08-12-2014 10:39 PM - edited 03-10-2019 09:56 PM
Hi Guys,
Good Day!
I would like to ask how can I enable profling on Apple devices so that when the device connects over the WLAN, the ISE will determnined if the Apple is an iPad or an iPhone because my setup right now is that regardless if the device is an iPhone or iPad, it always goes to the Apple-Devices profile.
Thanks for the help experts!
Cheers,
Niks
08-13-2014 03:52 AM
A logical profile is a container for a category of profiles or associated profiles, irrespective of Cisco-provided or administrator-created endpoint profiling policies. An endpoint profiling policy can be associated to multiple logical profiles.
You can use the logical profile in an authorization policy condition to help create an overall network access policy for a category of profiles. You can create a simple condition for authorization, which can be included in the authorization rule. The attribute-value pair that you can use in the authorization condition is the logical profile (attribute) and the name of the logical profile (value), which can be found in the EndPoints systems dictionary.
For example, you can create a logical profile for all mobile devices like Android, Apple iPhone, or Blackberry by assigning matching endpoint profiling policies for that category to the logical profile. Cisco ISE contains IP-Phone, a default logical profile for all the IP phones, which includes IP-Phone, Cisco-IP-Phone, Nortel-IP-Phone-2000-Series, and Avaya-IP-Phone profiles.http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#pgfId-2038467
08-13-2014 02:30 PM
What version of the WLC are you running? Also, what profiling probes do you enabled in ISE?
08-13-2014 06:37 PM
Hi Neno,
Good Day!
I'm not sure about the version of the WLC but I already enabled all the profiling probes in my ISE 1.2.
Thank you and have a nice day!
Cheers,
Nikko
08-13-2014 09:39 PM
https://supportforums.cisco.com/discussion/12263486/ise-12-profiling-user-agent-attribute-incorrect
Check this thread out. Willing to punt some money that you are likely experiencing the same issues as myself.
11-17-2014 09:09 PM
Kindly review the below link :
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_30_ise_profiling.pdf
11-21-2014 06:22 AM
enable profiling probes in ISE . ISE comes with several profiling conditions and polices and you can get latest updates with ISE feed service. You can tweak ISE profile conditions as per your requirements. You can use the profiling condition in the authorization policy like
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide