Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
1
Helpful
6
Replies

ISE Visibility Wizard/NMAP

Go to solution
GQ
Cisco Employee
Cisco Employee

‎05-10-2017 07:08 AM

The Visibility Wizard and the manual NMAP scan aren't populating endpoint visibility in 2.2 (or patch 1). 

The network design is the ISE server is in 10.0.1.0/24 and I'm trying to scan the exact same subnet.  It should have a wealth of ARP bindings and return data from NMAP.  No catalyst/wlc is involved (for the visibility wizard I gave it a dummy switch IP just to move the wizard forward).

It's a fresh eval install and the profiler probes (NMAP/SNMP) are enabled.

Screen Shot 2017-05-10 at 7.05.38 AM.png

Screen Shot 2017-05-10 at 7.05.46 AM.png

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to GQ

‎05-10-2017 02:19 PM

If saying that you are not adding at least one local switch, that could be issue, especially if it not capturing ARP info from switch/router.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Craig Hyps
Level 10
Level 10

‎05-10-2017 11:11 AM

For Visibility Wizard, the endpoints will be limited based on the initially selected subnet range and rest will be discarded.

For general Manual Scan functions, the endpoint must 1) Already exist in ISE by MAC address and 2) IP address known.  If endpoint does not exist or matching IP not present, then NMAP data will not populate.  Also make sure no firewall or other function blocking access from PSN to endpoint.

Craig

0 Helpful

Go to solution
GQ
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎05-10-2017 12:26 PM

That's good to know about the manual scan.

The visibility wizard isn't working though. The ise node is in the same subnet of the target scan. There are at least 40 other clients in there. The wizard isn't showing any.

Does it require a real nad to complete?

Sent from a mobile device

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to GQ

‎05-10-2017 02:19 PM

If saying that you are not adding at least one local switch, that could be issue, especially if it not capturing ARP info from switch/router.

0 Helpful

Go to solution
GQ
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎05-12-2017 11:57 AM

One local switch helped.   I guess it gathers IP-Mac bindings first from a switch (or router if it has the ARP cache).

So far the nmap active scanning isn’t doing much beyond the MAC vendor lookup profiling.  I would have expected it to note that it’s a win10 device and not vmware.

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to GQ

‎05-12-2017 12:59 PM

NMAP is not responsible for gathering MAC / OUI data.  It provides details on port, OS, banner info, and more detailed info on SMB properties as well as ePO presence--only once IP to MAC info known.  There is a correlation to IP address, so suggest either start wizard from scratch using switch as seed and correct IP range for scan, or else try manual scan with your desired settings.  Click all, for example.

0 Helpful

Go to solution
GQ
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎05-12-2017 01:41 PM

Thanks, Craig.

0 Helpful
Customers Also Viewed These Support Documents