Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
827
Views
0
Helpful
6
Replies

ISE Profiling1

Go to solution
edondurguti
Level 4
Level 4

‎08-08-2012 07:00 AM - edited ‎03-10-2019 07:23 PM

Hi,

I am using cisco ise and wlc, at the moment I am not doing posturing or anything, just profiling.

Seems like it's unable to get past APPLE-Device for iphones, and for laptops it's showing unknown.

I have set all the profling options to ON.

Is there any special configuration the the switch where the AP is connected, or where the ISE is connected.

I have PRIMARY ISE as a Profling Primary role and the Secondary ISE as a primary monitoring.

than kyou.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎08-08-2012 07:26 AM

Hi,

Are you using the dhcp ip helper feature on your switches or wlc? If you are using the dhcp proxy on the controller then you will have to set the ise node as the dhcp server as the primary server, and you will have to use the redirection url in order to get the user agent string off your clients.

My suggestion to you is to use a span port in order to get the information you are looking for.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎08-08-2012 07:26 AM

Hi,

Are you using the dhcp ip helper feature on your switches or wlc? If you are using the dhcp proxy on the controller then you will have to set the ise node as the dhcp server as the primary server, and you will have to use the redirection url in order to get the user agent string off your clients.

My suggestion to you is to use a span port in order to get the information you are looking for.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Go to solution
edondurguti
Level 4
Level 4
In response to Tarik Admani

‎08-08-2012 07:36 AM

Thanks for your prompt reply, I am not doing the span port cu this is on WAN over 100 sites so I don't think it's a good idea bandwidth wise.

Ip-dhcp-helper on the switch where the AP is connected ( I am not doing anything for wired users yet)

where do i set the ip dhcp helper function?

yes, the wlc uses IP DHCP PROXY

0 Helpful

Go to solution
edondurguti
Level 4
Level 4
In response to Tarik Admani

‎08-08-2012 07:39 AM

Oh I think i see what you mean, wlc dhcp proxy will have ISE require dhcp first, eventhough it's not the dhcp server it will still request and move forward to the second valid dhcp server thus ISE will be able to get info from the request :]

ur the man :]

0 Helpful

Go to solution
edondurguti
Level 4
Level 4
In response to Tarik Admani

‎08-08-2012 01:52 PM

what if no proxy is being used on the WLC

0 Helpful

Go to solution
edondurguti
Level 4
Level 4
In response to edondurguti

‎08-08-2012 02:06 PM

Will span port on all 100 remote sites cause bandwidth issues?

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to edondurguti

‎08-08-2012 02:20 PM

I would assume so, you can add another ip helper statement to all your vlan interfaces so that the ip helper statement is forwarded to your PSNs.

thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents