Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

DHCP problem on .1x

Uğur Oktay
Occasional Visitor

DHCP problem on .1x

hi,
I use IAS,HP 2650 and Windows xp sp2 for our .1x system.
I have a problem about re-authentication afterwards the computer
authentication.The machine is authenticated successfully by the computer
certificate then it leases an IP from DHCP server.when the user logons on the
computer the re-authentication is started.The user doesn't have an user
certificates so it doesn't authenticate the system.I see an error on IAS log
that is related re-authentication.But we have a problem about DHCP lease on
the computer.I think the computer should leave an IP address on auth-VLAN scope
then it requests an IP from the unauth-VLAN scop of the DHCP server.But the
computer doesn't leave the IP adress of the auth-VLAN scope. Then I repair network
connection manually,the computer takes an IP adress of unauth-VLAN DHCP scope.

My problem that the computer doesn't take an IP adress of unauth-VLAn scope
when the authentication attempt fails.I want that the computer should take an
IP address automaticly when the aunthentication attempt fails.

I checked switch config that is ok.But when i sniffed my network by
ethereal,ı saw something about RADIUS frame packet.When the authentication
attempt is successfull and the RADIUS sent a packet of RADIUS ACCEPT for
authentication attempt then the client takes IP address from DHCP.I saw on log
regarding request of DHCP.
But when the authentication attemp is fail then IAS sent a packet of RADIUS
REJECT for authenticaton then the trigger of DHCP on the client doesn't
trigger the DHCP server.So the client doesn't take an IP.

I think my switch and IAS cannot negotiate with client that has an failed
authentication attempt.

What is the problem?
Why the client request an IP adress when the authentication fails?
Why doesn't the switch understand when the port of the client is changed to the unauth-vlan?

best regards,