Page tree

Contents

BloxOne DDI utilizes DHCP fingerprint detection to identify IPv4 mobile devices such as laptop computers, tablets, and smart phones on your network. Using DHCP fingerprint detection is an efficient way to perform system identification. You can use DHCP fingerprint detection to track devices on your network and plan for future growth by accessing trending information such as the number of Apple iPhones versus that of Android phones that are on your network.

When a remote DHCP client sends a DHCP REQUEST message, it includes a set of DHCP options, such as option 55 and 60. Option 55 contains an option number sequence that the appliance uses to interpret the list of DHCP options that the client requests. BloxOne DDI returns the values of these requested options if the information is available. Option 60 contains a value that indicates the device type of the requesting client. Information in option 55 or 60 is incorporated to form a unique identifier known as the DHCP fingerprint, which BloxOne DDI uses to identify the requesting client. In addition to option 55 and option 60, a DHCP REQUEST is also looking at a MAC prefix.

In BloxOne DDI, DHCPv4 fingerprint detection is enabled by default. BloxOne DDI automatically matches option 55 and then option 60 in DHCP REQUEST messages against System Defined and User Defined DHCP fingerprints in the database. Once BloxOne DDI finds a match, it updates the device with the matching fingerprint name. For information about how to create DHCP fingerprints and fingerprint rules, see Creating User Defined DHCP Fingerprints.

DHCP fingerprinting happens only to DHCP leases that go through the entire DORA (Discover, Offer, Request, and Acknowledgment) process. When the DHCP request includes DHCP option 55 (the parameter request list) and option 60 (the vendor identifier), it provides information about its OS and device type. The combination of the option sequence or vendor ID in option 55 or 60 is used to infer the OS and device type of the remote client. These parameters are then incorporated into a DHCP fingerprint that provides unique information about this client.

For example, the option number sequence for a Microsoft Windows Kernel 4.0 system in option 55 can be one of the following:

1,15,3,44,46,47,6
1,3,15,6,44,46,47

The option number sequence for an Apple OS can be one of the following:

1,2,3,15,6,12,44
1,3,6,15,112,113,78,79,95,252
1,3,6,15,119,95,252

In addition, DHCP option 60 tracks vendor ID. This information can be very generic or quite specific. For example, the vendor ID MSFT 5.0 for a Microsoft Windows XP (Version 5.1, 5.2) system and a Windows Vista system can be the same. For certain Cisco VoIP devices, the vendor ID can be Cisco Systems, Inc. IP Phone, which is very generic; or it can be Cisco Systems, Inc. IP Phone 7912, which is more specific. Depending on how specific the option number sequence and the vendor ID are, this information can form a unique identifier, the DHCP fingerprint, for a remote client.

To view DHCP Fingerprints:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> DHCP Fingerprints.

  2. On the DHCP Fingerprints page, the Cloud Services Portal displays the following information:

    • NAME: the name of the DHCP fingerprint.
    • DESCRIPTION: The information about this DHCP fingerprint.
    • DEVICE CLASS: The device category to which this new fingerprint belongs.
    • TYPE: The type of fingerprint. This is either System Defined or User Defined.

When you select a specific DHCP fingerprint, the Cloud Services Portal displays detailed information about the fingerprint in the right panel as follows:

  • Description: The information about this DHCP fingerprint.
  • Device Class: The device category to which this new fingerprint belongs
  • Type: The type of fingerprint. This is either System Defined or User Defined.
  • Share with Infoblox: Defines whether this DHCP fingerprint is shared with Infoblox or not.
  • Rules: The number rules included in this fingerprint.
  • Tags: The number of tags configured for this fingerprint.

You can also do the following:

  • Click to reorder the columns or to select the columns to be displayed.
  • Click  -> Edit or select the check box for the respective record and click the Edit button to modify a DHCP fingerprint.

  • Select a fingerprint to view the additional details. You can view details like Description, Device Class, Type, Share with Infoblox, Rules, Tags, and filters. If you do not want to view the details in the right panel, click .

  • Enter the value that you want to search in the Search text box. BloxOne DDI displays the list of records matching the keyword in the text box.

  • Click  to filter the objects by Name, Description, Type, or Device Class.

  • Click -> Move to Recycle Bin to move the object to the recycle bin. You can restore the object later or delete it permanently as required. For more information, see Recycle Bin.


You can perform the following actions:

  • No labels

This page has no comments.