It is possible to use dhcp fingerprints to provide device category specific
settings including lease times. This is not vendor specific, but a dhcp
configuration.
Our observation is that many many many of our wireless devices are 'mobile
appliances'. Mostly Apple today with android numbers increasing. The number of
distinct android fingerprints is legion.
The current trend toward common platforms may someday muddy the waters, but
for the moment it is easier to reliably fingerprint Mac and Windows Notebook
devices than any other category ... so I would propose a general reduction in
wireless lease times with fingerprint based extensions for Notebooks.
That said there are risks with shorter lease times. Specifically DHCP server
load, increased network broadcast traffic, incompatible NAC attribution
systems. increased log sizes (watch your siem license). I hesitate to suggest
this if you do not have a functional system and network monitoring tool.
I disagree with creating separate SSID / pools for device class because it is
wasteful in an already fragile IP economy.
Tested but unproven and without warrantee: If someone has their back against
the wall and is interested in giving it a go... show this to your dhcp admin:
If it works for you, let us all know the stats, send a donation to a food
pantry.
class "EXCEPTION" {
match concat(pick-first-value(option
vendor-class-identifier,"no-identifier"),"=",binary-to-ascii(10, 8, "-", option
dhcp-parameter-request-list));
}
subclass "EXCEPTION" "MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-43" {
default-lease-time 7200;
max-lease-time 7200;
}
also subclass
MSFT 5.0=1-15-3-6-44-46-47-31-33-43
MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-43
MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-252-43
MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-43-4-0-2-21-20-232-25-48-24
MSFT 5.0=1-3-6-15-33-43-44-46-47-121-249
no-identifier=1-3-6-15-112-113-78-79-95-252
no-identifier=1-3-6-15-112-113-78-79-95
no-identifier=1-3-6-15-119-95-252-44-46
no-identifier=1-3-6-15-119-95-252-44-46-47
(there are a few more obscure entries but this will get you started)
Randall Grimshaw [email protected]
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
