Hello Roger,As soon as the

Roger Base · ‎10-13-2015

Hi Forum.

First of all. I am using DHCP and Radius profilling. I use ip helper address to send dhcp information to ISE to indenitfy the OS

I am hitting strange problem. When my workstations first time connects to network they got automatic profilled as "Cisco Devices" because the NIC card brand. After they receive and IP address from the DHCP server. They still stands as "Cisco Devices" even if the ISE has all the needed information from the dhcp request to identify it as Microsoft Workstation. So my question is. How and when will ISE RE-profile or use the correct information to profile it as Microsoft Workstation and not "Cisco device" ?

Thank you

Antonio Torres · ‎10-15-2015

Hello Roger,

As soon as the new attributes are processed by ISE profiler will make a new profiling decision. You can go Administration >> Identity >> Endpoints and select the endpoint and verify the list of attributes we're getting for this particular client.

You might wanna look for dhcp-class-identifier, hostname, client-fqdn etc. off the DHCP probe under the endpoint details.

Also make sure that feed service update is running(Administration >> Feed Service >> Profiler). If not then enable it and run it to make sure our profiler conditions and policies are up to date.

If you have profiling dependent AuthZ policies you may wanna enable global CoA type Reauth under Administration >> System >> Settings >> Profiling >> CoA Type set to Reauth.

If we make a partial or incomplete profiling decision and we update it later on because new attributes are processed, ISE will send out a CoA Reauth to the NAD to force the session to be re-authenticated and that way we re evaluate our policies.

ISE Automatic (re)profiling