Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
139
Views
0
Helpful
2
Replies

Benefits and Drawbacks of Enabling MUD in ISE

gillgarret
Level 1
Level 1

‎04-03-2025 08:31 AM

Hey all,

My organization has a complex device ecosystem. We have many unprofiled devices that I am working on researching and creating profiles for in ISE to work toward a Zero Trust architecture. However, many are IoT devices or devices that are System on Modules. The attributes that are given by the probes in ISE are simply not enough to profile the majority of the devices.

I am researching MUD as a potential solution. Does anyone know if there is a significant network performance impact from enabling MUD in ISE? Additionally, is MUD even worth investigating for profiling devices with minimal ISE attributes? 

Any insight would be much appreciated!

0 Helpful
2 Replies 2

ahollifield
VIP
VIP

‎04-03-2025 06:16 PM

I wouldn't see any risk as this is just Device Sensor data via RADIUS accounting. Crucially though, are these devices even sending MUD via DHCP or LLDP?  Do you have DHCP and LLDP enabled on Device Sensor?

You may also wish to consider the AI/ML Cloud MFC proposals available in 3.3+ or using a SPAN-based profiler utility like Ordr or Cisco Endpoint Analytics. Cisco Cybervision also offers IoT visibility and integration with ISE.

0 Helpful

gillgarret
Level 1
Level 1
In response to ahollifield

‎04-10-2025 09:18 AM

After some discussion we have concluded that the devices in question are likely not MUD-enabled, so MUD is probably not our solution. We are running DHCP on our ISE config.

Sounds like ISE 3.3 might be our next move. Thank you for your insights!

0 Helpful
Customers Also Viewed These Support Documents