Forum Discussion

JustinH's avatar
JustinH
Icon for Nimbostratus rankNimbostratus
Apr 26, 2018

Get MAC address of client machine

Hello, I am trying to get the MAC address of client machines that connect. These are windows 10 OS and we are using the BIG-IP APM version 13.0.1. I have tried assigning a variable in the access policy to get the MAC and log it in the session log. I have also tried coming up with and iRule that doesn't work. I need this for auditing reasons and the possibility of filtering based on the MAC (but not yet). Was thinking of using the iRule to get the address and pass the variable to the session and log it there. Any help on this is greatly appreciated.

 

Any questions let me know. Justin

 

APM
devops

9 Replies

Sort By
  • JustinH's avatar
    JustinH
    Icon for Nimbostratus rankNimbostratus
    Apr 27, 2018

    Here is what I have that does not seem to work.

     

    Created a custom variable assignment

     

     

    Then created a Log entry to capture the value of the variable in the session log

     

     

    The variable gets created but is not populated. Do I need to specify the active adapter in the array in the expression for the variable assign?

     

    Thanks, Justin

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Apr 28, 2018

    you do have the Machine Info VPE element in your policy?

     

    when you check the session variables, is there information there?

     

  • JustinH's avatar
    JustinH
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2018

    The variable is there but no information. Looked in the all the logs and nothing there on any errors.

     

  • JustinH's avatar
    JustinH
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2018

    Yes I have it. Just not inserted into the policy as I thought it was just for filtering on MAC address. I inserted it and left it blank this time. It worked! However this is not straight forward for just recording the MAC and not filtering on it. It does seem to initiate the check on the machine and not the expression in the variable assign alone.

     

    Now if F5 can't get the MAC address from the client machine does it go to the denied branch?

     

    Also, I had added the Inspection service on the client before and it didn't work. I took it back off the client after inserting the Machine Info on the access policy and still seems to work.

     

    Thank you! Justin

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    May 01, 2018

    thanks for reporting back

    It does seem to initiate the check on the machine and not the expression in the variable assign alone.

    correct, it isn't fully straight forward how some of these VPEs behave.

    Now if F5 can't get the MAC address from the client machine does it go to the denied branch?

    i do believe that is the case, but it depends on how you built your selection VPE, you could go for something else if the MAC is empty. to get a MAC address the client has to run something, so it might also not work on all clients.

    i put my question which got you on the right track as an answer now also, if you can flag that the question and the correct answer is there for others to find.

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    May 01, 2018

    you do have the Machine Info VPE element in your policy? That is needed to actually the the variables assigned with the correct information.