Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
I have a FSI customer and typical of FSI customers, they are very worried when opening up TCP/UDP ports on their firewall. With reference to the Cisco ISE Ports reference guide below,
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install...
Hi,
Just a quick question. When an end device has been disconnected from the switch port, I can still see in the ISE console that the device still shows up but the status is disconnected and the last connection. When will ISE refresh and purge the...
Hi,
I want to identify the endpoint and then place the endpoint on the appropriate VLAN. The endpoint should not be allowed to connect to the network (no IP address assignment, no network communication) until it has been successfully identified to be...
I am googling around trying to confirm on ISE profiling and mitigation against MAC address spoofing but I have not find a confirmed answer.
When a device connects, get profiled and identified what it is, the ISE screen will show up the endpoint inf...
Hi Brian,
How did you got it to work? Did the spoofing device advertise a different TLV value or etc? I am testing it but ISE did not re-profile even when I enable anomalous detection and enforcement. I spoke to TAC, TAC says that because the spoof...
Hi Marvin,
Tks for your reply!
1. Only required if you are using SNMP for profiling.
> Yes, I am using SNMP for profiling. But port 161 should be outbound from ISE to NAD and inbound should just be 162 for SNMP trap/notification from the NAD?
2. ...
Hi Damien,
I want to emulate in the case of a endpoint is using do1x authentication. Only when the user credential authentication is successful, the switch port will allow the endpoint to connect to the network else the endpoint is effectively bloc...
Hi Mohammed,So if I configured the switch as a device sensor using RADIUS and let's say the ISE profiling identified the endpoint as a Cisco IP phone using the TLV parameters. Now a rouge device spoofed it's MAC address but does not advertise the TLV...
