Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE won't match configured profiling policy

I'm trying to match Cisco LAPs (any kind of) using profiling in my AuthZ policies, yet the specific AP (a 1252 model) always gets profiled as 'Cisco-Aironet-AP-1250' instead of the desired, more generic 'Cisco-AIR-LAP' policy. To change this behaviour, I've tried to work with a simple match ('LLDP:lldpSystemDescription CONTAINS K9W8') and give this policy a high certainty factor of 150, yet it doesn't work.

How can I force any kind of LAP (that must not contain any autonomous AP) to get profiled in a generic LAP policy which I can use in an AuthZ policy?

I'm using ISE 1.2, patch 6.

Thanks, Toni

 
 
 
2 REPLIES

please refer to the image

please refer to the image

New Member

Hi, thanks for your reply.

Hi, thanks for your reply. That's almost a winner...meanwhile, I escalated this to TAC. Basically, attribute value "cisco AIR-LAP" would do, but there's a bug that needs to be considered with ISE 1.2, patch 6:

https://tools.cisco.com/bugsearch/bug/CSCuo78457

201
Views
0
Helpful
2
Replies
CreatePlease to create content