Hi Ahmet,

AS part of the UAC dot1x solution (Layer 2 authentication ) the client gets the IP from the switch or WLAN device based on the authentication,rolemapping and radius attribute policy.

Switch needs to be configured to assign the IP using DHCp once it receives the radius access accept from IC device. This is more a switch side configuration . You requirement is possible.

In radius attribute policy you can use the appropriate radius attribute like VLAN, open port or return attribute which the L2 switch can understand and assign the IP from DHCP server.

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

Regards,
Kannan

Hi Kalagesan ;

Layer 2 switch does not touch dhcp packets  if you'd not  configure dhcp option 82 with subsriber id    .

so you could not do with switch with your offer .But you can use  ip source guard or dynamic arp inspection on switch site to  prevent using static ip address  also is it possible create a host checker that check registry setting for dhcp enable on  client pc , like that 

System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{Adapter}\
Parameters\Tcpip]
Value Name: EnableDHCP
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = DHCP Disabled, 1= DHCP Enabled)

Another soluiton may be using with dhcp option 82 with dhcp subscriber  id  , with custom radi›us  attribute define for user traffic and 

define custom dhcp scope for this dhcp packet that comes specific dhcp subscriber  id .This can be solution but can very tiring you.

This link help you about dhcp subscriber id 

http://blog.ine.com/2009/07/22/understanding-dhcp-option-82/

Hi ,

Most of the customer deployment switches are Layer 3 switches which has capability to assign IP based on DHCP.

Else If the customer   have L2 switch they can use L2 switch as relay agent and  forward the IP  requests to a DHCP server to get the IP addresses.

Regards,

Kannan

dhcp relay is l3  function none of l2 switch can do it.

Hi,

I think it can be possible, by configuring HostChecker to perform registry checks to determine if DHCP is enabled of not.

Below is the registry hive:

[HKLM\System\CurrentControlSet\Services\TcpIP\Parameters\Interfaces\<GUID>\EnableDHCP]

Every machine will have unique GUID for each of the adapters, hence noting it and adding them onto UAC appliance is a challenge.

What can be done to simplify this task:

1. You could create a script  (VB or Windows shell script) that determines if DHCP is enabled of not(you can use WMI API
s).

2. Make the script to add a custom registry key in windows registry database based on the output of step1.

3. You could push the script via GPO or any other method.

4. In UAC, you can do registry check for custom key added.

Regards,

Raveen

Note: If this answers your question, you could mark this as accepted solution, that way, ti helps others as well.

Kudos will be cool if you think I earned it!