ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 6
Registered: ‎09-14-2009

Is DHCP Fingerprinting Supported on Aruba S3500?


There are two different things here:

1. OS Detection in for devices in the user table (taken from the device's user agent in their browser)
2. DHCP fingerprinting which allows you to change the role of a device.




Hi Colin,

is fingerprint supported on new 3500 switch? If yes, Can fingerprint work with wired client without 802.1x?
For istance, can I identify some specific wired devices (APs, printers, ip phones, cameras, ecc.) using DHCP fingerprint and after DHCP request to change their switch port configuration (VLAN for istance), without a 802.1X deployment?

Andrea
Aruba Employee
Posts: 8
Registered: ‎04-14-2009

Re: Is DHCP Fingerprinting Supported on Aruba S3500?


Hi Colin,

is fingerprint supported on new 3500 switch? If yes, Can fingerprint work with wired client without 802.1x?
For istance, can I identify some specific wired devices (APs, printers, ip phones, cameras, ecc.) using DHCP fingerprint and after DHCP request to change their switch port configuration (VLAN for istance), without a 802.1X deployment?

Andrea




Andrea - S3500 can take advantage of fingerprinting capabilities that happens in the Mobility Controller for tunneled-ports; ports on the S3500 can be defined as tunneled whereby all traffic ingressing that port is GRE tunneled to the controller; a device connected to such a tunneled port can then leverage the device fingerprinting capabilities and change roles post being fingerprinted as is done for WiFi clients. S3500 will support fingerprinting locally (that is for non tunneled ports) similar to what is available on controllers in a future software release

Abe
Occasional Contributor I
Posts: 6
Registered: ‎09-14-2009

Re: Is DHCP Fingerprinting Supported on Aruba S3500?


Andrea - S3500 can take advantage of fingerprinting capabilities that happens in the Mobility Controller for tunneled-ports; ports on the S3500 can be defined as tunneled whereby all traffic ingressing that port is GRE tunneled to the controller

Abe




Thanks Abe. Only two questions/clarifications:

- can you confirm me that 802.1X authentication is not needed for S5300 ports configured in tunnel mode?
- Refering a complete DHCP transaction (DHCP DISCOVER -> DHCP OFFER -> DHCP REQUEST -> DHCP ACK), when the port role change happends?

Andrea
Search Airheads
Showing results for 
Search instead for 
Did you mean: