What is the best approach to classify devices when one OID is associated with two different network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2025 07:53 AM
Hi,
We have IDS (Intrusion Detection System) devices with a specific OID; however, these devices are being discovered as Cisco Firewalls. Upon cross-verifying, I noticed that some valid Cisco Firewalls are also being discovered with the same OID.
I’m trying to create a classifier specifically for our IDS devices. All of our IDS device names contain the string “ids,” and I’ve added a condition in the classifier as [sysName contains "ids"], but the Cisco classifier still seems to be taking precedence.
How can I resolve this issue and ensure the correct classification for our IDS devices? Please advise.
Regards,
Vini
- Labels:
-
Discovery
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2025 07:17 AM
Hi @srinija_itom ,
I had the discussion with my network team, Modifying the OID at device level is not feasible and we know that once the OID matches, it doesn’t check for the next level conditions in the Classifier. Internally, the condition behaves as "OR" rather than "AND."
If the same OID is present on two different devices, Discovery cannot classify them into separate devices. This is not feasible.
Since IDS has two functions [Detection system and Firewall's] we are not making any customizations at the moment.
Thank you,
Vini.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2025 08:37 AM
What does network team want, IDS to be a Detection system or Firewall? It can't be both. Basing on that, you turn active to true/false in the OID in the corresponding classifier.
