Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
35
Helpful
4
Replies

How is the profiling probe elected on ISE

Go to solution
SMD28316
Level 1
Level 1

‎08-16-2022 02:47 AM

From the endpoint attributes in the context visibility, I can see DHCP attributes received, but I can't get the profiling to be via DHCP, as the endpoint source is always RADIUS probe, not DHCP, and before that it was active directory probe, it only changed when I disabled AD probe for the whole node, how can I control this behavior? I tested editing the profiling policies by adding DHCP probes but with no luck,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎08-16-2022 08:57 AM

Hi @SMD28316 ,

 ISE shows the last Probe "used", in other words, if you are using DHCP, AD and RADIUS Probe but the last Probe "used" (Endpoint attribute received by ISE) is RADIUS, then RADIUS is the Probe that you see.

 To use a DHCP Probe:

1st use the ip helper-address command point to ISE

2nd at Profiling Policies (Work Centers > Profiler) double check your DHCP Expressions, for ex.:

DHCP:dhcp-class-identifier CONTAINS xxx
DHCP:hostname CONTAINS xxx

Hope this helps !!!

View solution in original post

4 Replies 4

Go to solution
ahollifield
VIP
VIP

‎08-16-2022 04:12 AM

Is ISE actually receiving DHCP information?  How are you sending the DHCP discover packets to ISE?  DHCP Relay?  Cisco Device Sensor?

Go to solution
SMD28316
Level 1
Level 1
In response to ahollifield

‎08-16-2022 04:40 AM

Yes, I can see them in the attributes tab  and in packet captures, and I use device sensor.

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP

‎08-16-2022 08:57 AM

Hi @SMD28316 ,

 ISE shows the last Probe "used", in other words, if you are using DHCP, AD and RADIUS Probe but the last Probe "used" (Endpoint attribute received by ISE) is RADIUS, then RADIUS is the Probe that you see.

 To use a DHCP Probe:

1st use the ip helper-address command point to ISE

2nd at Profiling Policies (Work Centers > Profiler) double check your DHCP Expressions, for ex.:

DHCP:dhcp-class-identifier CONTAINS xxx
DHCP:hostname CONTAINS xxx

Hope this helps !!!

Go to solution
Arne Bier
VIP
VIP

‎08-16-2022 01:18 PM

I normally go by the "Total Certainty" factor to verify that ISE has selected the profiling policies that I was expecting. Perhaps running an Endpoint Trace would show the exact workings of the ISE Profiling Engine? Delete the endpoint, start the endpoint debug and then look through the detailed logs. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents