Device fingerprinting enables administrators to control how BYOD devices access the network and to control their access permissions.
Note
Ensure that DHCP is enabled on the WLAN on which device fingerprinting is to be enabled.To configure device fingerprinting:
Click Edit to modify a selected policy, or Delete to remove obsolete policies from the list of those available.
request | Indicates the fingerprint is only checked with any DHCP request message received from any device. |
discover | Indicates the fingerprint is only checked with any DHCP discover message received from any device. |
any | Indicates the fingerprint is checked with either the DHCP request or the DHCP discover message. |
all | Indicates the fingerprint is checked with both the DHCP request and DHCP discover message. |
Index | Use the spinner control to assign an index for this signature. A maximum of 16 signatures can be created in each client identity. |
Message Type | Use the drop-down menu to designate the DHCP message in which to look for the signatures.
|
Match Option | The
Match Option field contains the following options:
|
Match Type | Use the drop-down menu to select how the signatures are matched. Available options include:
|
Value Format | Use the drop-down menu to select the character format of the value that is being checked. The value can be either ASCII or Hexa String. |
Option Value | Use this text box to set the 64-character maximum DHCP option value to match. |
Click Exit to close the Client Identity screen.
A Client identity group is a collection of client identities. Each client identity included in a client identity group is set a priority value that indicates the priority for that identity when device fingerprinting.
Device fingerprinting relies on specific information sent by a client when acquiring an IP address and configuration information from a DHCP server. Device fingerprinting uses the DHCP options sent by the wireless client in DHCP request or discover packets to derive a unique signature specific to a device class. For example, Apple devices have a different signature from Android devices. This unique signature is used to classify the devices and assign permissions and restrictions on each class.
Click Edit to modify the attributes of a selected policy or Delete to remove obsolete policies from the list of those available.
sClick Exit to close the Client Identity Group screen.