topic Re: New Profiling Policies? in Network Access Control

New Profiling Policies?

Dustin Anderson — Thu, 30 Mar 2017 15:15:13 GMT

Greetings,

Does anyone know if there is any update feed for new device profiles? I have been running into a issue with new devices being detected as "Cisco-Device" and being denied. Was actually a Galaxy S7 with Nougat update.

There is an update service for AV profiles, but nothing for the profiling system for devices?

Since you can import profiles, I was hoping Cisco had a site or something to get updates. My profiling system only has the Galaxy S6, and the 8 comes out in a few weeks. It seems absurd to expect every admin to create a profile for new devices instead of one being made centrally and updated.

Re: New Profiling Policies?

M. Wisely — Thu, 30 Mar 2017 15:44:42 GMT

What version of ISE are you running? There is a feed service for the profiler in Administration -> Feed Service -> Profiler.

When you enable this it updates cisco provided profiles

Re: New Profiling Policies?

Dustin Anderson — Thu, 30 Mar 2017 16:24:19 GMT

It is turned on and seems to be running, but seems to be adding OUI's. I'm running 2.1 and a 2.2 test box.

Both do not have current phones over the last year. Does the feed service only update OUI's? or are some profiles just not added.?

Re: New Profiling Policies?

Craig Hyps — Thu, 30 Mar 2017 23:06:29 GMT

Feed updates both OUIs and profiles. You can check Change Audit log and filter on 'feed' to look for updates. You may want to try disabling and re-enabling if not seeing any updates to profiles. You can also log into ise.cisco.com and setup notification to get emails when updates occur.

Craig

Re: New Profiling Policies?

hslai — Fri, 31 Mar 2017 04:14:59 GMT

What is the OUI value for the endpoint? Is it somehow got identified as Cisco...

It would be great if you may contribute by following How to Contribute Endpoint Profiles.

Re: New Profiling Policies?

Dustin Anderson — Fri, 31 Mar 2017 14:56:44 GMT

60:F1:89 Murata Manufacturing Co., Ltd.

Not sure why a company as big as Samsung doesn't have their own OUI.

I'll look at uploading some profiles I've had to make. I think I have one for the new S8, but obviously can't test that yet.

Re: New Profiling Policies?

M. Wisely — Fri, 31 Mar 2017 15:24:26 GMT

Murata makes components for Samsung phones, I believe this is why their OUI appears on Samsung phones. Samsung does have it's own OUIs.

When I search profiler conditions for Murata I don't get any results and I presume you'd find the same. There's nothing stopping you adding your own profiler condition and profiling policy for this mac address.

Re: New Profiling Policies?

Craig Hyps — Fri, 31 Mar 2017 15:53:04 GMT

Profiling hierarchy is based primarily on hardware based or OS based. Each may lead to same conclusion, but the Hardware-based assume specific manufacturer like Cisco, Apple, HP, etc. but then will have sub-profiles to match on OS and other conditions. Software driven (like Workstation) start with premise that any NIC may be in use by the endpoint and to rely initially on those OS indicators to classify endpoint.

You can certainly create a new branch that starts with Murata, but since Murata is manufacturer for so many devices, it may not be usable from policy perspective to know a device is a "Murata-Device". I would look under the Android branch and see if key conditions missing that would identify the Galaxy.

/Craig