No DHCP fingerprints in EAC after configuring bootrely to the appliance

  • 0
  • 1
  • Problem
  • Updated 3 months ago
  • Solved

No DHCP fingerprints in EAC after configuring bootrely to the appliance.


I configured bootprelay to my EAC appliance and noticed that there are no DHCP fingerprints. Do I have to configure something to got this working?


When I do a tcpdump i see dhcp request and other information.

Photo of Johan Hendrikx

Johan Hendrikx

  • 3,804 Points 3k badge 2x thumb

Posted 3 months ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.


Check this: 
Right click the NAC Appliance --> Webview 

Then Status --> Database 


Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan
Photo of Johan Hendrikx

Johan Hendrikx

  • 3,804 Points 3k badge 2x thumb

Hello Ryan,


The "Device Type Detection" is enabled an de counter are increasing.

But no fingerprints :(

Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Go back into the Webview for the NAC.

This time go Diagnostics --> Appliance/Server Diagnostics 

Set DHCP packet sniffing to Verbose
Set OS detect to Verbose
Set OS detect failure to Verbose

Hit OK.


Disconnect your test client from the network, delete the end system out of NAC and reconnect it to the network to cause another DHCP request

Verify your end system has reappeared in NAC with no fingerprint information.

Turn off diagnostics. 

The log will be in /var/log/tag.log on the NAC appliance. If you search for the last 3 octets of your MAC address with dashes (eg: 11-22-33) do you see any message in the log?

Would you be able to provide for review?

Thanks
-Ryan
Photo of Johan Hendrikx

Johan Hendrikx

  • 3,804 Points 3k badge 2x thumb

the logging I found:


2018-07-10 16:00:27,442 INFO  [DHCPServer] DHCP Message type: REQUEST (3), MAC:A4-4C-C8-13-89-1F/IP:0.0.0.0 144.2.148.44 relay ip:144.2.144.254 hostname:CI-11065 option 61:

2018-07-10 16:00:27,442 DEBUG [DHCPServer] handling: DHCPMessageResult (MAC: A4-4C-C8-13-89-1F, callerIp: 0.0.0.0, option50Ip: 144.2.148.44, relayIp: 144.2.144.254, hostName: CI-11065, fullyTrusted: false)

2018-07-10 16:00:27,442 DEBUG [Match] OS match detected, MAC=A4-4C-C8-13-89-1F, IP=0.0.0.0, OS detected=Windows 8/ 8.1/ 10/ 2012


2018-07-10 16:00:27,442 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,3,6,15,31,33,43,44,46,47,121,249,252), Vendor Class Id=MSFT 5.0, TTL=64

2018-07-10 16:00:27,442 INFO  [DHCPServer] Adding Option50 IP Mapping: A4-4C-C8-13-89-1F = 144.2.148.44 for relay IP: 144.2.144.254, hostname: CI-11065, os: Windows 8/ 8.1/ 10/ 2012, fully trusted: false

2018-07-10 16:00:27,442 INFO  [MacToIpMessageHandler] ESDMAC:13-89-1F,ESDIP:144.2.148.44 Processing macToIp: MAC: A4-4C-C8-13-89-1F, IP: 144.2.148.44, Relay IP: 144.2.144.254, Hostname: CI-11065, OS Name: Windows 8/ 8.1/ 10/ 2012, DHCP Server Response: false, Request: true, from Appliance: 10.2.112.2

2018-07-10 16:00:27,442 DEBUG [MacToIpMessageHandler] ESDMAC:13-89-1F,ESDIP:144.2.148.44 MAC-to-IP message is not fully trusted, the option is set to use this data for end-systems on non-VLAN based switches, (No Switch Found), only storing data in DB.

2018-07-10 16:00:27,442 DEBUG [NacToNacMessageSender-MacToIpMessage] Adding message: MAC: A4-4C-C8-13-89-1F, IP: 144.2.148.44, Relay IP: 144.2.144.254, Hostname: CI-11065, OS Name: Windows 8/ 8.1/ 10/ 2012, DHCP Server Response: false, Request: true, from Appliance: 10.2.112.2

Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Did the end system re-appear in Extreme Management Center with an OS? Or are you still not seeing any fingerprint information?
Photo of Johan Hendrikx

Johan Hendrikx

  • 3,804 Points 3k badge 2x thumb
still no any fingerprint information
Photo of Goetz, Fred

Goetz, Fred, Employee

  • 64 Points
I've seen a similar Problem at customer site and here in my lab. Even after I got this in my logfile

2018-07-13 08:40:22,977 DEBUG [Match] OS match detected, MAC=00-1B-0C-96-AA-6A, IP=192.168.10.163, OS detected=Cisco IP Phone
2018-07-13 08:40:22,977 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,66,6,3,15,150,35), Vendor Class Id=Cisco Systems, Inc. IP Phone CP-7906G, TTL=64

the endsystem entry in control still shows no device type and device family

Photo of Johan Hendrikx

Johan Hendrikx

  • 3,804 Points 3k badge 2x thumb
You have an end system entry. I don't have that.
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
I'd say both cases warrant investigation through a GTAC case. 

Thanks
-Ryan
Photo of Johan Hendrikx

Johan Hendrikx

  • 3,804 Points 3k badge 2x thumb

found problem. mismatch in radius configuration. After reconfig radius the end station show up.

Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
I misread your previous comment. Not having an end system entry would point to a RADIUS problem. Good to hear you have found the problem!