Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
245
Views
0
Helpful
4
Replies

Issue with Triggered Endpoint NMAP Scan for Canon Printers

jitendrac
Level 1
Level 1

‎06-04-2025 02:58 AM

We are currently facing an issue with the Triggered Endpoint NMAP Scan functionality on our Cisco ISE 3.3 deployment.

We are attempting to perform NMAP scans on Canon printer devices to obtain detailed information such as model and OS. These printers are configured with static IP addresses.

To enable this, we have taken the following steps:

  • Enabled the NMAP probe on the PSN as per the ISE Profiling Design Guide (Cisco Community).

  • Allowed all required NMAP ports from the PSN to the subnet range of the printer IPs.

  • We are using the default Cisco-provided profiler policy for Canon devices: "Canon-Device", which has defulat condition with an NMAP action based on the OUI (refer to the attached screenshot for reference).

We are observing that

  • The printer devices are successfully authenticating using MAB.

  • The profiling policy "Canon-Device" is being matched correctly in the attribute filter.

Despite the above configuration:

  • we do not observe any triggered NMAP scans.

  • Attributes such as NmapScanCount and LastNmapScanTime are not being populated.

I would appreciate your assistance in identifying the root cause and helping us enable successful NMAP scans for these devices.

0 Helpful
4 Replies 4

jitendrac
Level 1
Level 1

‎06-04-2025 03:01 AM

jitendrac_0-1749031188967.png

jitendrac_1-1749031279474.png

 

0 Helpful

andrewswanson
Level 7
Level 7

‎06-05-2025 06:52 AM

Hi

Does a manual NMAP Scan show any open ports on the Canon printers? You mentioned that you'd checked that all nmap ports are permitted FROM the psn to printer - is the return traffic also permitted on any firewalls/ACLs?

hth

Andy

0 Helpful

jitendrac
Level 1
Level 1
In response to andrewswanson

‎06-05-2025 10:43 AM

Manual NMAP works perfectly as expected. Not sure why it is not triggering an automatic NMAP scan 

I suspect that ISE PSN is not getting IP addresses to MAC binding information via RADIUS (Framed IP Address)

But I am not sure how to check on ISE if PSN is getting the IP addresses to the MAC binding information via RADIUS

0 Helpful

jitendrac
Level 1
Level 1
In response to andrewswanson

‎06-05-2025 10:48 AM

Manual NMAP works perfectly as expected. Not sure why it is not triggering an automatic NMAP scan

I suspect that ISE PSN is not getting IP addresses to MAC binding information via RADIUS (Framed IP Address)

But I am not sure how to check on ISE if PSN is getting the IP addresses to the MAC binding information via RADIUS
0 Helpful
Customers Also Viewed These Support Documents