Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
5
Helpful
1
Replies

Services on the Cisco ISE 3515

Go to solution
network_geek1979
Level 1
Level 1

‎08-16-2019 07:23 AM

I am back to my questions while working on the Cisco ISE setup.

 

As of now our IP addressing is done and we are able to login to the ISE over GUI.

 

When I browse over to Administration --> System --> Deployment --> Profiling Configuration I see some services that are probably not needed.

 

1. DHCP: We have our own DHCP servers so I want to confirm what is this for. From the looks of it this will help the ISE device act as a DHCP server which we really do not need. If that is correct can I simply turn this off by unchecking the box?

 

2. Network Scan (NMAP): What is the use of this service? Can I turn this off as well?

 

3. Active Directory: Again, can this be turned off?

 

 

Thanks!!!

N.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎08-16-2019 07:40 AM

All of those are called profiling probes and are used for a service called Profiling in ISE. This feature helps identify end devices make and model so that policies can be applied based on the type of devices (Android/Iphone/Windows 7 etc). Each of those check boxes you see in that page are not services provided by ISE but rather are eyes and ears of ISE to look for data in those probes (for example: class identifier in the DHCP packets, User Agent in the HTTP request, OS type in NMAP data, type of host/IP address from AD probe) that can help profile end devices. If the customer is not using profiling at all, then you can disable them. For more information on profiling, take a look at https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

View solution in original post

1 Reply 1

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎08-16-2019 07:40 AM

All of those are called profiling probes and are used for a service called Profiling in ISE. This feature helps identify end devices make and model so that policies can be applied based on the type of devices (Android/Iphone/Windows 7 etc). Each of those check boxes you see in that page are not services provided by ISE but rather are eyes and ears of ISE to look for data in those probes (for example: class identifier in the DHCP packets, User Agent in the HTTP request, OS type in NMAP data, type of host/IP address from AD probe) that can help profile end devices. If the customer is not using profiling at all, then you can disable them. For more information on profiling, take a look at https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

Customers Also Viewed These Support Documents