DHCP audit log?

ronnieshih75
Building a reputation

DHCP audit log?

We are looking for a way to send DHCP audit logs or DHCP events to a network access control server, for the purpose of better device identification.  We already have the syslog option configured and every single type of logs to send to our NAC server,  however, this is not fulfilling what we need.  Is there such thing as a DHCP option that sends DHCP messages to a different device or a Meraki specific function I'm not finding?

 

thanks.

4 Replies 4
Brash
Kind of a big deal
Kind of a big deal

I'm not sure about the specifics of DHCP event logging.

 

If you're just trying to capture IP to MAC bindings, one way you could do it (albeit not super elegant) is to use the API to periodically pull the clients in the network/organisation and extract the associated IP and MAC addresses. This will give you a list of the IP and MAC bindings, however it won't be limited to DHCP clients

ronnieshih75
Building a reputation

We are already using API to pull MAC/IP address binding through API.  Lots of unidentified devices.  It does not pull in device type or OS and the NAC server has a hard time identifying devices using its own native means of device identification mechanism.  I've been told to "relay DHCP information" to the NAC server but we all know the definition of DHCP relay means running DHCP server on the piece where you relay DHCP to, so that's not the right answer.  

 

Thanks anyway.

Brash
Kind of a big deal
Kind of a big deal

The API should also output the OS fingerprinting information for each client.

If the issue is that there are a number of devices that do not have valid OS fingerprinting and you'd like to redirect the DHCP fingerprint information to the NAC, I don't think there's a way you can do this.

As you mentioned, running DHCP relay on the Meraki device and running DHCP service on the NAC would be the only method to allow the NAC to perform the fingerprinting.

ronnieshih75
Building a reputation

API isn't pulling in os fingerprint unfortunately.  I don't think I'm missing anything thing since the api pull config inside our NAC server is straight forward.  But I'll give meraki support a call tomorrow to find out for sure.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels