Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 220
204
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
4
Creates a new client identity and enters its configuration mode. Client identity is a set of unique
fingerprints used to identify a class of devices. This information is used to configure permissions
and access rules for the identified class of devices in the network. The client-identity feature
enables device fingerprinting.
Device fingerprinting is a technique of collecting, analyzing, and identifying traffic patterns
originating from remote computing devices. When enabled, device fingerprinting helps to identify a
wireless client’s device type. There are two methods of fingerprinting devices: Active and Passive.
Active fingerprinting is based on the fact that traffic patterns vary with varying device types. It
involves the sending of requests (HTTP etc.) to devices (clients) and analyzing their response to
determine the device type. For example, an invalid request is sent to a device, and its error
response is analyzed to identify the device type. Since active device fingerprinting involves sending
of packets, the probability of the network getting flooded is very high, especially when many
devices are being fingerprinted simultaneously.
Passive fingerprinting involves monitoring of devices to check for known traffic patterns specific to
devices based on the protocol, driver implementation etc. This method accurately classifies a
client’s TCP/IP configuration, OS fingerprints, wireless settings etc. No packets are sent to the
device. Some of the commonly used protocols for passive device fingerprinting are, TCP, DHCP,
HTTP etc.
This feature implements DHCP device fingerprinting, which relies on specific information sent by a
wireless client when acquiring IP address and other configuration information from a DHCP server.
The feature uses the DHCP options sent by the wireless client in the DHCP request or discover
packets to derive a unique signature specific to the class of devices. For example, Apple devices
have a different signature than Android devices. This unique signature can then be used to classify
the devices and assign permissions and restrictions on each device class.
Supported in the following platforms:
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
client-identity <CLIENT-IDENTITY-NAME>
Parameters
client-identity <CLIENT-IDENTITY-NAME>
Usage Guidelines:
The following points should be considered when configuring the client identity (device
fingerprinting) feature:
1. Ensure that DHCP is enforced on the WLANs. For more information on enforcing DHCP on
WLANs, see
.
client-identity
<CLIENT-IDENTITY--NAME
>
Creates a new client identity policy and enters its configuration mode
•
<CLIENT-IDENTITY--NAME> – Specify a client identity policy name. If the client identity policy does not
exist, it is created.