Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
2
Helpful
4
Replies

What kind of ISE profiling is possible on SG500?

Go to solution
JDores
Cisco Employee
Cisco Employee

‎01-03-2018 03:03 AM

Hi experts,

In the ISE 2.3 Compatibility Matrix I can see that profiling is supported for SG500 is a limited fashion:

Cisco Identity Services Engine Network Component Compatibility, Release 2.3 - Cisco

Can we get more information on the scope of profiling that is possible on the SG500?

Thanks in advance,

José

1 Accepted Solution

Accepted Solutions

Go to solution
ldanny
Cisco Employee
Cisco Employee
In response to JDores

‎01-03-2018 03:52 AM

It will work as well with SNMP , NMAP as well as DHCP , as I explained it wasnt tested thoroughly but in theory it should be capable . I suggest a trial and error approach and would be happy to get any feedback from your findings.

As for you license question , profiling does not need PLUS licensing , however if you intend to enforce policies based on profiles then yes you would need to have PLUS in place.

Thanks,

Danny

View solution in original post

4 Replies 4

Go to solution
ldanny
Cisco Employee
Cisco Employee

‎01-03-2018 03:19 AM

Hi Jose,

SG500 can provide limited profiling for endpoints.We dont have a reference as it hasnt been thoroughly tested.

Really all depends on the type of AVs the SG500 can provide.

What is your use case?

Danny

0 Helpful

Go to solution
JDores
Cisco Employee
Cisco Employee
In response to ldanny

‎01-03-2018 03:36 AM

No particular use-case in mind yet - the customer is evaluating ISE and he is trying to understand the limitation for the existing SMB switches he has.

So as I understood from your answer, the only probe we would use is RADIUS for the SMB switches. We would need the PLUS subscription in any case, correct?

Thanks again,

José

0 Helpful

Go to solution
ldanny
Cisco Employee
Cisco Employee
In response to JDores

‎01-03-2018 03:52 AM

It will work as well with SNMP , NMAP as well as DHCP , as I explained it wasnt tested thoroughly but in theory it should be capable . I suggest a trial and error approach and would be happy to get any feedback from your findings.

As for you license question , profiling does not need PLUS licensing , however if you intend to enforce policies based on profiles then yes you would need to have PLUS in place.

Thanks,

Danny

Go to solution
JDores
Cisco Employee
Cisco Employee
In response to ldanny

‎01-03-2018 07:27 AM

Thanks for the help Danny!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents