Solved: Re: ISE 2.4 profiling

mgr · ‎01-23-2019

Hi,

I am trying to configure profiling using Cisco ISE 2.4 to find out the devices connected to my switch interfaces before configuring them for 802.1x authentication.

Cisco ISE profiling has lots of probes listed, but my query is :

1. Is it possible to enable only profiling first without configuring the switch ports for 802.1x authentication? Can i enable all global configuration related to RADIUS & probes and gather information?

2. If yes, which probes would help me gather the connect device's hardware information?

Jason Kunst · ‎01-23-2019

Recommend also looking into using device sensor on Cisco gear. Makes all that information was packaged and sent to ise via radius packets. Relying on manual probes likes dhcp helper and snmp isn’t as seamless as this method

Remember ise requires a valid radius session for it to work correctly

Start with the ise profiling guide available under http://cs.co/ise-guides

View solution in original post

Mohammed al Baqari · ‎01-23-2019

Hi,

Yes, you can enable profiling before dot1x which is called open-mode. I
suggest to configure DHCP probes, Radius Probes, SNMP Probes, and AD Probes
if possible and you are using AD. This should provide good start.

Note that you need to configure dhcp relay pointing to ise and radius
server as ise.

Jason Kunst · ‎01-23-2019

Recommend also looking into using device sensor on Cisco gear. Makes all that information was packaged and sent to ise via radius packets. Relying on manual probes likes dhcp helper and snmp isn’t as seamless as this method

Remember ise requires a valid radius session for it to work correctly

Start with the ise profiling guide available under http://cs.co/ise-guides