Scribd
Upload
141 views

01 - Configure Profiling in Cisco ISE

The document provides instructions for enabling and configuring profiling in Cisco ISE. It outlines the steps to navigate to the Profiler overview page, enable the profiling service, and configure profiling probes. It also demonstrates deleting an endpoint from the endpoint list and monitoring the ISE application server process restart after enabling profiling.

Uploaded by

Nguyen Le
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
141 views

01 - Configure Profiling in Cisco ISE

The document provides instructions for enabling and configuring profiling in Cisco ISE. It outlines the steps to navigate to the Profiler overview page, enable the profiling service, and configure profiling probes. It also demonstrates deleting an endpoint from the endpoint list and monitoring the ISE application server process restart after enabling profiling.

Uploaded by

Nguyen Le
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Hello.

In this video, we'll walk through the steps required to enable and configure
profiling in Cisco ISE. To start, from the ISE dashboard, we'll navigate to Work
Centers, Profiler, and then Overview to view the required configuration steps that
we need to be able to enable and configure the Profiler service.
Here, we see three primary steps: Prepare, Define, and Go Live & Monitor, with
substeps listed below them. Under Prepare, network devices and Active Directory
configurations have already been accomplished in previous labs. However, there is
some preparation required before we can enable the Profiler service.
Since I'm already under Work Centers and Profiler, I'll navigate to Endpoint
Classification at the top of the page here. Optionally, I could have also reached
this page via Context Visibility, Endpoints, and then Endpoint Classification.
On this page, I see a list of three endpoints. I can click on the gear icon to
determine what columns show, and in which order they show in this list. For a large
list of endpoints, I could also use the Filter option.
Here, I can either perform a quick filter, or I can perform an advanced filter to
limit what shows on the list. With my list of only three endpoints, I'm not too
concerned about filtering the list out. However, I could choose to filter this list
based on any of these column headers in either ascending or descending order.
I'm looking for my iPad, so I'll find the device that has an OUI of Apple, Inc.
Clicking on the MAC address of my iPad opens another page. In this screen, we have
tabs for Applications, Attributes, Authentication, Threats, and Vulnerabilities to
see more information around those topics. We'll click on Attributes.
Here, we see a list of all the attributes that ISE knows for this device. For
example, note that the Airespace-Wlan-Id that this device is on is 1. We also see
that authentication status is Passed, and that the authorization policy matched is
the wireless employee access policy.
Scrolling down a bit, we can see that the endpoint policy is set to Unknown. We
also see the endpoint Profiler server is our ISE server, and that our endpoint
source is a RADIUS Probe. The framed IP address is the IP address of the device
itself-- 10.1.10.202.
As we can see, there are many more attributes which may be useful for us to review
when we're looking at this device for troubleshooting or security purposes.
We'll scroll back up to the top of the list, and click on the Endpoints to return
to the endpoints list. Next, we'll return to the console of the iPad itself.
I'll click on Settings and then look at the Wi-Fi parameters for the iPad. Here, I
see that the iPad is currently connected to the wpa2e SSIDs for my pod, which
happens to be pod 20. I'll click on the blue information icon to the right of the
SSID name, and then I'll click on Forget this Network to remove the iPad's
information that it has about the SSID.
As a result of my actions, the iPad is now trying to connect to the 20-guest SSID,
because that's the next network that it knows about. I'll turn off Wi-Fi
altogether, and then close the console to my iPad. Back to the listed endpoints, I
will click on the check box to select the iPad endpoint, and then I'll click the
trash can to delete it from ISE.
From the drop-down menu, I'll click on Selected to delete only the endpoints that I
have selected. Finally, I'll confirm the deletion. Now I see that one endpoint has
been deleted successfully, and it no longer appears in the list.
Next, I'll click on the tab to return to the Profiler Overview. Underneath the
Prepare step, I'll click on the deployment link. This will take me to the same page
to where I could have reached if I'd gone to Administration, System, and then
Deployment. Underneath Deployment and then Deployment Nodes, I will click on the
hyperlink that has the name of my ISE server-- in this case, ise-1.
Near the bottom of the page that's displayed, I'll click on the check box to enable
the profiling service. Note that as I click the service, now I have a new tab next
to General Settings at the top of the page-- Profiling Configuration. Clicking this
tab shows me all of the specific probes that are enabled, by default, to allow
profiling.
I see one method of profiling is via DHCP probes. Another method that's already
selected is via RADIUS probes. Scrolling down, I can also see that network scan
probes are allowed for profiling. And by scrolling down to the very bottom of the
page, I can also see that SNMP queries and Active Directory probes are also allowed
for profiling.
By scrolling back up towards the middle of this page, I can see that HTTP is
currently not enabled for profiling. We'll click on the check box to enable it.
After that, we'll scroll all the way back up, and then return to General Settings
by clicking on that tab.
Then I'll scroll down to the very bottom of this page, and then click on Save to
save my changes. Because I've made changes to the policy service persona, I receive
this text box telling me that my update was successful, but that the system will
restart, and that the restart may take up to 10 minutes. I'll click on OK to accept
this information, and to initiate the restart.
I'll monitor the progress of this restart by opening up a PuTTY session to the ISE
console. I've already logged on to the ISE server, but I will use the show
application status ise command to continue to monitor the ISE processes. The
process that I'm most concerned about at the moment is the application server
process, which is third in the list. Note that it is currently shown in a state of
not running.
I'll pause the video and then return once some progress has been made. While the
video was paused, I reissued this command a few times, and now the application
server process shows as initializing. I'll continue to wait for this process to be
fully started up, and I will pause the video again until there's further progress.
It's now been about 10 minutes since the system restarted, and now the application
server process shows as running. I'm now ready to return to the web console for the
ISE server.

You might also like