Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1258
Views
10
Helpful
3
Replies

Create Profiling Policies for a Group of Devices

Matthew Martin
Contributor
Contributor

‎06-28-2021 02:42 PM

Hello All,

I have a group of devices that I want to create a new Profiling Policy for based off their MAC Addresses. All of the devices all start with the same first 8 characters of their Mac Address.

So I created a new Profiling Policy (*Policy > Profiling > Profiling Policies). In there I added 1 Rule, which is the only rule right now for "MAC:MACAddress  STARTSWITH  aabbccdd".

Then, I went to my Wired Policy Sets. Created a new Authorization Policy with only one condition for "Endpoint Identity Groups:Profiled: my_profile_name".

Lastly, I plugged in the device. But, it's showing up as Unknown, instead of matching the Profiling Policy...

I also noticed there's Profiling Conditions in Policy > Policy Elements > Conditions > Profiling.... So I also added a policy condition there that does the same thing as the Profiling Policy I described above with the Mac Address starts with.... But, I assume this "condition" needs to be applied somewhere.

I'm thinking I'm missing something. Could anyone lend a hand with this, or point me in the right direction?

 

Thanks in Advance,

Matt

3 Replies 3

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

‎06-28-2021 03:24 PM

Hi @Matthew Martin ,

 at Policy > Profiling > Profiling Policies, double check if:
. the Policy is Enabled.
. the Minimum Certainty Factor matches the number of your rule

ProfilerPolicy.png

 

At Policy Set > Authorization Policy double check if you are using
IndentityGroup.Name EQUALS xxxx
or
Endpoint.EndpointPolicy EQUALS xxxx

 

Hope this helps !!!

Matthew Martin
Contributor
Contributor
In response to Marcelo Morais

‎06-29-2021 11:46 AM

Hey Marcelo,

Thanks for the reply.

Checked the Profiling Policy and it is enabled and I had both Certainty Factors set to 10. Not sure if it mattered, so changed them both to 5 and saved the policy. The Policy Name is called "Zoom_Phones".

The only Rule is that it needs to match the first 8 characters of the MACAddress.

Profiling_Policy.jpg

Here is the Policy Set:

Policy-Set.jpg

 

Now, when I check Radius Live Logs, I just get "Deny Access", and the Endpoint Profile showing as "Unknown". The first 8 characters of the MAC Address definitely matches the Rule in the Profiling Policy. I also tried plugging in a second device, also with the same first 8 in the MAC and it's getting the same result.

 

Thanks Again,

Matt

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎07-05-2021 08:42 AM

The separators might not have matched properly.

Also, we could use RADIUS:Calling-Station-ID directly in authorization conditions.

Screen Shot 2021-07-05 at 8.38.37 AM.png

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents