02-20-2023 11:05 PM
Hi All,
is there any possibility to setup TCP filter on ISE using mac address of endpoint,
because There is only option to use is IP based tcp dump.
Solved! Go to Solution.
02-21-2023 06:18 AM
hello @ MD SHAHNAWAZ , as per the ISE capabilities , it can be used the IP address or even hostnames during the packet captures the following are examples of expressions you can use from https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_troubleshooting.html#ID785
ip host 10.77.122.123
ip host ISE123
ip host 10.77.122.123 and not 10.77.122.119
If you want to see specifically interactions from a given mac address , what you can do is to generate an endpoint debug on ISE , this is enabled in the menu Operations>Troubleshoot>Diagnostic Tools> Endpoint debug , please look for more information here https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_maintain_monitor.html?bookSearch=true#concept_8D61FC5FFEEE4902AFFD0EC98621779D
Let me know if that helped you.
02-21-2023 06:18 AM
hello @ MD SHAHNAWAZ , as per the ISE capabilities , it can be used the IP address or even hostnames during the packet captures the following are examples of expressions you can use from https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_troubleshooting.html#ID785
ip host 10.77.122.123
ip host ISE123
ip host 10.77.122.123 and not 10.77.122.119
If you want to see specifically interactions from a given mac address , what you can do is to generate an endpoint debug on ISE , this is enabled in the menu Operations>Troubleshoot>Diagnostic Tools> Endpoint debug , please look for more information here https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_maintain_monitor.html?bookSearch=true#concept_8D61FC5FFEEE4902AFFD0EC98621779D
Let me know if that helped you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: