Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

dhcp

Configures the DHCP option match criteria (signature) for the discover and request message types received from wireless clients

When accessing a network, DHCP discover and request messages are passed between wireless clients and the DHCP server. These messages contain DHCP options and option values that differ from device to device and are based on the DHCP implementation in the device‘s Operating System (OS). Options and option values contained in a client‘s messages are parsed and compared against the configured DHCP option values to identify the device. Once a device type is identified, the wireless client database is updated with the discovered device type.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

dhcp <1-16> message-type [discover|request] [option|option-codes]
dhcp <1-16> message-type [discover|request] [option <1-254>|option-codes] 
[contains|exact|starts-with] [ascii|hexstring] <WORD>

Parameters

dhcp <1-16> message-type [discover|request] [option <1-254>|option-codes] 
[contains|exact|starts-with] [ascii|hexstring] <WORD>
dhcp <1-16> Adds a DHCP option match criteria signature
  • <1-16> – Specify an index for this DHCP match criteria from 1 - 16.
Note: A maximum of 16 match criteria can be configured.
message-type [discover|request] Specifies the message type to which this DHCP match criteria is applicable
  • discover – Applies this match criteria to DHCP discover messages only. Indicates that the fingerprint is only checked with any DHCP discover messages received from any device.
  • request – Applies this match criteria to DHCP request messages only. Indicates that the fingerprint is only checked with any DHCP request messages received from any device.
Note: It is recommended to configure client-identity with request messages, because clients rarely send discover messages.
Note: If the message type is not specified, the fingerprint is checked with all message types (DHCP request and DHCP discover).
option <1-254> The following keywords are common to the ‘discover‘ and ‘request‘ message types:
  • option – Configures a DHCP option value, which is used as the match criteria
    • <1-254> – Configures a code for this DHCP option from 1 - 254 (except option 53)
option-codes The following keyword is common to the ‘discover‘ and ‘request‘ message types:
  • option-codes – Matches criteria based on the DHCP option codes contained in the client‘s discover/request messages

Devices pass options in their DHCP discover/request messages as option codes, option types, and option value sets. These option codes are extracted and matched against the configured DHCP option codes and a fingerprint is derived. This derived fingerprint is used to identify the device.
contains The following keyword is common to the ‘discover‘ and ‘request‘ message types:
  • contains – Specifies that the DHCP options received in the client‘s discover/request messages contains the configured option code string
exact The following keyword is common to the discover and request message types:
  • exact – Specifies that the DHCP options received in the client‘s discover/request messages is an exact match with the configured option code string
starts-with The following keyword is common to the ‘discover‘ and ‘request‘ message types:
  • starts-with – Specifies that the DHCP options received in the client‘s discover/request messages starts with the configured option code string
ascii <WORD> The following keywords are common to the ‘contains‘, ‘exact‘, and ‘starts-with‘ parameters:
  • ascii – Configures the DHCP option in the ASCII format
    • <WORD> – Specify the DHCP option ASCII value to match.
hexstring <WORD> The following keywords are common to the ‘contains‘, ‘exact‘, and ‘starts-with‘ parameters:
  • hexstring – Configures the DHCP option in the hexa-decimal format
    • <WORD> – Specify the DHCP option hexstring value to match.

Usage Guidelines

The following DHCP options are useful for identifying different device types:

  • Option 55: Used by a DHCP client to request values for specific configuration parameters. It is a list of DHCP option codes and can be in the client‘s order of preference.
  • Client configured list of DHCP options (all options parsed into a hex string).
  • Option 60: Vendor class identifier. Used to identify the vendor and functionality of a DHCP client (some devices do not set the value of this field).

Though it is possible to use any option to configure a device fingerprint, the use of a combination of one or more of the preceding options to define a device is recommended.

Examples

nx9500-6C8809(config-client-identity-test)#dhcp 1 message-type request option
60 exact ascii MSFT\5.0
nx9500-6C8809(config-client-identity-test)#dhcp 2 message-type discover option
 2 exact hexstring 012456c22c44
nx9500-6C8809(config-client-identity-test)#show context
client-identity test
 dhcp 2 message-type discover option 2 exact hexstring 012456c22c44
 dhcp 1 message-type request option 60 exact ascii MSFT5.0
nx9500-6C8809(config-client-identity-test)#

Related Commands

no Removes a DHCP option signature (match criteria)
Published July 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page