Re: Cisco ISE detection wrong profiling and always show Xerox-Device - Page 2

oum-odom · ‎08-04-2025

Dear Cisco ISE lover,

I have inquiry refer to cisco ISE profiling detection which multi-domain mode on port configuration.
So we have wired with IP Phone and PC these two device is working properly, but in the live log we found another failed authentication with Xerox-Device on the same port which we don't use this xerox device, and also perform failed authentication every 15 minutes and OUI start from 00:00:00 .

While we go to profiling Policy this Xerox-Device is enable by Cisco default.
Question, what is any issue if we disable this Xerox-Device policy?

Thank you,

oum-odom · ‎08-06-2025

No any VMs.

Marcelo Morais · ‎08-06-2025

Hi @oum-odom

you are receiving different MACs on your NAD, port 34, with the following format 00:00:00:xx:xx (this is a MAC from Xerox).

Let's isolate the problem:

Remove the PC and keep the IP Phone ... check if ISE still receives the MAC from the Xerox device
Remove the IP Phone and keep the PC ... check if ISE still receives the MAC from the Xerox device

What is the result ?

Hope this helps !!!

oum-odom · ‎08-06-2025

Hi @Marcelo Morais
Issue, It happens once Both IP Phone and PC working together.

oum-odom · ‎08-07-2025

What should we do next?

andrewswanson · ‎08-07-2025

You said that the issue occurs once the PC is connected into the IP Phone?

In that case, does the issue occur when the PC connects directly into the switch (bypassing the phone)?

Do you have the same issue with other PC's and IP Phones on your network or is just this 1 PC? If its just one PC, check drivers applications installed on the PC

hth
Andy

oum-odom · ‎08-08-2025

Issue happen once the PC connect through IP Phone.

Marcelo Morais · ‎08-12-2025

Hi @oum-odom ,

since this happens when you connect your PC on the IP Phone port ...

Can you please run a packet capture in your PC to verify if the MACs 00:00:00:xx:xx are coming (being generated by) from the IP Phone ?

Regards

MHM Cisco World · ‎08-13-2025

I will answer here to clear issue
points
1-The Xerox profiling is run always it identify the user
2- you can use profiling in Authz

the profiling issue why it not detect correctly so the AuthZ always use default which is denyAccess

I ask you check which of following is correctly detect Xerox
DHCP
DriveCert
SNMP
Network SCAN

WHY ?
we can config certainty 20 and make rule detect correctly 20 and put it in above of list

if the rule is DHCP and it work some time and other not work, capture DHCP and see how DHCP op is look like it can DHCP add hostname or hostname @ IP etc...
but let see first which rule is correct detect Xerox

MHM

MHM Cisco World · ‎08-07-2025

Context Visibility > Endpoints <<- see which profiling rule use for known device

MHM

oum-odom · ‎08-08-2025

Profiling Policy detect is Xerox-Device.

MHM Cisco World · ‎08-08-2025

Operations > Reports > Endpoints and Users > Endpoint Profiling Summary
please share screenshot and make mark to endpoint with issue

thanks a lot

MHM

oum-odom · ‎08-11-2025

Hello MHM
Thank for your idea here,
We don't get what you wish us to do. This just show the amount of Endpoint Profile or Logical profile.

We need the solution,