Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2844
Views
0
Helpful
3
Replies

ISE - setup for monitoring only

endpoint
Level 1
Level 1

‎02-22-2013 09:42 AM - edited ‎03-10-2019 08:07 PM

Hello

i am new to the ISE; had some good reading about its functionalities and would like to setup .1x in monitoring mode only for one of our switches. Basically would like to see what type of info i can get in ISE if i can setup switch for .1x monitoring but needs to know what commands to put in switch to achieve this.

Would you guys be able to share some info about setting up a switch for .1x in monitoring mode only (not authorization) with ISE 1.1

Thanks

Labels:
0 Helpful
3 Replies 3

Philip Vilhelmsson
Level 1
Level 1

‎02-25-2013 04:06 AM

Hi,

You can follow the TrustSec Monitoring Mode Deployment Guide to do this:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html

Since you want to do it for only one switch you can put it in a seperate network device group and then a authorization rule soemthing like this:

IF device = all AND network device group = your group THEN allow all trafic.

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎03-02-2013 01:56 AM

you need to enable these commands on switch so that it can send the monitoring data upto ISE

Enable EPM Logging

Set up standard logging functions on the switch to support possible troubleshooting/recording for Cisco ISE functions:

epm logging

Enable SNMP Traps

Ensure the switch is able to receive SNMP trap transmissions from Cisco ISE over the appropriate VLAN in this network segment:

snmp-server community public RO

snmp-server trap-source

Enable SNMP v3 Query for Profiling

Configure the switch to ensure SNMP v3 polling takes place as intended to support Cisco ISE profiling services. First, configure the SNMP settings in Cisco ISE by choosing Administration > Network Resources > Network Devices >Add | Edit > SNMP Settings.

Snmp-server user v3 auth md5 priv des

snmp-server group v3 priv

snmp-server group v3 priv context vlan-1

You can refer to this link for additional info

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.html

0 Helpful

petermitchell
Level 1
Level 1

‎03-03-2013 02:36 AM

These commands in addition to the usual dot1x switch settings will allow "monitor mode" for clients.

interface XX.

authentication host-mode multi-auth

authentication open

0 Helpful
Customers Also Viewed These Support Documents