01-26-2018 10:18 AM
In previous versions of ISE as soon as I imported a switch into ISE and enabled SNMP polling it would go out and grab all the connected MAC addresses and start profiling. In 2.3 that doesn't seem to be the case. When did that change or should it be discovering all the MACs on the switch?
I used to call this ISE Lite, where I could start profiling the network just by adding NADs to ISE and having SNMP polling enabled.
Thanks.
01-26-2018 08:51 PM
This should work in ISE 2.3, still. Please turn DEBUG on profiler, retry, and collect profiler.log to check it out.
01-28-2018 07:06 PM
I just validated this is working last week as an example to customer so recommend check SNMP config and that SNMP profiling and probe enabled.
01-29-2018 08:51 AM
Is there any limit to the number of MACs pulled?
I can see in the debug logs that it is connecting to the switch just fine with SNMP and I can even see it learning some of the MAC addresses:
MAC: 6C:99:89:3D:44:56
Attribute:BYODRegistration value:Unknown
Attribute:DeviceRegistrationStatus value:NotRegistered
Attribute:EndPointProfilerServer value:MASV-ISE-PSN.dartcontainer.com
Attribute:EndPointSource value:SNMPQuery Probe
Attribute:MACAddress value:6C:99:89:3D:44:56
Attribute:NADAddress value:10.208.66.1
10.208.66.1 is the switch I am testing with.
I see 6C:99:89:3D:44:56 in my endpoint database, but there are 458 MAC addresses in the MAC address table on that switch. I don’t see all of them showing up in my context visibility or showing up in the debug logs. I have changed my polling time to 10 min. on that switch.
Thanks for the feedback.
01-29-2018 09:35 AM
No hard limit, but expect you are exceeding the SNMP timeout as the time for switch to reply may take a while for so many hosts. You can set the SNMP timeout under the profiling config for the PSN that is assigned to the polling of the large switches.
01-29-2018 09:47 AM
I tried increasing the timeout we will see. Should the debugs show it asking for the MAC address count in any fashion. It seem to move right to CDP checks:
2018-01-29 12:10:56,227 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- PollSwitchEventExecutor for switch : 10.208.66.1
2018-01-29 12:10:56,227 DEBUG [] cisco.profiler.probes.snmpquery.SNMPQueryEventHandler -::- Execute event for switch : 10.208.66.1
2018-01-29 12:10:56,227 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Execute poll switch event for : 10.208.66.1
2018-01-29 12:10:56,246 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Switch IP is : 10.208.66.1
2018-01-29 12:10:56,250 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- IfIndex for 10.208.66.1 is 16.
2018-01-29 12:10:56,252 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Swicth MacAddress : 5c:a4:8a:46:bb:41
2018-01-29 12:10:56,253 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- 10.208.66.1 switch data returned : {sysDescr=Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 02-Jun-16 01:31 by prod_rel_team, ipAdEntIfIndex=16, sysUpTime=294 days, 23:45:51.85, NADAddress=10.208.66.1, ipAdEntNetMask=255.255.255.0, ifPhysAddress=5c:a4:8a:46:bb:41, sysObjectID=1.3.6.1.4.1.9.1.1208, 2018-01-29 12:10:56,253 DEBUG [] cisco.profiler.probes.snmpquery.PollSwitchEventExecutor -::- Get CDP data.
The MAC addresses I see in the endpoint database are the ones that have CDP entries.
01-29-2018 10:32 AM
Craig,
I just checked again with the longer timeouts and no change. I did take a look at all the MACs from that switch that did show up in the endpoint database in ISE. They are all the MACs that have CDP or LLDP entries. All the MACs should show up though right?
In the end it won’t really matter because I am going to be enabling wired ISE on all of these ports and will learn the MACs anyways. I just thought I should learn all of them ahead of time from SNMP polling.
01-29-2018 12:07 PM
Yes. All MACs directly connected to switch should be learned. If not, then could open TAC case to troubleshoot and determine if hitting defect.
02-03-2018 03:55 PM
I think endpoints might not get created when they have conflicting info, although I can't recall what they were exactly. If you are unable to open a TAC case, please share a copy of the log with me to take a look.
03-12-2018 10:33 AM
We've just created a user story to pull MAC address-tables from NADs to create endpoints. Since most of CDP entries do not have MAC addresses in them, we would likely need another means to associate them.
03-11-2018 06:54 PM
Please state the network device hardware and software version whenever submitting questions like this.
It is entirely possible there is a bug on the network device platform, too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide