<div dir="ltr"><div>Hi Scott,<br><br></div><div> I also see what you said in this link...<br><br><a href="http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html">http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html</a><br><br></div><div>Where DHCP is blocked before 802.1x.<br><br></div><div>But then the only question , what is socket for receiving dhcp braodcast message for? <br><br></div><div>Thats after authentication is done?<br><br></div><div>Thanks.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 3, 2015 at 2:38 PM, Sarah Thomas <span dir="ltr"><<a href="mailto:sarah040.thomas@gmail.com" target="_blank">sarah040.thomas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Scott,<br><br></div> By saying client should'nt be able to send DHCP request, do you mean the broadcast message from the client or any other message?<br><br></div>Because I see the below in code (where dhcp broadcast message can be used for station detection)<br><br>/* <b>setup dhcp listen socket for sta detection</b> */<br> if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {<br> perror("socket call failed for dhcp");<br> return -1;<br> }<br><br> if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, drv->ctx,<br> NULL)) {<br> printf("Could not register read socket\n");<br> return -1;<br> }<br><br></div>Thanks,<br></div>Sarah<br><div><div><br></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 3, 2015 at 1:49 PM, Scott Armitage <span dir="ltr"><<a href="mailto:s.p.armitage@scottarmitage.eu" target="_blank">s.p.armitage@scottarmitage.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
> On 3 Feb 2015, at 06:02, Sarah Thomas <<a href="mailto:sarah040.thomas@gmail.com" target="_blank">sarah040.thomas@gmail.com</a>> wrote:<br>
><br>
> Hi,<br>
><br>
> The intention is to port hostapd on a wired switch. So, wanted to understand, whether there will be any interaction between dhcp server and the port authorization by 802.1x? I read somewhere, only after the port is authenticated by 802.1x, IP address will be assigned to the clients and layer 3 communication will start between the client and switch. So wanted to know, how this port authorization info is communicated to dhcp server?<br>
><br>
<br>
<br>
</span>The standard way is all traffic (other than that required for 802.1X authentication) is blocked at the switch port level until the switch port has been authorised. The client shouldn’t be able to send a DHCP request until the switch has received an Access-Accept for the client.<br>
<br>
<br>
Regards<br>
<span><font color="#888888"><br>
<br>
Scott Armitage<br>
<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>