11-07-2018 11:09 PM
Hi all,
We have a customers who wants to use profiling of 2802I AP´s in ISE.
But it appears there is a difference between real life CDP info on switches compared to what we provide on profiling feed.
CDP info gathered on switch:
800 AP cdp info fra NAD:
Device ID: ARSLap016
Entry address(es):
IP address: 10.89.171.75
IPv6 address: FE80::A23D:6FFF:FE57:E48C (link-local)
Platform: cisco AIR-AP2802I-E-K9, Capabilities: Router Trans-Bridge
Interface: GigabitEthernet3/0/5, Port ID (outgoing port): GigabitEthernet0
Holdtime : 153 sec
Version :
Cisco AP Software, ap3g3-k9w8 Version: 8.5.135.0
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2014-2015 by Cisco Systems, Inc.
Data collected in ISE:
NFO FRA ISE:
cdpCacheAddress |
10.89.171.75 |
cdpCacheCapabilities |
R;T |
cdpCacheDeviceId |
ARSLap016 |
cdpCachePlatform |
cisco AIR-AP2802I-E-K9 |
cdpCacheVersion |
Cisco AP Software, ap3g3-k9w8 Version: 8.5.135.0 Technical Support: http://www.cisco.com/techsupport Copyright (c) 2014-2015 by Cisco Systems, Inc. |
But our conditions :
We can of course create our own and we did that, but customer is wondering why the built-in profiles are incorrect and when that will be fixed??
Br
Tue Frei Noergaard
Solved! Go to Solution.
11-14-2018 11:03 AM
Hi,
Can you clarify what the devices is profiled as before adding a new profiling policy ?
Is the device is profiled as Cisco Device or Cisco Access point ? ISE has a hierarchy in the way it profiles different class of devices under a certain vendor. It is important to understand where the problem is
Here is the profile for Cisco 2800 that has the cdp platform as attribute.
Parent profile is Cisco Access Point
Krishnan
11-15-2018 04:59 AM
Hi
After we did new custom build profile conditions - it works - so it should not be the hierarchy thats a problem.
The problem is that the we will never match the AP2800 profile that´s built-in because CDP infomations is based on AP.. and not CAP..
So - an update to the builtin profiles would be needed.
It works with custom profile conditions - but that it not optimal is our customers need to do that with a lot of devices.
One should think we/Cisco should be able to create correct profiles in the feed - especially for our own products.
br
Tue
11-16-2018 03:15 PM
Please see another post related to this.
https://community.cisco.com/t5/identity-services-engine-ise/profiling-policy-for-ap2800/td-p/3428839
where the xml file worked with someone else.
if you open xml file you will see that cdpcacheplatform has a value CAP in the value.
<Check attributeName="cdpCacheVersion" attributeValue="C2800" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Version" name="Cisco-AP-Aironet-2800Rule3Check1" operator="Contains" type="CDP"/><Check attributeName="cdpCachePlatform" attributeValue="cisco AIR-CAP2802I" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Platform" name="Cisco-AP-Aironet-2800Rule1Check1" operator="Contains" type="CDP"/>
When I searched around cdpplatform related defects for AP. I found the following
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd86274
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvk09404
Seems like there is some inconsistency in the attribute and it keeps changing. Creating a custom condition is the best approach given the fact that the value for the attribute. If you strongly feel otherwise, please work with TAC and let them open a defect accordingly.
-Krishnan
11-08-2018 12:34 AM
11-14-2018 11:03 AM
Hi,
Can you clarify what the devices is profiled as before adding a new profiling policy ?
Is the device is profiled as Cisco Device or Cisco Access point ? ISE has a hierarchy in the way it profiles different class of devices under a certain vendor. It is important to understand where the problem is
Here is the profile for Cisco 2800 that has the cdp platform as attribute.
Parent profile is Cisco Access Point
Krishnan
11-15-2018 04:59 AM
Hi
After we did new custom build profile conditions - it works - so it should not be the hierarchy thats a problem.
The problem is that the we will never match the AP2800 profile that´s built-in because CDP infomations is based on AP.. and not CAP..
So - an update to the builtin profiles would be needed.
It works with custom profile conditions - but that it not optimal is our customers need to do that with a lot of devices.
One should think we/Cisco should be able to create correct profiles in the feed - especially for our own products.
br
Tue
11-15-2018 05:27 AM
11-16-2018 03:15 PM
Please see another post related to this.
https://community.cisco.com/t5/identity-services-engine-ise/profiling-policy-for-ap2800/td-p/3428839
where the xml file worked with someone else.
if you open xml file you will see that cdpcacheplatform has a value CAP in the value.
<Check attributeName="cdpCacheVersion" attributeValue="C2800" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Version" name="Cisco-AP-Aironet-2800Rule3Check1" operator="Contains" type="CDP"/><Check attributeName="cdpCachePlatform" attributeValue="cisco AIR-CAP2802I" description="Condition for Cisco-AP-Aironet-2800, based on CDP-Cache-Platform" name="Cisco-AP-Aironet-2800Rule1Check1" operator="Contains" type="CDP"/>
When I searched around cdpplatform related defects for AP. I found the following
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd86274
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvk09404
Seems like there is some inconsistency in the attribute and it keeps changing. Creating a custom condition is the best approach given the fact that the value for the attribute. If you strongly feel otherwise, please work with TAC and let them open a defect accordingly.
-Krishnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide