Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
754
Views
15
Helpful
6
Replies

Catalyst switch device classifier and custom devices?

andrew.butterworth
Level 7
Level 7

‎11-25-2022 04:12 AM - edited ‎11-25-2022 04:15 AM

I have some Catalyst switches (3560X, 3750X and 3560CX) all running the latest IOS releases.  I'm aware the 3560X/3750X are now EoL.  I'm attempting some IBNS 2.0 configurations and want to bypass authentication for IP Phones.  This works perfectly for Cisco IP Phones; however, we have some Mitel IP Phones that don't get detected by the device classifier.  This is only an issue when the RADIUS server isn't available, and a new device appears.  My IBNS 2.0 policy is doing multi-domain authentication and MAB for the IP Phones.  If the RADIUS server is available, then the phones get authenticated by MAB and the RADIUS policy pushes the Voice VLAN and Voice Domain.  If the RADIUS server isn't available, then I'm using the 'Next Gen Auth Bypass' functionality to identify the device and apply policy locally (set the VLAN and Voice Domain).  This works fine for Cisco IP phones as the device classifier identifies it, however for the Mitel IP phones they don't get classified.  The Mitel IP phones support CDP & LLDP and appear as neighbours to the switch.

How can I get the device classifier to recognise these Mitel IP phones?  I can get Autoconf/auto smart-ports to recognise the Mitel IP phones by the OUI, however I need the device classifier to recognise them because autoconf doesn't work when authentication is enabled on the interface - even if they are recognised as Cisco IP phones.

Anyone know how I can achieve this?

Labels:
0 Helpful
6 Replies 6

andrew.butterworth
Level 7
Level 7

‎11-25-2022 05:29 AM

Out of curiosity I plugged a Mitel IP phone into a Catalyst 3650 running 16.12.8.  This isn't used as an access switch; however, device classifier is enabled.  This is recognised and shows this

 

cat-3650#sho dev classifier attached interface gigabitEthernet 1/0/24 detail
Detail:

MAC_Address    Port_Id  Cert Parent Proto ProfileType Profile Name              Device Name
=========================================================================
0800.0f4a.9a74  GigabitEthernet1/0/24 40   0   CL M   Default  IP-Phone

 

On the C3560X I see this:

cat-3560x#sho device classifier attached interface gigabitEthernet 0/5 detail
DC default profile file version supported = 1

Detail:

Protocol:  C - CDP  L - LLDP  D - DHCP  M - OUI  H - HTTP  S - SIP  T - H323  N - MDNS
MAC_Address     Port_Id    Cert Parent Protocol         ProfileType  Profile Name                        Device_Name
==============  ========== ==== ====== ================ ===========  =================================   =================================
0800.0f4a.7a91  Gi0/5       0     0    C L D M          Unknown      Un-Classified Device
===========================================================================

I think this has to do with the dc_default_profiles.txt files (and dc_embedded_profiles.txt file on the C3650).  I'm fairly sure you aren't supposed to edit these files as they are automatically generated (or so it says in the file).

Anyone ever customised the DC files?

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to andrew.butterworth

‎11-25-2022 05:42 AM

device classifier <<- are you add this command in global mode of C3560 ?

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to MHM Cisco World

‎11-25-2022 06:00 AM

Yes, of course.  This is enabled on all the switches I'm testing on - C3560X, C3560CX and C3650.  The C3650 is a live switch so I don't want to 'play' with this.  The C3560X & C3560CX are in the lab.

I'm fairly sure it's the dc_default_profiles.txt (and dc_embedded_profiles.txt on the C3650) files.

I found this post on CCO from 2018 Auto Smart Ports - Half Baked Detection - Cisco Community

It doesn't look like its documented anywhere.

I've just had a look on a C9300 running 17.6.4 and this only has the 'dc_default_profiles.txt' file, however there is no reference to Mitel in it.  The 'dc_embedded_profiles.txt' file on the C3650 has references to Mitel so I'm confused where the C9300 gets the information?

@MHM Cisco World wrote:

device classifier <<- are you add this command in global mode of C3560 ?

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to andrew.butterworth

‎11-25-2022 06:45 AM

""If a new device is not classified, contact the Cisco support team with the device MAC address. The Cisco
support team will provide a new dc_default_profile.txt file with the MAC address included in the file. You
need to replace the dc_default_profile.txt file with the earlier file. Follow these steps to change the
dc_default_profile.txt file: ""

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/configuration_guide/b_163_consolidated_3850_cg/b_163_consolidated_3850_cg_chapter_01001000.pdf

Device# show device classifier profile type table

 This command displays all the device types recognized by the device classification engine. The number of available device types is the number of profiles stored on the switch. Because the number of profiles can be very large, you can use the filter keyword to limit the command output.

so can you check command above see if there is any device types store in SW ?

andrew.butterworth
Level 7
Level 7
In response to MHM Cisco World

‎11-25-2022 07:22 AM - edited ‎11-25-2022 07:23 AM

Thanks for that.  Not sure I'll get any support on the C3560X with it being EoL.

I have been doing the most of the testing with the C3560X running 15.2(4)E10.  I have just moved the Mitel IP phone to the C3560CX running 15.2(7)E7 and this classifies the device as an IP-Phone which I hadn't noticed before.  I compared the size of the dc_default_profiles.txt files on the C3560X & the C3560CX and the C3560CX is bigger.

I copied the dc_default_profile.txt from the C3560CX to a TFTP server and then added it to the C3560X with the 'device classifier profile location tftp://x.x.x.x/dc_default_profile.txt' command after stopping the device classifier.  On starting the device classifier, the C3560X now classifies the Mitel IP phone:

 

DC default profile file version supported = 1

Detail:

Protocol:  C - CDP  L - LLDP  D - DHCP  M - OUI  H - HTTP  S - SIP  T - H323  N - MDNS
MAC_Address     Port_Id    Cert Parent Protocol         ProfileType  Profile Name                        Device_Name
==============  ========== ==== ====== ================ ===========  =================================   =================================
0800.0f4a.7a91  Gi0/5       40    0    C L   M          Default      IP-Phone
===========================================================================

 

And the IBNS 2.0 policy works the same for the Mitel IP phone as it does with the Cisco IP phone when the RADIUS server isn't available.

Excellent !!!!!

MHM Cisco World
VIP
VIP
In response to andrew.butterworth

‎11-25-2022 07:59 AM - edited ‎11-25-2022 08:03 AM

really excellent 
You are so so welcome 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card