Hi, thanks for your reply.

tgrundbacher · ‎03-20-2014

I'm trying to match Cisco LAPs (any kind of) using profiling in my AuthZ policies, yet the specific AP (a 1252 model) always gets profiled as 'Cisco-Aironet-AP-1250' instead of the desired, more generic 'Cisco-AIR-LAP' policy. To change this behaviour, I've tried to work with a simple match ('LLDP:lldpSystemDescription CONTAINS K9W8') and give this policy a high certainty factor of 150, yet it doesn't work.

How can I force any kind of LAP (that must not contain any autonomous AP) to get profiled in a generic LAP policy which I can use in an AuthZ policy?

I'm using ISE 1.2, patch 6.

Thanks, Toni

Saurav Lodh · ‎05-20-2014

please refer to the image

tgrundbacher · ‎05-20-2014

Hi, thanks for your reply. That's almost a winner...meanwhile, I escalated this to TAC. Basically, attribute value "cisco AIR-LAP" would do, but there's a bug that needs to be considered with ISE 1.2, patch 6:

https://tools.cisco.com/bugsearch/bug/CSCuo78457

ISE won't match configured profiling policy

SD-WAN: Data Policy の match 条件に app-list を使用する際の注意点について

4. Introducing Cisco ISE Policy - 4.1 & 4.2

Secure Network Analytics :SNAとISE連携におけるANC Policyの端末隔離動作について

3. Introducing Cisco ISE Policy Enforcement Components - 3.1 & 3.2

Doc - Implementación y Configuración de Cisco ISE