03-14-2023 10:38 PM
Hi all;
Suppose I want to profile Windows Server-based operating systems in ISE like:
Windows-Servers
|--> Windows-Server2012
|--> Windows-Server2016
|--> Windows-Server2019
Can anyone help me with the right probing used to accomplish this?
Thanks
03-16-2023 03:02 PM
Why would you make a server subject to NAC?
ISE has no profiles for Windows Server because there's very little sense in profiling a server device. They should not be configured with DHCP (so that option is out of the window) - and there's very little else left that helps you out of the box.
You'd be better off not enabling NAC on those interfaces (if the physical Server is in a DC then it makes no sense anyway) - but if you have a server in the Access Layer, and there is a risk of abusing that port by an attacker, then use MAB with a MAC address reservation in ISE.
03-21-2024 07:49 AM
In the era of Federal Comply to Connect, ISE must categorize servers separately from other windows endpoints. Although i agree with you that why would you want to do this, the fact remains that rules are requiring us to do this.
question still stands. ISE needs to be able to profile windows server and to create a logical profile to lump servers together for reporting purposes.
03-24-2024 04:17 PM
Out of the box, a Windows Server doesn't provide that level of granularity.
For starters, servers typically don't get configured with DHCP (they use static IPv4 addresses) - that means you won't get any detail from a DHCP Discovery packet. Where does that leave you?
I don't know if Windows Server supports 802.1X supplicant. If it does, then that would be the best option. That means ISE could use the AD probes to glean the operating system details of that domain joined object.
Method of last resort - perhaps try the Microsoft LLDP Driver on the Ethernet Adapter to see if that gives you any joy.
Or method of drastic last resort ... install an SNMP agent on the Windows Server ... that will give you the intel you need.
03-21-2024 07:54 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide