How to bind-map 802.1X identity to DHCP-provided IP address ?
Alan DeKok
aland at deployingradius.com
Fri Mar 5 17:10:07 CET 2021
On Mar 5, 2021, at 10:50 AM, Olivier <oza.4h07 at gmail.com> wrote:
>
> For logging purpose in MSCHAPv2 WiFi environment, I would like to enforce
> or log a 802.1X ID-to-IP address map.
What does that mean? Details matter here.
> 1. What are the available options to implement this ?
> I'm daily using ISC DHCP or Dnsmasq for implementing DHCP services but I
> wouldn't hesitate to use something (Freeradius, ISC Kea, whatever, ..) if
> that helped.
ISC and Kea are both pretty bare-bones DHCP servers. They have very limited support for policies. So you can't correlate RADIUS identities with DHCP address assignments.
Of course, FreeRADIUS can do this...
> 2. I've read that DHCP Option 82 suboptions could be used with DHCP Relay
> to inject in DHCP requests some additional data but I fail to see how
> 802.1X could be part of this injected data.
It can't be.
So what do you want to do? Ensure the User-Name X is assigned IP address Y?
The simple thing is to just configure FreeRADIUS to do that. You can use IP pools, and write policy checks.
Then, configure FreeRADIUS as a DHCP server, and do lookups in the IP pools. :)
Alan DeKok.
More information about the Freeradius-Users
mailing list