02-20-2017 10:41 AM
Hi,
I'm trying to profile corporate assets without doing any kind of posturing.
Was excited about the Active Directory probe but I've hit some limitations. According to some documts the to trigger the active directory probe, ISE must get the host-name attribute, so far the only way to get the host-name attribute is via DHCP.
Looks simple if using WLC or dot1x for wireless/wired users.
Here's an example for wireless:
Configure ISE 2.1 Profiling Services Based on AD Probe - Cisco
My case is for VPN only, I've tried to configure DHCP on the ASA for anyconnect users but that didn't help, ASA proxies the DHCP request packets.
I was hoping DNS would provide the 'host-name' attribute but looks like DNS provides FQDN instead and that doesn't seem to trigger the AD connector runtime, I do have PTR records for my VPN users.
Any ideas anyone?
Thanks
Solved! Go to Solution.
02-23-2017 10:31 AM
Hi Edon,
As you stated, the AD probe is reliant on getting the host name attribute. There are a few ways to do this: DHCP, NMAP and DNS. A FQDN will also trigger the AD probe. Be sure that you have those probes enabled so that AD probe can be triggered. If you do have those probes enabled, please open a TAC case for further assistance.
Regards,
-Tim
02-23-2017 10:31 AM
Hi Edon,
As you stated, the AD probe is reliant on getting the host name attribute. There are a few ways to do this: DHCP, NMAP and DNS. A FQDN will also trigger the AD probe. Be sure that you have those probes enabled so that AD probe can be triggered. If you do have those probes enabled, please open a TAC case for further assistance.
Regards,
-Tim
02-26-2017 02:02 PM
HI. I have the probes configured but AD fetch is not triggered after receiving the fqdn from the dns. I see that the fqdn is successfuly learned via dns. I have a case w tac.
07-20-2017 07:13 PM
opened: CSCve59881 - dns will not trigger AD probe.
08-11-2023 01:55 PM
How do you see the fqdn successfully learned from dns?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: