Re: ISE and Kindle/Nook Devices

kknuckles · ‎09-03-2013

I was wondering if anyone had written any custom policy elements and profiling policies for Kindle and or Nook devices. We have a large quantity of users who are wanting to bring these devices in.

We are on ISE 1.1.4 with all patches installed. I looked through all of the pre-configured policy elements / policies and couldn't find any for these types of devices.

If anyone is on ISE 1.2, does it have policies already for these devices?

Ravi Singh · ‎09-03-2013

I don't think these devices are supported by Cisco ISE. Please see the attached compatibility matrix list.

kknuckles · ‎09-04-2013

Well, it may not be compatible with their pre-configured rules. I was mainly asking if anyone had written any of their own custom rules and policy elements before I went and did so. Obviously, nobody has. So, I went under:

Policy -->Policy Elements-->Conditions-->Profiling

I then created one new condition called Kindle-Check1.

Type - DHCP

Attribute Name - host-name

Operator - CONTAINS

Attribute-Value - kindle

I then went to Policy -->Profiling-->Profiling Policies

I added one that used the condition above. As soon as I did close to 75 devices got profiled as Kindle devices and were allowed on the network.

So it works, you just have to create a custom condition and rule for it. It might not be perfect, given that users can change the host name of the device. Kindle Fire's are totally different in the sense that they run Android. Some get profiled as android, but the ones that don't are now getting profiled as Kindle devices.