This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

create a ExtremeControl/NAC DHCP fingerprint

create a ExtremeControl/NAC DHCP fingerprint

Ronald_Dvorak
Honored Contributor

ā€Ž09-01-2017 12:07 PM

Hi,

in case a device isn't identified by ExtremeControl because it isn't in the database you'd create your own DHCP fingerprint.

I've run into the issue that my Amazon Kindle Fire HDX6 wasn't identified correctly 2years ago so here my notes for that example....

Thanks to Scott from the GTAC for helping me to solve the issue !!!

1) trace a DHCP request from the device

What we are looking for is the OUI of the device and option#55 (parameter request list) in the bootstrap protocol.
 

bca1bfb86ba2468f98b036ea96d402d1_RackMultipart20170901-47240-19h59ju-NAC_create_fingerprint01_inline.png


The OUI is 00:BB:3A and option#55 requests items are 1,33,3,6,15,26,28,51,58,59

2) create the fingerprint

With the above information Scorr created the following fingerprint for me...

http://www.amazon.com"; comments="" author="support@extremenetworks.com" lastmodified="2015-07-30">







3) import the fingerprint

Open the legacy NAC manager (I haven't found the option it in the web GUI) and right click on "All Access Control Engines" in the upper left and select "Appliance Settings" and "Device Type Detection"

Click the "Edit" button for "DHCP Fingerprinting Definition Overrides:" and paste the new fingerprint in the window and save.

Now you'd need to enforce the changes to the NAC.
!!! Changes wonā€™t take effect until NAC sees another DHCP Discover or Request !!!

Here a link to a KB article that is very helpful...
https://extremeportal.force.com/ExtrArticleDetail?an=000078311

BTW, I'm not sure whether the changes are gone after a sw upgrade so make sure to save the new fingerprints on your local laptop in case you'd need to paste it again into the NAC.

Here another example how to format the file in case you'd like to have more then one device added, in that case it's the Kindle and a fingerprint for the AP36xx/37xx/38xx (they should be included now already in the fingerprint DB)....

 

 

bca1bfb86ba2468f98b036ea96d402d1_RackMultipart20170901-106519-1o6t0y4-NAC_create_fingerprint02_inline.png

 


-Ron

 

 

0 Kudos
6 REPLIES 6

Ronald_Dvorak
Honored Contributor
In response to Jeremy_Gibbs

ā€Ž09-01-2017 04:36 PM

Wasn't able to import it until I've removed the ; after the url but now it's working great.

Thanks,
Ron
0 Kudos

Ronald_Dvorak
Honored Contributor

ā€Ž09-01-2017 04:34 PM

Here another fingerprint for a Nintendo Switch which is identified as...
Device Family: PDA
Device Type: Nokia 6086 UMA
... in EMC 8.0.3

With this fingerprint the value is changed to...
Device Family: Game Console
Device Type: Nintendo

I didn't work at first because of a mistake that I made - please keep in mind that if you match on the OUI that you'd need to format it with - and not with :

Here the location of the file on the ExtremeControl engine...

root@NAC1:/opt/nac/server/config$ cat myDhcp.xml




http://www.nintendo.com"; comments="" author="Ronald Dvorak" lastmodified="2017-09-01">







Another reminder - this changes only how you see it in EMC, if you open a report on the WLAN controller you still see the wrong/old values.

-Ron
0 Kudos
GTM-P2G8KFN