Cisco Cisco Identity Services Engine 1.3 백서
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 27
Best practice: When it is available, use the Device Sensor to collect CDP, LLDP, and other endpoint attributes.
(The Device Sensor is discussed later in this guide.) When the Device Sensor is not available, use the DHCP relay
and configure local Layer 3 gateways with helpers to send a copy of the DHCP request to one or at most two ISE
targets. Load balancers or Anycast can be deployed to optimize distribution, increase redundancy, simplify network
configuration, and trim the number of ISE targets to reduce data replication.
(The Device Sensor is discussed later in this guide.) When the Device Sensor is not available, use the DHCP relay
and configure local Layer 3 gateways with helpers to send a copy of the DHCP request to one or at most two ISE
targets. Load balancers or Anycast can be deployed to optimize distribution, increase redundancy, simplify network
configuration, and trim the number of ISE targets to reduce data replication.
The main attributes gathered from DHCP and DHCPSPAN probes are:
●
MAC address (OUI)
●
IP address (used by other probes)
●
Endpoint host or device name (hostname)
●
Fully qualified domain name (FQDN) (client-fqdn)
●
dhcp-class-identifier
●
dhcp-user-class-identifier
●
dhcp-parameter-request-list
The DHCP probe is enabled by default. The DHCPSPAN Probe is disabled by default.
DHCP attributes are valuable in detecting endpoint operating system types through the combination of attribute
values or, in the case of the DHCP option parameter request lists, the specific order of numerical values. Unique
combinations provide a fingerprint that enables profiling to classify devices by operating system or device type.
values or, in the case of the DHCP option parameter request lists, the specific order of numerical values. Unique
combinations provide a fingerprint that enables profiling to classify devices by operating system or device type.
In some cases, manufacturers or network administrators populate specific fields in the DHCP requests that help
identify the specific vendor, device model, or organization. For example, Sonosite, a major supplier of ultrasound
machines, includes the name of its MicroMaxx product into the DHCP Class ID field. Similarly, Masimo, a leading
manufacturer of patient monitoring devices, embeds the name MasimoSET in its line of SET pulse oximeters used
to measure the amount of oxygen carried in the body.
identify the specific vendor, device model, or organization. For example, Sonosite, a major supplier of ultrasound
machines, includes the name of its MicroMaxx product into the DHCP Class ID field. Similarly, Masimo, a leading
manufacturer of patient monitoring devices, embeds the name MasimoSET in its line of SET pulse oximeters used
to measure the amount of oxygen carried in the body.
Note: Refer to the DNS probe for more details on the benefits of the hostname and FQDN attributes.
Many medical devices are configured with static IP addresses. However, the growing popularity of mobile clinical
devices has increased the number of medical devices that rely on DHCP to obtain an IP address. A side benefit of
this trend is the availability of DHCP data for device classification.
devices has increased the number of medical devices that rely on DHCP to obtain an IP address. A side benefit of
this trend is the availability of DHCP data for device classification.
Best practice: In situations where a specific IP address must be used for a device, DHCP reservations are
recommended. DHCP reservations provide the benefits of centralized IP address management while allowing
“static” or reserved IP addresses to be allocated to specific devices. Administrators responsible for manually
updating static IP address assignments across many clinical devices will appreciate the benefits of DHCP
reservations. In addition to significant time and cost savings, reservations can enhance profiling results.
recommended. DHCP reservations provide the benefits of centralized IP address management while allowing
“static” or reserved IP addresses to be allocated to specific devices. Administrators responsible for manually
updating static IP address assignments across many clinical devices will appreciate the benefits of DHCP
reservations. In addition to significant time and cost savings, reservations can enhance profiling results.
HTTP Probe
The HTTP probe extracts the user agent string from a web-enabled application such as a browser or other
application communicating over HTTP. The user agent commonly provides detailed platform and operating system
details about the endpoint.
application communicating over HTTP. The user agent commonly provides detailed platform and operating system
details about the endpoint.