02-20-2023 11:05 PM
Hi All,
is there any possibility to setup TCP filter on ISE using mac address of endpoint,
because There is only option to use is IP based tcp dump.
Solved! Go to Solution.
02-21-2023 06:18 AM
hello @ MD SHAHNAWAZ , as per the ISE capabilities , it can be used the IP address or even hostnames during the packet captures the following are examples of expressions you can use from https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_troubleshooting.html#ID785
ip host 10.77.122.123
ip host ISE123
ip host 10.77.122.123 and not 10.77.122.119
If you want to see specifically interactions from a given mac address , what you can do is to generate an endpoint debug on ISE , this is enabled in the menu Operations>Troubleshoot>Diagnostic Tools> Endpoint debug , please look for more information here https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_maintain_monitor.html?bookSearch=true#concept_8D61FC5FFEEE4902AFFD0EC98621779D
Let me know if that helped you.
View solution in original post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
