Under Context visibility, Mac address of HP laptop goes to Endpoint profile HP-Device and Identity G...

getaway51 · ‎10-27-2019

HI,

May I knw isnt this device supposed to go under 802.1x Profile. I am surprised to find tht it goes to Endpoint profile HP-Device and Identity Group-Profiled, which is ISE default . Wht i ponder is which authorization policy it will be in , since the Identity Group-Profiled. I always thought laptop goes to 802.1x policy rules not fall under MAB.

Since the laptop falls under these ISE default Endpoint profile HP-Device and Identity Group-Profiled, will it affect anything?

As per my understnading , HP laptop username and computername will be recognise by NAC and treated as 802.1x, therefore will PASS. i surprised to see it falls under default ISE profiles. any issues?

Damien Miller · ‎10-27-2019

The profile only matters if you are using that profile within any authorization policies. It is entirely possible to use profile information within 802.1x authorization flow.

If an endpoint authentications and authorizes within your 802.1x policy set, and you are not leveraging profiling information within that, then it won't matter.

ISE tries to profile every endpoint, regardless of the way it authenticates.

getaway51 · ‎10-27-2019

Hi,

If i viewed under policy sets, the HP laptop shld be under a grp which authenticates using eap-tls and authprization using company certs.

But when view under ISE logs, it goes to Endpoint profile HP-Device and Identity Group-Profiled. So i kind of confuse which is correct? Or they all eventually the same?

I saw there is no exact relation btw policy sets and Endpoint profile HP-Device and Identity Group-Profiled. Pls guide me!!

Pls enlighten me!!

Under Context visibility, Mac address of HP laptop goes to Endpoint profile HP-Device and Identity Group-Profiled