An administrator configures new authorization policies within Cisco ISE and has difficulty profiling the devices. Attributes for the new Cisco IP phones that are profiled based on the RADIUS authentication are seen; however, the attributes for CDP or DHCP are not. What should the administrator do to address this issue?
To address the issue of not seeing CDP or DHCP attributes for the new Cisco IP phones profiled based on RADIUS authentication, the administrator should configure the device sensor feature within the switch. The device sensor feature in Cisco switches is designed to collect and send information obtained from various protocols, such as Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and Dynamic Host Configuration Protocol (DHCP), to Cisco ISE. This enables the correct profiling of devices within Cisco ISE.
I would choose D... Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly, information collected by Device Sensor can come from the following protocols: Cisco Discovery Protocol (CDP) Link Layer Discovery Protocol (LLDP) Dynamic Host Configuration Protocol (DHCP)
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.html
D - cannot be correct cause device sensor is configured on ISE, NOT on the switch https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.html#anc6 A- service templates can be locally configured on the switch: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.html#anc6
it was really late D- IS CORRECT: switch#show device-sensor cache interface g1/0/13 Device: 20bb.c0de.06ae on port GigabitEthernet1/0/13 -------------------------------------------------- Proto Type:Name Len Value LLDP 6:system-description 40 0C 26 43 69 73 63 6F 20 49 50 20 50 68 6F 6E 65 20 38 39 34 31 2C 20 56 33 2C 20 53 43 43 50 20 39 2D 33 2D 34 2D 31 37 CDP 6:platform-type 24 00 06 00 18 43 69 73 63 6F 20 49 50 20 50 68 6F 6E 65 20 38 39 34 31 20 CDP 28:secondport-status-type 7 00 1C 00 07 00 02 00
Seems D is the correct one
I will go with D.
It is D https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.html
It is D. Device sensor sends cdp / lldp attributes as radius accounting data for profiling
I eventually choose "D" after reading this https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_1_se/device_sensor/guide/sensor_guide.html
Ans is A.
Answer is D. Other answer that should have been there, would be that den ip helper-address hasn't been configured to point to ISE, and therefor ISE does not get copies of the dhcp requests of the clients
Correct answer D. Checked with securitytut
D is correct Device sensor is a feature of access devices. It allows to collect information about connected endpoints. Mostly, information collected by Device Sensor can come from the following protocols: + Cisco Discovery Protocol (CDP) + Link Layer Discovery Protocol (LLDP) + Dynamic Host Configuration Protocol (DHCP) Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292- ConfigureDevice-Sensor-for-ISE-Profilin.html
D is correct, use link provided by andrewj511 and coentror. Answer C is incorrect, as that command needs to be executed on the switch and not on the ISE server
Configure the device sensor feature within the switch to send the appropriate protocol information
I will go with D.