DHCP Fingerprinting is a means of passively identifying the operating system of a device via option in a DHCP frame. Helpful resources about understanding DHCP fingerprinting is here:
http://myweb.cableone.net/xnih/Aruba, as of ArubaOS 6.0.1.0 has added the capability of looking at these options in the DHCP frame and change the role of an incoming device accordingly. This provides additional visibility, functionality as well as security for your mobility network.
One use is to differentiate devices that share the same network. For example, if your wireless phones, as well as your laptops both do 802.1x, instead of creating two separate networks for each, you can write a rule looking for that phone's DHCP option and put it into a role that optimizes VOIP traffic; the laptops will get the default enterprise role. If you have a 802.1x wireless network for your laptops and employees keep connecting to it with their smartphones, you could write a rule that gives smartphone users that connect via AD credentials a different role to keep that traffic separate from employee traffic, but allow them to easily connect to your network without having to type credentials in a tiny captive portal screen time and time again.
The question is, how do you do it? These instructions assume that you already have a wireless network already up and running. There are ONLY instructions here to ADD DHCP fingerprinting to an existing network. Here is how you do it:
1 - Ensure that you have ArubaOS 6.0.1.0 or later on running your controller (only supported on the 600 series, 3000 series and M3 controller).
2 - Configure Network DHCP debugging to see the DHCP options
3 - Attach the client and observe the options
4 - Create a role for that client
5 - Write a user derivation rule referencing that DHCP option and that role
6 - Attach your user derivation rule to the AAA profile of an existing wireless network.
The first step should be easy, I hope.
2.
To configure DHCP debugging, enter enable mode on your controler and type the following:
3.
Make sure that client is not in the user table:
Attach your client to the network
Type "show log network all | include Option" on the commandline. You should see something like below:
Apr 23 07:01:55 :202536:
#3600