Solved: ISE Profiling Without DHCP Snooping

Damien Miller · ‎07-08-2019

I have a new ISE POC going and was testing ISE/dot1x functionality without DHCP snooping. In past deployments the customers have either been open to enabling snooping, or already had it in use. Before saying it is a hard requirement, I have taken a minimalist approach testing without snooping. DHCP information is expectantly missing from the device sensor cache, but so far everything works as it should.

ISE is still receiving DHCP information via IP helpers, and the authentication sessions still have an IP assigned presumably via IP device tracking.

Some docs say snooping is optional, other say it's mandatory. With the combination of IP helpers and IP device tracking, what would we miss if DHCP snooping wasn't implemented to enable the DHCP device sensor?

marce1000 · ‎07-09-2019

https://community.cisco.com/t5/policy-and-access/ise-and-dhcp-snooping/td-p/2473425

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

marce1000 · ‎07-09-2019

https://community.cisco.com/t5/policy-and-access/ise-and-dhcp-snooping/td-p/2473425

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Mohammed al Baqari · ‎07-09-2019

With the combi of tracking and helper, dhcp snooping won't add to the
information as you already got what you want. I have configured as you
mentioned and can see dhcp options populated successfully in ISE

**** Remember to rate useful posts