cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8065
Views
5
Helpful
25
Replies

ise update oui

edondurguti
Level 4
Level 4

How does one update OUIs in ISE? ie new iphone doesn't come up as an apple device.

25 Replies 25

You can't update the OUI currently. You have to wait for a patch or new version that has an updated OUI in it. In the 1.2 release there will be a feature that will allow for automatic updates. As of right now you will need to modify your profiling conditions for each profiled device for the new iPhones and iPads with iOS 6. Remember that it needs to be identified under the parent device before it will profile as an iPad or iPhone. Or you can do like Tarik mentioned and remove the parent group for these devices and just play with the profiling conditions until you get the devices to consistently profile as an iPhone.

Has this been resolved?  I'm having this issue - iOS6 showing up as a workstation and not as an Apple device.

David this has been resolved in the latest patches and latest code version for the iOS6 devices. Still waiting on 1.2 for the automatic updates. What version of code are you running on your controllers and on ISE?

On my ISE appliance I am running version 1.1.3.124 and on my WLC I am running 7.4.100.0.  Windows 7 comes back but Android and iOS report back as workstations.

Have any insight to when 1.2 will be available?

The info I got back from the BU recently is that it looks like June now for 1.2. So it's going to be a little bit.

Do you have the DHCP and HTTP profiling settings enabled on your SSID? You shouldn't have any issues on 1.1.3 with profiling unless the DHCP/IP mappings aren't happening properly. I assume that you have already enabled the profiling services on your ISE node. If so then it looks like you are having issues with the DHCP/IP mapping. Make sure that DHCP proxy is disabled on the controller and that you have the profiling services enabled on the SSID and then give it another shot.

I disabled the DHCP proxy on the controller and now it's working sort of - Android and Windows 7 devices are coming up right but iOS is now being profiled as Unknown.

This is what's coming up in the logs.

Other Attributes:

ConfigVersionId=6,DestinationPort=1812,Protocol=Radius,Framed-MTU=1300,Airespace-Wlan-Id=1,CPMSessionID=ac1e1045000069a151546f9c,EndPointMACAddress=20-7D-74-70-CA-AC,EndPointMatchedProfile=Unknown,HostIdentityGroup=Endpoint  Identity Groups:Unknown,Device Type=Device Type#All Device  Types#WLC,Location=Location#All Locations#CampusControllers,Device IP  Address=172.30.16.69,Called-Station-ID=1c-aa-07-43-33-90:BYOD_Provisioning


You might have to manually add the mac oui. Attached is a guide I pulled from another thread with the instructions of how to add the new OUI for Apple devices. Though I haven't had the profiling issue since I moved to 1.1.2 or 1.1.3. It may help you however.

edondurguti
Level 4
Level 4

Hi,

Since they are newer iphones and ISE doesn't know about this, i've had to add some manually or create a rule that will see dhcp-hostname [contains iphone] and profile it as an apple device.

Please not that DHCP hostname doesn't always contain "iphone" because users might change it - but an iphone usually puts your name and the word "iphone" at the end ie Davids's Iphone - for that reason i've identified couple of users with newer iphones and had to add their macs to be profiled as apple devices.

If you have http profiler enabled and in WLC you have configured http profiling (where is sends first http packet to ISE) you should make a rule if user-agent contains ios/iphone/ipad whatever.

Also if you are using DHCP server / dhcp helper make a rule to send dhcp packets to ISE; example:

ip helper-address ise_ip_address

ip helper-address  your_dhcp_server

Please not that ISE has to be on top - only if you are using helpers.

Here is a screenshot of: Policy > Profiling

Profiler Policy List> Apple-Device

and here is a http rule that I made only for iphones - so I know for sure that it's an iphone when i get their right http packet (sometimes first thing that uses http might not be safari thus you can get smth like "skype") cuz looks like it is using http for something.

Hope it helps.

Thanks for all the advice I'll try it and see what happens.

Hi all, fyi Feed Service is included in 1.2, refer to the below link

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_prof_pol.html#wpxref62035

sahseth
Level 1
Level 1

Hello,

Cisco ISE, Release 1.2 provides a profiler feed service for publishing new profile definitions, updated profile definitions, and new OUI databases posted from IEEE.

My assumption is this will be based on profiles created by Cisco, Customers and manufacture releases (IE a new gaming system comes out and Cisco matches a profile).

“You can retrieve new and updated endpoint profiling policies and the updated OUI database as a feed from a designated Cisco feed server through a subscription in Cisco ISE. You can also receive email notifications at an administrator email address that is configured for applied, success, and failure messages. You can also provide additional subscriber information to receive notifications.”