cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1146
Views
0
Helpful
5
Replies

Profiling of AP2800 - incorrect CDP info in conditions

tuenoerg
Cisco Employee
Cisco Employee

Hi all,

 

We have a customers who wants to use profiling of 2802I AP´s in ISE.

But it appears there is a difference between real life CDP info on switches compared to what we provide on profiling feed.

 

CDP info gathered on switch:

800 AP cdp info fra NAD:

 

Device ID: ARSLap016

Entry address(es):

  IP address: 10.89.171.75

  IPv6 address: FE80::A23D:6FFF:FE57:E48C  (link-local)

Platform: cisco AIR-AP2802I-E-K9,  Capabilities: Router Trans-Bridge

Interface: GigabitEthernet3/0/5,  Port ID (outgoing port): GigabitEthernet0

Holdtime : 153 sec

 

Version :

Cisco AP Software, ap3g3-k9w8 Version: 8.5.135.0

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2014-2015 by Cisco Systems, Inc.

 

Data collected in ISE:

 

NFO FRA ISE:

 

cdpCacheAddress

10.89.171.75

cdpCacheCapabilities

R;T

cdpCacheDeviceId

ARSLap016

cdpCachePlatform

cisco AIR-AP2802I-E-K9

cdpCacheVersion

Cisco AP Software, ap3g3-k9w8 Version: 8.5.135.0 Technical Support: http://www.cisco.com/techsupport Copyright (c) 2014-2015 by Cisco Systems, Inc.

 

 

But our conditions :

 

We can of course create our own and we did that, but customer is wondering why the built-in profiles are incorrect and when that will be fixed??

 

Br

Tue Frei Noergaard

 

 

 

3 Accepted Solutions

Accepted Solutions

kthiruve
Cisco Employee
Cisco Employee

Hi,

 

Can you clarify what the devices is profiled as before adding a new profiling policy ?

Is the device is profiled as Cisco Device or Cisco Access point ? ISE has a hierarchy in the way it profiles different class of devices under a certain vendor. It is important to understand where the problem is

 

Here is the profile for Cisco 2800 that has the cdp platform as attribute.

image.png

Parent profile is Cisco Access Pointimage.png

Krishnan

 

View solution in original post

Hi

 

After we did new custom build profile conditions - it works - so it should not be the hierarchy thats a problem.

The problem is that the we will never match the AP2800 profile that´s built-in because CDP infomations is based on AP.. and not CAP.. 

 

So - an update to the builtin profiles would be needed.

 

It works with custom profile conditions - but that it not optimal is our customers need to do that with a lot of devices. 

One should think we/Cisco should be able to create correct profiles in the feed - especially for our own products.

 

br

 

Tue

View solution in original post

Please see another post related to this.

https://community.cisco.com/t5/identity-services-engine-ise/profiling-policy-for-ap2800/td-p/3428839

where the xml file worked with someone else.

 

if you open xml file you will see that cdpcacheplatform has a value CAP in the value.

<Check attributeName="cdpCacheVersion" attributeValue="C2800" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Version" name="Cisco-AP-Aironet-2800Rule3Check1" operator="Contains" type="CDP"/><Check attributeName="cdpCachePlatform" attributeValue="cisco AIR-CAP2802I" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Platform" name="Cisco-AP-Aironet-2800Rule1Check1" operator="Contains" type="CDP"/>

 

When I searched around cdpplatform related defects for AP. I found the following

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd86274

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvk09404

 

Seems like there is some inconsistency in the attribute and it keeps changing. Creating a custom condition is the best approach given the fact that the value for the attribute. If you strongly feel otherwise, please work with TAC and let them open a defect accordingly.

 

-Krishnan

 

 

 

 

View solution in original post

5 Replies 5

Surendra
Cisco Employee
Cisco Employee
Different models of 2802 may have different cdp platform attributes and the one that was tested to create this condition must have showed "AIR-CAP2802I" as part of the string in the attribute. Even if you look at the other AP profiling conditions, they usually have LAP or CAP in cdp platform attribute based on whether they use lwapp or capwap for tunnelling. I would not consider this a bug as such but rather an enhancement if any. A little modification to the conditions wouldn't hurt either IMHO.

kthiruve
Cisco Employee
Cisco Employee

Hi,

 

Can you clarify what the devices is profiled as before adding a new profiling policy ?

Is the device is profiled as Cisco Device or Cisco Access point ? ISE has a hierarchy in the way it profiles different class of devices under a certain vendor. It is important to understand where the problem is

 

Here is the profile for Cisco 2800 that has the cdp platform as attribute.

image.png

Parent profile is Cisco Access Pointimage.png

Krishnan

 

Hi

 

After we did new custom build profile conditions - it works - so it should not be the hierarchy thats a problem.

The problem is that the we will never match the AP2800 profile that´s built-in because CDP infomations is based on AP.. and not CAP.. 

 

So - an update to the builtin profiles would be needed.

 

It works with custom profile conditions - but that it not optimal is our customers need to do that with a lot of devices. 

One should think we/Cisco should be able to create correct profiles in the feed - especially for our own products.

 

br

 

Tue

Recommend logging a defect through tac for customer

Please see another post related to this.

https://community.cisco.com/t5/identity-services-engine-ise/profiling-policy-for-ap2800/td-p/3428839

where the xml file worked with someone else.

 

if you open xml file you will see that cdpcacheplatform has a value CAP in the value.

<Check attributeName="cdpCacheVersion" attributeValue="C2800" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Version" name="Cisco-AP-Aironet-2800Rule3Check1" operator="Contains" type="CDP"/><Check attributeName="cdpCachePlatform" attributeValue="cisco AIR-CAP2802I" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Platform" name="Cisco-AP-Aironet-2800Rule1Check1" operator="Contains" type="CDP"/>

 

When I searched around cdpplatform related defects for AP. I found the following

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd86274

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvk09404

 

Seems like there is some inconsistency in the attribute and it keeps changing. Creating a custom condition is the best approach given the fact that the value for the attribute. If you strongly feel otherwise, please work with TAC and let them open a defect accordingly.

 

-Krishnan

 

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: