Wireless Access

Reply
Frequent Contributor I
Posts: 77
Registered: ‎08-12-2011

Devicefingerprinting with AppleTV

I have a problem with an AppleTV.

Is there a special fingerprint? The wireshark tells it is 37060103060F77FC. Some communities tell it would be the same as the ipad fingerprint.

This 37060103060F77FC doens not work. The TV says in logon role. With the ipad fingerprint the log of the controller shows, the correct match of the rule it should match, but the TV does not get an ip adress via dhcp.

 

Mar 27 13:03:53 authmgr[1828]: <522019> <INFO> |authmgr| MAC=9c:20:7b:c8:22:f0 IP=0.0.0.0 Derived role 'Role_Set_VLAN515' from user rules: utype=L2

 

I try to use a user derivation rule matching on the mac adress of the TV. This works fine, but it dhould not be the final solution because there will be more AppleTVs in future.

 

Its the ALU Version of the controller: 6.1.3.5

 

Any Idea?

Thanks a lot!

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Devicefingerprinting with AppleTV

The proper fingerprint is the same as iOS as far as I know.

 

Is your derivation rule in place setting a role or vlan assignment rule?   Only role assignment is supported for fingerprint derivation rules (you can't change the VLAN of the device after it has already requested an IP on a VLAN; which is where the DHCP fingerprint is derived).   

 

Also make sure the role you are assigning does not have a VLAN assigned to it.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Frequent Contributor I
Posts: 77
Registered: ‎08-12-2011

Re: Devicefingerprinting with AppleTV

Thanks for the answere.

The role looks like the attached picture.

It is working for other devices. And it is working if i use the mac address of the client.

See the userderivation picture in the attachment for more information.

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Devicefingerprinting with AppleTV

The MAC address rule would work fine as it is hit earlier in the authentication process. The DHCP fingerprint derivation rules are hit last, after all other authentications, role assignments, and VLAN assignments.   Changing the VLAN for a DHCP fingerprint derivation rule (either by setting the VLAN or setting a role with a VLAN assigned) is not supported.

 

Can you try setting the AppleTV derivation rule such that it is using the fingerprint, but assigns a role that does not have a VLAN associated with it.   Despite this working for other devices as you say, I think this may be throwing the AppleTV off.   

For example:

 set role condition dhcp-option equals "370103060F77FC" set-value authenticated

 

I am curious if it places the AppleTV in authenticated role and assigns the default VLAN on the Virtual-AP.

 

You can also turn on debugging for DHCP to see what is happening with DHCP.

logging level debugging network subcat dhcp

show log network 100 | include 00:21:6a:28:ca:a8

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: