Which two probes must be enabled for the ARP cache to function in the Cisco ISE profiling service so that a user can reliably bind the IP addresses and MAC addresses of endpoints? (Choose two.)
Correct is C) RADIUS & D) DHCP as explained here in other comments.
-
Just for info, SNMP Query can also collect IP to MAC bindings (ARP cache), however, it is more complicated:
"Cisco Best Practice: To simplify the deployment and to reduce traffic overhead due to SNMP traps, when possible, use the RADIUS probe to trigger SNMP Query based on RADIUS Accounting Start messages. To further reduce traffic overhead, Device Sensor may be deployed; SNMP Interface Query is not required with Device Sensor since relevant attributes can be sent automatically as part of the Sensor’s RADIUS Accounting update.”
...
Default SNMP poll interval = once per 8 hours, configurable from 10 minutes to 1 day - this is not the best way how to reliably collect ARP cache.
...
Moreover, you need L3 switch or router to collect ARP cache by SNMP Query:
“Address Resolution Protocol (ARP) table information is also collected during this polled query to build the IP-MAC ARP Cache table in ISE. In environments where endpoints are connected to Layer 2-only switchports, it may be desirable to configure upstream Layer 3 devices (for example, branch routers or Layer 3 distribution switches) as ISE network access devices if they contain the ARP table information for the endpoints. This may be required to provide IP-to-MAC binding information in deployments that do not have RADIUS configured on the access devices or in which DHCP probes are not able to collect this data.”
https://community.cisco.com/t5/security-knowledge-base/ise-profiling-design-guide/ta-p/3739456#toc-hId-40496257
The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data.
https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_new_chapter_010101.html.xml#reference_8CEE50C188854D33A73014DF4996A430
The correct answers are - DHCP and - NetFlow.
The ARP cache in the Cisco ISE profiling service is used to store the IP address and MAC address of endpoints. This information is used to reliably bind the IP addresses and MAC addresses of endpoints, so that a user can reliably identify them.
The DHCP and NetFlow probes are the only probes that can populate the ARP cache. The DHCP probe collects DHCP packets, which contain the IP address and MAC address of the endpoint that requested an IP address. The NetFlow probe collects NetFlow traffic, which can contain the IP address and MAC address of the endpoint that generated the traffic.
The other probes cannot populate the ARP cache. The SNMP probe collects SNMP traps, which do not contain the IP address and MAC address of the endpoint that generated the trap. The RADIUS probe collects RADIUS packets, which do not contain the IP address and MAC address of the endpoint that authenticated. The HTTP probe collects HTTP requests, which do not contain the IP address and MAC address of the endpoint that made the request.
ChatGPT crap again? Or had you produced this by yourself?!
Correct is C) RADIUS, because RADIUS accounting transfers Device Sensor data and RADIUS packets also contain MAC address (Calling-Station-ID) and IP address (Framed-IP).
You guessed D), which is also correct.
For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe. The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data.
https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_new_chapter_010101.html.xml#:~:text=For%20the%20ARP%20cache%20to,probe%20or%20the%20RADIUS%20probe.
Sure, as stated the link you've posted:
"For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe. The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data. The dhcp-requested address attribute in the DHCP probe and the Framed-IP-address attribute in the RADIUS probe carry the IP addresses of endpoints, along with their MAC addresses, which can be mapped and stored in the ARP cache."
Ignore that, the admin guide says this: Cisco ISE implements an ARP cache in the profiling service, so that you can reliably map the IP addresses and the MAC addresses of endpoints. For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe.
ISE profiling guide suggests SNMP, DHCP and RADIUS will provide this information so not sure which is the correct answer
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-715 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NikoTomas
8 months, 2 weeks agoNikoTomas
8 months, 2 weeks agoLeogxn
1 year, 3 months agodenverfly
1 year, 5 months agoNikoTomas
8 months, 2 weeks agoCnoteone
1 year, 7 months agoNikoTomas
9 months agoYmerG
1 year, 9 months agoRuss
1 year, 11 months agoRuss
1 year, 11 months ago