Security

last person joined: 4 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM DHCP Option 61 or DHCP User Class ID as fingerprint option

This thread has been viewed 18 times
  • 1.  CPPM DHCP Option 61 or DHCP User Class ID as fingerprint option

    Posted Jul 27, 2021 07:16 AM
    Hi.
    I'm looking a way of fingerprinting devices based on  DHCP Option 61 (Client ID) or DHCP User Class.
    Currently when trying to configure fingerprint rule there are only few DHCP Options that can be chosen
    Is there a way of using this in fingerprinting ?

    Thanks.

    ------------------------------
    Marek
    ------------------------------


  • 2.  RE: CPPM DHCP Option 61 or DHCP User Class ID as fingerprint option

    Posted Jul 28, 2021 03:44 AM
    you can create your own custom fingerprint by editing the xml file defining the fingerprint components.... but you need to make sure youve backed up everything in sight as I've found (to my cost) if you  get it wrong  you can change fingerprint assignments of more endpoints devices than you planned
    A

    ------------------------------
    Alex Sharaz
    ------------------------------



  • 3.  RE: CPPM DHCP Option 61 or DHCP User Class ID as fingerprint option

    Posted Jul 28, 2021 06:40 AM
    Thank Alex,
    I was thinking about this, but have no experience yet with custom attributes in xml definition.

    Is dhcp option 61 or 77  possible to use in custom fingerprints?
    Will CPPM correctly parse dhcp request coming from dhcp-relay , to correctly read options values?




    ------------------------------
    Marek
    ------------------------------



  • 4.  RE: CPPM DHCP Option 61 or DHCP User Class ID as fingerprint option

    Posted Jul 28, 2021 07:53 AM
    I think you're going to struggle. ClearPass only collects the following:

    Hostname: DHCP Option 12 Hostname

    Fingerprint: DHCP Options
                         DHCP Option55 Parameter request list
                         DHCP Option60 Vendor class identifier

    I don't believe it collects anything else?


    ------------------------------
    Derin Mellor
    ------------------------------