FreeRadius to authenticate DHCP Requests with Option82
Alan DeKok
aland at deployingradius.com
Wed Feb 22 12:10:13 CET 2012
sachin.sharma at wipro.com wrote:
> I already configured DHCP Server that handles option 82 of DHCP Requests. But new to RADIUS stuff. For security reasons, We want to introduce radius so DHCP Offer is to be made only to authenticated clients.
Ah. That isn't a common configuration. But it is useful.
> I just need a idea to have correct direction. After reading your response ( Correct me if my understanding is wrong ) now I have to configure my DHCP Server to speak with FR before giving DHCP OFFER.
Yes.
Or, you can use FreeRADIUS as a DHCP server. That makes it easier.
> (1)DHCP Client--->(2)Cisco Switch(Adds option 82)--->(3)Relay Agent--->(4)DHCP Server (Authenticate DHCP Discovery)----->(5)FRADIUS
> (8)DHCP OFFER <------- (7)DHCP Server < -------(6)(ACCEPT/ACCEPt)<------
Yes.
If you use FreeRADIUS for both RADIUS and DHCP, you can track user
status in a database. When you receive a RADIUS packet, update the
database. When you receive a DHCP packet, query the database.
Traditional DHCP servers (i.e. ISC) make this hard. They don't talk
to databases. They're firmly stuck in 1980's technology.
Alan DeKok.
More information about the Freeradius-Users
mailing list