cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1239
Views
0
Helpful
1
Replies

SNMP Profiling in ISE

jamegill
Cisco Employee
Cisco Employee

A question about how SNMP profiling could be used.

With ISE is it possible to poll, say, a windows laptop or server for an SNMP string and if it based on that result, place the device on the correct VLAN?   Or, can SNMP data only be used to profile network access devices?

Thanks!

1 Accepted Solution

Accepted Solutions

paul
Level 10
Level 10

If you have SNMP enabled on any device NMAP should discover that and poll the device using the communities strings you configure in ISE (default is public).  You can then use whatever you discover in SNMP in profiling rules.  The issue you may have is with the VLAN move.  It probably should work with a CoA port bounce, but bouncing the port also disrupts the IP phone on the port if there is one.  If you just Reauth you will most likely strand the device as it has an IP on the orginal VLAN and you just moved it to a new VLAN.

Instead of VLAN moves why not DACL assignment?

View solution in original post

1 Reply 1

paul
Level 10
Level 10

If you have SNMP enabled on any device NMAP should discover that and poll the device using the communities strings you configure in ISE (default is public).  You can then use whatever you discover in SNMP in profiling rules.  The issue you may have is with the VLAN move.  It probably should work with a CoA port bounce, but bouncing the port also disrupts the IP phone on the port if there is one.  If you just Reauth you will most likely strand the device as it has an IP on the orginal VLAN and you just moved it to a new VLAN.

Instead of VLAN moves why not DACL assignment?