09-12-2012 09:21 AM - edited 03-10-2019 07:32 PM
Hi,
Did anyone try WLC 7.3 Http profiling -
• Support for detection and forwarding of the first HTTP packet with a user-agent attribute from a
client per session to profile the client, where the controller acts as a collector, is added in this release.
It works great, it sends http probe to ISE (it works for me cuz i am not using posture, so there was no way to hit ISE with HTTP except for span which would suck accross the wan and requires configuration)
Just to let everyone know it works pretty good.
09-12-2012 09:22 AM
That is awesome, i just had a customer upgrade and didnt even think this was a feature already!
Tarik Admani 
*Please rate helpful posts*
09-12-2012 09:36 AM
Yeah it's awesome, but here is the deal for iPhones
The user agent attribute wlc sends to ISE is:
| iPhone\; | 
ISE default user agent check is iPhone;
so it wouldn't recognize it as an iPhone because it doesn't match ( see the backslash "\") so I had to change that and increase certanity, before that it was recognizing my iPhone as Workstation - I didn't have hostname "ed's iphone" or anything so dhcp probe wasn't used.
I haven't tested anything else, besides iphones and windows7 pcs - windows7 pc worked with no change, i just had to change that Iphone thing.
Hope to help
09-12-2012 09:51 AM
By the way, isn't that considered like a bug?
09-12-2012 11:20 AM
Yes that is a bug on the WLC side, it looks like there may have been something missed. Also can you post a screenshot of the setting (is it where the dhcp profiling checkbox is)? I havent had a chance to upgrade my environment yet.
thanks,
Tarik Admani 
*Please rate helpful posts*
09-12-2012 11:50 AM
As you can see


As you can see there is iPhone; thingy, i had to create another one with just iphone or I could've added iPhone\;
Thanks
Message was edited by: Edon Durguti
09-12-2012 12:25 PM
Thanks for the info.
Tarik Admani 
*Please rate helpful posts*
09-12-2012 12:46 PM
You are more than welcome :]
 
					
				
		
09-14-2012 02:50 PM
Does something have to be configured on the ISE for this to work? I have ISE configured for RADIUS, DHCP, and HTTP profiling. I also have HTTP Profiling enabled on the WLAN on our test WLC running 7.3. The ISE is successfully learning the endpoint via DHCP and RADIUS probe, but I am not seeing the http information. I am testing using both an iPad and Nexus tablet. Both successfully do the PEAP authentication with the ISE and can browse without issue. The Nexus 7 is profiled as Android from the host name and the iPad is profiled as an Apple device because of the OUI.
Any pointers as to what I could be missing?
Thanks
Shawn
09-14-2012 03:02 PM
I don't know about Nexus, on the ipad under Administration - Identities - Endpoints, find that iPad and see if there is a User-Agent attribute.
I have tried with iphones and windows7 machine, but anyways i see this iPad on my ISE it has been profiles cuz of the hostname but I also see a weird user agents info:
| User-Agent | $%7BPRODUCT_NAME%7D/1 CFNetwork/548.1.4 Darwin/11.0.0 | 
I will have to do a research and see whats goin on, but anyway try connecting and browsing for a second and then see if you get that user agent attribute.
Seems like WLC sends interesting stuff
here is one for one of the iPhones
| User-Agent | Fidelity/1.8.3851 CFNetwork/548.1.4 Darwin/11.0.0 | 
LoL
 
					
				
		
09-14-2012 03:40 PM
I think I must have something mis-configured. I don't see the User-Agent information on ISE under Endpoints. I do see a lot of information, but nothing looking like http profiling. Both test tablets have no issue with authentication to the ISE and browsing to the Internet. I am looking now for some way to debug on the WLC. "debug profiling" does not seem to provide any information at this point.
I still need to test with an iPhone and a Windows device to see if I am just unlucky in trying to test with an iPad and an Android tablet.
09-14-2012 04:02 PM
Hi,
Can you check the radius probe, and see if the attribute is sent in the cisco-av-pair? This intent of this feature is act as a device sensor where it will obtain the user agent string and encapsulate that in a radius packet.
Thanks,
Tarik Admani 
*Please rate helpful posts*
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide