Wireless Access

Occasional Contributor I

Re: DHCP Fingerprinting

Hi All, if the controller (in my case a 620) is capable of matching the device type to the options, it would be a great idea to allow us to create a rule based on those device types instead of the fingerprint values?

The idea being that various types of iPhones may end up with different fingerprints but still be iPhones .. and the controller could be given an update which would then have all the new fingerprints

Guru Elite

Re: DHCP Fingerprinting

We do not have that today. For now, all iPhones have the same signature....

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Aruba Employee
Aruba Employee

Re: DHCP Fingerprinting

As Colin mentioned, you manually set up the rules today. We're in the final stages of preparing an app note written by Rajiv from an earlier post that will walk you through some of the use cases and how to discover and configure the feature fully.

Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks

Re: DHCP Fingerprinting

Just a quick note that Aruba has posted an application note on the public website for DHCP and device fingerprinting:


Sr. Director Business Operations, Aruba Networks

Re: DHCP Fingerprinting

and some bad news for those thinking to implement dhcp fingerprinting on a captive portal SSID:


BUG-ID: 51691, 56746
DHCP Fingerprinting & Captive Portal cannot be used together.


 And from what I was told the fix for this will only be in release 6.2.x.x which is apparantly several months out.:smileysad:

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found a post helpful or important? Click the "Thumbs Up" icon to give kudos.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor I

Re: DHCP Fingerprinting

DHCP Fingerprinting is working on my test 3200 using Captive Portal, I've been testing this for a week now and it works fine. The AOS version I'm using is


Occasional Contributor II

Re: DHCP Fingerprinting

Can anyone else confirm for me that the Mac OS X Mountain Lion fingerprint has changed from what Lion was?


This is what I'm getting in the network log for an iMac running OS X 10.8.1:



Previous versions of OS X was very similar, but with an extra "2f" on the end:



I guess if I wanted to cover all OS X versions with a rule - I could use the "starts-with" option instead of "equals".


Updated:  It looks like the change was actually made with OSX 10.7.  I imaged the same Macbook and the fingerprint changed from 10.6 -> 10.7, but stays the same for 10.8.





Re: DHCP Fingerprinting

This looks interesting, https://github.com/inverse-inc/fingerbank/blob/master/dhcp_fingerprints.conf


The values are in decimal though.





If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
New Contributor

Re: DHCP Fingerprinting

Any word on whether we are able to fine-tune DHCP fingerprinting with signatures that can tell the difference between an iPhone, iPod, and AppleTV. 


I wonder - why is it that the controller(s) can see the Device Type differences between AppleTV, iPhone, iPod, iPad, etc... but our DHCP fingerprints cannot?


Thank you --

New Contributor

Re: DHCP Fingerprinting

I suppose theres an internal process that happens similar to ClearPass. Possibly by pairing MAC address ranges with DHCP Option fingerprints. I'm not sure, but that would be my guess. I would also assume that since this process is completely internal, and it seems to be similar to ClearPass - it is not something we can utilize with only controllers.


I'm not an Aruba expert - but thats my guess. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: