IP assignment and authenticated port
Scott Armitage
s.p.armitage at scottarmitage.eu
Tue Feb 3 04:18:39 EST 2015
> On 3 Feb 2015, at 09:08, Sarah Thomas <sarah040.thomas at gmail.com> wrote:
>
> Hi Scott,
>
> By saying client should'nt be able to send DHCP request, do you mean the broadcast message from the client or any other message?
It depends upon implementation on the switch, however, until the switch (NAS) has received an Access-Accept then the client isn’t authorised to use the network. So the switch should block all traffic including DHCP requests.
For a start, until you get the Access-Accept you don’t know which VLAN to put the client on (if you are returning VLAN attributes).
>
> Because I see the below in code (where dhcp broadcast message can be used for station detection)
>
> /* setup dhcp listen socket for sta detection */
> if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
> perror("socket call failed for dhcp");
> return -1;
> }
>
> if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, drv->ctx,
> NULL)) {
> printf("Could not register read socket\n");
> return -1;
> }
>
> Thanks,
> Sarah
>
More information about the HostAP
mailing list