cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1069
Views
2
Helpful
6
Replies

See what triggered a profile change?

Every once in a while I run into devices that just change profile for no reason. My latest is an Apple MacBook profiled as an Apple-Device changed to Android for no reason.

Is there any way to see what was triggered.

I tried to look at what updated by the feed service, but the link to the reports page is not found and then sends me back to the login page.

Capture.JPG

1 Accepted Solution

Accepted Solutions

Go to Operations > Reports > Diagnostics > Endpoint Profile Changes

Set filter at top for specific MAC address.  Details link should reveal the new/changed profile data received in that profile assignment or change.

View solution in original post

6 Replies 6

kthiruve
Cisco Employee
Cisco Employee

Hi Dustin,

Have you turned on Nmap scan. Make sure to understand the difference in the results of the probe to identify the difference. You can look at the endpoint dashboard, click on the endpoint, look at the attributes.

I am hoping that you have turned on feed services to get the profiling updates.

Thanks

Krishnan

Go to Operations > Reports > Diagnostics > Endpoint Profile Changes

Set filter at top for specific MAC address.  Details link should reveal the new/changed profile data received in that profile assignment or change.

Thanks for the info, Still not sure what caused it, but looking at all the data, I do see this as odd.

User-Agent

Fabric Android Studio Plugin for Mac OS X/Android Studio 2.3

operating-system-resultAndroid

This is a MacBookPro

It looks like it triggered with a certainty of 30 due to thinking the OS was Android.

Yep this is a common issue I have seen in my deployments.  Minimum Certainty factor on the profiling policy wins the race.  You have a few options here:

  1. Remove NMAP condition from the Android profile policy.
  2. Bump up the minimum certainty factor on Apple-Device rule to above the minimum certainty factor of the Android rule.
  3. Make your own Apple-Device profiling policy and make the certainty factor is higher than Android rule.

I personally would go with #3.  As I always instruct customers "Cisco's minimum certainty factor is typically a 10/20/30 progression.  If you want your profiling policies to always beat Cisco's then make custom policies 100/200/300 progression."

Yeah, I usually set custom rules at 100, but normally have to only make for new phones and devices. My usual problem is unknown devices.

Yep identity the unknown devices is the “fun” part of the ISE install. Usually that is where I spend most of my time after the initial setup.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250