Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

DHCP Fingerprinting

This thread has been viewed 9 times

  • 1.  DHCP Fingerprinting

    Posted Jan 24, 2017 04:13 AM

    Hi,

     

    I have an IAP wich functions as my controller, clearpass as the Radius server and some SSID's based on MAC and/or user authentication.

     

    I am wondering how to setup DHCP fingerprinting in my envoirment. I am using Windows 2012 as the AD/DHCP server. Could someone explain to me how to setup DHCP fingerprinting in combination with the clearpass server?

     

    Thnx in advance.



  • 2.  RE: DHCP Fingerprinting

    Posted Jan 24, 2017 04:55 AM

    Hi,

     

    You'll need to a DHCP helper address. This can be done on your IAP or on another network device such as a switch (depending on your network archetecture).

     

    Here's the commands on the IAP CLI:

     

    (Instant Access Point)(config)# ip dhcp <profile-name>
(Instant Access Point)(DHCP Profile <profile-name>)# server-type <centralized>
(Instant Access Point)(DHCP Profile <profile-name>)# server-vlan <vlan-ID>
(Instant Access Point)(DHCP Profile <profile-name>)# dhcp-relay
(Instant Access Point)(DHCP Profile <profile-name>)# dhcp-server <DHCP-relay-server>
(Instant Access Point)(DHCP Profile <profile-name>)# vlan-ip <DHCP IP address> mask <VLAN mask>
(Instant Access Point)(DHCP Profile <profile-name>)# end

     Here's more details about the settings and the GUI config.