IPS Configuration (Local Profiler)

Configuring SNMP Devices

While DHCP fingerprinting is useful for endpoints with a DHCP-assigned IP address, it cannot detect devices that have been assigned static IP addresses. The Profiler can detect statically addressed endpoints by fetching the ARP/CAM table from switches using SNMP. Endpoints detected through SNMP may be profiled using Nmap.

Steps to configure SNMP polling of switches are shown below.

1.Select Endpoint Policy > Network Access > SNMP Device > Configuration > New SNMP Device and add one or more switches.
If you wish to use the switch from HP or Cisco for profiling endpoints only, do not select the SNMP Enforcement check box. Leave it checked if you wish to also use the switch to enforce policy.

If you wish to use SNMP enforcement, configure Location Group to add an SNMP device. For Location Group configuration instructions, refer IPS Administration Guide.

Standard Switch in the Vendor list allows the Profiler administrator to add any switch that is not listed under the Switch Vendors drop down list. This will provide visibility into the devices connected to the switch, but SNMP enforcement cannot be carried out on that switch.

2.Save the changes. The SNMP Device Configuration table is updated.

You can also discover an SNMP device and add to SNMP Device Configuration table from the Discovery tab. See the IPS Policy Enforcement Using SNMP Deployment Guide for additional SNMP switch configuration details.