Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1657
Views
0
Helpful
2
Replies

Easily Changing NMAP Defaults

Go to solution
paul
Level 10
Level 10

‎09-14-2016 06:39 PM

Staring with 2.0  (may have been earlier) ISE changed the default NMAP scan used for most printer classes to doing OS and SNMP scan only.  This is unhelpful of course because one of the nice factors when profiling printers is knowing if port 9100 is open.  Now ISE doesn't collect that information by default as it did before.  Of course, ISE won't let me modify the system NMAP scan definitions so I can't just add port 9100 to the SNMP and OS NMAP scan action. 

I think my only way around for this is to create my own scan action that does OS, common ports and SNMP.  Then go find all the potential top level printer built in profiles and change the NMAP scan action.  Is there an easier way to do this?

It is also frustrating that my only choice is common ports to scan port 9100.  All I want to really do is do OS scan, SNMP scan and port 9100 check, but I can't add port 9100 as a custom port because "It is a predefined port".

Thanks in advance for the help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to imbashir

‎09-16-2016 12:19 PM

Fortunately, there are less than 10 default top-level printer profiles that would need default scan action to be changed to your custom setting.  Doing scan against additional common ports will add negligible impact on profile process.

/Craig

View solution in original post

0 Helpful
2 Replies 2

Go to solution
imbashir
Cisco Employee
Cisco Employee

‎09-14-2016 10:42 PM

As you've mentioned, by Default profiling policies for printers are not configured to trigger NMAP. NMAP has by default UDP 9100 and TCP 9100 as part of the common ports

One way to gather information could be to run a manual subnet SCAN, ISE 2.1 has many enhancements for NMAP

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to imbashir

‎09-16-2016 12:19 PM

Fortunately, there are less than 10 default top-level printer profiles that would need default scan action to be changed to your custom setting.  Doing scan against additional common ports will add negligible impact on profile process.

/Craig

0 Helpful
Customers Also Viewed These Support Documents