cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
295
Views
5
Helpful
4
Replies

ISE Profiling

Steven Williams
Enthusiast
Enthusiast

Is 802.1x required for profiling on the wire? 

1 Accepted Solution

Accepted Solutions

I think you attacked the question in the reverse order. I know that profiling is not required for 802.1x, but my question was more in order to do profiling via ISE do endpoints need to be configured as 802.1x and I think the answer is no they do not.

View solution in original post

4 Replies 4

Jason Kunst
Cisco Employee
Cisco Employee
No profiling can work with straight MAB for printers, scanner, camera, etc

I would recommend checking out the http://cs.co/ise-resources for profiling

Arne Bier
VIP Advisor VIP Advisor
VIP Advisor

Profiling is certainly not required for wired 802.1X because 802.1X itself is the authentication method.  In fact, you cannot profile an un-authenticated device that is on a port in "closed mode", because 802.1X is layer 2 - the port is shut and doesn't allow traffic to or from the client to pass.  Only EAP frames can pass.  And this doesn't not count as profiling.

I would add that once an endpoint has been authenticated (via 802.1X) then you can enable Radius Profiling data to be sent from a Cisco Switch that supports Device Sensor.  You get free profiling on the switch and the data is sent to ISE via Radius Accounting (Interim-Updates).  This means you can get better visibility about the IP address, hostname, OS, web browser etc. via "passively" snooping the client traffic on the switch.

All other more "active" profiling methods are also available (NMAP, DHCP, HTTP, AD, etc)

I think you attacked the question in the reverse order. I know that profiling is not required for 802.1x, but my question was more in order to do profiling via ISE do endpoints need to be configured as 802.1x and I think the answer is no they do not.

Correct endpoints don’t need to be configured for Dot1x to do profiling. They can be profiled as MAB devices.

Recommend looking at the profiling guide under http://cs.co/ise-resources

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers