https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832562#M474160 Have you tried using a logical profile?<BR /><BR />Regards,<BR />-Tim Thu, 04 Apr 2019 19:47:53 GMT Timothy Abbott 2019-04-04T19:47:53Z https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832364#M474158 <P>I am attempting to use profiling for SDA printer identification.&nbsp; Basically I have a global policy (SDA_Printer) that uses IP startswith XX.XX.XX.&nbsp; I have created an profiled endpoint group based on this.</P><P>Then I am planning to create several child policies.&nbsp; For example, one I am testing out is SDA_HP_Printer:</P><P>MAC OUI Equals Hewlett Packard</P><P>&nbsp;</P><P>My SDA HP printers are being profiled as SDA_HP_Printer as expected which means it hit on the parent &amp; child profile condition checks.&nbsp; I would like to roll the MACs from all the children profile hits into the high level parent policy endpoint group so I can then use the top level in authz policy conditions.&nbsp; This is not working as I thought it would.&nbsp; Please advise.</P> Thu, 04 Apr 2019 14:59:00 GMT https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832364#M474158 Mike.Cifelli 2019-04-04T14:59:00Z https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832562#M474160 Have you tried using a logical profile?<BR /><BR />Regards,<BR />-Tim Thu, 04 Apr 2019 19:47:53 GMT https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832562#M474160 Timothy Abbott 2019-04-04T19:47:53Z https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832657#M474162 Not yet. It is on my radar to test tomorrow. Any suggestions on best way to use them? Thu, 04 Apr 2019 23:05:21 GMT https://community.cisco.com/t5/network-access-control/ise-profiling/m-p/3832657#M474162 Mike.Cifelli 2019-04-04T23:05:21Z