cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1006
Views
0
Helpful
4
Replies

ISE profiling POV with WLC

ktoyoshi
Cisco Employee
Cisco Employee

Hi,

I'd like to confirm if ISE profiling work well with accounting (without authentication) traffic from device sensor enabled WLC.

Under customer POV, we can change accounting configuration on existing WLC but its authentication have to be done by other RADIUS.

Best Regards,

Kaori

2 Accepted Solutions

Accepted Solutions

I found the answer from the link you shared. It says "Device Sensor can be deployed across wired access switches and wireless controllers for both RADIUS-authenticated environments and other types of deployments such as a pre-ISE discovery phase." So my concern is clear. Thanks for your help.

 

Best Regards,

Kaori 

View solution in original post

Jason Kunst
Cisco Employee
Cisco Employee

This may work but if there is no valid session how is it supposed to show? Are you going to do authorization on ISE?

I would recommend testing it as its not something we focus on

 

https://community.cisco.com/t5/identity-services-engine-ise/ise-profiling-on-wired-using-radius-probe-and-accounting-no/td-p/3516956

View solution in original post

4 Replies 4

pan
Cisco Employee
Cisco Employee

ISE can get data with the help of below probes: RADIUS probe is one of them. You can configure ISE for other probes (DHCP, NMAP, Active directory, NMAP)

 

profilling-1.png

 

Kindly refer below doc:

 

https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

ktoyoshi
Cisco Employee
Cisco Employee

Thank you for comment. We're checking the other probe possibility but would like to understand if WLC accounting is one of the solution or not. Do you mean accounting only won't work?

I found the answer from the link you shared. It says "Device Sensor can be deployed across wired access switches and wireless controllers for both RADIUS-authenticated environments and other types of deployments such as a pre-ISE discovery phase." So my concern is clear. Thanks for your help.

 

Best Regards,

Kaori 

Jason Kunst
Cisco Employee
Cisco Employee

This may work but if there is no valid session how is it supposed to show? Are you going to do authorization on ISE?

I would recommend testing it as its not something we focus on

 

https://community.cisco.com/t5/identity-services-engine-ise/ise-profiling-on-wired-using-radius-probe-and-accounting-no/td-p/3516956