Wired 802.1x auth - Getting the IP address of the authed machine

Alexander Clouter alex at digriz.org.uk
Wed Feb 25 20:26:13 CET 2009

* Paul Dealy <pdealy at gmail.com> [Wed, 25 Feb 2009 21:42:37 +1100]:
> I have accounting turned on, but I don't see the authed machines IP on
> that of the NAS.
Use DHCP Snooping[1] and then yank the DHCP servers logs.  If you want 
them in the SQL table, you should add them afterwards.  You need to bear 
in mind that in the medium-long term there will be nothing stopping (or 
invalid) about computers having multiple IP addresses[2].  Expecting a 
venduh (especially Cisco) to give you what you want/need is asking for 

We personally yank from our DHCP logs, because of DHCP snooping, we know 
they can be trusted.


[1] http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf
[2] IPv4 and IPv6 addresses, multiple of the later for workstations is 
	an expectation not an edge case.  Also there is technically 
	nothing stopping a workstation in a single 'session' changing IP 

Alexander Clouter
.sigmonster says: Go on, EMOTE!  I was RAISED on thought balloons!!

More information about the Freeradius-Users mailing list