03-07-2006 12:54 PM - edited 07-04-2021 11:45 AM
Working on a Wireless deployment using 802.1x and a question has come up regarding Address Assignment.
The design requires wireless vlan assignment based on username and Active Directory group assignment.
The simplest way to provide dynamic addressing would obviously be multiple DHCP Scopes on a server and use ip helper functionally to provide relay servers.
Another option (I think) would be to create IP address pools in the ACS server based on ACS group and have ACS pass it back as part of the authentication process. I'm wondering if this is even a valid option with 802.1x authentication. It seems to me that it would cut down on alot of the traffic assoiciated with a DHCP discovery/request/offer conversation as the number of wireless clients start to grow.
03-13-2006 11:02 AM
Yes. This can be done. You can configure IP address pools in the ACS server based on ACS group and have ACS pass it back as part of the authentication process. This will work.
03-13-2006 01:02 PM
Have you done this?
I tried it today by setting a static IP address to a single user logon.
The user authentication worked but it ignored the static IP address that was sent back and just did dhcp anyway.
06-13-2006 05:57 AM
HI,
have u done successfully with dynamic vlan assignment on WLC ?
07-10-2006 05:16 PM
Err, no. There is no provision in EAP-TLS, PEAP (CHAP), or even basic EAP to provide network information (eg IP address/mask/gateway/DNS/etc).
There is also no provision in Windows 2k or XP interface management software to accept IP details for interface configuration via any wireless authentication protocol.
peter
07-10-2006 07:37 PM
Thanks a lot !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide