Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
1
Replies

ISE Profiling Automatically Assign Endpoint Profile

mbaker33
Level 1
Level 1

‎04-09-2018 12:47 PM - edited ‎02-21-2020 10:53 AM

Hi there,

 

I am in the process of setting up ISE 2.3 (will probably upgrade to 2.4 if it matters) to perform wired 802.1x authentication/authorization and would like to know how the profiling service works.  I have well over 1000 endpoints that will need to be touched in order to get them into the system.  Most of what needs to be done can be done via GPO, but the one thing that seems to be escaping me is the profiling service.  I have it configured such that it sees any new device on a port that I have configured to use dot1x, however, the system seems to be dead (i.e. no network access whatsoever) until I configure an Endpoint Profile in the Endpoints list.  As soon as I do that, it works almost immediately.

 

My question is, does the profiling service automatically assign this if given enough time?  So far, all of my tests have been with live computers so I didn't have the ability to let it sit and wait for an hour or two.

 

Any input welcomed.

 

Thanks,

 

Mark

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Octavian Szolga
Level 4
Level 4

‎04-10-2018 07:25 AM

Hi Mark,

 

Profiling is used (generally speaking) for MAB requests, not for 802.1x.

So printers, cameras, anything not supporting 802.1x.

In a nutshell, profiling = check some attributes that ISE receives from NAD, add some points to each attribute/condition, use points to say that the MAC is an "x" device, move MAC into a "x" device group and authorize the session based on that group. (MAC belong to X group = allow or limit access)

 

https://communities.cisco.com/docs/DOC-68156

 

Thanks,

Octavian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents