Security, Ieee 802.1x, Ieee 802.1x 37 – Intel BLADE SERVER IXM5414E Manuale d'uso

Switch Management and Operating Concepts

37

network configuration, ensures that address conflicts do not occur, and helps to conserve the use of
IP addresses through centralized management of address allocation.

Dynamic address allocation enables a client to be assigned an IP address from a pool of free
addresses. Each address is assigned with a lease and a lease expiration period. The client must renew
the lease to continue using the assigned address. Dynamically assigned addresses can be returned to
the free address pool if the computer is not being used, if it is moved to another subnet, or if its lease
expires. Usually, network policy ensures that the same IP address is assigned to a client each time
and that addresses returned to the free address pool are reassigned.

When the address lease expires, the DHCP client enters the renewing state. The client sends a
request message to the DHCP server that provided the address. The DHCP server sends an
acknowledgement that contains the new lease and configuration parameters. The client then updates
its configuration values and returns to the bound state.

When the DHCP client is in the renewing state, it must release its address immediately in the rare
event that the DHCP server sends a negative acknowledgment. The DHCP server sends this message
to inform a client that it has incorrect configuration information, forcing it to release its current
address and acquire new information.

If the DHCP client cannot successfully renew its lease, the client enters a rebinding state. The client
then sends a request message to all DHCP servers in its range, attempting to renew its lease. Any
DHCP server that can extend the lease sends an acknowledgment containing the extended lease and
updated configuration information. If the lease expires or if a DHCP server responds with a negative
acknowledgment, the client must release its current configuration and then return to the initializing
state.

If your DHCP client uses more than one network adapter to connect to multiple networks, this
protocol is followed for each adapter that you want to configure for TCP/IP. Multi-homed systems
are selectively configured for any combination of system interfaces.

When a DHCP-enabled computer is restarted, it sends a message to the DHCP server with its current
configuration information. The DHCP server either confirms this configuration or sends a negative
reply so that the client must begin the initializing state again. System startup might therefore result
in a new IP address for a client computer, but neither the user nor the network administrator has to
take any action in the configuration process.

Before loading TCP/IP with an address acquired from the DHCP server, DHCP clients check for an
IP address conflict by sending an Address Resolution Protocol (ARP) request containing the
address. If a conflict is found, TCP/IP does not start, and the user receives an error message. The
conflicting address should be removed from the list of active leases, or it should be excluded until
the conflict is identified and resolved.

Security

IEEE 802.1X

Local Area Networks (LANs) are often deployed in environments that permit the attachment of
unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN
through existing equipment. In such environments, you may want to restrict access to the services
offered by the LAN. This section introduces the concepts associated with the two forms of security
available on the IXM5414E switch module: Local Authentication and Remote Authentication Dial-