Hi,

I am setting up a secure wireless with a Nortel BAP120 a/b/g access point,
Windows Vista Business and Windows Server 2003 R2.

The wireless is using IAS on the Server for RADIUS authentication and LEAP
as the authentication method.

The environment is using VLANs, so VLAN1 has a server with a DHCP server
with scope 192.168.1.0/24 and VLAN2 has a server with DHCP scope
192.168.2.0/24. Within RADIUS there are attributes that specify that users
in group VLAN1_GRP are put in VLAN1 and users in VLAN2_GRP are put in VLAN2
using access policies.

Now VLAN settings are working, once a user in VLAN1_GRP logs in, they are
placed in VLAN1 and when a user in VLAN2_GRP logs in, they are places in
VLAN2.

The problem is that when a VLAN1_GRP user logs in, they get an IP from the
VLAN1 DHCP server as 192.168.1.xxx (lets say they get 192.168.1.100.
However, if that VLAN1_GRP user logs off, and then a user from VLAN2_GRP
logs on, they should now get an IP from the VLAN2 DHCP server as
192.168.2.xxx, however, they remain with the old IP from VLAN1 (in this case
192.168.1.100). But since they are in VLAN2 which should be 192.168.2.xxx,
they can't access anything.

So what i want to know, is it a "feature" that the IP address is not renewed
when the new person logs in?

How can i get the machine to get the IP address of the VLAN that they should
be in? Are there more settings that i need to put in somewhere?

I will get my hands on an XP machine and see if it gives the same problem.

Sachin

Hi,

I've confirmed that this issue does not occur with windows XP. Once the
new user is logged in, it re-authenticates using the new user's
credentials and re-negotiates the IP address.

So what's the deal with Vista?

Sachin

Microsoft wrote:
Hi,

I am setting up a secure wireless with a Nortel BAP120 a/b/g access point,
Windows Vista Business and Windows Server 2003 R2.

The wireless is using IAS on the Server for RADIUS authentication and LEAP
as the authentication method.

The environment is using VLANs, so VLAN1 has a server with a DHCP server
with scope 192.168.1.0/24 and VLAN2 has a server with DHCP scope
192.168.2.0/24. Within RADIUS there are attributes that specify that users
in group VLAN1_GRP are put in VLAN1 and users in VLAN2_GRP are put in VLAN2
using access policies.

Now VLAN settings are working, once a user in VLAN1_GRP logs in, they are
placed in VLAN1 and when a user in VLAN2_GRP logs in, they are places in
VLAN2.

The problem is that when a VLAN1_GRP user logs in, they get an IP from the
VLAN1 DHCP server as 192.168.1.xxx (lets say they get 192.168.1.100.
However, if that VLAN1_GRP user logs off, and then a user from VLAN2_GRP
logs on, they should now get an IP from the VLAN2 DHCP server as
192.168.2.xxx, however, they remain with the old IP from VLAN1 (in this case
192.168.1.100). But since they are in VLAN2 which should be 192.168.2.xxx,
they can't access anything.

So what i want to know, is it a "feature" that the IP address is not renewed
when the new person logs in?

How can i get the machine to get the IP address of the VLAN that they should
be in? Are there more settings that i need to put in somewhere?

I will get my hands on an XP machine and see if it gives the same problem.

Sachin