Logical Profile for non-standard devices.

network_geek1979 · ‎11-15-2021

Team,

I am looking for some ideas on creating profiles for non-standard devices like Cameras on the Cisco ISE for NAC.

These devices are not being detected as a standard vendor for OUI or any other parameters.

One option is to add manual MAC addresses but that would be too much of a manual effort.

The Cameras are PoE devices and I have attached a screenshot of what attributes we can see.

Any suggestions on getting this Profile created?

Thanks!!

N.

Arne Bier · ‎11-23-2021

Hello @network_geek1979

without going into great detail with screenshots, the approach I would take is to create a bunch of Profile Conditions

- Type:IP, Attribute Name "operating-system-result" CONTAINS Linux ->> (in Profiling Policies, increase certainty by 10)

- Type: MAC, AttributeName "MACAddress" STARTSWITH xxyyzz of the MAC OUI of those cameras ->> (in Profiling Policies, increase certainty by 10

And then create a Profiling Policy for this camera type, that requires certainty of 20 - and included the two Profiler Conditions above (and add others to make it more precise)

It looks like you're already doing some kind of profiling (how did you deduce the Operating system to be Linux? Via NMAP scan?)

If the devices use DHCP then you could also glean some attributes via DHCP Discovery packets (hostname, client identifier) - the more data you can get, the more accurate and useful the profiling will be. E.g. a good device naming convention might assist here also - e.g. if the cameras had a hostname like "sec_cam-outdoors-01" or whatever then you can use that in a Condition as well.