IP assignment and authenticated port

Sarah Thomas sarah040.thomas
Tue Feb 3 01:27:37 PST 2015 

Hi Scott,

  I also see what you said in this link...

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html

Where DHCP is blocked before 802.1x.

But then the only question , what is socket for receiving dhcp braodcast
message for?

Thats after authentication is done?

Thanks.

On Tue, Feb 3, 2015 at 2:38 PM, Sarah Thomas <sarah040.thomas at gmail.com>
wrote:

> Hi Scott,
>
>   By saying client  should'nt be able to send DHCP request, do you mean
> the broadcast message from the client or any other message?
>
> Because I see the below in code (where dhcp broadcast message can be used
> for station detection)
>
> /* *setup dhcp listen socket for sta detection* */
>     if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
>         perror("socket call failed for dhcp");
>         return -1;
>     }
>
>     if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, drv->ctx,
>                      NULL)) {
>         printf("Could not register read socket\n");
>         return -1;
>     }
>
> Thanks,
> Sarah
>
>
> On Tue, Feb 3, 2015 at 1:49 PM, Scott Armitage <
> s.p.armitage at scottarmitage.eu> wrote:
>
>>
>> > On 3 Feb 2015, at 06:02, Sarah Thomas <sarah040.thomas at gmail.com>
>> wrote:
>> >
>> > Hi,
>> >
>> >   The intention is to port hostapd on a wired switch. So, wanted to
>> understand, whether there will be any interaction between dhcp server and
>> the port authorization by 802.1x?  I read somewhere, only after the port is
>> authenticated by 802.1x, IP address will be assigned to the clients and
>> layer 3 communication will start between the client and switch. So wanted
>> to know, how this port authorization info is communicated to dhcp server?
>> >
>>
>>
>> The standard way is all traffic (other than that required for 802.1X
>> authentication) is blocked at the switch port level until the switch port
>> has been authorised.  The client shouldn?t be able to send a DHCP request
>> until the switch has received an Access-Accept for the client.
>>
>>
>> Regards
>>
>>
>> Scott Armitage
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150203/c4b70216/attachment.htm>

More information about the Hostap mailing list