Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Devicefingerprinting with AppleTV

This thread has been viewed 1 times

  • 1.  Devicefingerprinting with AppleTV

    Posted Mar 28, 2013 06:38 AM

    I have a problem with an AppleTV.

    Is there a special fingerprint? The wireshark tells it is 37060103060F77FC. Some communities tell it would be the same as the ipad fingerprint.

    This 37060103060F77FC doens not work. The TV says in logon role. With the ipad fingerprint the log of the controller shows, the correct match of the rule it should match, but the TV does not get an ip adress via dhcp.

     

    Mar 27 13:03:53 authmgr[1828]: <522019> <INFO> |authmgr| MAC=9c:20:7b:c8:22:f0 IP=0.0.0.0 Derived role 'Role_Set_VLAN515' from user rules: utype=L2

     

    I try to use a user derivation rule matching on the mac adress of the TV. This works fine, but it dhould not be the final solution because there will be more AppleTVs in future.

     

    Its the ALU Version of the controller: 6.1.3.5

     

    Any Idea?

    Thanks a lot!



  • 2.  RE: Devicefingerprinting with AppleTV

    Posted Mar 28, 2013 08:28 AM

    The proper fingerprint is the same as iOS as far as I know.

     

    Is your derivation rule in place setting a role or vlan assignment rule?   Only role assignment is supported for fingerprint derivation rules (you can't change the VLAN of the device after it has already requested an IP on a VLAN; which is where the DHCP fingerprint is derived).   

     

    Also make sure the role you are assigning does not have a VLAN assigned to it.



  • 3.  RE: Devicefingerprinting with AppleTV

    Posted Mar 28, 2013 08:37 AM

    Thanks for the answere.

    The role looks like the attached picture.

    It is working for other devices. And it is working if i use the mac address of the client.

    See the userderivation picture in the attachment for more information.



  • 4.  RE: Devicefingerprinting with AppleTV

    Posted Mar 28, 2013 09:06 AM

    The MAC address rule would work fine as it is hit earlier in the authentication process. The DHCP fingerprint derivation rules are hit last, after all other authentications, role assignments, and VLAN assignments.   Changing the VLAN for a DHCP fingerprint derivation rule (either by setting the VLAN or setting a role with a VLAN assigned) is not supported.

     

    Can you try setting the AppleTV derivation rule such that it is using the fingerprint, but assigns a role that does not have a VLAN associated with it.   Despite this working for other devices as you say, I think this may be throwing the AppleTV off.   

    For example:

     set role condition dhcp-option equals "370103060F77FC" set-value authenticated

     

    I am curious if it places the AppleTV in authenticated role and assigns the default VLAN on the Virtual-AP.

     

    You can also turn on debugging for DHCP to see what is happening with DHCP.

    logging level debugging network subcat dhcp

    show log network 100 | include 00:21:6a:28:ca:a8