7 Replies Latest reply: Jun 16, 2011 6:50 PM by Jared RSS

    DHCP IP address and RADIUS/TACAC Server


      Hi All,

      For WEP/WPA/WPA2 authencation method, I know that the client can get DHCP IP address first, then we go to entering the password/ pre-shared key for authencation to access in.

      Today, one question raised in my mind about DHCP packets and RADIUS/TACACs authentication packets. When 1 client boots up, they send DHCP request message over the air (same for LAN over the wire) to DHCP relay agent - Access Point, then this Agent - AP forwards it to DHCP server.

      When the DHCP server receives a   message from a relay agent containing a RADIUS Attributes suboption,   it extracts the contents of the suboption and uses that information in selecting configuration parameters for the client, this is what I understand.

      And Can you help to confirm and answer the question : when does the client get IP address ( DHCP IP address )? before the authencation process execute at RADIUS/ TACAC server (then it will be authenticated later for access permission) or after the authencation process is completed ( it means client can only get DHCP IP address after it successfully authenticated by RADIUS/TACAC). My understand still is DHCP IP address first then RADIUS/ TACAC server authencation.

      Thank you in advance.