I just validated this is working last week as an example to customer so recommend check SNMP config and that SNMP profiling and probe enabled.

Is there any limit to the number of MACs pulled?

I can see in the debug logs that it is connecting to the switch just fine with SNMP and I can even see it learning some of the MAC addresses:

MAC: 6C:99:89:3D:44:56

Attribute:BYODRegistration value:Unknown

Attribute:DeviceRegistrationStatus value:NotRegistered

Attribute:EndPointProfilerServer value:MASV-ISE-PSN.dartcontainer.com

Attribute:EndPointSource value:SNMPQuery Probe

Attribute:MACAddress value:6C:99:89:3D:44:56

Attribute:NADAddress value:10.208.66.1

10.208.66.1 is the switch I am testing with.

I see 6C:99:89:3D:44:56 in my endpoint database, but there are 458 MAC addresses in the MAC address table on that switch. I don’t see all of them showing up in my context visibility or showing up in the debug logs. I have changed my polling time to 10 min. on that switch.

Thanks for the feedback.

No hard limit, but expect you are exceeding the SNMP timeout as the time for switch to reply may take a while for so many hosts.  You can set the SNMP timeout under the profiling config for the PSN that is assigned to the polling of the large switches.

I tried increasing the timeout we will see. Should the debugs show it asking for the MAC address count in any fashion. It seem to move right to CDP checks:

2018-01-29 12:10:56,227 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- PollSwitchEventExecutor for switch : 10.208.66.1

2018-01-29 12:10:56,227 DEBUG [] cisco.profiler.probes.snmpquery.SNMPQueryEventHandler -::- Execute event for switch : 10.208.66.1

2018-01-29 12:10:56,227 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Execute poll switch event for : 10.208.66.1

2018-01-29 12:10:56,246 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Switch IP is : 10.208.66.1

2018-01-29 12:10:56,250 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- IfIndex for 10.208.66.1 is 16.

2018-01-29 12:10:56,252 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Swicth MacAddress : 5c:a4:8a:46:bb:41

2018-01-29 12:10:56,253 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- 10.208.66.1 switch data returned : {sysDescr=Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E5, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2016 by Cisco Systems, Inc.

Compiled Thu 02-Jun-16 01:31 by prod_rel_team, ipAdEntIfIndex=16, sysUpTime=294 days, 23:45:51.85, NADAddress=10.208.66.1, ipAdEntNetMask=255.255.255.0, ifPhysAddress=5c:a4:8a:46:bb:41, sysObjectID=1.3.6.1.4.1.9.1.1208, 2018-01-29 12:10:56,253 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Get CDP data.

The MAC addresses I see in the endpoint database are the ones that have CDP entries.

Craig,

I just checked again with the longer timeouts and no change. I did take a look at all the MACs from that switch that did show up in the endpoint database in ISE. They are all the MACs that have CDP or LLDP entries. All the MACs should show up though right?

In the end it won’t really matter because I am going to be enabling wired ISE on all of these ports and will learn the MACs anyways. I just thought I should learn all of them ahead of time from SNMP polling.

Yes. All MACs directly connected to switch should be learned.  If not, then could open TAC case to troubleshoot and determine if hitting defect.

I think endpoints might not get created when they have conflicting info, although I can't recall what they were exactly. If you are unable to open a TAC case, please share a copy of the log with me to take a look.

We've just created a user story to pull MAC address-tables from NADs to create endpoints. Since most of CDP entries do not have MAC addresses in them, we would likely need another means to associate them.