cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

896
Views
0
Helpful
2
Replies
Highlighted
VIP Engager

NMAP Printer Profiling

I am not sure in what version NMAP defaults changed, but now unknown devices and most of the Cisco predefined profiles use "SNMPPortsandOS-scan" for the NMAP scanning.  Previously NMAP uses to scan all common ports.  Normally I don't care about more than SNMP, but port 9100 was a huge part of my printer strategy.

After rolling out monitor mode, I would usually create a profiler to pull in all NMAP 9100 listeners into a group and start creating a printer profile.  Now with common ports not on by default or even available in 2.1 (at least I don't see it) I am stuck with hopefully getting SNMP data or OUI.  DHCP is not enabled for printers in most customers even though we encourage them to go with DHCP and static reservations.

Is there any other way to get port 9100 open information?

Thanks.

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NMAP Printer Profiling

In ISE 2.1 you can create your own NMAP Scans, SNMP Port being one of them.  Go to Policy > Policy Elements > Results and choose Profiling > Network Scan (NMAP) Actions.  From there, Choose +Add to create your own.

NMAP.PNG

Or, you might be able to use the SNMPPortsAndOS-scan default NMAP Scan Action.

From there, navigate to Policy > Profiling and choose the device profile for which you would like to add the NMAP Scan Action.  Choose the Network Scan (NMAP) Action from the drop down and click Save.

NMAP2.PNG

View solution in original post

2 REPLIES 2
Cisco Employee

Re: NMAP Printer Profiling

In ISE 2.1 you can create your own NMAP Scans, SNMP Port being one of them.  Go to Policy > Policy Elements > Results and choose Profiling > Network Scan (NMAP) Actions.  From there, Choose +Add to create your own.

NMAP.PNG

Or, you might be able to use the SNMPPortsAndOS-scan default NMAP Scan Action.

From there, navigate to Policy > Profiling and choose the device profile for which you would like to add the NMAP Scan Action.  Choose the Network Scan (NMAP) Action from the drop down and click Save.

NMAP2.PNG

View solution in original post

VIP Engager

Re: NMAP Printer Profiling

Thanks I missed where you could define custom NMAP scans. I guess now we have to make a customer scan to get common ports then go and modify all the possible printer top level profiles to make sure 9100 is checked. Much easier before when common ports scan was the default.

Thanks for the quick feedback.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250