https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310657#M597333 <P>Thanks for the reply.&nbsp;</P><P>I added an additional condition using DHCP hostname for the condition. When I run sh auth sess it shows the Device-Type as Un-classified and Status- Unauthorized.&nbsp;</P> Thu, 17 Jul 2025 15:00:30 GMT hpeters34 2025-07-17T15:00:30Z https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310626#M597327 <P><SPAN>Hi all,</SPAN></P><P><SPAN>I’m relatively new to Cisco ISE, and I’m running into a profiling challenge I could use some help with.</SPAN></P><P><SPAN>We have an existing deployment of Device A that authenticates via MAB and is correctly profiled using a custom policy. I’ve now been tasked with deploying several newer models of Device A, but I’ve discovered that these models are now manufactured by the same vendor that produces Device B, which already exists in our environment and is profiled under a different policy—also using MAB.</SPAN></P><P><SPAN>Since both devices now share the same OUI, the newer Device A units are being misprofiled under the Device B policy.</SPAN></P><P><SPAN>Question:</SPAN></P><P><SPAN>Is there a way to continue using MAB for these newer Device A models while ensuring they are properly profiled separately from Device B—despite the shared OUI? Would leveraging additional profiling attributes (e.g., hostname via DHCP, CDP/LLDP, or custom DHCP fingerprinting) be the best route?</SPAN></P><P><SPAN>Any suggestions on best practices or rule order within the profiling policy would be much appreciated.</SPAN></P><P>&nbsp;</P> Thu, 17 Jul 2025 13:11:00 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310626#M597327 hpeters34 2025-07-17T13:11:00Z https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310630#M597329 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image-asset.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/248515iD9AFEF6559EB96D6/image-size/large?v=v2&amp;px=999" role="button" title="image-asset.png" alt="image-asset.png" /></span><BR />in profiling policy you can specify multi condition point for each condition&nbsp;<BR />for example&nbsp;<BR />profiling policy A get 40 points&nbsp;<BR />profiling policy B get 60 points&nbsp;<BR />then ISE will use policy B&nbsp;<BR /><BR />both policy run in same time&nbsp;<BR /><BR /></P> <P>MHM</P> Thu, 17 Jul 2025 13:21:40 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310630#M597329 MHM Cisco World 2025-07-17T13:21:40Z https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310657#M597333 <P>Thanks for the reply.&nbsp;</P><P>I added an additional condition using DHCP hostname for the condition. When I run sh auth sess it shows the Device-Type as Un-classified and Status- Unauthorized.&nbsp;</P> Thu, 17 Jul 2025 15:00:30 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310657#M597333 hpeters34 2025-07-17T15:00:30Z https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310673#M597335 <P>live log &lt;&lt;- check dhcp packet (if you use dhcp ip helper)<BR />check if dhcp send hostmane and how hostname is assign&nbsp;<BR />is it mac or hostname+domain&nbsp;</P> <P>MHM</P> Thu, 17 Jul 2025 15:40:11 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310673#M597335 MHM Cisco World 2025-07-17T15:40:11Z https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310771#M597345 <P>thanks for the reply.</P><P>I found out that I had to add the correct profile to the authorization policy.&nbsp;</P><P>For the conditions I used dhcp_host-name matching ^device A-1234.*</P><P>Thanks for your help</P><P>&nbsp;</P><P>-&nbsp;</P> Thu, 17 Jul 2025 20:08:40 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310771#M597345 hpeters34 2025-07-17T20:08:40Z https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310776#M597346 <P>You are so welcome&nbsp;</P> <P>MHM</P> Thu, 17 Jul 2025 20:29:33 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-conflict/m-p/5310776#M597346 MHM Cisco World 2025-07-17T20:29:33Z