Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
35
Helpful
2
Replies

Feed Policies Questions (ISE 2.4, Patch 13)

AlfredBanks4414
Level 1
Level 1

‎03-07-2022 07:11 AM

Good morning.

 

I have a question regarding "skipped" feed policies with Cisco ISE.

 

Feed Version 1,2,3 policies downloaded.
Total number of feed polices to apply are 19.
Feed policies total 19 skipped.
Feed policies warning message : Apple-Device has been changed by admin.
Apple-TV has been changed by admin.
Apple-iDevice has been changed by admin.
Apple-iPad has been changed by admin.
Cisco-IP-Phone has been changed by admin.
Macintosh-Workstation has been changed by admin.
Microsoft-Workstation has been changed by admin.
Nokia-Windows-Phone has been changed by admin.
OS_X-Workstation has been changed by admin.
Windows10-Workstation has been changed by admin.
Windows7-Workstation has been changed by admin.
Windows8-Workstation has been changed by admin.
WindowsXP-Workstation has been changed by admin.
Workstation has been changed by admin.

 

Based on my research, when a profile policy is modified, ISE will “skip” the profiles that were “Administrator Modified”. My question is, how can we see what was skipped for each profile?

 

AlfredBanks4414_0-1646401906661.png

 

 

Clicking the above link takes you to:

 

AlfredBanks4414_1-1646401906664.png

 

 

I see the “feed” email showing “OUIs” updated which would be for the above image, but not any "skipped" policies.

 

My concern is these other "feed" updates” that have been skipped from Cisco Feed Service may eventually include important profiling updates for say a “Macintosh Workstation” or a “Windows8-Workstation” that ISE will miss due to the modifications. I’d like to keep the custom profiling policies but have the ability to “view” what Cisco was trying to add/modify.

 

To add, we have a project underway to move to ISE 3.1, patch 1 in the next few months (which may give more insight?).

 

Thanks for any assistance you can provide.

2 Replies 2

Arne Bier
VIP
VIP

‎03-08-2022 12:43 PM

Hi @AlfredBanks4414 

 

Great question. The answer probably lies in a log somewhere - I usually check this link and then enable the logging for the relevant issue I am looking into. Do a bit of investigating while the profile update happens

 

I am not 100% sure but since the profiler feed update from Cisco only concerns itself with the MAC OUI updates/additions, then I would assume it won't add those MAC OUIs into ISE. e.g. Apple-TV would include MAC OUI checks for known Apple MAC prefixes - if Apple adds a new MAC OUI and ISE skips it, then I assume ISE wouldn't add it to the database. It would be good to have more clarity on this.

hslai
Cisco Employee
Cisco Employee

‎03-09-2022 08:02 PM - edited ‎03-09-2022 08:02 PM

If you may install another ISE instance, then check the profiler policies there.

Else, I would suggest copying the admin-modified policies with new names and give them more certainty factors. Then, deleting the admin-modified ones so they would go back to what provided by Cisco.

Customers Also Viewed These Support Documents