05-14-2019 12:07 PM
Is 802.1x required for profiling on the wire?
Solved! Go to Solution.
05-15-2019 05:49 AM
05-14-2019 01:08 PM
05-14-2019 07:22 PM
Profiling is certainly not required for wired 802.1X because 802.1X itself is the authentication method. In fact, you cannot profile an un-authenticated device that is on a port in "closed mode", because 802.1X is layer 2 - the port is shut and doesn't allow traffic to or from the client to pass. Only EAP frames can pass. And this doesn't not count as profiling.
I would add that once an endpoint has been authenticated (via 802.1X) then you can enable Radius Profiling data to be sent from a Cisco Switch that supports Device Sensor. You get free profiling on the switch and the data is sent to ISE via Radius Accounting (Interim-Updates). This means you can get better visibility about the IP address, hostname, OS, web browser etc. via "passively" snooping the client traffic on the switch.
All other more "active" profiling methods are also available (NMAP, DHCP, HTTP, AD, etc)
05-15-2019 05:49 AM
05-15-2019 07:20 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: