05-16-2017 06:55 AM
Hello,
I am trying to work in my lab with the anomalies detection capability.
I have followed the guide from TAC on it (Configure Anomalous Endpoint Detection and Enforcement on ISE 2.2 - Cisco) but it does not seem to be working as it should.
I have enabled only visibility and not enforcement.
The only entry I have on the ISE GUI (and on the log file), is the following
4= DEVICE.Device Type, 5=Dot1x, 72=All_User_ID_Stores, 73=Internal Users, 76=All_AD_Join_Points, 77=All_AD_Join_Points, 78=TRUSTSEC\\employee1, 79=trustsec.local, 80=trustsec.local, 82=employee1@trustsec.local, 83=All_AD_Join_Points, 100=ad, 101=CLIENT-WIN7-HQ$@trustsec.local, 102=trustsec.local, 103=trustsec.local, 104=trustsec.local, 106=ad, 110= Session.EPSStatus, 111= EndPoints.AnomalousBehaviour, 112= EndPoints.EndPointPolicy, 113= CERTIFICATE.Subject - Common Name, 114=ad, 115=trustsec.local, 116=ad, 117=trustsec.local, 118=ad, 119=ad, 120= ad.ExternalGroups, 121= PassiveID.PassiveID_Groups, 122= Radius.Calling-Station-ID, 123= Normalised Radius.RadiusFlowType, 124=Employees |
What should I do to have it working? Am I doing anything wrong?
Thanks
Solved! Go to Solution.
05-16-2017 01:23 PM
As a follow up, we closed on this offline by describing options to set DHCP options in Linux.
Craig
05-16-2017 08:14 AM
Hi,
For both the Windows and Linux endpoints, the DHCP class-identifier must reach ISE. What value do you see in both the cases (in Endpoint Context Visibility) ?
-Hari
05-16-2017 09:05 AM
Thanks Hari,
Turns out Ubuntu does not send the class-identifier, so that is stuck in Microsoft
05-16-2017 01:23 PM
As a follow up, we closed on this offline by describing options to set DHCP options in Linux.
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide