When it comes to profiling endpoints, I’ve noticed that even some of the more ISE-focused engineers even see it as something that’s magical and vague that happens behind the scenes. This is not specific to ISE either. I don’t think I’ve ever seen a network access control product that has 100% profiling fidelity or as granular as a customer might expect it to be. I would say that the built-in profiles for ISE probably identifies 90% of endpoints from at least a high level. The purpose of this blog post is to help remove some of that “behind-the-scenes” magic for you so you can making profiling work for you.

As part of my job, I often find myself configuring custom profiles for customers based on the attributes they have collected and what probes they have turned on. I am starting to export those profiles as I create them and add them to a Github so others may use the same profiles.

In this post, I’m going to be posting my deep-dive notes on ISE device profiling as well as what each probe does and what type of information to expect from the attributes.

I took some time to import and update quite a bit of RADIUS vendor dictionaries for 3rd party vendors into ISE. I grabbed this information from various community and open source sites but I obviously can't test it against every vendor out there since I don't have a selection of 140+ 3rd party NADs sitting in my lab. After I imported them to ISE, I exported them and have uploaded them here.

I wanted to write this post on how to save a little time by using template access lists to copy and paste your ACLs into the command line of the wireless controller. In this small blog post, I'll share a couple templates for Blackhole, Employee, Guest and Web Redirect ACLs which anyone could use. 

In this blog post, I'm going to go over a different way to configure your switch for ISE called Cisco Common Classification Policy Language (C3PL). I have known about this configuration for awhile but I will admit that I didn't really try to learn it until recent. If you read the IBNS 2.0 deployment guide here, it's pretty intimidating guide at a whopping 65 pages long and reads like a typical manual. I ended up reading Jamey Heary and Aaron Woland's Cisco ISE for BYOD Second Edition and they broke it down beautifully in 4 pages which made me go "Team C3PL."

In this blog post, I'm going to get into designing, scaling and deploying ISE. Like any piece of infrastructure, all the best configurations in the world won't help you if it's not design properly. In this post, I'm going to really focus on what I do to make an ISE implementation successful. 

In this long overdue post, I'm going to go over my recently favorite release of ISE: ISE 2.3.  I planned to write this a month or two ago but got a bit busy with work and other stuff so I'm catching up a little now. 

In this blog post, I'm going to go over the new policy sets in ISE 2.3. A lot of people have come to me and said they were worried about having to learn the new policy sets. Well, I have good news for you: While there are some enhancements, it's not really as initimating or new as you think. Are there enhancements? Sure! But it doesn't mean you have to re-learn the whole thing if you don't want to. 

In this post, I'm going to review the PassiveID features of ISE that are new as of ISE 2.2 and 2.3. In this particular post, I'll be doing it all from ISE 2.3 but bear in mind that you can do all this from ISE 2.3 as well. In ISE 2.0, there was a feature added called EasyConnect which utilized WMI logs from the Active Directory Domain Controller to check for login events. Based on those login events, ISE would make a decision to grant access. This allowed ISE to grant network access beyond the typical 802.1x and profiling methods. This functioned well but required a LOT of backend work to prepare Active Directory to share the WMI logs and if you read my earlier post here, you will see what I mean The creators of ISE decided to revamp this process and create a better way to do this in ISE 2.2 and later. 

This blog post is for my ISE 2.1 notes