I'm running 3.2 patch 2. I have the NMAP probe enabled (profiling configuration tab) and in General Settings i have "enable profiling service" enabled on the PSN. What I'm not seeing is the PSN actually doing an NMAP scan on a device when it comes online. I'm also letting it sit for sometime and still nothing. The only time i see the NMAP scans doing anything is if i manually kick off a scan. I know this because I'm running a PCAP and when i ping the endpoint from the PSN i see the ICMP packets making it to the client. Is there something else i need to enable? When should i expect to see ISE scan an endpoint?
i think i see what you're saying. You're saying that i need to go to the attached and tell ISE if it sees something as "Microsoft-Workstation" that it then needs to do some sort of scan. In this case i've told it to do an OS-scan. this filed used to have NONE in it.
Nope. Looks like there is more to the story. Looks like ISE just doesn't do an NMAP scan even though there is an OS scan. Looks like you need to go into the Profiler Policy list to tell it to do the OS-SCAN when in this case it sees the endpoint as a Microsoft-Workstation. However i'm now getting the attached. Digging into it.
ok think i got it. When it now sees the dhcp-class-identifier containing MSFT, it will trigger an OS scan on the endpoint. I just did the pcap and i now see it.
