Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
118
Views
0
Helpful
5
Replies

Context Visibility and Docking Stations

ryanbess
Level 1
Level 1

‎10-09-2024 12:51 PM - edited ‎10-09-2024 12:52 PM

As we've started to roll out ISE to more and more endpoints, we have started to see some odd behavior in context visibility.  The oddness seems to be related to docking stations where various endpoints throughout the day are using the same docking station.  Example, lets say we have a docking station of 11:24:9B:7A:C5:69 (as an example).  In the beginning of the day a windows endpoint plugs into the docking station.  ISE postures, profiles, and does all its prob stuff about the windows endpoint plugged into the docking station.  All this data is then fed into Context visibility.  The windows user unplugs and goes home.  At noon a mac user plugs into the same docking station and ise does all the same things.  If you then go look at the context visibility for that mac, you will see in some attributes saying the endpoint is windows, some saying it's a mac.  Go into applications you'll see some C:\program files\ XXXX and others like /Application/Cisco.

How do we prevent ISE from doing this.  Its like it just uses the mac address as the primary key and dumps all things under that mac and thus providing data in an odd way.     

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎10-09-2024 01:01 PM

@ryanbess Investigate enabling MAC Address Passthrough mode on the laptops, so that the MAC address of the laptops are used instead of the MAC address of the docking station.

0 Helpful

ryanbess
Level 1
Level 1
In response to Rob Ingram

‎10-09-2024 01:05 PM

Yeah thought of that but was hoping there was another way.  Not sure every laptop or OS will support it.  Have you had good luck with it?

0 Helpful

Rob Ingram
VIP
VIP
In response to ryanbess

‎10-09-2024 01:46 PM

@ryanbess Windows OS on DELL and Lenovo hardware works well, no idea about MacOS tbh.

0 Helpful

ryanbess
Level 1
Level 1
In response to Rob Ingram

‎10-10-2024 04:36 AM

i'll give it a shot.  My understanding was this required docking stations that supported mac passthrough....

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎10-09-2024 01:58 PM - edited ‎10-09-2024 02:01 PM

"Its like it just uses the mac address as the primary key and dumps all things under that mac"

This is exactly how it works. In most cases, ISE uses the MAC address as the key attribute in the database. It does not flush all of the Profiling attributes learned for a particular MAC address when a device disconnects, so you will see this behaviour with shared docks/dongles. It will only replace new profiling attributes learned for that same MAC address.

To avoid this, ISE would need to see a unique MAC address (or GUID) from the endpoint to keep the profiling data separate. AFAIK, only Windows laptops still support a unique burned-in MAC address that can be passed through on docks/dongles (assuming the dock supports it). Macbooks do not have any such burned-in Wired MAC address.

In addition, Macbooks do not send any useful profiling network information (like DHCP class identifier) that would replace the info previously learned from the Windows laptop.

0 Helpful
Customers Also Viewed These Support Documents