Document toolboxDocument toolbox

Configuring DHCPv4 Fingerprints

Owned by Sri Raghu
Last updated: Sept 12, 2024
3 min read

Universal DDI utilizes DHCP fingerprint detection to identify IPv4 mobile devices such as laptop computers, tablets, and smart phones on your network. Using DHCP fingerprint detection is an efficient way to perform system identification. You can use DHCP fingerprint detection to track devices on your network and plan for future growth by accessing trending information such as the number of Apple iPhones versus that of Android phones that are on your network.

When a remote DHCP client sends a DHCP REQUEST message, it includes a set of DHCP options, such as option 55 and 60. Option 55 contains an option number sequence that the appliance uses to interpret the list of DHCP options that the client requests. Universal DDI returns the values of these requested options if the information is available. Option 60 contains a value that indicates the device type of the requesting client. Information in option 55 or 60 is incorporated to form a unique identifier known as the DHCP fingerprint, which Universal DDI uses to identify the requesting client. In addition to option 55 and option 60, a DHCP REQUEST is also looking at a MAC prefix.

In Universal DDI, DHCPv4 fingerprint detection is enabled by default. Universal DDI automatically matches option 55 and then option 60 in DHCP REQUEST messages against DHCP fingerprints in the database. Once Universal DDI finds a match, it updates the device with the matching fingerprint name. For information about how to create DHCP fingerprints and fingerprint rules, see Creating DHCP Fingerprints.

DHCP fingerprinting happens only to DHCP leases that go through the entire DORA (Discover, Offer, Request, and Acknowledgment) process. When the DHCP request includes DHCP option 55 (the parameter request list) and option 60 (the vendor identifier), it provides information about its OS and device type. The combination of the option sequence or vendor ID in option 55 or 60 is used to infer the OS and device type of the remote client. These parameters are then incorporated into a DHCP fingerprint that provides unique information about this client.

For example, the option number sequence for a Microsoft Windows Kernel 4.0 system in option 55 can be one of the following:

1,15,3,44,46,47,6
1,3,15,6,44,46,47

The option number sequence for an Apple OS can be one of the following:

1,2,3,15,6,12,44
1,3,6,15,112,113,78,79,95,252
1,3,6,15,119,95,252

In addition, DHCP option 60 tracks vendor ID. This information can be very generic or quite specific. For example, the vendor ID MSFT 5.0 for a Microsoft Windows XP (Version 5.1, 5.2) system and a Windows Vista system can be the same. For certain Cisco VoIP devices, the vendor ID can be Cisco Systems, Inc. IP Phone, which is very generic; or it can be Cisco Systems, Inc. IP Phone 7912, which is more specific. Depending on how specific the option number sequence and the vendor ID are, this information can form a unique identifier, the DHCP fingerprint, for a remote client.

To view DHCP Fingerprints:

  1. From the Infoblox Portal, click Configure > Networking > IPAM/DHCP > DHCP Fingerprints.

  2. On the DHCP Fingerprints page, the Infoblox Portal displays the following information:

    • NAME: the name of the DHCP fingerprint.
    • DESCRIPTION: The information about this DHCP fingerprint.
    • DEVICE CLASS: The device category to which this new fingerprint belongs.

When you select a specific DHCP fingerprint, the Infoblox Portal displays detailed information about the fingerprint in the right panel as follows:

  • Description: The information about this DHCP fingerprint.
  • Device Class: The device category to which this new fingerprint belongs
  • Share with Infoblox: Defines whether this DHCP fingerprint is shared with Infoblox or not.
  • Rules: The number rules included in this fingerprint.
  • Tags: The number of tags configured for this fingerprint.

You can also do the following:

  • Click the menu button, to reorder the columns or to select the columns to be displayed.

  • Click the menu button, , then Edit or select the check box for the respective record and click the Edit button to modify a DHCP fingerprint.

  • Click Precedence to edit the value. The DHCP fingerprint rule with the lowest precedence value has the highest priority.

  • Select a fingerprint to view the additional details. You can view details like Description, Device Class, Type, Share with Infoblox, Rules, Tags, and filters. If you do not want to view the details in the right panel, click the information button, .

  • Enter the value that you want to search in the Search text box. Universal DDI displays the list of records matching the keyword in the text box.

  • Click the filter button, , to filter the objects by Name, Description, Type, or Device ClassTo save a filter after selecting the required parameters click Save Filter, specify a name for the filter, and click Save. To reload a previously saved filter, click the saved filters button, , and select the required filter. 
  • Click the menu button, , then Move to Recycle Bin to move the object to the recycle bin. You can restore the object later or delete it permanently as required. For more information, see Recycle Bin.

You can perform the following actions: