Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2019
Views
0
Helpful
15
Replies

MacBook profiles as Cisco-Switch in 2.1

Go to solution
Dustin Anderson
VIP Alumni
VIP Alumni

‎06-08-2016 01:57 PM - edited ‎03-10-2019 11:51 PM

I'm experimenting with trying to get Mac's to profile on ISE. 2.1. I've tried installing AnyConnect and for some reason it sees it as a Nexus 7000 switch.

Here's info from the debug

Attribute:AAA-Server value:ise-2
Attribute:Airespace-Wlan-Id value:5
Attribute:AllowedProtocolMatchedRule value:EAP_Chaining_Wireless
Attribute:AuthenticationMethod value:MSCHAPV2
Attribute:AuthorizationPolicyMatchedRule value:Default
Attribute:BYODRegistration value:Unknown
Attribute:CacheUpdateTime value:1465417705907
Attribute:Called-Station-ID value:20-3a-07-66-96-20
Attribute:Calling-Station-ID value:a4-5e-60-cf-81-83
Attribute:CreateTime value:1464896196500
Attribute:DestinationIPAddress value:10.10.207.156
Attribute:DestinationPort value:1812
Attribute:DetailedInfo value:Authentication succeed
Attribute:Device IP Address value:10.10.204.114
Attribute:Device Identifier value:
Attribute:Device Port value:32772
Attribute:Device Type value:Device Type#All Device Types
Attribute:DeviceCompliance value:Unknown
Attribute:DeviceRegistrationStatus value:NotRegistered
Attribute:EndPointMACAddress value:A4-5E-60-CF-81-83
Attribute:EndPointPolicy value:Cisco-Switch
Attribute:EndPointPolicyID value:4afc4ae0-6d8e-11e5-978e-005056bf2f0a
Attribute:EndPointProfilerServer value:ise-2
Attribute:EndPointSource value:RADIUS Probe
Attribute:FailureReason value:5440 Endpoint abandoned EAP session and started new
Attribute:FirstCollection value:1464896196418
Attribute:Framed-IP-Address value:
Attribute:Framed-IPv6-Address value:
Attribute:IdentityAccessRestricted value:false
Attribute:IdentityGroup value:Profiled
Attribute:IdentityGroupID value:b132c920-6d8d-11e5-978e-005056bf2f0a
Attribute:IsThirdPartyDeviceFlow value:false
Attribute:LastActivity value:1465417705904
Attribute:LastNmapScanTime value:1465245395228
Attribute:Location value:Location#All Locations
Attribute:LogicalProfile value:Infrastructure Network Devices
Attribute:MACAddress value:A4:5E:60:CF:81:83
Attribute:MDMServerID value:
Attribute:MatchedPolicy value:Cisco-Switch
Attribute:MatchedPolicyID value:4afc4ae0-6d8e-11e5-978e-005056bf2f0a
Attribute:MessageCode value:5440
Attribute:NAS-IP-Address value:10.10.204.114
Attribute:NAS-Identifier value:WLC-3
Attribute:NAS-Port value:1
Attribute:NAS-Port-Type value:Wireless - IEEE 802.11
Attribute:Network Device Profile value:Cisco
Attribute:NetworkDeviceGroups value:Location#All Locations, Device Type#All Device Types
Attribute:NetworkDeviceName value:WLC-3
Attribute:NetworkDeviceProfileId value:8ade1f15-aef1-4a9a-8158-d02e835179db
Attribute:NetworkDeviceProfileName value:Cisco
Attribute:NmapScanCount value:1
Attribute:NmapSubnetScanID value:0
Attribute:OUI value:Apple, Inc.
Attribute:PhoneID value:
Attribute:PolicyVersion value:32
Attribute:PortalUser value:
Attribute:PostureApplicable value:Yes
Attribute:PostureAssessmentStatus value:NotApplicable
Attribute:PostureExpiry value:
Attribute:PostureStatus value:Unknown
Attribute:RadiusFlowType value:Wireless802_1x
Attribute:RadiusPacketType value:AccessRequest
Attribute:RegistrationTimeStamp value:0
Attribute:Response value:{RadiusPacketType=Drop; }
Attribute:SSID value:20-3a-07-66-96-20
Attribute:SelectedAccessService value:Default Network Access
Attribute:SelectedAuthenticationIdentityStores value:Internal Users, ise-2, All_AD_Join_Points
Attribute:SelectedAuthorizationProfiles value:DenyAccess
Attribute:Service-Type value:Framed
Attribute:StaticAssignment value:false
Attribute:StaticGroupAssignment value:false
Attribute:StepData value:4= Normalised Radius.RadiusFlowType, 5=EAP_Chaining_Wireless
Attribute:TLSCipher value:ECDHE-RSA-AES256-SHA
Attribute:TLSVersion value:TLSv1
Attribute:TimeToProfile value:44
Attribute:Total Certainty Factor value:30
Attribute:UniqueSubjectID value:
Attribute:UpdateTime value:1465245396597
Attribute:allowEasyWiredSession value:false
Attribute:host-name value:
Attribute:ip value:
Attribute:operating-system value:Cisco Nexus 7000 switch (NX-OS 4.2.6) (accuracy 99%)
Attribute:operating-system-result value:Cisco Nexus 7000 switch (NX-OS 4.2.6) (accuracy 99%)
Attribute:SkipProfiling value:false

Labels:
0 Helpful
15 Replies 15

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Dustin Anderson

‎06-10-2016 11:45 AM

Ok you've done it manually, but normally you don't need question. I asked which probe you were using. Could you confirm me that you set ip dhcp helper on all SVI pointing to your ISE server? 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents