Solved: Re: New Profiling Policies?

Dustin Anderson · ‎03-30-2017

Greetings,

Does anyone know if there is any update feed for new device profiles? I have been running into a issue with new devices being detected as "Cisco-Device" and being denied. Was actually a Galaxy S7 with Nougat update.

There is an update service for AV profiles, but nothing for the profiling system for devices?

Since you can import profiles, I was hoping Cisco had a site or something to get updates. My profiling system only has the Galaxy S6, and the 8 comes out in a few weeks. It seems absurd to expect every admin to create a profile for new devices instead of one being made centrally and updated.

Craig Hyps · ‎03-30-2017

Feed updates both OUIs and profiles. You can check Change Audit log and filter on 'feed' to look for updates. You may want to try disabling and re-enabling if not seeing any updates to profiles. You can also log into ise.cisco.com and setup notification to get emails when updates occur.

Craig

View solution in original post

M. Wisely · ‎03-30-2017

What version of ISE are you running? There is a feed service for the profiler in Administration -> Feed Service -> Profiler.

When you enable this it updates cisco provided profiles

Dustin Anderson · ‎03-30-2017

It is turned on and seems to be running, but seems to be adding OUI's. I'm running 2.1 and a 2.2 test box.

Both do not have current phones over the last year. Does the feed service only update OUI's? or are some profiles just not added.?

Craig Hyps · ‎03-30-2017

Feed updates both OUIs and profiles. You can check Change Audit log and filter on 'feed' to look for updates. You may want to try disabling and re-enabling if not seeing any updates to profiles. You can also log into ise.cisco.com and setup notification to get emails when updates occur.

Craig

hslai · ‎03-30-2017

What is the OUI value for the endpoint? Is it somehow got identified as Cisco...

It would be great if you may contribute by following How to Contribute Endpoint Profiles.

Dustin Anderson · ‎03-31-2017

60:F1:89 Murata Manufacturing Co., Ltd.

Not sure why a company as big as Samsung doesn't have their own OUI.

I'll look at uploading some profiles I've had to make. I think I have one for the new S8, but obviously can't test that yet.

M. Wisely · ‎03-31-2017

Murata makes components for Samsung phones, I believe this is why their OUI appears on Samsung phones. Samsung does have it's own OUIs.

When I search profiler conditions for Murata I don't get any results and I presume you'd find the same. There's nothing stopping you adding your own profiler condition and profiling policy for this mac address.

Craig Hyps · ‎03-31-2017

Profiling hierarchy is based primarily on hardware based or OS based. Each may lead to same conclusion, but the Hardware-based assume specific manufacturer like Cisco, Apple, HP, etc. but then will have sub-profiles to match on OS and other conditions. Software driven (like Workstation) start with premise that any NIC may be in use by the endpoint and to rely initially on those OS indicators to classify endpoint.

You can certainly create a new branch that starts with Murata, but since Murata is manufacturer for so many devices, it may not be usable from policy perspective to know a device is a "Murata-Device". I would look under the Android branch and see if key conditions missing that would identify the Galaxy.

/Craig