Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2486
Views
0
Helpful
2
Replies

NMAP Printer Profiling

Go to solution
paul
Level 10
Level 10

‎07-27-2016 11:02 AM

I am not sure in what version NMAP defaults changed, but now unknown devices and most of the Cisco predefined profiles use "SNMPPortsandOS-scan" for the NMAP scanning.  Previously NMAP uses to scan all common ports.  Normally I don't care about more than SNMP, but port 9100 was a huge part of my printer strategy.

After rolling out monitor mode, I would usually create a profiler to pull in all NMAP 9100 listeners into a group and start creating a printer profile.  Now with common ports not on by default or even available in 2.1 (at least I don't see it) I am stuck with hopefully getting SNMP data or OUI.  DHCP is not enabled for printers in most customers even though we encourage them to go with DHCP and static reservations.

Is there any other way to get port 9100 open information?

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎07-27-2016 12:31 PM

In ISE 2.1 you can create your own NMAP Scans, SNMP Port being one of them.  Go to Policy > Policy Elements > Results and choose Profiling > Network Scan (NMAP) Actions.  From there, Choose +Add to create your own.

NMAP.PNG

Or, you might be able to use the SNMPPortsAndOS-scan default NMAP Scan Action.

From there, navigate to Policy > Profiling and choose the device profile for which you would like to add the NMAP Scan Action.  Choose the Network Scan (NMAP) Action from the drop down and click Save.

NMAP2.PNG

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎07-27-2016 12:31 PM

In ISE 2.1 you can create your own NMAP Scans, SNMP Port being one of them.  Go to Policy > Policy Elements > Results and choose Profiling > Network Scan (NMAP) Actions.  From there, Choose +Add to create your own.

NMAP.PNG

Or, you might be able to use the SNMPPortsAndOS-scan default NMAP Scan Action.

From there, navigate to Policy > Profiling and choose the device profile for which you would like to add the NMAP Scan Action.  Choose the Network Scan (NMAP) Action from the drop down and click Save.

NMAP2.PNG

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to Charlie Moreton

‎07-27-2016 12:39 PM

Thanks I missed where you could define custom NMAP scans. I guess now we have to make a customer scan to get common ports then go and modify all the possible printer top level profiles to make sure 9100 is checked. Much easier before when common ports scan was the default.

Thanks for the quick feedback.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

0 Helpful
Customers Also Viewed These Support Documents