Cisco Cisco Identity Services Engine 1.3 Livre blanc
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 27
Device Sensor
The Device Sensor is not a probe, but an optimization in the collection and reporting of endpoint attributes. Device
Sensor is a feature that runs on the network access device such as Cisco Catalyst
Sensor is a feature that runs on the network access device such as Cisco Catalyst
®
switches and Cisco Wireless
LAN Controllers.
The sensor locally captures attributes such as MAC address, IP address, CDP and LLDP details, DHCP option
fields, and HTTP user agents. It then packages and reports these attributes in a RADIUS accounting updates
packet. On switches, the Device Sensor can be configured to filter specific attributes of interest. Since all
information is sent over RADIUS, ISE only requires the RADIUS probe to be enabled in order to process Device
Sensor updates.
fields, and HTTP user agents. It then packages and reports these attributes in a RADIUS accounting updates
packet. On switches, the Device Sensor can be configured to filter specific attributes of interest. Since all
information is sent over RADIUS, ISE only requires the RADIUS probe to be enabled in order to process Device
Sensor updates.
Note: The specific attributes supported by the Device Sensor will depend on the hardware platform and version.
Refer to the documentation for your specific switches and wireless controllers.
Refer to the documentation for your specific switches and wireless controllers.
The Device Sensor reduces the operational requirements for data collection on the network infrastructure. It
reduces the amount of traffic and bandwidth that must be processed. And it improves ISE database scalability by
reducing the number of updates to a specific ISE appliance.
reduces the amount of traffic and bandwidth that must be processed. And it improves ISE database scalability by
reducing the number of updates to a specific ISE appliance.
Best practice: We generally recommend that you deploy the Device Sensor if it is supported by your network
access device. Test the functionality first to verify that all attributes are reported as expected. If you receive the
desired attributes, disable any duplicate methods of profile data collection for the endpoints connected to these
network devices. For example, the Device Sensor is configured to send DHCP data. It is unnecessary to also
forward DHCP packets using relays or helpers on the local switch or upstream gateway.
access device. Test the functionality first to verify that all attributes are reported as expected. If you receive the
desired attributes, disable any duplicate methods of profile data collection for the endpoints connected to these
network devices. For example, the Device Sensor is configured to send DHCP data. It is unnecessary to also
forward DHCP packets using relays or helpers on the local switch or upstream gateway.
Summary of Probes
Table 1 summarizes the probes and other sources of endpoint attributes in Cisco Identity Services Engine profiling.
Table 1.
Endpoint Attributes Collected by Cisco ISE Probes to Classify Healthcare Devices
Probe
Default ISE Setting
Main Attributes Collected
RADIUS
Enabled
● MAC address
● IP address
● IP address
SNMPTRAP
Disabled
● MAC address (MAC notification only)
SNMPQUERY
Enabled
● MAC address
● IP address
● CDP:
● IP address
● CDP:
◦
Capabilities
◦
Device ID
◦
Platform
◦
Version
● LLDP:
◦
Capabilities map supported
◦
Chassis ID
◦
System name
◦
System description
DHCP
Enabled
● MAC address
● IP address
● Endpoint host or device name
● IP address
● Endpoint host or device name