Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
1
Helpful
6
Replies

ISE ability to report wired endpoint switch address.

Go to solution
pacavell
Cisco Employee
Cisco Employee

‎11-13-2018 12:33 PM

Would it be true that ISE requires Radius probes be enbled in order to report on what switch port a wired endpoint is connected to?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-13-2018 12:53 PM

RADIUS probes should always be enabled. They are by default and include lots of good information. Especially on Cisco switching with Device Sensor support.

What switching platform are you looking into?

View solution in original post

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to Arne Bier

‎11-14-2018 03:33 PM - edited ‎11-14-2018 03:36 PM

Arne,

 

Great question. Session services internally generates syslog (UDP 30514) and RADIUS probe listens to it and parses attributes from syslog. So if you dont turn on profiling then information will be gathered by PSN but it will not be used towards profiling an endpoint.

 

-Krishnan

View solution in original post

6 Replies 6

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-13-2018 12:53 PM

RADIUS probes should always be enabled. They are by default and include lots of good information. Especially on Cisco switching with Device Sensor support.

What switching platform are you looking into?
0 Helpful

Go to solution
pacavell
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎11-13-2018 01:06 PM

3650 (16.6.3) and 2960X (15.2(2)E9)
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to pacavell

‎11-13-2018 01:29 PM

OK this is natively send in RADIUS device sensor and ISE RADIUS probe is on by default

See wired guide here for more information
https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515#toc-hId--983402517
0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to Jason Kunst

‎11-14-2018 02:33 PM

Hey @Jason Kunst - I think this question has been answered before, but do you know for definite whether the Device Sensor data contained in Radius Accounting packets is processed by any PSN node running "Session Services", but where the the "Profiling Service" is NOT enabled?  

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to Arne Bier

‎11-14-2018 03:33 PM - edited ‎11-14-2018 03:36 PM

Arne,

 

Great question. Session services internally generates syslog (UDP 30514) and RADIUS probe listens to it and parses attributes from syslog. So if you dont turn on profiling then information will be gathered by PSN but it will not be used towards profiling an endpoint.

 

-Krishnan

Go to solution
IPTel Solutions
Level 1
Level 1
In response to kthiruve

‎11-14-2018 03:48 PM

If I had a base license to play around with then I could test this conclusively.

  1. Build a fresh ISE 2.4 node and leave it on eval license
  2. Enable Session Service
  3. Enable Profiling Service
  4. Apply Base License and delete all eval licenses (so that only Base license remains)

What happens next? Does Profiling remain on, or does the Service get automatically disabled (because I no longer have a Plus license)?

 

I was always under the impression that Radius Accounting is processed by the PSN Radius profiling probe regardless of whether Profiling Service is enabled (Craig Hyps once mentioned that in an earlier posting somewhere).  I don't understand the connection with SYSLOG and why the Radius Probe processes SYSLOGs?  Is it just me or is this stuff cryptic and confusing ?

 

How can I get an eval Base-Only license (30 day expiry or whatever)?  

0 Helpful
Customers Also Viewed These Support Documents