10-18-2018 06:37 PM
I am working in local government and we are modernizing our network to use VRF so we can isolate traffic for security and regulatory compliance reasons. We do have some cross department shared access and communications, as well as enterprise services that go across all departments, but we are trying to isolate everything else based on windows active directory domain user accounts and applications.
I would like to use monitoring logs to help determine what ports and protocols we are currently using, and which applications are using them, and how those relate to individual users.
I am totally new to ISE and ACI and I'm hoping there is some kind of road map or guidelines for observing what is already going on to see what we need in order to set up our rules.
Thanks for any guidance or input you may have to share or offer.
phil
Solved! Go to Solution.
10-19-2018 05:08 AM
Hello,
ISE is not a traffic monitoring tool, ISE is used for network access control and segmentation among many others things. If you are looking for someone to monitor traffic you would be better off looking at stealthwatch.
But the segmentation goal you are trying to achieve with VRFs would be much easier to achieve using ISE. ISE is great at segmentation and it is much more dynamic than trying to use VRFs.
-Cory
10-19-2018 11:24 AM
10-19-2018 12:23 PM
Here is a link to the profiling chapter of the 2.4 admin guide:
That is the data ISE can collect. You can ignore the Netflow/HTTP profile because for the most part that data is harder/impractical to get.
10-19-2018 05:08 AM
Hello,
ISE is not a traffic monitoring tool, ISE is used for network access control and segmentation among many others things. If you are looking for someone to monitor traffic you would be better off looking at stealthwatch.
But the segmentation goal you are trying to achieve with VRFs would be much easier to achieve using ISE. ISE is great at segmentation and it is much more dynamic than trying to use VRFs.
-Cory
10-19-2018 05:14 AM
10-19-2018 10:36 AM
Could you please elaborate? Somehow this got marked as solved, but it isn't.
Thanks
10-19-2018 10:34 AM
Cory, I said monitoring mode. Not monitoring tool. The implementation guide I read had this as a step before going to low impact mode, and then closed mode. I am interested in using logs when in monitoring mode to help us map out our plan. I'm sorry if it sounded like I'm trying to set up a monitoring tool.
10-19-2018 11:02 AM
Cory's answer was marked as the solution because it was 100% correct. ISE is not a traffic analysis tool. You need Netflow data into a collector like Stealtwatch to do what you want.
10-19-2018 11:15 AM
10-19-2018 11:33 AM
10-19-2018 11:13 AM
I'm trying to see if I can use this to help our engineers figure out which ports and protocols are being used, and by which users.
From there I can cross reference other logging tools that can help me determine which applications are being used so we can plan our Cisco ACI.
"Monitoring and Troubleshooting [Cisco Identity Services Engine] - Cisco Systems"
|
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_mnt.html#wp1056584
10-19-2018 11:18 AM
Monitoring and Troubleshooting [Cisco Identity Services Engine] - Cisco Systems
|
10-19-2018 11:24 AM
10-19-2018 11:52 AM
Where did patterns come from? I didn't say anything about monitoring patterns.
I was hoping to get some help here, but I will take your advice and look elsewhere.
If I am able to find what I'm looking for, I will report back here to share it.
Have a great weekend.
10-19-2018 12:05 PM
10-19-2018 12:15 PM
I did read. That was how I got the idea for using monitoring mode to help me get the details I need to create our rules.
I didn't bring up patterns. That was someone else.
10-19-2018 12:23 PM
Here is a link to the profiling chapter of the 2.4 admin guide:
That is the data ISE can collect. You can ignore the Netflow/HTTP profile because for the most part that data is harder/impractical to get.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide