Profiling is ISE feature, which detects and classify endpoints, by using the probing method. By using this method, it collects the endpoint attributes and then compare collected attributes to predefine device profile.
Profiling collects the device or endpoint attributes from various sources like DHCP, Netflow, Http User-Agent String, NMAP Scans etc.
Once the attributes are collected, they are matched to a set of signatures. These signatures are commonly referred as profiles. ISE uses Conditions that are defines in Authorizing policy by these classified data from profiler.
Below Example shows differentiated Authorization policy based on Profiling.
Employee using corporate Laptop to again full access
In above figure, Same Employee using its credential on a mobile device and gets limited access.
ISE Profiler Work Center
ISE Profiler work Center is the Center Location, where Profiling related task can be performed.
To get ISE Work Center follow this GUI Steps.
ISE | Work Center | Profiler
ISE Profiling Probes
ISE using various Probes to collect data from endpoint which is further used for profiling conditions. Example HTTP probe, collects data by capturing HTTP traffic and then Profiler examine the captured traffic like HTTP user-agent String. From ISE Version 1.3 + some default ISE probing methods are enabled by default.
To configure Probe in ISE, Use following path:
Work Center | Profiler | Node Config and then select the PSN that needs to configured for Probe task. Here the Node is seeing as Standalone, which means Single Node running all personas like Administration, Monitoring, and Policy Services.
In General Setting | enable Profiling Service checkbox.
Select Profiling Configuration tab to see below ten probes are available on each PSN.
DHCP & DHCPSPAN Probes:
DHCP probe is used to capture Endpoint MAC address, to identify Endpoint OS, also it capture DHCP user-agent String to identify device as corporate asset.
In DHCP Probe, DHCP request are sent directly to ISE, which can be done by using ip helper-address configuration command and in this IP of ISE PSN management Interface is configured. This Command will convert all DHCP Broadcast to unicast and sent to ISE PSN and also to DHCP.
In DHCPSPAN Probe, SPAN session is used in Promiscuous mode , which copies all traffic to/from a source interface and send it to destination port where ISE interface is connected for DHCPSPAN Probe role.
In WLC, it has default configuration due to which it acts as RADIUS proxy and acts as middleman for all DHCP conversation. Due to this configuration, it affects the DHCP probe working and it must be disabled on WLC. Once it is disabled, all DHCP request from wireless endpoints will be seen as broadcast packet, on VLAN and because of IP helper-address configured on L3 Interface of VLAN, these will be sent to DHCP as well as ISE.