[geeks] 802.1X and DHCP

[Jonathan Katz]

Hey gang...

At my new gig we're using 802.1X authentication on our LAN. I'm in
charge of integration Leopard on our LAN. We're also using DHCP.

I've successfully hooked the 802.1X authentication through the "login
window".  Users login with the LDAP credentials which authenticate
them to the LAN and to the system. Our LDAP is RFC2307-compliant and
works with OS X.

When a user logs out we have to unplug the ethernet cable and plug it
back in for anyone (who isn't a local user) to be able to login.

I believe this is due to OS X "dropping the port" when we logout. I'm
not sure how to define "dropping the port." Given that OS X seems to
be "good" about standards it's probably both logging out the 802.1X
authentication as well as dropping the DHCP lease. When the DHCP lease
is gone it reverts to a self-assigned IP and I don't think it can
exchange info with 802.1X/the switch to authenticate again. When we
pull the cable and plug it in it forces a new, clean DHCP and the IP
is good and then the authentication works again.

Does my explanation make sense? I'm new to 802.1X. Is there a way
around having to pull the cable?

-- 
-Jon
Jonathan Katz -- J. Random BOFH
We all get pwned at one point or another, how we respond is what
matters. -- Gadi Evron