cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1584
Views
0
Helpful
1
Replies

ISE priority regarding CF certainty factor

aleopoldie
Level 3
Level 3

Hello experts,

 

I have a doubt regarding the Certainty factor on ISE.

Let's suppose we have a default profiling rule which is Canon Device with one condition matching the Canon OUI and CF = 10 (Minimum CF = 10)

1st question : Now if I create a custom profiling rule with exactly the same rule, meaning the Canon OUI with CF = 10. Which one will match ? Is it alphabetic order or something else ?

 

2nd question : How the priority is done ? Let's suppose I have 2 profiling rules :

- The first one contains 2 conditions:

        * the first with Canon OUI (CF = 10)

        * the second one is the dhcp-class-identifier that has to match ABC   (CF = 10)      

        * Minimum CF = 10

- The second one contains 3 conditions:

        * the first with Canon OUI (CF = 10)

        * the second one is the dhcp-class-identifier that has to match ABC (CF = 10)

        * the third one with MAC address starting with XYZ (CF = 10)

       * Minimum CF = 10

 

Which profiling rule will win ?

 

I hope I am enough clear :)

 

Thank you,

A.

 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

On 1, I would avoid doing that. If you want preventing the profiler feed services updating the profiling policies without you reviewing the changes, you may opt for off-line updates instead. Otherwise, I believe either policy can be matched so it's not deterministic.

On 2, I believe you meant two different profiling policies -- one with 2 rules and the other 3 rules. If the endpoint matched on only the first 2 rules, then same as (1). If the endpoint matched on all three rules, then it will be profiled as the 2nd profiler policy.

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

On 1, I would avoid doing that. If you want preventing the profiler feed services updating the profiling policies without you reviewing the changes, you may opt for off-line updates instead. Otherwise, I believe either policy can be matched so it's not deterministic.

On 2, I believe you meant two different profiling policies -- one with 2 rules and the other 3 rules. If the endpoint matched on only the first 2 rules, then same as (1). If the endpoint matched on all three rules, then it will be profiled as the 2nd profiler policy.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: