cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1618
Views
5
Helpful
1
Replies

ISE device profiling based on NMAP scan failed on authorization policy

mrimmune
Level 1
Level 1

Hello team,

 

please help with correct way configuration device profiling based on NMAP scan:

1. if I try to use make profile policy in one policy - OUI (Triger) --> NMAP scan --> using 2 discovered ports for device - does not work.

2. if I try to use 2-3 levels for make the device profile - OUI (Triger) (1 st level) --> NMAP Scan (2nd level) --> compile final profile using discovered port - it is work, but I must to allow all steps above in Authorization policy and I don't want because it opens security breach (every one with spoofed MAC of device ) has access to network.

 

I review a lot of KBs , but there it mention to use option 1 , but it does not work - scan not run.

 

any idea?

 

thanks

Michael

 

1 Reply 1

chris-lawrence
Level 1
Level 1

Hi Michael,

 

In my case, I'm trying to do your option #2.

 

2. if I try to use 2-3 levels for make the device profile - OUI (Triger) (1 st level) --> NMAP Scan (2nd level) --> compile final profile using discovered port - it is work

 

MAB PASS #1 - I want to initially profile the endpoint on OUI and dhcp-parameters to give temporary access. Done with NAD device sensor.

MAB PASS #2 - I want to provide enough network access to the endpoint to allow ISE to perform its Endpoint Scan (Automatic, Triggered) custom NMAP Custom Ports Scan.

MAB PASS #3 - Only then I want to provide enough network access to the endpoint to reach its provisioning system to get its configuration based on passes 1 and 2.

 

Once this is done, the endpoint should be authenticated against DOT1X.

 

Where within ISE do you find the logging/reporting on the results of the Endpoint Scan? I can't seem to locate it.

 

Thanks,

Chris