Users Guide
148 | Role Derivation Dell PowerConnect W-Series Instant Access Point 6.2.0.0-3.2.0.0 | User Guide
Registration Authority. This identifier uniquely identifies a vendor, manufacturer, or other
organization (referred to by the IEEE as the “assignee”) globally and effectively reserves a block of
each possible type of derivative identifier (such as MAC addresses) for the exclusive use of the
assignee. IAP uses the OUI part of a MAC address to identify the device manufacturer and assigns
a desired role for users who have completed 802.1X authentication and MAC authentication.
DHCP Option and DHCP Fingerprinting
The DHCP fingerprinting feature allows you to identify the operating system of a device by
looking at the options in the DHCP frame. Based on the operating system type, a role can be
assigned to the device.
For example, in order to create a role assignment rule with DHCP option, select equals from the
Operator drop-down list and enter 370103060F77FC in the String text box. Since
370103060F77FC is the fingerprint for Apple iOS devices such as iPad and iPhone, W-IAP assigns
Apple iOS devices to the role that you choose.
Device DHCP Option DHCP Fingerprint
Apple iOS Option 55 370103060F77FC
Android Option 60 3C64686370636420342E302E3135
Blackberry Option 60 3C426C61636B4265727279
Windows 7/Vista
Desktop
Option 55 37010f03062c2e2f1f2179f92b
Windows XP(SP3,
Home, Professional)
Option 55 37010f03062c2e2f1f21f92b
Windows Mobile Option 60
3c4d6963726f736f66742057696e646f77732043450-
0
Windows 7 Phone Option 55 370103060f2c2e2f
Apple Mac OSX Option 55 370103060f775ffc2c2e2f
Table 20 - Validated DHCP Fingerprint
802.1X-Authentication-Type
W-IAP allows you to use client 802.1X authentication to assign a desired role for users who have
completed 802.1X authentication.
NOTE: When creating more than one role assignment rule based on RADIUS attributes, a
DHCP option, and 802.1X-authentication-type, the first matching rule in the rule list is
applied.