and collecting as much data as I can.
Paul Haferman
Office- 920.996.3011
Cell- 920.284.9250
10-12-2017 08:05 AM
It is good to know, let's try it and see what happen!.
Thanks again for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide