Solved: SNMP Profiling in ISE

jamegill · ‎08-28-2017

A question about how SNMP profiling could be used.

With ISE is it possible to poll, say, a windows laptop or server for an SNMP string and if it based on that result, place the device on the correct VLAN? Or, can SNMP data only be used to profile network access devices?

Thanks!

paul · ‎08-28-2017

If you have SNMP enabled on any device NMAP should discover that and poll the device using the communities strings you configure in ISE (default is public). You can then use whatever you discover in SNMP in profiling rules. The issue you may have is with the VLAN move. It probably should work with a CoA port bounce, but bouncing the port also disrupts the IP phone on the port if there is one. If you just Reauth you will most likely strand the device as it has an IP on the orginal VLAN and you just moved it to a new VLAN.

Instead of VLAN moves why not DACL assignment?

View solution in original post

paul · ‎08-28-2017

If you have SNMP enabled on any device NMAP should discover that and poll the device using the communities strings you configure in ISE (default is public). You can then use whatever you discover in SNMP in profiling rules. The issue you may have is with the VLAN move. It probably should work with a CoA port bounce, but bouncing the port also disrupts the IP phone on the port if there is one. If you just Reauth you will most likely strand the device as it has an IP on the orginal VLAN and you just moved it to a new VLAN.

Instead of VLAN moves why not DACL assignment?