Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
0
Helpful
5
Replies

IP address Assignment for 802.1x Client

spodonnell
Level 1
Level 1

‎03-07-2006 12:54 PM - edited ‎07-04-2021 11:45 AM

Working on a Wireless deployment using 802.1x and a question has come up regarding Address Assignment.

The design requires wireless vlan assignment based on username and Active Directory group assignment.

The simplest way to provide dynamic addressing would obviously be multiple DHCP Scopes on a server and use ip helper functionally to provide relay servers.

Another option (I think) would be to create IP address pools in the ACS server based on ACS group and have ACS pass it back as part of the authentication process. I'm wondering if this is even a valid option with 802.1x authentication. It seems to me that it would cut down on alot of the traffic assoiciated with a DHCP discovery/request/offer conversation as the number of wireless clients start to grow.

Labels:
0 Helpful
5 Replies 5

sbilgi
Level 5
Level 5

‎03-13-2006 11:02 AM

Yes. This can be done. You can configure IP address pools in the ACS server based on ACS group and have ACS pass it back as part of the authentication process. This will work.

0 Helpful

spodonnell
Level 1
Level 1
In response to sbilgi

‎03-13-2006 01:02 PM

Have you done this?

I tried it today by setting a static IP address to a single user logon.

The user authentication worked but it ignored the static IP address that was sent back and just did dhcp anyway.

0 Helpful

sherry4071
Level 1
Level 1
In response to spodonnell

‎06-13-2006 05:57 AM

HI,

have u done successfully with dynamic vlan assignment on WLC ?

0 Helpful

pnschurr
Level 1
Level 1
In response to sbilgi

‎07-10-2006 05:16 PM

Err, no. There is no provision in EAP-TLS, PEAP (CHAP), or even basic EAP to provide network information (eg IP address/mask/gateway/DNS/etc).

There is also no provision in Windows 2k or XP interface management software to accept IP details for interface configuration via any wireless authentication protocol.

peter

0 Helpful

sherry4071
Level 1
Level 1
In response to pnschurr

‎07-10-2006 07:37 PM

Thanks a lot !!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card