Wired

last person joined: 11 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

What is Device Fingerprinting? How do you configure Device Fingerprinting in ArubaOS-Switch?

This thread has been viewed 14 times
  • 1.  What is Device Fingerprinting? How do you configure Device Fingerprinting in ArubaOS-Switch?

    Posted Jul 25, 2018 01:01 PM
      |   view attached

    Hello,

     

    The new version 16.06 of ArubaOS-Switch has introduced many infrastructure, redundancy, and security related features.  Among the list of features, Device Fingerprinting is a standout feature of ArubaOS-Switch version 16.06.

     

    Device fingerprinting helps categorize the devices by analyzing the data sent by the end devices.  When a specific device is fingerprinted, the details can be used to provide controlled network access and bandwidth for the end devices by ClearPass.

     

    Administrators can create appropriate access and enforcement policies in ClearPass during authentication.  For example, the devices which are fingerprinted or profiled as computers will be given access to specific VLAN and the devices which are categorized as phones will be given access to another VLAN.  Device fingerprinting can be enabled per-port.

     

    The following are some of the benefits of implementing Device Fingerprinting feature in ArubaOS-Switch running version 16.06.

     

    1)  Device fingerprinting solution supported on ArubaOS-Switch can be configured on ports where authentication is enabled or not.

    2) This solution has an advantage over the competitors’ implementation where the feature is supported only on ports authentication enabled ports (since the fingerprinting data is sent over accounting packets).

    3) Device fingerprinting solution supported in ArubaOS-Switches can parse multiple TLVs from LLDP and CDP protocols, and collates the information to be sent to ClearPass.

    4) Device fingerprinting solution implemented in ArubaOS-Switches can parse protocols such as HTTP, LLDP and CDP sent by clients even if the static IP address is configured.  These details can be sent to ClearPass server as input data for fingerprinting.

     

    The attached document provides in-depth details about Device Fingerprinting configurations and limitations.  Please, take a look at the attached document and let us know what you think.

     

    Thank You,



  • 2.  RE: What is Device Fingerprinting? How do you configure Device Fingerprinting in ArubaOS-Switch?

    Posted Apr 09, 2019 09:29 AM

    Any recoomendiation between using this or regular DHCP and port scanning that is built into Clearpass



  • 3.  RE: What is Device Fingerprinting? How do you configure Device Fingerprinting in ArubaOS-Switch?

    Posted Mar 19, 2020 08:15 PM

    I like to configure both, if possible. This grabs DHCP, HTTP, LLDP, and CDP. Clearpass will grab DHCP and HTTP but only if an HTTP(S) connection is attempted to it. Or, IF-MAP is configured on the controller.