NAC doesnt recognize Apple iPhones

  • 0
  • 1
  • Problem
  • Updated 4 days ago
  • In Progress
  • (Edited)
Hello
At the moment my NAC doesnt recognize some of our iPhones. Doesnt seem to be model related because the error occours whith SE, 6 and 7 and 10 models.
iOS Versions are 12.0; 12.1
If i run a configuration evaluation on the NAC on the devices the rule that now failes on that devices says:

" FAILED: The Operating System Name of: unknown did not match any values defined for this inclusive criteria. "

There should be:
" PASSED: The Operating System Name of: iphone/ipad/ipod/watch/atv matches the inclusive pattern: .*ipod.*. "

Full rule detailed reasons:

" PASSED: The Authentication Type of: 802.1X (EAP-TLS) is equal to or derived from the inclusive criteria: AUTH_8021X_EAP_TLS.
PASSED: The Device Type of: MAC Address: 98:10:E8:xx:xx:xx, IP Address: x.x.x.x, Host Name: null passes the any criteria evaluation.
PASSED: The User Name of: Rxxxxxxxr passes the any criteria evaluation.
PASSED: The Switch IP of 172.x.x.x, SSID: TQ-Mobile, AP Name: wl-ap-02, AP MAC: 20-B3-99-xx-xx-xx, AP Serial: 1349xxxxxxxxxxxx and AP Zone or Group: null and AP Location: null did match this inclusive criteria.
PASSED: The Time of: Donnerstag, 11. Oktober 2018 14:29 Uhr MESZ passes the any criteria evaluation.
FAILED: The Operating System Name of: unknown did not match any values defined for this inclusive criteria.
"

I have absolutely no clue why Operarting System Name is listed as unknown now.
I dont know what or where the NAC gets that Information from. Via DHCP fingerprinting?

NAC / NetSight is version 7.1.3.25


Thanks for help
Photo of Gerry

Gerry

  • 110 Points 100 badge 2x thumb

Posted 1 week ago

  • 0
  • 1
Photo of Brian Anderson

Brian Anderson

  • 382 Points 250 badge 2x thumb
It gets it mainly from DHCP fingerprinting.  You can add an DHCP override if you know the fingerprint, or upgrading to latest version of NAC usually helps.  If you have ip-helpers in place for dhcp snooping, I'd try upgrading NAC.

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-does-Device-type-detection-work-in-NAC-In...

Photo of Gerry

Gerry

  • 110 Points 100 badge 2x thumb
Hello
I upgraded NAC/Netsight to the latest available version in 7.x (7.1.4.1).
WifI controller also hat the latest 9.21.20.001.
Still the same error.
" FAILED: The Operating System Name of: unknown did not match any values defined for this inclusive criteria."

Has something on the device fingerprint changed in Apples iOS 12.x maybe?
Are Apple iOS 12.x devices recognized by 8.x firmware of NAC/NetSight?

Thanks for your help
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,962 Points 20k badge 2x thumb
I'd upgrade to v8, I don't think that you'll get any official support for v7.
Photo of Tomasz

Tomasz

  • 1,506 Points 1k badge 2x thumb
Fingerprints might have changed.
You can upgrade to 8.x, and Wireless Controller is 10.41 right now the latest, but it's not the case here.
You can upgrade or work on doing fingerprint overrides.
Take a look here for reference:
https://gtacknowledge.extremenetworks.com/articles/Solution/Windows-10-End-Systems-Show-Up-in-NAC-Wi...
What should be put there, you can check by sniffing DHCP traffic of your Apples with Wireshark.

HTH
Tomasz
Photo of Gerry

Gerry

  • 110 Points 100 badge 2x thumb
Hi I opened a case and provided them the logs/exports for further investigation.
I will post here if there is any new information.
Regards
(Edited)