Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP before EAP request

Hi...

I've implemented 802.1x on my network. All workstation are Windows XP.

In some of them, when I plug the machine at the network, the switch doens't send the EAP request imediatelly... the workstation DHCP request occurs first, and after this.. the EAP request happens.

Is this a normal behavior?

Is there a way to force the switch send the EAP request before the workstation generate DHCP request?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: DHCP before EAP request

From what I have seen the switch will send the EAP as soon as the port comes up. This maybe that the PC and the switch are trying to send packets before the port is really completely active.

Make sure you have portfast on the switch since this know to cause issues. You can also attempt to change the dot1x timeout tx-period to something less than the default of 30 seconds. You have almost a 30 second delay in your trace.

A debug on dot1x and ip packet while you capture may indicate if the pc and the switch see things the same way.

4 REPLIES
Gold

Re: DHCP before EAP request

I think if you span the port on the switch you will find as I did that the switch is actually sending the packets but the PC is ignoring them. Debugs on the switch will also show this. Eventually the PC will initiate a 802.1x message and all will start to work.

I have tried changing some of the dot1x timeout values with limited success.

New Member

Re: DHCP before EAP request

Actually, Im debugging the NIC of the Workstaion, (using Ethereal).

When a plug it on the network, it shows me three or four DHCP packets sent by the workstaion and after this, it receives the request from the switch.

Please, see attachment.

Thanks

Gold

Re: DHCP before EAP request

From what I have seen the switch will send the EAP as soon as the port comes up. This maybe that the PC and the switch are trying to send packets before the port is really completely active.

Make sure you have portfast on the switch since this know to cause issues. You can also attempt to change the dot1x timeout tx-period to something less than the default of 30 seconds. You have almost a 30 second delay in your trace.

A debug on dot1x and ip packet while you capture may indicate if the pc and the switch see things the same way.

New Member

Re: DHCP before EAP request

hi...

The switch port already had the command "spanning-tree portfas".

The only thing i did was to put the command "dot1x timeout tx-period" to value 1

Now, the EAP request happens first...and after..the DHCP request...

Thank you!!

Tauer

378
Views
3
Helpful
4
Replies