Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1412
Views
5
Helpful
6
Replies

Issue with SNMP/Device Sensor CDP Data Consumption in 2.4

Go to solution
paul
Level 10
Level 10

‎09-07-2018 06:24 AM

I have run into an issue on several 2.4 installs where CDP information on a port is being added to both the IP Phone's MAC address and the PC attached to the phone in the ISE database.  This is causing the PC to get profiled as a Cisco phone.  I haven't been able to isolate it to one of 3 possibilities:

 

  1. I have SNMP polling turned on for the NADs.  I don't seem to see the issue in the periodic SNMP polls (every 8 hours) from what I can tell.  I checked a few switches I haven't rolled out the ISE template to yet and I don't seem to see this issue.
  2. When I lay down the ISE template on the switch I am enabling device sensor.  So not sure if when ISE is receiving the data from device sensor it is some how putting the CDP data on both MAC addresses.
  3. When a device connects there is a specific SNMP poll that happens to collect CDP data as well.  Not sure if the issue is happening there.

Has this issue been identified as a bug already?  It is not causing any real issues, just some data devices also getting assigned the voice domain tag.  If I were doing locked down DACLs or SGT tags it would be more of a problem.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎09-07-2018 03:46 PM

Hi Paul,

Yes. It is a known defect: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk10674/?rfs=iqvred

Fixed in 2.4p3. RN is not yet updated.

 

- Krish

 

View solution in original post

6 Replies 6

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎09-07-2018 03:36 PM

Hi paul,

 

from endpoint attribute in context can you confirm from where it got the cdp information exactly 

is it the snmp or radius ?

this issue you noticed it from specific switch or all of them? 

 

 

0 Helpful

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎09-07-2018 03:46 PM

Hi Paul,

Yes. It is a known defect: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk10674/?rfs=iqvred

Fixed in 2.4p3. RN is not yet updated.

 

- Krish

 

Go to solution
Arne Bier
VIP
VIP
In response to kvenkata1

‎09-08-2018 06:28 PM

I have three Cisco Switches in my topology.  I can confirm also that I had this issue in ISE 2.4 patch 2 - I deleted all the endpoints in Context Visibility, applied patch 3 and then triggered a new profile scan. 

ISE still seems to think I have 9 switches (which is an improvement over patch 2, which reported 45 switches).   The extra 6 switches are just duplicates of the other three actual switches.  if Cisco can't profile its own switches correctly then that's a bit worrying.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-16-2018 01:28 PM

Paul, 

 

Did you ever confirm this was fixed with p3?  The deployment i'm working on right now has been marooned on p2 with some hotfixes, now that p4 is out we can leave the support island and we are hoping this is also confirmed fixed.  Huge security hole since it seems any pc not doing dot1x behind a phone seems to be free of our rule.  

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to Damien Miller

‎10-16-2018 02:31 PM

Hi @Damien Miller - p3 was an improvement but it still reported more "devices" than were actually connected to the network.  I have since applied p4 but not looked at this specific problem.  I would have to purge all endpoints and then kick off a manual profile scan.   

0 Helpful

Go to solution
Cory Peterson
Level 5
Level 5
In response to Arne Bier

‎12-05-2018 05:25 AM

I know this post is a bit old, but I am still seeing this issue on ISE 2.4 patch4.

 

Is this fixed in Patch 5?

0 Helpful
Top