01-16-2020 07:20 AM
Hi,
I'm testing ISE profiling reading some material (ISE course) that says that basic profiling works even w/o the profiling service up.
That seems to be the case, but I get some inconsistent info.
Case in point, I get "Unknown" Endpoint profile in context visibility for an iPad that is recognized as such if you drill down in the Profiled Endpoints Summary report.
Any idea of why can this happen ? ISE 2.1 BTW.
Thanks!
Solved! Go to Solution.
01-16-2020 09:11 PM - edited 01-16-2020 09:13 PM
Have a look for the great Profiling document originally written by Craig Hyps. If the answer is not in there then AFAIK, even if you have not enabled Profiling on a an ISE node, ISE will process the RADIUS Accounting records that your Cisco NAS is sending (and if you have enabled Device Sensor, then you are getting profiled info via the NAS. ISE is just decoding the data in this case). If you are not using Device Sensor, then ISE would only decode the MAC OUI for free. But that is not really Profiling. An ISE node that does not have Profiling enabled should not be displaying any newly profiled data. Perhaps you’re seeing historic profiling data when Profiling was enabled? Do you have a Plus license?
01-16-2020 09:11 PM - edited 01-16-2020 09:13 PM
Have a look for the great Profiling document originally written by Craig Hyps. If the answer is not in there then AFAIK, even if you have not enabled Profiling on a an ISE node, ISE will process the RADIUS Accounting records that your Cisco NAS is sending (and if you have enabled Device Sensor, then you are getting profiled info via the NAS. ISE is just decoding the data in this case). If you are not using Device Sensor, then ISE would only decode the MAC OUI for free. But that is not really Profiling. An ISE node that does not have Profiling enabled should not be displaying any newly profiled data. Perhaps you’re seeing historic profiling data when Profiling was enabled? Do you have a Plus license?
01-17-2020 01:38 AM - edited 01-17-2020 01:38 AM
Yes, I do have the a license installed.
I do see that profiling is taking place, for sure out of OUI and HTTP Agent header.
What I don't understand is why it keeps showing as Unknown in some places while it shows correctly profiled at others...
01-17-2020 03:55 PM
If you're seeing a discrepancy between the endpoint attributes in live logs or reports and those in the Context Visibility, there may be a sync issue between the endpoint and context visibility databases.
Try resyncing the Context Visibility database using the procedure in the following document:
ISE 2.3 Rest/Sync Context Visibility
Keep in mind that ISE 2.1 reached End of Software Maintenance on Sep 17th 2019 and reaches End of Support on Mar 17th 2020. You should urgently consider upgrading to a newer supported version.
Cheers,
Greg
01-18-2020 04:57 AM
I'll try that when (and if) I reproduce the issue. Having enabled the profiler (service) now it all synchs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide