I did a quick test enabling DHCP profiling on WLAN in the WLC. I couldn't did extensive tests because the DHCP appears to not working, so I needed to back. I don't understand why enabling this option affects the DHCP functionality ...
Unfortunately I can't do extensive tests on productive network, so I would need to be sure about which parameters to change.
In lab (not the same environment to test) I have seen the ISE is able to identify a Galaxy smartphone as Samsung Device (by RADIUS probe), I guess by the OUI Endpoint, and some minutes later as Android (by DHCP probe) ... So, I wonder if it is possible to define a priority or preference over which probe apply first ...
In the ISE Endpoint details I found this
User-Agent Mozilla/5.0 (Linux; U; Android 2.3.6; es-us; GT-I9070 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
I guess here is where the ISE learns from the device is an Android, right?
What do you have configured under "Administration > System > Settings > Profiling?" You should have CoA enabled and set to "Re-Auth"
- What version of code are you running on the WLC?
- All information from all of the probes is collected and evaluated at the same time. There isn't a probe setting to make one more preferred than the other. Instead, profiling rules with higher certainty factor are preferred against rules with lower certainty level.
- In the WLC, what do you have for DHCP settings both under the WLAN interface and under the "controller" tab for the DHCP proxy
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :