Guys,
Recently I had an incident on our company campus layer whereby leases were being consumed by an unidentified device.
The lease was handed out to a very unusual unique identifier.
After googling this I found out the unique device ID was infact a hexidecmial represetation of the actual acknowledged dhcp address in ASCII. Weird eh?
Put this into excel and do the typical conversions and then I confirmed absolutely, this to be the precicely the case.
I forward all DHCP requests to clearpass for device profiling, I like to know what goes on in our network.
I have cant find any record of these dhcp requests in clearpass. I was really, really, really, really, disappointed about this.
Anyone know how I can interrogate the endpoint database more vigorously?
Being able to process a DHCP request for a fingerprint (based on a recieved DHCP transactoin and not on a RADIUS message) and send a SNMP action to a switch seems kind of do-able - any one done this and is anyone aware of real life deployments of such a scenario?
Thanks.