Lab Minutes Forum
Technical Discussion => Security => Topic started by: czekon26 on May 23, 2016, 05:08:09 AM
-
Hello all,
Currently i'm working on a 802.1x setup where one of the requirement is to have static ip assigment for pair user+PC (user can have more then 1 PC) in user location. We have few locations where on each one of them we have DHCP server serving that location. Currently when PC is authenticated it's getting dynamic IP address from native vlan. After user is correcty authorized(based on AD group) the new vlan and new dynamic IP address is assigned.
What would be the best way to accomplish static IP assigment?
-
802.1X authentication is Layer 2 and endpoint should not require to have IP while it is on authentication VLAN. If the endpoint has static IP belonging to the VLAN assigned after authentication, technically it should work. Also endpoint will not be able to connect to any other part of the network where that VLAN subnet is not available.
What about doing MAC reservation on the DHCP server?
-
Thanks for your message. Regarding "802.1X authentication is Layer 2 and endpoint should not require to have IP while it is on authentication VLAN". When you connect PC to the port it will go to the vlan that is configured on the port and will get an IP address from that vlan. As you suggested i will do the MAC reservation on DHCP.
Tahnks again.