03-27-2012 07:02 AM - edited 03-10-2019 06:57 PM
Hi there,
I am currently playing around with the updated ISE 1.1 and tried out the new NMAP probe feature.
Is there any possibility to alter or expand the features of the NMAP implementation in the ISE, like additional scripts etc.
My main concern is to find a non obtrusive way to gain information about endpoints, without the user to do anything as opposed to opening a web page to ISE for a HTTP probe. So far the NMAP probe helped me a bit with iDevice recognition.
Any suggestions?
Thanks!
Regards,
Patrick
03-27-2012 06:42 PM
Patrick,
As of now the nmap probe doesnt allow any user scripts to fire when an condition is matched. You can get in contact with the account team and they will be able to file a feature enhancement or see if it is on the roadmap for a future release.
thanks,
Tarik Admani
03-29-2012 11:17 AM
What kind of information are you looking for, Patrick? And on what kinds of devices?
Jack
04-02-2012 11:36 PM
Hi Jack,
what I am looking for is to gain information about devices, which are connected to our network.
Let's say a device connects. At first I can only get basic information. Is it an Apple device, MS Workstation, VMWare device etc.
Now I want to dig further and find out, if for example this MS workstation is a WinXP or Win7 client.
All this should happen under the premise that no user intervention must happen.
I can achieve this by collecting HTTP probes, but this would require the user to open a web browser first, before anything else works (similar to web authentication) as I have not found another way to push the HTTP traffic to the ISE when not using the RADIUS NAC feature on the WLC.
Users in the current company WLAN are not required to do this and it should continue.
Regards,
Patrick
04-03-2012 12:15 PM
Patrick, I agree with Tarik that Cisco should enhance ISE in this way. Other NAC products can do this with no problem. No user involvement is needed, no agents are needed, no HTTP browser is needed. For example, here is the host-based information that ForeScout’s NAC product can give you: http://goo.gl/VhIWC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide