IP assignment and authenticated port

David Woodhouse dwmw2 at infradead.org
Tue Feb 3 15:21:56 EST 2015


On Tue, 2015-02-03 at 19:52 +0100, Jan Ceuleers wrote:
> On 03/02/15 19:40, Sarah Thomas wrote:
> >   Final understanding - DHCP broadcast messages are not accepted by the
> > switch till the port is authenticated. Only after the port is
> > authenticated, broadcast message will be accepted , for which DHCP reply
> > message holding the IP address for the client will come.  Please correct
> > the understanding if its wrong.
> 
> Correct, but it can be generalised even further. The switch port should
> reject /all/ traffic from/to a port other than 802.1x until that port is
> authenticated.

... which finally brings the discussion back into the 21st century and
makes it apply appropriately to IPv6 (and other protocols) as well as
just Legacy IP :)

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150203/d986982e/attachment.bin>


More information about the HostAP mailing list