09-03-2013 07:34 PM - edited 03-10-2019 08:51 PM
I was wondering if anyone had written any custom policy elements and profiling policies for Kindle and or Nook devices. We have a large quantity of users who are wanting to bring these devices in.
We are on ISE 1.1.4 with all patches installed. I looked through all of the pre-configured policy elements / policies and couldn't find any for these types of devices.
If anyone is on ISE 1.2, does it have policies already for these devices?
09-03-2013 08:41 PM
09-04-2013 05:23 AM
Well, it may not be compatible with their pre-configured rules. I was mainly asking if anyone had written any of their own custom rules and policy elements before I went and did so. Obviously, nobody has. So, I went under:
Policy -->Policy Elements-->Conditions-->Profiling
I then created one new condition called Kindle-Check1.
Type - DHCP
Attribute Name - host-name
Operator - CONTAINS
Attribute-Value - kindle
I then went to Policy -->Profiling-->Profiling Policies
I added one that used the condition above. As soon as I did close to 75 devices got profiled as Kindle devices and were allowed on the network.
So it works, you just have to create a custom condition and rule for it. It might not be perfect, given that users can change the host name of the device. Kindle Fire's are totally different in the sense that they run Android. Some get profiled as android, but the ones that don't are now getting profiled as Kindle devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide