cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2700
Views
20
Helpful
5
Replies

Unknown endpoint profile and Misc Type

Ditter
Level 4
Level 4

Hi to all,

 

it seems that ISE has categorized around 70% of our network endpoints as type MISC and 32% out of this MISC type have been categorized as Unknown.

 

In almost all of my switches i  do not have dot1.x or MAB,  just SNMP, and all of the switches are in ISE Network Devices. .  ISE  polls them every 28800 sec (the default).

 

I also use simple DHCP (no DHCP Span)  and DNS probes for the profiling.

 

Is that normal to have so many devices of type misc and out of this type most of them are categorized as Endpoint Profile of Unknown?

 

And also where is type misc defined?

 

I tried to find the Unknown profile in the Profiling Policies under WorkCenters --> Profiling Policies but i did not find anything.

 

Any ideas of how i could improve the profiling capabilities of ISE 2.4 with patch6 installed?

 

I also have updated to the latest profile feeds.

 

Finally i noticed that under WorkCenters --> Settings --> Profiler Settings there is a SNMP community string value which i wonder if it should be the one configured to query the switches or should be left  "public" (because of many devices coming out of the box with this default community)?

 

Thank you,

 

Ditter.

5 Replies 5

paul
Level 10
Level 10

That is pretty rare to have that many Unknowns.  I have no idea what you are referring to my MISC.  That is nothing I have seen before in profiling.   SNMP polling can help if you have custom SNMP strings on endpoints like printers.  Add any custom strings to the list, but keep public in there.  Most times customers don't update endpoints and public is fine.

 

 

Ohh by MISC type are you referring to the pie charts?  I never look at them.  I only look at the data on Context Visibility and how devices are being profiled and mapped to endpoint identity groups.

Thanks Paul, my environment is very diverse , there is no active directory and users are free to install their devices and have access to the network, so for example any  user can  install a new printer without asking for "permissions" .   So i suppose i can "catch" it by using snmp poll with public community.  I would like to know if you share my concern on this.

 

As far as the misc and unknown in profiled endpoint profile category,   please see the following extract of my endpoint visibility, there are too many unknowns.  Although i have their OUI and it is displayed .

 

Thanks !

 

Ditter.

Please refer to this attachment also: