802.1x causing windows dhcp timeout

MARK BAKER · ‎07-26-2005

Has anyone had an issue with dhcp timeouts on windows machines when using 802.1x? This does not occur often, but it does occur every once in a while.

Thanks for any input,

Mark

jafrazie · ‎07-26-2005

You should probably be running machine-auth and enabled the SupplicantMode registry setting to enable the transmission of EAPOL-Starts.

Details can be found here:

<http://www.microsoft.com/WindowsServer2003/techinfo/overview/wififaq.mspx#EAAAA>

MARK BAKER · ‎07-26-2005

Thanks for the reply!

The default is value 3 for wired connections as described in the URL that you had provided.

This seems to be correct in that it would send an eapol start. Of course this is dependant on what Microsoft means by "upon association".

Are you suggesting to change this value to 2 to function the same as wireless 802.1x interfaces?

Thank you,

Mark

jafrazie · ‎07-26-2005

From that URL:

The SupplicantMode registry entry (HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters \General\Global\SupplicantMode) affects the behavior of an 802.1X supplicant when sending EAP over LAN (EAPOL)-Start packets during 802.1X authentication. The SupplicantMode entry has the following values:

•

0 - Disable IEEE 802.1X operation.

•

1 - Never send an EAPOL-Start packet.

•

2 - Automatically determine when to initiate the transmission of EAPOL-Start packets. This is the default value for wireless connections.

•

3 - Send an EAPOL-Start message upon association to initiate the 802.1X authentication process, for compliance with the IEEE 802.1X specification. This is the default value for wired connections.

For wired interfaces, this value is 2. For wireless interfaces, this value is 3. Changing your wired to 3 is recommended for your issue here.

MARK BAKER · ‎07-26-2005

Thank you,

I will give it a try.

Thanks,

Mark