ā11-29-2018 05:55 AM
All,
I am looking for ISE profiling attributes for ATMs for a banking customer. These devices are non-Dot1x capable and have a static IP address assigned.
Has anyone done something similar before?
Regards,
Manasi Jain
ā11-30-2018 03:00 AM
It's one thing to rely on ISE to profile an IOT device (like a light bulb) and work with a "certainty factor" percentage accuracy. But I would be worried if my bank used profiling to assign its ATMs to the correct VLAN or assign ACLs etc.
What is the reason for using Radius here? if they don't do 802.1X to gain network access then could you not do MAB auth instead? That would mean putting all the ATM's MAC addresses into an Identity Group. But MAB auth for an ATM sounds dodgy too. I don't see what they use case is here.
ā03-11-2024 03:40 PM
Hello,
I am looking for the same. Kindly advise
ā03-11-2024 04:14 PM - edited ā03-11-2024 04:18 PM
Hi Shabeeb,
It's answered, follow the same approach.
Regards,
Pulkit
ā03-11-2024 04:17 PM
As @Arne Bier inferred in his previous response, you are not likely to get much detail from Profiling of an ATM endpoint. From my experience, most ATMs are built on generic platforms (like old Windows OS), so they would not provide any unique attributes.
If you intend to pursue the Profiling route, you would need to determine what the network can glean from one of the ATM endpoints and build custom Profiling conditions/polices based on the ISE Profiling Design Guide.
ā03-11-2024 04:12 PM - edited ā03-11-2024 04:14 PM
Hi Manasi,
The best way to handle non dot1x devices is to create a custom identity group for all atm machines. These devices do not need to be connected to be added to the group, they can be imported.
This solution has been explained in detail here from Timothy Abbott. I believe its applicable in this case for you.
If you find this useful, please mark it helpful and Accept the Solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide