07-07-2018 06:56 AM - edited 02-21-2020 11:00 AM
Hello -
ISE is profiling my 8851 Cisco IP Phones as "Cisco Device"; they never go further into the tree and get profiled as Cisco-IP-Phone or Cisco-IP-Phone-8851
Any ideas? Works in my lab but not production.
Thanks
John
Solved! Go to Solution.
07-16-2018 05:51 AM
Problem was with my F5 Load Balancer; all resolved now
07-07-2018 07:00 AM
Show CDP Details list the phone:
sh cdp ne int detail
-------------------------
Device ID: XXX
Entry address(es):
Platform: Cisco IP Phone 8851
My profiling configuration under my PSNs has RADIUS checked, SNMP RO is working to my switches
Ideas?
07-07-2018 02:10 PM
A couple of questions:
1. What profiling probes do you have enabled in ISE
2. Can you post a screenshot of all of the attributes for the endpoint
3. Is this the only device that you are having problems profiling?
Thank you for rating helpful posts!
07-09-2018 05:39 AM
1. What profiling probes do you have enabled in ISE
We have DHCP, RADIUS, and SNMPQUERY enabled in all 4 PSNs
2. Can you post a screenshot of all of the attributes for the endpoint
Under Context Visibility - here are the attributes of one of the devices:
Description | |
Static Assignment | false |
Endpoint Policy | Cisco-Device |
Static Group Assignment | false |
Identity Group Assignment | Profiled |
AAA-Server | fox07 |
AllowedProtocolMatchedRule | HoC Wired EAP-TLS |
AuthenticationMethod | x509_PKI |
AuthorizationPolicyMatchedRule | Default |
BYODRegistration | Unknown |
Calling-Station-ID | 38-20-56-44-5F-4C |
DestinationIPAddress | 172.18.130.14 |
Device Type | Device Type#All Device Types#Access Switch |
DeviceRegistrationStatus | NotRegistered |
ElapsedDays | 1 |
EndPointPolicy | Cisco-Device |
EndPointProfilerServer | fox07.hoc-cdc.ca |
EndPointSource | RADIUS Probe |
FailureReason | 22056 Subject not found in the applicable identity store(s) |
IdentityGroup | Profiled |
InactiveDays | 0 |
Location | Location#All Locations#181 Queen |
MACAddress | 38:20:56:44:5F:4C |
MatchedPolicy | Cisco-Device |
MessageCode | 5434 |
NAS-IP-Address | 172.18.68.6 |
NAS-Port-Id | GigabitEthernet1/0/18 |
NAS-Port-Type | Ethernet |
NetworkDeviceName | MG06TAZ81 |
OUI | Cisco Systems, Inc |
PolicyVersion | 4 |
PostureApplicable | Yes |
SelectedAuthorizationProfiles | DenyAccess |
StaticAssignment | false |
StaticGroupAssignment | false |
Total Certainty Factor | 10 |
User-Name | CP-8851-SEP382056445F4C |
3. Is this the only device that you are having problems profiling?
Seems like it is all of my 8851 - I have over 400 and they are all profiling as "Cisco Device" instead of "Cisco-IP-Phone-8851"
Other devices seem to be profiling correctly
thanks for your help
07-16-2018 05:51 AM
Problem was with my F5 Load Balancer; all resolved now
07-16-2018 08:18 AM
I somehow missed your reply to my questions...sorry about that! Glad to hear that you were able to resolve your own issue. Also, thank you for taking the time to come back and update the thread. Can you give us more technical details around the problem and the solution?
02-22-2024 12:11 PM
What did you have to do on the F5? I am having similar issue but in production.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide