I tested on a 36 switches with IOS 16.6.6 with ISE 2.4 Patch 9. It is possible that it is using device sensor for your question about TLV. Hi Here are the configs I used on the switch for 802.1x. I read somewhere in ISE document that when a device has been profiled (which may takes several seconds initially), ISE will cache the information so that subsequently, when the endpoint reconnects again, the network connectivity establishment is faster since it does not need to re-profile again? If this is the case, anyone can easily get into the network by just spoofing the MAC address. If I now plug a device into the network and spoofed that endpoint MAC address, will ISE re-profile again or just let the device in since it has been profiled previously and still in the ISE DB with the MAC address intact? Even if the device is subsequently disconnected, I can still see it on the ISE screen although it shows that it is disconnected. When a device connects, get profiled and identified what it is, the ISE screen will show up the endpoint information including what is this endpoint (Cisco IP phone, Ricoh printer, etc). I am googling around trying to confirm on ISE profiling and mitigation against MAC address spoofing but I have not find a confirmed answer.
0 kommentar(er)
