Cisco ISE profiling on FEX2232

JAMES WEST · ‎04-28-2017

Hi All,

I am looking to implement ISE profiling in the next few weeks, most of this will be on IOS devices, with Cisco IP Phones and EZConnect for Win7 machines. During our audit we found that there were some MAC OS devices directly connected to N2K-C2232TM-E-10GE to get 10Gb connectivity.

Is Cisco ISE version 2.1, or any version capable of profiling these connections to the FEX??

Version of Nexus C7706 is 6.2.16

ISE 2.1

singhkulbir29881 · ‎04-28-2017

Hi James,

Yes, Cisco ISE version 2.1 is capable of profiling these connection. The Cisco Nexus 2000 Series Fabric Extenders are remote line cards for a Cisco Nexus parent switch. All device configurations are managed on the parent switch so you need to define all AAA related policies on parent NEXUS switch.

Please rate if this is helpful.

JAMES WEST · ‎04-28-2017

Hi singhkulbir29881,

Thanks for your feedback.

The Nexus doesn't support device-sensors, so i have the following config on the Parent switch -

aaa group server tacacs+ ABC.com
aaa authentication login default group ABC.com
aaa authorization config-commands default group ABC.com
aaa authorization commands default group ABC.com
aaa authentication login error-enable

Do you think l will require any additional AAA commands for profiling to work?

Thanks,

James

singhkulbir29881 · ‎04-28-2017

ISE make the use of probes to profile the devices. There are different types of probes like Radius, DHCP, DNS, Netflow, SNMP etc. Device sensor feature is only used by RADIUS probe. You can use other probes like DHCP (simplest one) to profile the devices. You only need to send copy of DHCP request to ISE.

Following is link having information of all the profiling probes. You can use anyone of them that are suitable to your environment.

http://www.network-node.com/blog/2016/1/2/ise-20-profiling

Please rate if it is useful.