https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5313034#M597441 <P>I check cisco doc and other notes&nbsp;</P> <P>Device profile not send as radius attribute so ISE can&nbsp; not use it to identify device.</P> <P>Retrun to IP conflict'&nbsp;</P> <P>ISE support range of IP so you can use range of IP to exclude single device IP from device group</P> <P>I.e. 10.0.0.100/32 single&nbsp;</P> <P>10.0.0.0/24 device group&nbsp;</P> <P>In ISE add IP for device group as</P> <P>10.0.0.1-10.0.0.99&nbsp;</P> <P>10.0.0.101-10.0.0.254</P> <P>Hope this help you to solve problem&nbsp;</P> <P>MHM</P> Wed, 23 Jul 2025 16:40:57 GMT MHM Cisco World 2025-07-23T16:40:57Z https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5312058#M597410 <P>Hello,</P><P>For some reason, an authentication request for node 172.23.140.200&nbsp;is hitting the wrong Network Devices Group, though there is a long prefix/32 available. Consequently, the wrong Policy-Set is chosen with Privilege Level1.</P><P>Usually ISE is expected to hit the longest prefix</P><P>#1 Arista_mgmt: <STRONG>172.23.140.200/32</STRONG></P><P>#6: Private-172-Network1:&nbsp; <STRONG>172.23.128.0/20</STRONG></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Netmart_0-1753135433086.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/248754iBACEA800D8AAED82/image-size/medium?v=v2&amp;px=400" role="button" title="Netmart_0-1753135433086.png" alt="Netmart_0-1753135433086.png" /></span></P><P>&nbsp;</P><P>Jun 19 17:27:22 ISE-1 CISE_Passed_Authentications 0485078549 4 0 2025-06-19 17:27:22.220 -04:00 59105442473 5201</P><P>NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=71, <STRONG>Device IP Address=172.23.140.200, </STRONG></P><P>DestinationIPAddress=******, DestinationPort=49, UserName=cvpadmin, Protocol=Tacacs, <STRONG>NetworkDeviceName</STRONG><STRONG>=Private-172-Network1</STRONG>,</P><P>Type=Authentication, Action=Login, <STRONG>Privilege-Level=1,</STRONG></P><P>&nbsp;</P><DIV class=""><DIV class="">Version:</DIV><DIV class="">3.1.0.518</DIV></DIV><DIV class=""><DIV class="">Patch Information:&nbsp;3</DIV></DIV><P>Any advice is much appreciated.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 21 Jul 2025 22:51:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5312058#M597410 Netmart 2025-07-21T22:51:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5312524#M597416 <P>3.1 patch 3 is very old at this point. I would not spend any time troubleshooting this issue until you upgrade to the latest 3.1 patch.</P> <P><A href="https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/identity-service-engine-software-3-1-3-2.html" target="_blank">https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/identity-service-engine-software-3-1-3-2.html</A></P> Tue, 22 Jul 2025 19:32:06 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5312524#M597416 ahollifield 2025-07-22T19:32:06Z https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5312530#M597417 <P>Did you try change device profile under network device list ?</P> <P>MHM</P> Tue, 22 Jul 2025 20:01:47 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5312530#M597417 MHM Cisco World 2025-07-22T20:01:47Z https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5313012#M597440 <P>Thank you MHM.</P><P>&nbsp;</P><P>Under Work Centers &gt; Network Access &gt; Network Devices: the IP is listed under Network Devices List.</P><P>I would appreciate, if you could please guide me where the device profile is linked to the network device list.</P><P>Please keep in mind that other IPs in the same Network Device List are hitting the proper policy [based on the logs].</P><P>&nbsp;</P> Wed, 23 Jul 2025 16:10:24 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5313012#M597440 Netmart 2025-07-23T16:10:24Z https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5313034#M597441 <P>I check cisco doc and other notes&nbsp;</P> <P>Device profile not send as radius attribute so ISE can&nbsp; not use it to identify device.</P> <P>Retrun to IP conflict'&nbsp;</P> <P>ISE support range of IP so you can use range of IP to exclude single device IP from device group</P> <P>I.e. 10.0.0.100/32 single&nbsp;</P> <P>10.0.0.0/24 device group&nbsp;</P> <P>In ISE add IP for device group as</P> <P>10.0.0.1-10.0.0.99&nbsp;</P> <P>10.0.0.101-10.0.0.254</P> <P>Hope this help you to solve problem&nbsp;</P> <P>MHM</P> Wed, 23 Jul 2025 16:40:57 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-hitting-wrong-networkdevice-group/m-p/5313034#M597441 MHM Cisco World 2025-07-23T16:40:57Z