Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
5
Helpful
1
Replies

What are the endpoints attributes collected by NAC Profiler through SNMP and DHCP?

abuzar.siddiqui
Level 1
Level 1

‎10-22-2010 02:21 AM - edited ‎02-21-2020 04:07 AM

Hi Everyone,

Please help on this.

I want to know what are the endpoints attributes collected by NAC Profiler to discover and profile the endpoints.through SNMP protocol and DHCP protocol.

Also if anybody can explain a simple used case on this.

Please guide me on this.

Thanks in advance.

Thanks,

Abuzar.

0 Helpful
1 Reply 1

Tiago Antunes
Cisco Employee
Cisco Employee

‎10-27-2010 02:57 AM

Hi,

SNMP

=====

NetMap queries network devices via SNMP for:

  • System information

  • Interface information

  • Bridge information

  • 802.1X information (PAE MIB)

  • Routing/IP information

  • CDP MIB Information

This information is used to Build and maintain a model of the network topology and endpoint discovery.

NetMap uses SNMP Get, GetNext and GetBulk (when available) requests to  query the SNMP agents running on the network infrastructure devices to  gather specific Management Information Base (MIB) objects about their  status based on device type (Layer 2 or Layer 3).


In addition to polling each network device for all MIB data at a regular  interval, NetMap may also be commanded to poll port-specific  information when the NAC Profiler system is notified that an endpoint  has joined or left the network via SNMP traps sent by devices at the  network edge, switches typically.


Upon receipt and verification of a link state (link up, link down) or  MAC notification trap, NetTrap will notify the NAC Profiler Server that a  change has occurred on the network edge (endpoint joined or left a  network port). If the trapping device is in the NAC Profiler  configuration, the NetMap component module assigned to poll the device  that sent the trap will be commanded by the Server module to initiate a  poll of the device's port information to determine the change to the  endpoint topology that resulted in the trap being sent by the network  device.


The information gathered by NetMap is processed by the Server  accordingly to update the network topology, noting the endpoint joining  or leaving a port. Note that NetMap SNMP polling of network devices  resulting from a trap is localized to the port specified in the trap.  This is unlike the regular polling that occurs at the frequency  specified for each device type (L2 and L3) which gathers all SNMP  information from the device used by the NAC Profiler system.

DHCP:

=====

The NetWatch module listens for traffic including DHCP traffic.

The module will collect all the DHCP information on the traffic collected, like mac address, ip address,  DHCP Vendor Class Identifier in DHCP request, host name in DHCP request, requested specified options in DHCP request (option 55) and full list of DHCP options supported by the DHCP client as specified in the DHCP request.

All the endpointe data can then be used to map endpoints with profiles.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card