Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
2
Helpful
3
Replies

CiscoISE - Profiling [MAB]

Go to solution
acapit
Level 1
Level 1

‎12-30-2023 09:19 AM

Hello there,

I am encountering this problem a lot when the Cisco ISE won't learn important information on a certain endpoint for example a printer, the information that the CiscoISE won't learn is

1) SysObjectID
2) SyObjectDesc

Now I need this information in order to do Profiling for certain MAB endpoints, anyone know what can cause this?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to acapit

‎12-30-2023 11:29 AM

@acapit the SNMP query probe will only perform a query for an endpoint every 24 hours.

You can also use NMAP to query the endpoint directly and profile the printer to learn those attributes, create a custom rule match on the vendor OUI then run a NMAP scan.

RobIngram_0-1703963696909.png

Device sensor configured on the switch might be sufficient to learn all the information you require.

 

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎12-30-2023 10:03 AM

@acapit you need the SNMP Probe on the ISE nodes to learn the SysObjectID and SysObjectDesc. Here is the ISE profiling guide.

https://community.cisco.com/t5/security-knowledge-base/ise-profiling-design-guide/ta-p/3739456#toc-hId--1464449051

 

0 Helpful

Go to solution
acapit
Level 1
Level 1
In response to Rob Ingram

‎12-30-2023 11:06 AM

I forgot to mention that I do have an SNMP probe and everything is enabled just fine. The issue is more complicated than it seems.

Let's say I have a certain switch 2 printers (same model), On one printer I can get the SNMP information, and on the other one, I can't and I don't seem to understand why one printer works and the other one doesn't. Sometimes when I force the endpoint to re-authenticate it fixes the problem but I don't really see it as a solution and I want to find what causes the ISE to not get the required SNMP information

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to acapit

‎12-30-2023 11:29 AM

@acapit the SNMP query probe will only perform a query for an endpoint every 24 hours.

You can also use NMAP to query the endpoint directly and profile the printer to learn those attributes, create a custom rule match on the vendor OUI then run a NMAP scan.

RobIngram_0-1703963696909.png

Device sensor configured on the switch might be sufficient to learn all the information you require.

 

Customers Also Viewed These Support Documents