IP assignment and authenticated port
Sarah Thomas
sarah040.thomas
Tue Feb 3 01:27:37 PST 2015
Hi Scott,
I also see what you said in this link...
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html
Where DHCP is blocked before 802.1x.
But then the only question , what is socket for receiving dhcp braodcast
message for?
Thats after authentication is done?
Thanks.
On Tue, Feb 3, 2015 at 2:38 PM, Sarah Thomas <sarah040.thomas at gmail.com>
wrote:
> Hi Scott,
>
> By saying client should'nt be able to send DHCP request, do you mean
> the broadcast message from the client or any other message?
>
> Because I see the below in code (where dhcp broadcast message can be used
> for station detection)
>
> /* *setup dhcp listen socket for sta detection* */
> if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
> perror("socket call failed for dhcp");
> return -1;
> }
>
> if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, drv->ctx,
> NULL)) {
> printf("Could not register read socket\n");
> return -1;
> }
>
> Thanks,
> Sarah
>
>
> On Tue, Feb 3, 2015 at 1:49 PM, Scott Armitage <
> s.p.armitage at scottarmitage.eu> wrote:
>
>>
>> > On 3 Feb 2015, at 06:02, Sarah Thomas <sarah040.thomas at gmail.com>
>> wrote:
>> >
>> > Hi,
>> >
>> > The intention is to port hostapd on a wired switch. So, wanted to
>> understand, whether there will be any interaction between dhcp server and
>> the port authorization by 802.1x? I read somewhere, only after the port is
>> authenticated by 802.1x, IP address will be assigned to the clients and
>> layer 3 communication will start between the client and switch. So wanted
>> to know, how this port authorization info is communicated to dhcp server?
>> >
>>
>>
>> The standard way is all traffic (other than that required for 802.1X
>> authentication) is blocked at the switch port level until the switch port
>> has been authorised. The client shouldn?t be able to send a DHCP request
>> until the switch has received an Access-Accept for the client.
>>
>>
>> Regards
>>
>>
>> Scott Armitage
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150203/c4b70216/attachment.htm>
More information about the Hostap
mailing list