Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Custom fingerprint question

This thread has been viewed 2 times

  • 1.  Custom fingerprint question

    Posted Jan 30, 2019 11:45 AM

    Hi,

    I've got 2 GrandStream VoIP H8xx devices. When I saw the 1st one on the network. I did an Update Fingerprint/Add fingerprint rule, selecting the device OUI and dhcp options   and pointed it at the appropriate custom fingerprint. That seemed to work

     

    Another Grand stream device appeared  except this one  had 2 dhcpoption55 values different to the 1st one, so I did . the same Add fingerprint again

     

    Question. Will clearpass remember both of these custom fingerprint rules and map any devices that apear to the same Category/Family/Name ?

    ... or did the 2nd one overwrite the 1st one?

     

    Rgds

    Alex

     



  • 2.  RE: Custom fingerprint question
    Best Answer

    Posted Jan 31, 2019 05:56 AM

    And the answer is 

     

    in 6.7.8 downloading custom fingerprints only shows the 1st one created.

     

    in 6.7.9 the download shows both the custom fingerprints

     

    So 

    6.7.8 gives 

    <DeviceFingerprint category="VoIP Phone" family="GrandStream" name="HT8xx">
    <FingerprintRules>
    <FingerprintRule match-conditions="ALL">
    <RuleCondition name="mac_vendor" operator="contains" value="Grandstream Networks, Inc."/>
    <RuleCondition name="dhcp.option55" operator="contains">
    <valueList>1,2,3,6,12,15,23,28,33,42,43,51,54,66,121,125,160</valueList>
    </RuleCondition>
    <RuleCondition name="dhcp.option60" operator="contains">
    <valueList>HT8XX dslforum.org</valueList>
    </RuleCondition>
    <RuleCondition name="dhcp.options" operator="contains">
    <valueList>53,61,60,124,125,50,54,55,82</valueList>
    </RuleCondition>
    </FingerprintRule>
    </FingerprintRules>
    </DeviceFingerprint>

     

    While 6.7.9 gives

    <DeviceFingerprint category="VoIP Phone" family="GrandStream" name="HT8xx">
    <FingerprintRules>
    <FingerprintRule match-conditions="ALL">
    <RuleCondition name="dhcp.option55" operator="contains">
    <valueList>1,2,3,6,12,15,23,28,33,42,43,51,54,66,121,124,125</valueList>
    </RuleCondition>
    <RuleCondition name="dhcp.option60" operator="contains">
    <valueList>HT8XX dslforum.org</valueList>
    </RuleCondition>
    <RuleCondition name="dhcp.options" operator="contains">
    <valueList>53,61,60,124,125,50,54,55,82</valueList>
    </RuleCondition>
    </FingerprintRule>
    <FingerprintRule match-conditions="ALL">
    <RuleCondition name="mac_vendor" operator="contains" value="Grandstream Networks, Inc."/>
    <RuleCondition name="dhcp.option55" operator="contains">
    <valueList>1,2,3,6,12,15,23,28,33,42,43,51,54,66,121,125,160</valueList>
    </RuleCondition>
    <RuleCondition name="dhcp.option60" operator="contains">
    <valueList>HT8XX dslforum.org</valueList>
    </RuleCondition>
    <RuleCondition name="dhcp.options" operator="contains">
    <valueList>53,61,60,124,125,50,54,55,82</valueList>
    </RuleCondition>
    </FingerprintRule>
    </FingerprintRules>
    </DeviceFingerprint>

     

    Sorted!

     

    and just to confirm our Phone people plugged in more of these devices and the "just worked" . can;t be a bad thing :-)



  • 3.  RE: Custom fingerprint question

    Posted Jan 31, 2019 06:07 AM

    Sigh! stand corrected , 6.7.8 also shows both custom fingerprints