Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

311

312

313

314

315

316

317

318

319

320

312 | ClearPass Policy Manager Profile Dell Networking W-ClearPass Policy Manager 6.3 |User Guide

l "MAC OUI" on page 312*

l "ActiveSync Plugin" on page 313

l "CPPM OnGuard" on page 313

l "SNMP" on page 313

l "Subnet Scan" on page 314

* Acquired via various authentication mechanisms such as 802.1X, MAC authentication, etc.

DHCP

DHCP attributes such as option55 (parameter request list), option60 (vendor class) and options list from DISCOVER

and REQUEST packets can uniquely fingerprint most devices that use the DHCP mechanism to acquire an IP address

on the network. Switches and controllers can be configured to forward DHCP packets such as DISCOVER, REQUEST

and INFORM to CPPM. These DHCP packets are decoded by CPPM to arrive at the device category, family, and name.

Apart from fingerprints, DHCP also provides hostname and IP address.

Sending DHCP Traffic to CPPM

Perform the following steps to configure your Dell W-Series Controller and Cisco Switch to send DHCP Traffic to

CPPM.

interface <vlan_name>

ip address <ip_addr> <netmask>

ip helper-address <dhcp_server_ip>

ip helper-address <cppm_ip>end

end

Notice that multiple “ip helper-address” statements can be configured to send DHCP packets to servers other than

the DHCP server.

ClearPass Onboard

ClearPass Onboard collects rich and authentic device information from all devices during the onboarding process.

Onboard then posts this information to Profile via the Profile API. Because the information collected is definitive,

Profile can directly classify these devices into their Category, Family, and Name without having to rely on any other

fingerprinting information.

HTTP User-Agent

In some cases, DHCP fingerprint alone cannot fully classify a device. A common example is the Apple

family of

smart devices; DHCP fingerprints cannot distinguish between an iPad

and an iPhone

. In these scenarios, User-Agent

strings sent by browsers in the HTTP protocol are useful to further refine classification results.

User-Agent strings are collected from the following:

l ClearPass Guest (Amigopod)

l ClearPass Onboard

l Dell W-Series controller through IF-MAP interface

MAC OUI

MAC OUI can be useful in some cases to better classify endpoints. An example is Android™ devices where DHCP

fingerprints can only classify a device as generic android, but it cannot provide more details regarding vendor.

Combining this information with MAC OUI, profiler can classify a device as HTC™ Android, Samsung™ Android,

Motorola

Android etc. MAC OUI is also useful to profile devices like printers that may be configured with static IP

addresses.