DHCP fingerprinting with Client Classes

DHCP fingerprinting with Client Classes

 

 Client Classes and Sub Classes 

Client classes and Sub Classes are powerful features used to group clients (DHCP clients) and apply specific DHCP options or behaviors to those groups. These classes and subclasses enable more granular control over how DHCP services are delivered to different types of clients on the network.

 

 Client Classes   

  • A client class in ISC DHCP is a grouping of DHCP clients that share common characteristics. These characteristics are usually defined by matching specific criteria in the DHCP discovery or request messages that the clients send.

  • Classes are used to apply different DHCP configurations to different groups of clients. For example, you might have different classes for different types of devices (like printers, laptops, and phones) or different operating systems.

Example of a Client Class:

class "Printers" {

  match if substring(hardware, 1, 3) = 00:11:22;

}

subnet 192.168.1.0 netmask 255.255.255.0 {

  pool {

    allow members of "Printers";

    range 192.168.1.50 192.168.1.60;

  }

}


}

  • In this example, a class named "Printers" is defined, which includes any client whose MAC address starts with 00:11:22. Printers are then assigned IP addresses from a specific range.

 

 Subclasses   

  • A subclass in ISC DHCP is a more specific grouping within a class. Subclasses are defined based on a subclass-specific value, such as a MAC address or a client identifier.

  • Subclasses allow for even more specific targeting of DHCP options and configurations. They are useful in scenarios where a broad class needs to be divided into finer groups.

Example of Subclasses:

class "MobileDevices" {

  match if substring(option vendor-class-identifier, 0, 6) = "iPhone" or substring(option vendor-class-identifier, 0, 7) = "Android";

}

 

subclass "MobileDevices" "iPhone" {

  match if substring(option vendor-class-identifier, 0, 6) = "iPhone";

}

 

subclass "MobileDevices" "Android" {

  match if substring(option vendor-class-identifier, 0, 7) = "Android";

} 

 

 

  • Description: This configuration first defines a broad class for mobile devices, and then two subclasses for iPhones and Android devices, respectively. Each subclass can then be given different IP ranges, options, or policies.

Applications and Benefits  

  1. Customized Configuration: Allows network administrators to tailor DHCP settings to the specific needs of different devices or user groups.

  1. Network Management: Easier management of network resources and policies by segmenting clients into manageable groups.

  1. Policy Enforcement: Enforces different network policies for security, access control, or bandwidth allocation based on client type.

 

 Configuring Classes and Sub Classes in DDI 

To create a client class;

  • Go to DHCP-> Network-> Client Class

  • The Create Client Class page appears on the screen.

  • Assign the Client class a unique name.

  • ASSIGN TO: Assign the scope level for the client class, whether its configurations should be applied for the matching client on a specific subnet level or global level. The Global option suggests it could be applied across all subnets, whereas a specific Subnet could be chosen to restrict the class to a particular network segment.

  • CLASS TYPE: The class type field likely refers to the basis of the class definition. Template might be an option here indicating that this class is a template that can be reused or that you are creating this class based on a pre-defined template.

  • MATCH TYPE: This defines the method by which the DHCP server will match clients to this class. Substring indicates that the server will look for a matching string of characters within the client's DHCP messages.

  • OFFSET: In the context of matching by substring, this defines the starting position in the client's DHCP message where the matching should begin.

  • LENGTH: This specifies the length of the substring that the DHCP server should match against the client's DHCP message.

  • MATCH STRING: The actual string of characters the DHCP server will look for in the client's DHCP message to determine if it belongs to this client class.

  • CONDITIONAL STATEMENT: This field allows for more complex matching rules, perhaps using logical or comparison operators to evaluate whether clients meet the criteria for this class.

  • Match Value / Sub Class: This section has a checkbox that is used to indicate whether a match value should be used to further define subclasses within this client class.

  • MATCH VALUE: If subclasses are being defined, this field would be where you specify the value that differentiates each subclass.

  • DHCP OPTIONS: Here, you would specify any DHCP options that should be applied to clients within this class. These could include options like DNS servers, domain name, lease time, etc.

  • CUSTOM OPTIONS: This section is likely for defining additional DHCP options that are not part of the standard set, which could be specific to the organization or the DHCP server software being used.

  • Cilck Save.

 

 

 

Classes and subclasses in DDI add flexibility and precision to DHCP management, enabling complex scenarios and specific requirements to be met efficiently. This is particularly useful in large or diverse network environments.

 DHCP Fingerprinting with Client Classes 

DHCP fingerprinting, a method of device identification through DHCP, leverages client class parameters to provide a means for more granular network management and resource allocation. This process involves the DHCP client sending additional information to the DHCP server, which in turn uses this information to identify the type of client and assign IP addresses or parameters accordingly. This technique is especially useful in environments where different types of devices require distinct network configurations or policies.

How DHCP Fingerprinting Works:  

  1. Client Class Parameters: When a DHCP client requests an IP address, it can provide additional information in the form of vendor class identifiers (VCI) or user class identifiers (UCI). These identifiers are part of the DHCP discovery or request packets.

  1. Server Recognition: The DHCP server is configured to recognize these identifiers and categorize clients into different classes based on the provided information.

Applications of DHCP Fingerprinting:  

  • Differentiated Resource Allocation: You can dedicate one address pool for specific types of devices, like VoIP devices, and a separate pool for data devices. This is useful in networks where different device types have different network requirements.

  • Policy Enforcement: For source routing policies, where voice and data packets are routed differently, DHCP fingerprinting helps in applying these policies right from the point of network entry.

  • Administrative Segmentation: In a large organization, managing devices based on their type (like printers, workstations, mobile devices) becomes easier with DHCP fingerprinting.

Example Scenario:  

Consider a network where VoIP devices and data devices need to be segregated:

class "VoIP-Phones" {

  match if substring(option vendor-class-identifier, 0, 4) = "VoIP";

}

class "Data-Devices" {

  match if substring(option vendor-class-identifier, 0, 4) != "VoIP";

}

 

subnet 192.168.1.0 netmask 255.255.255.0 {

  pool {

    allow members of "VoIP-Phones";

    range 192.168.1.10 192.168.1.50;

  }

  pool {

    allow members of "Data-Devices";

    range 192.168.1.51 192.168.1.100;

  }

}

 

  • In this configuration, two classes are defined based on the vendor class identifier. VoIP phones are assigned IP addresses from a specific range, separate from the range used for data devices. The same can be configured using DDI GUI using templates or the above can be given ISC bind format in the Condition text box and simply click Save.

 

Benefits of DHCP Fingerprinting:  

  • Efficient Network Management: Allows for the dynamic assignment of IP addresses and configurations based on device type, improving network efficiency.

  • Enhanced Security: Helps in implementing security policies tailored to different device types.

  • Quality of Service (QoS): Ensures that devices like VoIP phones that require higher QoS receive the necessary network configurations.

  • Scalability: Makes the network more adaptable to the addition of new types of devices without requiring major configuration changes.

Considerations:  

  • Accuracy: The accuracy of DHCP fingerprinting depends on the uniqueness and consistency of the vendor or user class identifiers provided by the devices.

  • Configuration Complexity: Implementing DHCP fingerprinting can add complexity to DHCP server configuration and requires thorough planning and testing.

DHCP fingerprinting is a powerful tool in network administration, enabling the categorization and appropriate management of different types of devices within the network. It enhances the capability to efficiently allocate network resources, enforce policies, and ensure optimal performance for all devices.

 

                  New to ADSelfService Plus?

                    • Related Articles

                    • Managing DHCP scopes

                      What is a DHCP Scope? A DHCP scope is a network topological element in DHCP defined as a pool of IP addresses that a DHCP server can dynamically assign to clients on a particular subnet. Each scope represents a range of IP addresses that are ...
                    • DHCP scope audit logs

                      The DHCP scope audit logs page provides you an overview of the actions performed on each scope configured in your network. It help you to continuously evaluate the overall security posture of your scopes using security audit logs to track the who, ...
                    • Configuring DHCP failover

                      Note: ManageEngine DDI does not offer DHCP failover for IPv6 address space. Failover is only available for IPv4 address space. To configure the DHCP failover configurations: Go to DHCP ->Config-> DHCP Failover Click on the Add DHCP Failover button on ...
                    • Rogue detection: DHCP Server

                      Rogue DHCP server detection is an important aspect of network security and management. In a typical network environment, DHCP (Dynamic Host Configuration Protocol) servers are used to automatically assign IP addresses and other network configuration ...
                    • Custom DHCP options

                      About Custom DHCP options Defining custom DHCP options enable network administrators to extend and tailor DHCP functionality beyond the standard configuration parameters. Custom DHCP options provide a way to convey specific information to DHCP ...