05-10-2017 07:08 AM
The Visibility Wizard and the manual NMAP scan aren't populating endpoint visibility in 2.2 (or patch 1).
The network design is the ISE server is in 10.0.1.0/24 and I'm trying to scan the exact same subnet. It should have a wealth of ARP bindings and return data from NMAP. No catalyst/wlc is involved (for the visibility wizard I gave it a dummy switch IP just to move the wizard forward).
It's a fresh eval install and the profiler probes (NMAP/SNMP) are enabled.
Solved! Go to Solution.
05-10-2017 02:19 PM
If saying that you are not adding at least one local switch, that could be issue, especially if it not capturing ARP info from switch/router.
05-10-2017 11:11 AM
For Visibility Wizard, the endpoints will be limited based on the initially selected subnet range and rest will be discarded.
For general Manual Scan functions, the endpoint must 1) Already exist in ISE by MAC address and 2) IP address known. If endpoint does not exist or matching IP not present, then NMAP data will not populate. Also make sure no firewall or other function blocking access from PSN to endpoint.
Craig
05-10-2017 12:26 PM
That's good to know about the manual scan.
The visibility wizard isn't working though. The ise node is in the same subnet of the target scan. There are at least 40 other clients in there. The wizard isn't showing any.
Does it require a real nad to complete?
Sent from a mobile device
05-10-2017 02:19 PM
If saying that you are not adding at least one local switch, that could be issue, especially if it not capturing ARP info from switch/router.
05-12-2017 11:57 AM
One local switch helped. I guess it gathers IP-Mac bindings first from a switch (or router if it has the ARP cache).
So far the nmap active scanning isn’t doing much beyond the MAC vendor lookup profiling. I would have expected it to note that it’s a win10 device and not vmware.
05-12-2017 12:59 PM
NMAP is not responsible for gathering MAC / OUI data. It provides details on port, OS, banner info, and more detailed info on SMB properties as well as ePO presence--only once IP to MAC info known. There is a correlation to IP address, so suggest either start wizard from scratch using switch as seed and correct IP range for scan, or else try manual scan with your desired settings. Click all, for example.
05-12-2017 01:41 PM
Thanks, Craig.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide