Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1111
Views
3
Helpful
4
Replies

DHCP before EAP request

Go to solution
Tauer Drumond
Level 1
Level 1

‎08-22-2008 05:32 AM - edited ‎03-06-2019 12:57 AM

Hi...

I've implemented 802.1x on my network. All workstation are Windows XP.

In some of them, when I plug the machine at the network, the switch doens't send the EAP request imediatelly... the workstation DHCP request occurs first, and after this.. the EAP request happens.

Is this a normal behavior?

Is there a way to force the switch send the EAP request before the workstation generate DHCP request?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tdrais
Level 7
Level 7
In response to Tauer Drumond

‎08-22-2008 06:55 AM

From what I have seen the switch will send the EAP as soon as the port comes up. This maybe that the PC and the switch are trying to send packets before the port is really completely active.

Make sure you have portfast on the switch since this know to cause issues. You can also attempt to change the dot1x timeout tx-period to something less than the default of 30 seconds. You have almost a 30 second delay in your trace.

A debug on dot1x and ip packet while you capture may indicate if the pc and the switch see things the same way.

View solution in original post

4 Replies 4

Go to solution
tdrais
Level 7
Level 7

‎08-22-2008 06:12 AM

I think if you span the port on the switch you will find as I did that the switch is actually sending the packets but the PC is ignoring them. Debugs on the switch will also show this. Eventually the PC will initiate a 802.1x message and all will start to work.

I have tried changing some of the dot1x timeout values with limited success.

0 Helpful

Go to solution
Tauer Drumond
Level 1
Level 1
In response to tdrais

‎08-22-2008 06:29 AM

Actually, Im debugging the NIC of the Workstaion, (using Ethereal).

When a plug it on the network, it shows me three or four DHCP packets sent by the workstaion and after this, it receives the request from the switch.

Please, see attachment.

Thanks

Preview file
141 KB
0 Helpful

Go to solution
tdrais
Level 7
Level 7
In response to Tauer Drumond

‎08-22-2008 06:55 AM

From what I have seen the switch will send the EAP as soon as the port comes up. This maybe that the PC and the switch are trying to send packets before the port is really completely active.

Make sure you have portfast on the switch since this know to cause issues. You can also attempt to change the dot1x timeout tx-period to something less than the default of 30 seconds. You have almost a 30 second delay in your trace.

A debug on dot1x and ip packet while you capture may indicate if the pc and the switch see things the same way.

Go to solution
Tauer Drumond
Level 1
Level 1
In response to tdrais

‎08-22-2008 07:09 AM

hi...

The switch port already had the command "spanning-tree portfas".

The only thing i did was to put the command "dot1x timeout tx-period" to value 1

Now, the EAP request happens first...and after..the DHCP request...

Thank you!!

Tauer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card