This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

create a ExtremeControl/NAC DHCP fingerprint

create a ExtremeControl/NAC DHCP fingerprint

Ronald_Dvorak
Honored Contributor

‎09-01-2017 12:07 PM

Hi,

in case a device isn't identified by ExtremeControl because it isn't in the database you'd create your own DHCP fingerprint.

I've run into the issue that my Amazon Kindle Fire HDX6 wasn't identified correctly 2years ago so here my notes for that example....

Thanks to Scott from the GTAC for helping me to solve the issue !!!

1) trace a DHCP request from the device

What we are looking for is the OUI of the device and option#55 (parameter request list) in the bootstrap protocol.
 

bca1bfb86ba2468f98b036ea96d402d1_RackMultipart20170901-47240-19h59ju-NAC_create_fingerprint01_inline.png


The OUI is 00:BB:3A and option#55 requests items are 1,33,3,6,15,26,28,51,58,59

2) create the fingerprint

With the above information Scorr created the following fingerprint for me...

http://www.amazon.com"; comments="" author="support@extremenetworks.com" lastmodified="2015-07-30">







3) import the fingerprint

Open the legacy NAC manager (I haven't found the option it in the web GUI) and right click on "All Access Control Engines" in the upper left and select "Appliance Settings" and "Device Type Detection"

Click the "Edit" button for "DHCP Fingerprinting Definition Overrides:" and paste the new fingerprint in the window and save.

Now you'd need to enforce the changes to the NAC.
!!! Changes won’t take effect until NAC sees another DHCP Discover or Request !!!

Here a link to a KB article that is very helpful...
https://extremeportal.force.com/ExtrArticleDetail?an=000078311

BTW, I'm not sure whether the changes are gone after a sw upgrade so make sure to save the new fingerprints on your local laptop in case you'd need to paste it again into the NAC.

Here another example how to format the file in case you'd like to have more then one device added, in that case it's the Kindle and a fingerprint for the AP36xx/37xx/38xx (they should be included now already in the fingerprint DB)....

 

 

bca1bfb86ba2468f98b036ea96d402d1_RackMultipart20170901-106519-1o6t0y4-NAC_create_fingerprint02_inline.png

 


-Ron

 

 

0 Kudos
6 REPLIES 6

Jeremy_Gibbs
Contributor

‎09-01-2017 04:36 PM

This is what I am using now for xbox one.. seems to work.
jlgibbs@utica.edu" lastmodified="2017-09-1">
0 Kudos

Bin
Extreme Employee
In response to Jeremy_Gibbs

‎09-01-2017 04:36 PM

Hello Ronald,
This is the great article to learn.

Many thanks in advanced.
0 Kudos

Jeremy_Gibbs
Contributor
In response to Jeremy_Gibbs

‎09-01-2017 04:36 PM

Good catch! I am seeing that too.
0 Kudos

Ronald_Dvorak
Honored Contributor
In response to Jeremy_Gibbs

‎09-01-2017 04:36 PM

mmmhhh, could it be that the option#55 must be in the right order to work ?!
I had it like you before and it didn't work so I've put in the right order and then it was OK.
To make sure I've changed it back and it still was working but then I've deleted the end-system in the NAC and it wasn't working once again.
So back to the right order and now it shows XBOX ONE again.

...not sure but I'll leave it like that.

dhcpoption55="1,3,6,15,31,33,43,44,46,47,121,249,252"
0 Kudos
GTM-P2G8KFN