Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

802.1x and DHCP assigned addresses

I've done a lot of reading on this but I am still confused. I'm not a Microsoft guru so I don't really know waht is going on with login scripts, or cached user/pass.

Scenario 1

==========

I have 802.1x implemented and Joe the contractor comes into the office and plugs in his laptop. He is a guest. I allow guests to have access to a guest VLAN. How can Joe automatically get an IP address, or does he have to do ipconfig /renew?

Scenario 2

==========

What is the behind the scenes process that takes place for my corporate users that login to a domain....how do they get DHCP assigned addresses?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 802.1x and DHCP assigned addresses

I assume from what you have written 'Joe' doesn't have an 802.1x supplicant on his PC? Therefore the switchport eapol frames are ignored by the PC and after a timeout the port is placed in the guest vlan. You need to make sure DHCP is enabled for the guest vlan - either add the appropriate entried to the protecting ACL or add a scope on the router? Depending on the timeouts you may have some delay issues here; I would test this before you roll it out.

For clients with 802.1x supplicants what happens is the PC effectively thinks it is disconnected from the network until the supplicant has authenticated. Once it has authenticated the PC thinks the network adapter is then connected and it will attempt to lease an IP address by broadcasting a DHCP request.

There are however a few 802.1x supplicants and I am not sure how they all integrate with the host O/S. I know the built-in Microsoft one operates as I have described.

HTH

Andy

4 REPLIES
Silver

Re: 802.1x and DHCP assigned addresses

When a corporate user logs in to his domain, his PC needs to be configured with the default gateway address of DHCP server.This DHCP server needs to be configured with a pool of addresses that can be dynamically sent to the logging in PC.This process works as follows;

While a PC boots in first , An ARP broadcast is sent to the DHCP server with the destination IP as DHCP server ip address requesting for DHCP layer2 adress to be used for requesting the DHCP server for a valid IP address to itself.

Once the IP request is made, DHCP response packet is sent by DHCP server with a dynamic ip address to the requested client(PC).

New Member

Re: 802.1x and DHCP assigned addresses

Sorry....I didn't clearly state that it was DHCP in relation to 802.1x that I was having trouble understanding. Thanks for your response.

Re: 802.1x and DHCP assigned addresses

I assume from what you have written 'Joe' doesn't have an 802.1x supplicant on his PC? Therefore the switchport eapol frames are ignored by the PC and after a timeout the port is placed in the guest vlan. You need to make sure DHCP is enabled for the guest vlan - either add the appropriate entried to the protecting ACL or add a scope on the router? Depending on the timeouts you may have some delay issues here; I would test this before you roll it out.

For clients with 802.1x supplicants what happens is the PC effectively thinks it is disconnected from the network until the supplicant has authenticated. Once it has authenticated the PC thinks the network adapter is then connected and it will attempt to lease an IP address by broadcasting a DHCP request.

There are however a few 802.1x supplicants and I am not sure how they all integrate with the host O/S. I know the built-in Microsoft one operates as I have described.

HTH

Andy

New Member

Re: 802.1x and DHCP assigned addresses

Thanks for your response. Yes, you assumed correctly.

152
Views
0
Helpful
4
Replies