Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2859
Views
2
Helpful
5
Replies

ISE Profiling not working as expected | Windows 7 and Windows 10 clients are identified as "Microsoft-Workstation"

SHABEEB KUNHIPOCKER
Level 3
Level 3

‎06-09-2018 03:43 PM - edited ‎02-21-2020 10:57 AM

Hello,

 

I am not able to get windows 7 and windows 10 machines to be profiled properly with ISE 2.3 patch 2.

These endpoints are identified as " Microsoft-Workstation" all the time. I have enabled "RADIUS", "SNMP", "DHCP" , "NMAP" and "Active-Directory" probes. I have added ISE  IP as IP helper-address in the distribution switch which is the gateway for the users.  The switches are 3850 switches in stack. Please let me know

 

1- Which probe is the best for identifying Microsoft clients?

2- Currently device sensor configuration is not done on the switches. Is it mandatory to have these commands in the switches in order for RADIUS probes to work properly?

 

Please help me to sort of this issue.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Francesco Molino
VIP Alumni
VIP Alumni

‎06-09-2018 07:36 PM

Hi

 

Using device sensor you'll be able to profile better all your devices and i would highly recommend using them.

 

With ip helper, you should be able to profile your devices as well. Is there any firewall in between your laptop svi and ise?

Which ISE version and patch are you using?

 

Have you done a tcpdump on ISE to validate it's receiving all dhcp requests?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to Francesco Molino

‎06-09-2018 09:08 PM

Dear Francesco,

 

Thanks a lot for the reply. I will try to enable device sensor in the switches. But does it have any impact on the switch performance?.

 

 

Is there any firewall in between your laptop svi and ise?

-Yes.

 

Which ISE version and patch are you using?

 

- ISE version 2.3 and patch 2

 

Have you done a tcpdump on ISE to validate it's receiving all dhcp requests?

 

- I have done tcpdump on ISE and I was able to validate that the dhcp requests are being received.

 

 

Thanks

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to SHABEEB KUNHIPOCKER

‎06-10-2018 03:01 AM

Hi,
I agree using device sensor is a good idea, it'll use the radius probe and encapsulate the profiling information in an accounting packet. I don't believe this has any negative impact on performance.

If you have nmap and AD probes enabled either of these 2 probes should be able to profile a Microsoft OS correctly. From personal experience I'd check the local laptop as to whether it has a local Firewall/HIPS enabled and blocking any traffic from the ISE servers.

HTH
0 Helpful

SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to Rob Ingram

‎06-11-2018 02:59 PM

Hi,

 

Today we updated the ISE nodes to the latest patch ; patch 4 which was released 2 days back. After that I deleted all the endpoints from ISE. When I tested the machines profile status it seems that they are getting profiled properly. I will keep the setup under monitoring for a few days.  As of now device sensor configuration is not done.

 

 

Thanks

Francesco Molino
VIP Alumni
VIP Alumni
In response to SHABEEB KUNHIPOCKER

‎06-11-2018 08:14 PM

Thanks for letting us know.
However, i would highly recommend configuring device sensor to be sure to profile everything correctly.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents