Yup good video, however I'm always "twitchy" about using a fingerprint that might overwrite lots of devices because the dhcp.options.... are common.
My initial custom fingerprint was for an amazon Echo device that had a new mac OUI that wasn't in the Aruba clearpass version. What I wanted to do was create a fingerprint that let me specify a new version of the Aruba one.
What I started with was
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Tue Jul 24 12:38:04 BST 2018" version="6.7"/>
<!—
Date: 27/07/18
Name: Amazon-echo-fingerprint.xml
Function; Create a locally defined fingerprint category="Home Audio/Video Equipment" family="Amazon" name="UoY Amazon Echo”. Take the standard ClarPass definition and add the OUI of the device on my desk to the list of known ones.
—>
<DeviceFingerprints>
<DeviceFingerprint category="Home Audio/Video Equipment" family="Amazon" name="UoY Amazon Echo">
<FingerprintRules>
<FingerprintRule match-conditions="ALL">
<RuleCondition name="mac_vendor" operator="contains" value="Amazon"/>
<RuleCondition name="device.family" operator="contains" value="Android"/>
<!-- OUI prefixes for the default ClearPass Amazon Echo fingerprint and addition of the one on my desk -->
<RuleCondition name="mac" operator="contains" >
<valueList>[34d270 40b4cd fca667 4cefc0 8871e5]</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option60" operator="contains" >
<valueList>["dhcpcd-5.5.6"]</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option55" operator="contains" >
<valueList>["1,33,3,6,15,28,51,58,59"]</valueList>
</RuleCondition>
<RuleCondition name="dhcp.options" operator="contains" >
<valueList>["53,50,57,60,12,55"]</valueList>
</RuleCondition>
</FingerprintRule>
</FingerprintRules>
</DeviceFingerprint>
</DeviceFingerprints>
</TipsContents>
You can then do what you did in the video and select the options available in the xml file.
Problem with the video version is that you can't specify mac OUI values or uer agent strings that contain something as opposed to being an exact match
Also my import might have broken something ( 6.7.6 got a TAC call open) as I can't delete custom fingerprints or export them and profiling seems to have stopped on my dev server ... so more info required.
Trying it on a 6.7.5 server resuted in the master publisher updating what looked like all endpoint entries to be the custom fingerprint.
A