cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
0
Helpful
6
Replies

ISE Profiling1

edondurguti
Level 4
Level 4

Hi,

I am using cisco ise and wlc, at the moment I am not doing posturing or anything, just profiling.

Seems like it's unable to get past APPLE-Device for iphones, and for laptops it's showing unknown.

I have set all the profling options to ON.

Is there any special configuration the the switch where the AP is connected, or where the ISE is connected.

I have PRIMARY ISE as a Profling Primary role and the Secondary ISE as a primary monitoring.

than kyou.

1 Accepted Solution

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Are you using the dhcp ip helper feature on your switches or wlc? If you are using the dhcp proxy on the controller then you will have to set the ise node as the dhcp server as the primary server, and you will have to use the redirection url in order to get the user agent string off your clients.

My suggestion to you is to use a span port in order to get the information you are looking for.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

6 Replies 6

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Are you using the dhcp ip helper feature on your switches or wlc? If you are using the dhcp proxy on the controller then you will have to set the ise node as the dhcp server as the primary server, and you will have to use the redirection url in order to get the user agent string off your clients.

My suggestion to you is to use a span port in order to get the information you are looking for.

Thanks,

Tarik Admani
*Please rate helpful posts*

Thanks for your prompt reply, I am not doing the span port cu this is on WAN over 100 sites so I don't think it's a good idea bandwidth wise.

Ip-dhcp-helper on the switch where the AP is connected ( I am not doing anything for wired users yet)

where do i set the ip dhcp helper function?

yes, the wlc uses IP DHCP PROXY

Oh I think i see what you mean, wlc dhcp proxy will have ISE require dhcp first, eventhough it's not the dhcp server it will still request and move forward to the second valid dhcp server thus ISE will be able to get info from the request :]

ur the man :]

what if no proxy is being used on the WLC

Will span port on all 100 remote sites cause bandwidth issues?

I would assume so, you can add another ip helper statement to all your vlan interfaces so that the ip helper statement is forwarded to your PSNs.

thanks,

Tarik Admani
*Please rate helpful posts*