Security

Reply
MVP Expert

Custom fingerprint question

Hi,

I've got 2 GrandStream VoIP H8xx devices. When I saw the 1st one on the network. I did an Update Fingerprint/Add fingerprint rule, selecting the device OUI and dhcp options   and pointed it at the appropriate custom fingerprint. That seemed to work

 

Another Grand stream device appeared  except this one  had 2 dhcpoption55 values different to the 1st one, so I did . the same Add fingerprint again

 

Question. Will clearpass remember both of these custom fingerprint rules and map any devices that apear to the same Category/Family/Name ?

... or did the 2nd one overwrite the 1st one?

 

Rgds

Alex

 

MVP Expert

Re: Custom fingerprint question

And the answer is 

 

in 6.7.8 downloading custom fingerprints only shows the 1st one created.

 

in 6.7.9 the download shows both the custom fingerprints

 

So 

6.7.8 gives 

<DeviceFingerprint category="VoIP Phone" family="GrandStream" name="HT8xx">
<FingerprintRules>
<FingerprintRule match-conditions="ALL">
<RuleCondition name="mac_vendor" operator="contains" value="Grandstream Networks, Inc."/>
<RuleCondition name="dhcp.option55" operator="contains">
<valueList>1,2,3,6,12,15,23,28,33,42,43,51,54,66,121,125,160</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option60" operator="contains">
<valueList>HT8XX dslforum.org</valueList>
</RuleCondition>
<RuleCondition name="dhcp.options" operator="contains">
<valueList>53,61,60,124,125,50,54,55,82</valueList>
</RuleCondition>
</FingerprintRule>
</FingerprintRules>
</DeviceFingerprint>

 

While 6.7.9 gives

<DeviceFingerprint category="VoIP Phone" family="GrandStream" name="HT8xx">
<FingerprintRules>
<FingerprintRule match-conditions="ALL">
<RuleCondition name="dhcp.option55" operator="contains">
<valueList>1,2,3,6,12,15,23,28,33,42,43,51,54,66,121,124,125</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option60" operator="contains">
<valueList>HT8XX dslforum.org</valueList>
</RuleCondition>
<RuleCondition name="dhcp.options" operator="contains">
<valueList>53,61,60,124,125,50,54,55,82</valueList>
</RuleCondition>
</FingerprintRule>
<FingerprintRule match-conditions="ALL">
<RuleCondition name="mac_vendor" operator="contains" value="Grandstream Networks, Inc."/>
<RuleCondition name="dhcp.option55" operator="contains">
<valueList>1,2,3,6,12,15,23,28,33,42,43,51,54,66,121,125,160</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option60" operator="contains">
<valueList>HT8XX dslforum.org</valueList>
</RuleCondition>
<RuleCondition name="dhcp.options" operator="contains">
<valueList>53,61,60,124,125,50,54,55,82</valueList>
</RuleCondition>
</FingerprintRule>
</FingerprintRules>
</DeviceFingerprint>

 

Sorted!

 

and just to confirm our Phone people plugged in more of these devices and the "just worked" . can;t be a bad thing :-)

MVP Expert

Re: Custom fingerprint question

Sigh! stand corrected , 6.7.8 also shows both custom fingerprints

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: