device profiling on WLC 9800 running IOS-XE

Alex-Pr · ‎11-12-2024

Hey everyone,

Is there a way to update the OUI database in the WLC running IOS-XE. I think there was a way with AirOS, but I don't see it in IOS-XE

What I want to do us upload the updated OUI database from https://standards-oui.ieee.org/oui/oui.txt so that the mac addresses is used for classifying the device if the HTTP TLV Caching or DHCP TLV Caching don't pick it up. I seem to have a huge percentage of devices marked as Unclassified or Unknown but if I look up the mac, it easily finds the correct vendor in most cases...

Thanks

balaji.bandi · ‎11-12-2024

what is the IOS XE code running, have you looked the below guide :

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215661-in-depth-look-into-client-profiling-on-9.html

if that is already looked and still issue, can you provide some example and environment information. (other than just WLC 9800 )

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Alex-Pr · ‎11-13-2024

I'm running 17.12.3 and yes I have looked at that document. Step 1 says it looks at the OUI database

An example is a device that starts with MAC 04-C1-03 is showing as Un-Classified Device. Yet when I look at the OUI list it identifies the vendor as Clover.

I am guessing the WLC is not actually looking at the MAC and it is only doing step 2/3 where it is looking at the headers of http traffic to determine a vendor and that is a guess at best.

Another example is a device starting with MAC 00-24-06 is identified as Linux Workstation yet the OUI lookup shows the vendor as Pointmobile.

I am guessing the 2nd device is starting with some https traffic that can identify the OS as Linux based whereas the 1st device is maybe establishing a vpn tunnel from the get go so it can never identify the device via http headers...

With MAC randomization, a lot of devices don't match for what the oui table has but I guess that is to be expected..

Overall I typically see 40% of the devices as unclassified or unknown.

MHM Cisco World · ‎11-13-2024

did you select device classification ??

MHM

Alex-Pr · ‎11-13-2024

Yes I have those settings.

The system seems to classify about 60% of the wireless devices. Of that 60%, I don't think it is very accurate.

Maybe it is a lost cause...

Leo Laohoo · ‎11-13-2024

OUI cannot be updated in IOS-XE.

There was talk about bringing this feature back in IOS-XE but it is "in the roadmap" since the first two years 9800 were shipped.

NOTE:

And the Cisco phrase "in the roadmap" is a both a convenient excuse and a euphemism for "not a priority unless some big customer makes it so". "in the roadmap" timeline is between "seven to 20 years". If the enhancement request is made by a very large customer considered "too big to refuse" then the timeline goes down to about two to three years.

I suspect one of the critical reason why this feature will not be rolled out to multi-WNCD controllers is because uploading a large OUI DB will cause a multi-WNCD controller to an uncontrollable boot-crash-loop (with or without APs attached). Also, uploading an OUI to a VSS pair will absolutely guarantee BOTH controllers may/will go into an uncontrollable boot-crash loop.