I would like to ask how can I enable profling on Apple devices so that when the device connects over the WLAN, the ISE will determnined if the Apple is an iPad or an iPhone because my setup right now is that regardless if the device is an iPhone or iPad, it always goes to the Apple-Devices profile.
Thanks for the help experts!
A logical profile is a container for a category of profiles or associated profiles, irrespective of Cisco-provided or administrator-created endpoint profiling policies. An endpoint profiling policy can be associated to multiple logical profiles.
You can use the logical profile in an authorization policy condition to help create an overall network access policy for a category of profiles. You can create a simple condition for authorization, which can be included in the authorization rule. The attribute-value pair that you can use in the authorization condition is the logical profile (attribute) and the name of the logical profile (value), which can be found in the EndPoints systems dictionary.
For example, you can create a logical profile for all mobile devices like Android, Apple iPhone, or Blackberry by assigning matching endpoint profiling policies for that category to the logical profile. Cisco ISE contains IP-Phone, a default logical profile for all the IP phones, which includes IP-Phone, Cisco-IP-Phone, Nortel-IP-Phone-2000-Series, and Avaya-IP-Phone profiles.http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#pgfId-2038467
Check this thread out. Willing to punt some money that you are likely experiencing the same issues as myself.
enable profiling probes in ISE . ISE comes with several profiling conditions and polices and you can get latest updates with ISE feed service. You can tweak ISE profile conditions as per your requirements. You can use the profiling condition in the authorization policy like