ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

No DHCP fingerprints in EAC after configuring bootrely to the appliance

  • 1.  No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:18
    No DHCP fingerprints in EAC after configuring bootrely to the appliance.

    I configured bootprelay to my EAC appliance and noticed that there are no DHCP fingerprints. Do I have to configure something to got this working?

    When I do a tcpdump i see dhcp request and other information.



  • 2.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:58
    Hello Johan,

    There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

    To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

    Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

    If "Device Type Detection" is enabled then everything should work.

    Check this:
    Right click the NAC Appliance --> Webview

    Then Status --> Database

    Check the "MAC to IP DB Writer Status Information"

    If you refresh the page do you see "updates processed" and "requested updates" increasing?

    Thanks
    -Ryan



  • 3.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:58
    Hello Ryan,

    The "Device Type Detection" is enabled an de counter are increasing.

    But no fingerprints 😞



  • 4.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:58
    Go back into the Webview for the NAC.

    This time go Diagnostics --> Appliance/Server Diagnostics

    Set DHCP packet sniffing to Verbose
    Set OS detect to Verbose
    Set OS detect failure to Verbose

    Hit OK.

    Disconnect your test client from the network, delete the end system out of NAC and reconnect it to the network to cause another DHCP request

    Verify your end system has reappeared in NAC with no fingerprint information.

    Turn off diagnostics.

    The log will be in /var/log/tag.log on the NAC appliance. If you search for the last 3 octets of your MAC address with dashes (eg: 11-22-33) do you see any message in the log?

    Would you be able to provide for review?

    Thanks
    -Ryan


  • 5.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:58
    the logging I found:

    2018-07-10 16:00:27,442 INFO [DHCPServer] DHCP Message type: REQUEST (3), MAC:A4-4C-C8-13-89-1F/IP:0.0.0.0 144.2.148.44 relay ip:144.2.144.254 hostname:CI-11065 option 61:

    2018-07-10 16:00:27,442 DEBUG [DHCPServer] handling: DHCPMessageResult (MAC: A4-4C-C8-13-89-1F, callerIp: 0.0.0.0, option50Ip: 144.2.148.44, relayIp: 144.2.144.254, hostName: CI-11065, fullyTrusted: false)

    2018-07-10 16:00:27,442 DEBUG [Match] OS match detected, MAC=A4-4C-C8-13-89-1F, IP=0.0.0.0, OS detected=Windows 8/ 8.1/ 10/ 2012

    2018-07-10 16:00:27,442 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,3,6,15,31,33,43,44,46,47,121,249,252), Vendor Class Id=MSFT 5.0, TTL=64

    2018-07-10 16:00:27,442 INFO [DHCPServer] Adding Option50 IP Mapping: A4-4C-C8-13-89-1F = 144.2.148.44 for relay IP: 144.2.144.254, hostname: CI-11065, os: Windows 8/ 8.1/ 10/ 2012, fully trusted: false

    2018-07-10 16:00:27,442 INFO [MacToIpMessageHandler] ESDMAC:13-89-1F,ESDIP:144.2.148.44 Processing macToIp: MAC: A4-4C-C8-13-89-1F, IP: 144.2.148.44, Relay IP: 144.2.144.254, Hostname: CI-11065, OS Name: Windows 8/ 8.1/ 10/ 2012, DHCP Server Response: false, Request: true, from Appliance: 10.2.112.2

    2018-07-10 16:00:27,442 DEBUG [MacToIpMessageHandler] ESDMAC:13-89-1F,ESDIP:144.2.148.44 MAC-to-IP message is not fully trusted, the option is set to use this data for end-systems on non-VLAN based switches, (No Switch Found), only storing data in DB.

    2018-07-10 16:00:27,442 DEBUG [NacToNacMessageSender-MacToIpMessage] Adding message: MAC: A4-4C-C8-13-89-1F, IP: 144.2.148.44, Relay IP: 144.2.144.254, Hostname: CI-11065, OS Name: Windows 8/ 8.1/ 10/ 2012, DHCP Server Response: false, Request: true, from Appliance: 10.2.112.2



  • 6.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:58
    Did the end system re-appear in Extreme Management Center with an OS? Or are you still not seeing any fingerprint information?



  • 7.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-09-2018 12:58
    still no any fingerprint information


  • 8.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-13-2018 12:02
    I've seen a similar Problem at customer site and here in my lab. Even after I got this in my logfile

    2018-07-13 08:40:22,977 DEBUG [Match] OS match detected, MAC=00-1B-0C-96-AA-6A, IP=192.168.10.163, OS detected=Cisco IP Phone
    2018-07-13 08:40:22,977 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,66,6,3,15,150,35), Vendor Class Id=Cisco Systems, Inc. IP Phone CP-7906G, TTL=64

    the endsystem entry in control still shows no device type and device family




  • 9.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-13-2018 12:02
    You have an end system entry. I don't have that.


  • 10.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-13-2018 12:02
    I'd say both cases warrant investigation through a GTAC case.

    Thanks
    -Ryan


  • 11.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-17-2018 04:45
    found problem. mismatch in radius configuration. After reconfig radius the end station show up.



  • 12.  RE: No DHCP fingerprints in EAC after configuring bootrely to the appliance

    Posted 07-17-2018 16:36
    I misread your previous comment. Not having an end system entry would point to a RADIUS problem. Good to hear you have found the problem!