RE: DHCP problem in .1x
- From: rt-seb <rtseb@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Apr 2007 02:06:03 -0700
Hello,
"john" wrote:
The switch puts the client ports to Unauth-vlan very quickly but the XpI don't think that changing the DHCP timing will help you.
client doesn't take an IP afterwards the operation.
I was waiting 10 minutes for DHCP trigger.but the client doesn't gain an IP
address.
When ı trigger network connections manually,the client takes an IP.
I think the client doesn't receive EAP-success frames when the
authenticatioin fails.
Futhermore for the successfull authentication attemps ,the client takes an
IP address everytime.I haven't a problem on success authentication attempts..
How ı change DHCP services times on the client?
The problem is that the DHCP service must know when to request a new
IP address. Usually, this is done if a physical link is detected.
But in your case the physical link is already there. You might take a look
at the configuration options of your switch.
Some switches are capable of sending EAP-Sucess messages after a VLAN
change. Some switches might emulate a link-down-up sequence in order to
signal the client the need for an IP renewal.
Sebastian
.
"rt-seb" wrote:
Hello,
"john" wrote:
hi,How long does it take until the computer is put into the "unauhth" VLAN?
I use IAS,HP 2650 and Windows xp sp2 for our .1x system.
I have a problem about re-authentication afterwards the computer
authentication.The machine authenticates successfully by the computer
certificate then it leases an IP from DHCP server.when the user logons on the
computer the re-authentication starts.The user doesn't have an user
certificates so it doesn't authenticate the system.I see an error on IAS log
that is related re-authentication.But we have a problem about DHCP lease on
the computer.I think the computer should leave an IP address on wrong scope
then it requests an IP from unauth-VLAN scop of the DHCP server.But the
computer doesn't leave the IP adress of wrong scope. Then I repair network
connection manually,the computer takes an IP adress of unauth-VLAN DHCP scope.
My problem that the computer doesn't take an IP adress of unauth-VLAn scope
when the authentication attempt fails.I want that the computer should take an
IP address automaticly when the aunthentication attempt fails.
Is the problem related windows xp supplicant of .1x,isn't it?
Does the switch sends an EAP-Success to the clients after the clients
was put into the unauth-VLAN?
Usually, this EAP-Success frame makes the 1x supplicant trigger the
DHCP client service for an IP renewal. Maybe the DHCP services times
out (typically 60 seconds) because it took too much time to gain
network access.
Sebastian
- Follow-Ups:
- RE: DHCP problem in .1x
- From: john
- RE: DHCP problem in .1x
- Prev by Date: 802.1x computer authentication PEAP-MSCHAPv2 during startup
- Next by Date: Re: 802.1x computer authentication PEAP-MSCHAPv2 during startup
- Previous by thread: 802.1x computer authentication PEAP-MSCHAPv2 during startup
- Next by thread: RE: DHCP problem in .1x
- Index(es):
Relevant Pages
|
Loading
