create a ExtremeControl/NAC DHCP fingerprint

  • 1
  • 6
  • Article
  • Updated 1 year ago
Hi,

in case a device isn't identified by ExtremeControl because it isn't in the database you'd create your own DHCP fingerprint.

I've run into the issue that my Amazon Kindle Fire HDX6 wasn't identified correctly 2years ago so here my notes for that example....

Thanks to Scott from the GTAC for helping me to solve the issue !!!

1) trace a DHCP request from the device

What we are looking for is the OUI of the device and option#55 (parameter request list) in the bootstrap protocol.



The OUI is 00:BB:3A and option#55 requests items are 1,33,3,6,15,26,28,51,58,59


2) create the fingerprint

With the above information Scorr created the following fingerprint for me...
<DHCP created="2015-07-28" last_updated="2015-07-30" author="GTAC"> <fingerprints>
<fingerprint os="Amazon Kindle Fire" os_class="Android" os_url="http://www.amazon.com"; comments="" author="support@extremenetworks.com" lastmodified="2015-07-30">
        <tests>
            <test weight="5" matchtype="exact" dhcptype="Any" dhcpmacoui="00-BB-3A" dhcpoption55="1,33,3,6,15,26,28,51,58,59"/>
        </tests>
    </fingerprint>
</fingerprints>
</DHCP>


3) import the fingerprint

Open the legacy NAC manager (I haven't found the option it in the web GUI) and right click on "All Access Control Engines" in the upper left and select "Appliance Settings" and "Device Type Detection"

Click the "Edit" button for "DHCP Fingerprinting Definition Overrides:" and paste the new fingerprint in the window and save.

Now you'd need to enforce the changes to the NAC.
!!! Changes won’t take effect until NAC sees another DHCP Discover or Request !!!

Here a link to a KB article that is very helpful...
https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Troubleshooting-Tips-Debug-Methodology...

BTW, I'm not sure whether the changes are gone after a sw upgrade so make sure to save the new fingerprints on your local laptop in case you'd need to paste it again into the NAC.

Here another example how to format the file in case you'd like to have more then one device added, in that case it's the Kindle and a fingerprint for the AP36xx/37xx/38xx (they should be included now already in the fingerprint DB)....





-Ron
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,114 Points 50k badge 2x thumb

Posted 1 year ago

  • 1
  • 6
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,114 Points 50k badge 2x thumb
Here another fingerprint for a Nintendo Switch which is identified as...
Device Family: PDA
Device Type: Nokia 6086 UMA
... in EMC 8.0.3

With this fingerprint the value is changed to...
Device Family: Game Console
Device Type: Nintendo

I didn't work at first because of a mistake that I made - please keep in mind that if you match on the OUI that you'd need to format it with - and not with :

Here the location of the file on the ExtremeControl engine...

root@NAC1:/opt/nac/server/config$ cat myDhcp.xml

<!-- The format of this file is specific to NAC                               -->
<DHCP created="2017-09-01" last_updated="2017-09-01" author="Ronald Dvorak">
 <fingerprints>
        <fingerprint os="Nintendo" os_class="Game Console" os_url="http://www.nintendo.com"; comments="" author="Ronald Dvorak" lastmodified="2017-09-01">
          <tests>
                <test weight="5" matchtype="exact" dhcptype="Any" dhcpmacoui="7C-BB-8A" dhcpoption55="1,3,6,28"/>
          </tests>
        </fingerprint>
 </fingerprints>
</DHCP>


Another reminder - this changes only how you see it in EMC, if you open a report on the WLAN controller you still see the wrong/old values.

-Ron
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
This is what I am using now for xbox one.. seems to work.

<fingerprint os="XBOX ONE" os_class="Game Console" os_url="http://www.xbox.com"; comments="" author="jlgibbs@utica.edu" lastmodified="2017-09-1">

        <tests>

            <test weight="5" matchtype="exact" dhcptype="any" dhcpmacoui="D8-84-66"  dhcphostname="Xbox" dhcpoption55="1,15,3,6,44,46,47,31,33,121,249,252,43"/>

            <test weight="5" matchtype="exact" dhcptype="any" dhcpmacoui="28-18-78"  dhcphostname="Xbox" dhcpoption55="1,15,3,6,44,46,47,31,33,121,249,252,43"/>

            <test weight="5" matchtype="exact" dhcptype="any" dhcpmacoui="60-45-DB"  dhcphostname="Xbox" dhcpoption55="1,15,3,6,44,46,47,31,33,121,249,252,43"/>

        </tests>

</fingerprint>
(Edited)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,114 Points 50k badge 2x thumb
Wasn't able to import it until I've removed the ; after the url but now it's working great.

Thanks,
Ron
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,114 Points 50k badge 2x thumb
mmmhhh, could it be that the option#55 must be in the right order to work ?!
I had it like you before and it didn't work so I've put in the right order and then it was OK.
To make sure I've changed it back and it still was working but then I've deleted the end-system in the NAC and it wasn't working once again.
So back to the right order and now it shows XBOX ONE again.

...not sure but I'll leave it like that.

dhcpoption55="1,3,6,15,31,33,43,44,46,47,121,249,252"
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Good catch!  I am seeing that too.
Photo of Bin

Bin, Employee

  • 5,372 Points 5k badge 2x thumb
Hello Ronald, 
This is the great article to learn.

Many thanks in advanced.