Cisco Cisco Identity Services Engine 1.3 White Paper
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 27
The main attributes gathered from the SNMPQUERY probe are:
◦
MAC address (OUI)
◦
IP address (used by other probes)
◦
CDP (cdpCacheCapabilities, cdpCacheDeviceId, cdpCachePlatform, cdpCacheVersion)
◦
LLDP (lldpCapabilitiesMapSupported, lldpChassisId, lldpSystemName, lldpSystemDescription)
In addition to current MAC and IP address-binding information, the information from both CDP and LLDP is
extremely valuable profiling data. Common devices that generate CDP and LLDP data include infrastructure and
voice and video endpoints.
extremely valuable profiling data. Common devices that generate CDP and LLDP data include infrastructure and
voice and video endpoints.
From a pure medical device profiling perspective, the use of CDP and LLDP is limited. However, it is extremely
valuable in identifying critical-support devices in healthcare, such as IP phones, cameras, call systems, and
connected switches, and wireless controllers and access points.
valuable in identifying critical-support devices in healthcare, such as IP phones, cameras, call systems, and
connected switches, and wireless controllers and access points.
●
To poll an SNMP query against a network access device to detect all endpoints that do not or have yet
to trigger a RADIUS event or SNMP trap. Upstream Layer 3 network devices can also be polled if they
contain ARP tables for endpoints connected to Layer 2 switches.
to trigger a RADIUS event or SNMP trap. Upstream Layer 3 network devices can also be polled if they
contain ARP tables for endpoints connected to Layer 2 switches.
The main attributes gathered from the SNMPQUERY probe are:
◦
MAC address (OUI)
◦
IP address (used by other probes)
SNMP polling is most valuable in discovering the MAC addresses of endpoints that rarely or never trigger a new
connection event, to acquire the IP addresses of endpoints configured with a static IP address, and to acquire
MAC-to-IP-address bindings for Layer 2–only switches.
connection event, to acquire the IP addresses of endpoints configured with a static IP address, and to acquire
MAC-to-IP-address bindings for Layer 2–only switches.
Note: Each access device or Layer 3 device to be queried by ISE using SNMP must be added to the list of
network access devices with a valid SNMP read community string.
network access devices with a valid SNMP read community string.
●
To trigger an SNMP query against an endpoint to acquire local system information as the result of an
Nmap scan. If the Nmap probe detects that SNMP ports are open on the endpoint, it can trigger the SNMP
query for more details like name, description, and location.
Nmap scan. If the Nmap probe detects that SNMP ports are open on the endpoint, it can trigger the SNMP
query for more details like name, description, and location.
The main attributes gathered from the SNMPQUERY probe are:
◦
sysName
◦
sysDescr
◦
sysContact
◦
sysLocation
◦
hrDeviceDescr