Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

How does DHCP-based Device Type Detection work in NAC/Indentity and Access/Control appliances?

« Go Back

Information

 
TitleHow does DHCP-based Device Type Detection work in NAC/Indentity and Access/Control appliances?
Question
How does a NAC/Access Control Engine appliance detect the operating system or device type for a system using DHCP?
Why does DHCP need to be forwarded to the NAC?
 
Environment
  • NAC
  • Control
  • Indentity and Access
  • DHCP 
  • Option 55
Answer
For DHCP-based Device Type Detection, the NAC or Access Control Engine appliance will need to see the DHCP handshakes from the DHCP client and Servers. This is typically done by forwarding these frames to the appliance via the IP-helper in capable routers. The NAC will not reply back, it is only in a passive listening mode.

In the DHCP Packet, option 55 needs to be present in order for the NAC to determine the device type.
Option 55 will have a series of numbers in it that are generally accepted as a unique device type. Option 55 decodes as "Parameter Request".

Note that if NAC rules are built with Device type rules in them, they are occasionally subject to a change in the option 'fingerprint' that sometimes occurs during patches and upgrades. If the appliance is out of date, or the device software is newer, then this OS detection may not work.

 
Additional notes
http://lets-start-to-learn.blogspot.com/2015/02/dhcp-fingerprinting.html

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255