Device Classifier Dynamic XML Support

Feature History for Device Classifier Dynamic XML Support

This table provides release and related information about the feature explained in this section.

This feature is also available in all the releases subsequent to the one in which they are introduced in, unless noted otherwise.

Table 1. Feature History for Device Classifier Dynamic XML Support

Release

Feature

Feature Information

Cisco IOS XE Dublin 17.10.1

Device Classifier Dynamic XML Support

You can do the following:

  • Add rules, checks, and profile name to an XML file.

  • Upload the XML file to the device file system.

This feature enables better device classification without upgrading the device to a new release.

Note

 

Device classifier dynamic XML support is applicable for the following:

  • Devices that are not classified previously: The classification takes effect from the latest file without any reboot.

  • Devices that are already classified: The clients have to rejoin for the classification to take effect.

  • Client previously classified with higher protocol values such as DHCP + HTTP: If the same client wants to be classified with only DHCP, use the clear wireless client device cache command.

Information About Device Classifier Dynamic XML Support

The current device classifier uses static XML file wherein you define checks, rules, and profiles based on MAC, DHCP, and HTTP TLVs in wireless devices. The static XML file is converted to a text file and integrated with the image. When you enable the device classified functionality using device classifier command, the contents in the text file is read and populated into the device classifier structures.


Note


The subsequent device classification is based on the populated device classifier structures.


Presently, if you find any unclassified devices in a controller, the static XML file is updated with the new rules, checks, and profiles to get the devices classified. You will need to wait till the subsequent release as the static XML file is integrated with the image and cannot be changed from the controller.

Workflow: To Classify Unclassified Devices with Dynamic XML File

  1. The dynamic XML filename must be dc_user_profiles.xml .


    Note


    Files with any other name are not read and parsed even if they have the correct schema.


  2. Copy the sample dynamic XML file to your system using the following command:

    copy {flash:} {ftp: | tftp:}

  3. Provide a new version for the dynamic XML file:

    <Version>1.1</Version>

  4. Edit the dynamic XML file with the new rules, checks, and profiles as defined in the schema after examining the TLV values of the unclassified devices.


    Note


    To check the TLV values, use the following command:

    show wireless client mac-address mac detail


  5. Copy the dynamic XML file to the device flash using the following command:

    copy {ftp: | tftp:} {flash:}

Once the file is copied to the device file system, the newly connected clients are classified according to the new profiles defined in the dynamic XML file. You need to reconnect the already unclassified devices to send the DHCP and HTTP TLVs, and then classify them according to the new profiles. The already classified devices remain as classified until they are reconnected.

Dynamic XML File

The device classifier dynamic XML support enhancement addresses this problem for device classifier dynamic XML file.

With the introduction of dynamic XML support, you are provided with a new dynamic device classifier XML file support.


Note


The filename will be dc_user_profiles.xml and you can update the dynamic XML file with the new rules, checks, and profiles based on the devices connected and according to the provided schema.You can then copy this XML file to the device file system to enable better device classification without the need to upgrade the device to a new release.


The static XML file support is still available. If a device is connected, its TLVs are checked with the dynamic XML user profiles first and if it matches it is classified as per that profile. If you search for non-static XML profiles and if it matches it is classified as per that profile.


Note


The sample dynamic XML file is available in the device at flash:dc_profile_dir/.. You can consider the following sample dynamic XML file schema and copy this to your system using copy {flash:} {ftp: | tftp:} command, and append or replace the content with your own profiles, rules, and checks:


<?xml version="1.0" encoding="UTF-8"?>
<DeviceList>
             <CopyRight>Copyright (c) 2021-2022 by Cisco Systems, Inc. All rights reserved.</CopyRight>
             <Version>1.0</Version>
             <Device>
                   <DeviceType>Sample_Profile_1</DeviceType>
                   <RuleName>Sample_Rule_1</RuleName>
                   <RuleOperator>OR</RuleOperator>
                   <RuleCertaintyMetric>20</RuleCertaintyMetric>
                   <Check>
                              <Protocol>DHCP</Protocol>
                              <TLV-Type>12</TLV-Type>
                              <TLV-Value-Type>String</TLV-Value-Type>
                              <TLV-Value>test</TLV-Value>
                   </Check>
                   <Check>
                              <Protocol>HTTP</Protocol>
                              <TLV-Type>3</TLV-Type>
                              <TLV-Value-Type>Integer</TLV-Value-Type>
                              <TLV-Value>23</TLV-Value>
                  </Check>
            </Device>
            <Device>
                 <DeviceType>Sample_Profile_2</DeviceType>
                 <RuleName>Sample_Rule_2</RuleName>
                 <RuleOperator>AND</RuleOperator>
                 <RuleCertaintyMetric>30</RuleCertaintyMetric>
                 <Check>
                        <Protocol>DHCP</Protocol>
                       <TLV-Type>12</TLV-Type>
                       <TLV-Value-Type></TLV-Value-Type>
                       <TLV-Value>test</TLV-Value>
                 </Check>
                 <Check>
                        <Protocol>MAC</Protocol>
                        <TLV-Value-Type>String</TLV-Value-Type>
                        <TLV-Value>Cisco</TLV-Value>
                  </Check>
</Device>
</DeviceList>

Each time you copy a new dynamic XML file, the older user profiles are erased completely and newer profiles are populated. After copying the dynamic XML files, only the newly connected clients are classified based on the new dynamic file whereas the already classified devices still remain as classified with older profiles until they are reconnected.


MAC OUI-Based Profiles

The Organizational Unique Identifier (OUI) of a MAC address is part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and administered by the IEEE.

To define MAC-based profiles in the dynamic XML file, see https://standards-oui.ieee.org/.

For example, if the Client MAC address is 7035.094d.000, then OUI is 0x703509. You can find the corresponding entry in the https://standards-oui.ieee.org/ as follows:


70-35-09   (hex)		Cisco Systems, Inc
703509     (base 16)	   Cisco Systems, Inc
				  80 West Tasman Drive
				  San Jose  CA  94568
				  US

Enabling Device Classifier (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

device classifier

Example:

Device(config)# device classifier

Enables the classification of attached devices.

Step 3

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Updating Dynamic XML File

To classify a device, add the following lines in the dynamic XML file:


<DeviceList>
           <CopyRight>Copyright (c) 2021-2022 by Cisco Systems, Inc. All rights reserved.</CopyRight>
           <Version>1.1</Version>
           <Device>
                  <DeviceType>Device-test”</DeviceType>
                 <RuleName>Rule-Test</RuleName>
                <RuleOperator>AND</RuleOperator>
                <RuleCertaintyMetric>20</RuleCertaintyMetric>
                <Check>
                        <Protocol>DHCP</Protocol>
                        <TLV-Type>12</TLV-Type>
                       <TLV-Value-Type>String</TLV-Value-Type>
                       <TLV-Value>test</TLV-Value>
                 </Check>
          </Device>

...............................
</DeviceList>

Verifying TLV Values

To verify the TLV values, use the following command:

Device# show  wireless  client  mac-address 7035.094d.0001 detail
Client MAC Address : 7035.094d.0001

…………………………………………………………………………………………………………

Nearby AP Statistics:

EoGRE : Pending Classification

Device Classification Information:

  Device Type         : Un-Classified Device

  Device Name      : Unknown Device

  Protocol Map     : 0x000009  (OUI, DHCP)

  Device Protocol  : DHCP                      -→ <Protocol>DHCP</Protocol>

    Type             : 12   14                          --> <TLV-Type>12</TLV-Type>

    Data             : 0e

    00000000  00 0c 00 0a 74 65 73 74  2d 30 30 30 30 31         |....test-00001  |           ---><TLV-Value>test</TLV-Value>

    Type             : 60   8  

    Data             : 08

    00000000  00 3c 00 04 74 65 73 74                            |.<..test        |

    Type             : 55   11 

    Data             : 0b

    00000000  00 37 00 07 01 1c 02 03  0f 06 0c                  |.7.........     |

Max Client Protocol Capability: Wi-Fi6 (802.11ax)

Clearing Old Classification Cache

If an already classified client uses any of the three type-length-values (TLVs) [OUI, DHCP, or HTTP] and if the combination value is lower, the existing value is ignored. To avoid such a scenario, use the following command:

Device# clear wireless client device cache

Note


The priority of the TLVs is as follows:

  • OUI

  • DHCP

  • HTTP

After executing the clear command, you must rejoin the client to get it classified as per the latest XML file.