Title: How to transmit the IP address to the Radius server in wireless 1X auth? [Print this page] Author: admin Time: 2017-4-26 17:51 Title: How to transmit the IP address to the Radius server in wireless 1X auth? How to transmit the IP address to the Radius server in wireless 1X auth? Author: admin Time: 2017-4-26 17:51
The IP address is transmitted to the Radius server in a Radius-accounting packet (the first accounting packet). Previously, when 1X and MAB authentication begins, the Radius accounting packets may be already sent out but STA may be yet to obtain the IP address. To address this issue, a function is developed on the wireless device: The STA should obtains the IP address via DHCP server first then AC sends out the Radius-accounting packet.
The work principles are as follows:
1. The AC enables the DHCP snooping function. This function is used to detect whether a wireless STA obtains the IP address and corresponding DHCP snooping entry should be generated on AC.
2. On the AC, run dot1x dhcp-before-acct enable (for the 11.X version, the command is dot1x valid-ip-acct enable). Ensure that the Radius-accounting packet is not issued before the AC generates the DHCP snooping entry.
After this function is enabled, if the IP address is manually configured for the DHCP snooping entry fails to be generated due to incorrect configurations, the wireless user is forcibly offline by the AC after the accounting update period ends.
Welcome to Ruijie Community (https://community.ruijienetworks.com/)