IP assignment and authenticated port

Jouni Malinen j at w1.fi
Tue Feb 3 07:32:29 EST 2015

On Tue, Feb 03, 2015 at 02:57:37PM +0530, Sarah Thomas wrote:
> Where DHCP is blocked before 802.1x.
> But then the only question , what is socket for receiving dhcp braodcast
> message for?
> Thats after authentication is done?

No, that is ten year old implementation(*) of an alternative way for
detecting if a device is connected to the wired port in a case where
there is no proper support for the authorized/unauthorized port concept
in a wired switch. I would not expect such device to be used in a real
end user product, i.e., the Ethernet ports on a switch should really be
able to indicate events on when the link goes up or down and those could
be used to trigger EAPOL operations.

I guess this DHCP-trigger is fine for testing and experimentation
purposes and even something like a port behind which there are multiple
devices which then get blocked somehow based on MAC address (e.g.,
dynamic ebtables rules), but none of that should really be considered


Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list