Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1421
Views
0
Helpful
3
Replies

2.4 Visibility Setup, not discovering endpoints

joplant
Cisco Employee
Cisco Employee

‎06-21-2018 11:01 AM

I'm trying to understand the specifics of how visibility setup discovers devices (including posture discovery) and haven't been able to find any detail documentation on this.

I have ISE 2.4, a 3560CX and a Windows host in the test environment.

However, when I run the Visibility Setup, the Windows endpoint is not discovered.  Including the host directly connected to the 3560, there are a lot of other endpoints on the same subnet as ISE that aren't being discovered.

Is there a document that describes in detail what process ISE uses to discover endpoints via this wizard and what is required for an endpoint to be discovered and show up in the database and is there any way to debug/monitor the status of the discovery?

0 Helpful
3 Replies 3

kthiruve
Cisco Employee
Cisco Employee

‎06-21-2018 06:33 PM

Hi John,

Here is a doc that walks through the steps and a video

Getting Started with ISE

and a discussion related to visibility setup wizard and NMAP

Re: ISE Visibility Wizard/NMAP

Since this is meant for POV, it may not have been added to public docs for general cusumption.

Here is a blurb.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter…

Let me check more on this. Thanks for bringing this up

-Krishnan

0 Helpful

joplant
Cisco Employee
Cisco Employee
In response to kthiruve

‎06-22-2018 07:44 AM

Thanks Krishnan!  I did read these links and that other thread but honestly they don't really provide any specifics or info on debugging.

Looking for information like:

ISE first does a ping sweep of the address ranges then SNMP poll to NADs for the ARP and MAC tables, etc.  Then checks AD for <something>, and then based on <something> ISE attempts to deploy the stealth posture agent and runs posture checks.

And in order to add an endpoint to the dashboard it must be able to discover X, Y, and Z attributes about that endpoint.

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to joplant

‎06-22-2018 05:16 PM

It needs your 3560CX with SVIs on all the VLANs where the endpoints connecting to and the endpoints should have some activities so the 3560CX has the ARP cache for them. You may put profiling in DEBUG and watch profiler.log and see how it progresses.

If you need help with the profiler.log, please unicast a copy.

0 Helpful
Customers Also Viewed These Support Documents