Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
2
Replies

ISE won't match configured profiling policy

tgrundbacher
Level 1
Level 1

‎03-20-2014 04:08 PM - edited ‎03-10-2019 09:33 PM

I'm trying to match Cisco LAPs (any kind of) using profiling in my AuthZ policies, yet the specific AP (a 1252 model) always gets profiled as 'Cisco-Aironet-AP-1250' instead of the desired, more generic 'Cisco-AIR-LAP' policy. To change this behaviour, I've tried to work with a simple match ('LLDP:lldpSystemDescription CONTAINS K9W8') and give this policy a high certainty factor of 150, yet it doesn't work.

How can I force any kind of LAP (that must not contain any autonomous AP) to get profiled in a generic LAP policy which I can use in an AuthZ policy?

I'm using ISE 1.2, patch 6.

Thanks, Toni

 
 
 
Labels:
Preview file
85 KB
Preview file
93 KB
Preview file
93 KB
Preview file
4 KB
0 Helpful
2 Replies 2

Saurav Lodh
Level 7
Level 7

‎05-20-2014 05:03 AM

please refer to the image

0 Helpful

tgrundbacher
Level 1
Level 1
In response to Saurav Lodh

‎05-20-2014 02:27 PM

Hi, thanks for your reply. That's almost a winner...meanwhile, I escalated this to TAC. Basically, attribute value "cisco AIR-LAP" would do, but there's a bug that needs to be considered with ISE 1.2, patch 6:

https://tools.cisco.com/bugsearch/bug/CSCuo78457

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents