No DHCP fingerprints in EAC after configuring bootrely to the appliance


Userlevel 4
No DHCP fingerprints in EAC after configuring bootrely to the appliance.

I configured bootprelay to my EAC appliance and noticed that there are no DHCP fingerprints. Do I have to configure something to got this working?

When I do a tcpdump i see dhcp request and other information.

11 replies

Userlevel 6
Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.

Check this:
Right click the NAC Appliance --> Webview

Then Status --> Database

Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan
Userlevel 4
Yacobucci, Ryan wrote:

Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.

Check this:
Right click the NAC Appliance --> Webview

Then Status --> Database

Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan

Hello Ryan,

The "Device Type Detection" is enabled an de counter are increasing.

But no fingerprints 😞
Userlevel 6
Yacobucci, Ryan wrote:

Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.

Check this:
Right click the NAC Appliance --> Webview

Then Status --> Database

Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan

Go back into the Webview for the NAC.

This time go Diagnostics --> Appliance/Server Diagnostics

Set DHCP packet sniffing to Verbose
Set OS detect to Verbose
Set OS detect failure to Verbose

Hit OK.

Disconnect your test client from the network, delete the end system out of NAC and reconnect it to the network to cause another DHCP request

Verify your end system has reappeared in NAC with no fingerprint information.

Turn off diagnostics.

The log will be in /var/log/tag.log on the NAC appliance. If you search for the last 3 octets of your MAC address with dashes (eg: 11-22-33) do you see any message in the log?

Would you be able to provide for review?

Thanks
-Ryan
Userlevel 4
Yacobucci, Ryan wrote:

Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.

Check this:
Right click the NAC Appliance --> Webview

Then Status --> Database

Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan

the logging I found:

2018-07-10 16:00:27,442 INFO [DHCPServer] DHCP Message type: REQUEST (3), MAC:A4-4C-C8-13-89-1F/IP:0.0.0.0 144.2.148.44 relay ip:144.2.144.254 hostname:CI-11065 option 61:

2018-07-10 16:00:27,442 DEBUG [DHCPServer] handling: DHCPMessageResult (MAC: A4-4C-C8-13-89-1F, callerIp: 0.0.0.0, option50Ip: 144.2.148.44, relayIp: 144.2.144.254, hostName: CI-11065, fullyTrusted: false)

2018-07-10 16:00:27,442 DEBUG [Match] OS match detected, MAC=A4-4C-C8-13-89-1F, IP=0.0.0.0, OS detected=Windows 8/ 8.1/ 10/ 2012

2018-07-10 16:00:27,442 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,3,6,15,31,33,43,44,46,47,121,249,252), Vendor Class Id=MSFT 5.0, TTL=64

2018-07-10 16:00:27,442 INFO [DHCPServer] Adding Option50 IP Mapping: A4-4C-C8-13-89-1F = 144.2.148.44 for relay IP: 144.2.144.254, hostname: CI-11065, os: Windows 8/ 8.1/ 10/ 2012, fully trusted: false

2018-07-10 16:00:27,442 INFO [MacToIpMessageHandler] ESDMAC:13-89-1F,ESDIP:144.2.148.44 Processing macToIp: MAC: A4-4C-C8-13-89-1F, IP: 144.2.148.44, Relay IP: 144.2.144.254, Hostname: CI-11065, OS Name: Windows 8/ 8.1/ 10/ 2012, DHCP Server Response: false, Request: true, from Appliance: 10.2.112.2

2018-07-10 16:00:27,442 DEBUG [MacToIpMessageHandler] ESDMAC:13-89-1F,ESDIP:144.2.148.44 MAC-to-IP message is not fully trusted, the option is set to use this data for end-systems on non-VLAN based switches, (No Switch Found), only storing data in DB.

2018-07-10 16:00:27,442 DEBUG [NacToNacMessageSender-MacToIpMessage] Adding message: MAC: A4-4C-C8-13-89-1F, IP: 144.2.148.44, Relay IP: 144.2.144.254, Hostname: CI-11065, OS Name: Windows 8/ 8.1/ 10/ 2012, DHCP Server Response: false, Request: true, from Appliance: 10.2.112.2
Userlevel 6
Yacobucci, Ryan wrote:

Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.

Check this:
Right click the NAC Appliance --> Webview

Then Status --> Database

Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan

Did the end system re-appear in Extreme Management Center with an OS? Or are you still not seeing any fingerprint information?
Userlevel 4
Yacobucci, Ryan wrote:

Hello Johan,

There is no additional configuration. The default configuration should allow for DHCP fingerprinting.

To check that it hasn't been modified you'll need to get into NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration.

Then Global and Appliance Settings --> Appliance Settings --> The appliance settings schema in use --> Device Type Detection tab.

If "Device Type Detection" is enabled then everything should work.

Check this:
Right click the NAC Appliance --> Webview

Then Status --> Database

Check the "MAC to IP DB Writer Status Information"

If you refresh the page do you see "updates processed" and "requested updates" increasing?

Thanks
-Ryan

still no any fingerprint information
I've seen a similar Problem at customer site and here in my lab. Even after I got this in my logfile

2018-07-13 08:40:22,977 DEBUG [Match] OS match detected, MAC=00-1B-0C-96-AA-6A, IP=192.168.10.163, OS detected=Cisco IP Phone
2018-07-13 08:40:22,977 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,66,6,3,15,150,35), Vendor Class Id=Cisco Systems, Inc. IP Phone CP-7906G, TTL=64

the endsystem entry in control still shows no device type and device family

Userlevel 4
Goetz, Fred wrote:

I've seen a similar Problem at customer site and here in my lab. Even after I got this in my logfile

2018-07-13 08:40:22,977 DEBUG [Match] OS match detected, MAC=00-1B-0C-96-AA-6A, IP=192.168.10.163, OS detected=Cisco IP Phone
2018-07-13 08:40:22,977 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,66,6,3,15,150,35), Vendor Class Id=Cisco Systems, Inc. IP Phone CP-7906G, TTL=64

the endsystem entry in control still shows no device type and device family


You have an end system entry. I don't have that.
Userlevel 6
Goetz, Fred wrote:

I've seen a similar Problem at customer site and here in my lab. Even after I got this in my logfile

2018-07-13 08:40:22,977 DEBUG [Match] OS match detected, MAC=00-1B-0C-96-AA-6A, IP=192.168.10.163, OS detected=Cisco IP Phone
2018-07-13 08:40:22,977 DEBUG [Match] DHCP Message details Type=REQUEST (3), Options=(1,66,6,3,15,150,35), Vendor Class Id=Cisco Systems, Inc. IP Phone CP-7906G, TTL=64

the endsystem entry in control still shows no device type and device family


I'd say both cases warrant investigation through a GTAC case.

Thanks
-Ryan
Userlevel 4
found problem. mismatch in radius configuration. After reconfig radius the end station show up.
Userlevel 6
I misread your previous comment. Not having an end system entry would point to a RADIUS problem. Good to hear you have found the problem!

Reply