locked
IAS MAC Based Authentication & DHCP RRS feed

  • Question

  • Hello,
     
    I'm having a problem getting a DHCP address while I am setting up MAC based authentication with IAS. Right now I have this running on a test bed.

    IAS was installed on a server (DHCP has been setup on another server for years). I added both the switch and my wireless access point (which connects to the switch) as RADIUS clients. First I noticed that when using a wired connection, it took a long amount of time for the device to obtain an IP address (30-40 seconds). Nonetheless, the device eventually gets an IP.

    When I attempt to do the same through the wireless access point, the device never gets an address (it fails to a 169.x.x.x address). However, I can see in the IAS log that the wireless device authenticates successfully almost instantly.

    I have tried various steps, including playing with the access policies, however the problem still remains.

    Can anyone shed some light on what may be causing this problem?

    Thanks!
    Wednesday, October 1, 2008 7:00 PM

Answers

  • is you client is device or computer ? If it is computer then you are capture the network traffic by NETMON. If you disable the IAS Authentication, does it works pretty fast as expected ?

    You can download the NetmOn @ http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-8d17-2f6dde7d7aac&DisplayLang=en


    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Monday, October 6, 2008 7:02 PM
  • While these questions do not appear to be NAP-specific, I'll try to help you as best I can.  :)
     
    It sounds like the Network Access Device (switch/ap) is having difficulties assigning your client to the correct vLAN. 
    You might look further into the device debug logs...


    Another possibility is that the client is somehow unable to reach the DHCP Server via IP broadcast.  Is there a DHCP Server on the local segment to the client?   Or is DHCP service to be provided via a DHCP relay?

    -Chris

    -Chris Chris.Edson@online.microsoft.com * SDET II, Network Access Protection Platform Team * Remove the "online" make the address valid. ** This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, October 8, 2008 1:00 AM

All replies

  • is you client is device or computer ? If it is computer then you are capture the network traffic by NETMON. If you disable the IAS Authentication, does it works pretty fast as expected ?

    You can download the NetmOn @ http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-8d17-2f6dde7d7aac&DisplayLang=en


    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Monday, October 6, 2008 7:02 PM
  • While these questions do not appear to be NAP-specific, I'll try to help you as best I can.  :)
     
    It sounds like the Network Access Device (switch/ap) is having difficulties assigning your client to the correct vLAN. 
    You might look further into the device debug logs...


    Another possibility is that the client is somehow unable to reach the DHCP Server via IP broadcast.  Is there a DHCP Server on the local segment to the client?   Or is DHCP service to be provided via a DHCP relay?

    -Chris

    -Chris Chris.Edson@online.microsoft.com * SDET II, Network Access Protection Platform Team * Remove the "online" make the address valid. ** This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, October 8, 2008 1:00 AM
  • @ cburwell

    I am going to implement the same solution of MAC Address Based authentication using IAS in my organization.

    Can you please tell me what organization you work for and it will help me alot if i could your email address for more correspondance.


    Thanks,

    Jay
    Tuesday, August 4, 2009 11:03 AM
  • Hi Cburwell,
      You can quickly implement the MAC address base solution with Windows Server 2008 R2. Such feature is built into DHCP Server itself.
     Reference : http://blogs.technet.com/teamdhcp/archive/2009/02/26/new-features-in-dhcp-for-windows-server-2008-r2-windows-7.aspx

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Tuesday, August 4, 2009 3:11 PM