04-18-2021 08:36 PM
Hi
When Cisco ISE is doing the profiling it captures wrong endpoints such as it captured as Windows 7 but actually the PC is Windows 10 and they upgraded the PC from win7 to win10 last year but in Cisco ISE it's still showing as Window 7 - workstation.
Anyone can help me with this?
04-18-2021 09:51 PM
Kindly check, which profiling probes are enabled. Also check on which profiler probe basis the endpoint is profiled as Windows 7 (check endpoint detailed attributes). It is all about matching the minimum certainty factor for that Profiler Policy. In the Windows 10 Profiler policy, check if the conditions are matching to profile the device correctly.
04-19-2021 12:21 AM
Actually, we are using Radius probe, SNMP, HTTP, and also device-tracking in our environment but it still captures the wrong Win7 endpoint profile. The current endpoint is Windows 10.
Kindly advise.
04-19-2021 01:12 AM
Kindly attach the endpoint attribute details from the context visibility page.
04-20-2021 02:02 AM
Are you using a Cisco Device Sensor to provide the profiling data to ISE? If so, and if it's on a Cisco IOS-XE device then have a look at the device sensor cache to see if there is a DHCP class identifier that represents Windows 10. That DHCP class-identifier is what helps ISE distinguish between Windows 7 and Windows 10.
If you have AD joined machines then you could also try using the AD probe which will pull more data from AD for AD authenticated endpoints. But DHCP alone should do the trick.
And put a screenshot of the Context Visibility output of that endpoint - search for the keyword "probe" and see what was used as the source of the profiling.
04-27-2021 08:26 PM
Arne,
Can you elaborate more about the DHCP option? do we know what DHCP class id specifically for Windows 10? I have seen both versions send "dhcp-class-identifier = MSFT 5.0" and by default ISE uses this attribute (dhcp-class-identifier CONTAINS MSFT) to profile clients as 'Microsoft-Workstation'.
Couldn't find details on https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dhcpe/819e0181-af14-42c6-b454-9f37b133031b
In most use cases, main probe to differentiate Win7 and 10 is AD-Operating-System as you stated above.
04-27-2021 09:05 PM
Oh dear. You're right. I have to be honest, I have never compared the old and new.
Information can come from so many directions - I just checked my own ISE. In my case all our machines are shown correctly as Windows 10 because we use AnyConnect. And the AnyConnect application passes that info to ISE. So I wasn't getting that level of granularity from DHCP at all!
Examples of Vendor Class Identifiers (if only using DHCP profiling)
It might be slightly trickier to sniff out a Windows 10 machine based purely on DHCP Discovery packets. I found a link that describes the "signature" of a Windows 10 device, since it uses the following DHCP Parameter List (the parameters that are requested by Win 10 clients) - if you wanted to, see if that differs from Windows 7, and if so, then you could create a Policy to match on that to increase Profiling certainty.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide