0

I have a Supplicant running on 1 Linux box attached with a Free radius server on other linux box with cisco catalyst switch (with 802.1x Port based access) in between. Now I have been able to successfully complete the authentication and want to create a separate DHCP thread/application to initiate the "DHCP Discover " to get an IP Address.

How will this DHCP client determine that port based access has now been enabled and DHCP messages can be transmitted now? Is there some standard way or do I need to make my application do this some other way?

sadtank
  • 259
  • 1
  • 8
proudengineer
  • 21
  • 8
  • Isn't it part of the RADIUS protocol? – Hagen von Eitzen Nov 22 '18 at 07:41
  • Client (supplicant) doesn't has RADIUS configured on it, There is cisco switch in between which is converting eap packets sent by supplicant to the RADIUS packets. SO there should be some way for client to know that its time to trigger DHCP discover after EAP based authentication success. – proudengineer Nov 23 '18 at 06:47

1 Answers1

0

This can be done in two ways. 1st, if the DHCP client is in application control that has responsibility to perform authentication then DHCP DISCOVER can be sent once authentication has been completed and client knows that data access has been allowed.

If a DHCP client is out of application control i.e. Linux self DHCP client then DHCP manages it internally. When client transmits the DHCP discover message and switch doesn't replies client will keep retrying the message and the switch can use this message to trigger authentication.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
proudengineer
  • 21
  • 8