Security

Hello Experts,

I have a question regarding Connection:Client-MAC-Vendor attribute that is used in rules. Assuming I have dhcp fingerprint and a device is profiled, is the attribute checked against the fingerprint sent by device everytime it is connecting or solely a lookup using OUI portion of the device MAC address agaist MAC Vendor in ClearPass database?

Thank you for your feedbacks,

Ario

Fingerprint information is stored in the Endpoint database, and the MAC vendor is a 'static lookup' independent of the endpoint database.

The first time a client connects, there is no profiling information, but the MAC Vendor is available based on the OUI lookup.
Once a client is connected, dhcp fingerprint can come in, and optionally you can trigger a reconnect/reauthentication in your service under Profiling, then when the authentication request arrives again the latest information for the fingerprint (Device Type, Device Name, etc) is available.

In general, I don't see MAC Vendor information being used too much as many vendors create different device types.

Not sure if this answers the question behind your question... if not please explain what you are looking for, for more accurate information.

Hello Experts,

I have a question regarding Connection:Client-MAC-Vendor attribute that is used in rules. Assuming I have dhcp fingerprint and a device is profiled, is the attribute checked against the fingerprint sent by device everytime it is connecting or solely a lookup using OUI portion of the device MAC address agaist MAC Vendor in ClearPass database?

Thank you for your feedbacks,

Ario

Hi Herman,

Thanks for replying quickly. 

Let's say I have an enforcement that looks like below 

what will be used to match against 'AMD'? will it just break down mac address of the device and look it up from ClearPass database? or does it need to use info from DHCP?

Thanks again.

Fingerprint information is stored in the Endpoint database, and the MAC vendor is a 'static lookup' independent of the endpoint database.

The first time a client connects, there is no profiling information, but the MAC Vendor is available based on the OUI lookup.
Once a client is connected, dhcp fingerprint can come in, and optionally you can trigger a reconnect/reauthentication in your service under Profiling, then when the authentication request arrives again the latest information for the fingerprint (Device Type, Device Name, etc) is available.

In general, I don't see MAC Vendor information being used too much as many vendors create different device types.

Not sure if this answers the question behind your question... if not please explain what you are looking for, for more accurate information.

Hello Experts,

I have a question regarding Connection:Client-MAC-Vendor attribute that is used in rules. Assuming I have dhcp fingerprint and a device is profiled, is the attribute checked against the fingerprint sent by device everytime it is connecting or solely a lookup using OUI portion of the device MAC address agaist MAC Vendor in ClearPass database?

Thank you for your feedbacks,

Ario

This policy will just use the MAC address.

First part will check if the MAC address ends with, and First will check the MAC OUI (first 6 octets) and check if AMD is (part of) the name.

Hi Herman,

Thanks for replying quickly. 

Let's say I have an enforcement that looks like below 

what will be used to match against 'AMD'? will it just break down mac address of the device and look it up from ClearPass database? or does it need to use info from DHCP?

Thanks again.

Fingerprint information is stored in the Endpoint database, and the MAC vendor is a 'static lookup' independent of the endpoint database.

The first time a client connects, there is no profiling information, but the MAC Vendor is available based on the OUI lookup.
Once a client is connected, dhcp fingerprint can come in, and optionally you can trigger a reconnect/reauthentication in your service under Profiling, then when the authentication request arrives again the latest information for the fingerprint (Device Type, Device Name, etc) is available.

In general, I don't see MAC Vendor information being used too much as many vendors create different device types.

Not sure if this answers the question behind your question... if not please explain what you are looking for, for more accurate information.

Hello Experts,

I have a question regarding Connection:Client-MAC-Vendor attribute that is used in rules. Assuming I have dhcp fingerprint and a device is profiled, is the attribute checked against the fingerprint sent by device everytime it is connecting or solely a lookup using OUI portion of the device MAC address agaist MAC Vendor in ClearPass database?

Thank you for your feedbacks,

Ario