Wifi 802.1x & DHCP behaviour

Hello,

context :

2 Institutions being part of the eduroam Federation :

  • they both offer the ssid eduroam
  • the 2 institutions are physically closed to each other (on the same campus)

A client from Institution_A authenticate 802.1x to ssid eduroam of its institution :

  • after successfull authentication, the client gets a new ip address from the dhcp server of Institution_A

The same client walks towards Institution_B :

  • the client associate with ssid eduroam of Institution_B
  • the client authenticate through the federation against its Institution_A authentication server
  • after successfull authentication, the client starts the process of getting an ip address

At that point here is what is observed on all iPhone/iPad :

  • the client asks for its previously obtanined ip address from Institution_A (DHCPREQUEST)
  • the dhcp server of Institution_B issues a DHCPNAK to the client because the ip address asked is not part of its subnets
  • the client continuosly repeat the process of asking its former ip address, the process can last for minutes/hours (maybe till the end of lease ?)
  • As a result the client has no wifi working, till the client decide to issue a DHCPDISCOVER and then get a valid new ip address

Even after a shutdown, the client keeps on asking the same ip address (to be confirmed, but so far this what has been seen).

It is devastating for all our Apple clients.

Regards

Up vote post of merkhabha Down vote post of merkhabha
308 views
Posted by
merkhabha
Reply
Add a Comment

Replies

DevForums is focused on code-level concerns. Given that your question is about the on-the-wire behaviour of Apple devices, you might have better luck asking this question over in the Apple Support Community, run by Apple Support. Specifically, check out the Business and Education topic area, where you’re more likely to find folks with relevant experience.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • https://datatracker.ietf.org/doc/html/rfc2131

    " If the client receives a DHCPNAK message, it cannot reuse its remembered network address. It must instead request a new address by restarting the configuration process, this time using the (non-abbreviated) procedure described in section 3.1. "

    This is not what iOS is doing actually, as described iOS keeps on asking from the previous obtained ip address after receiving the DHCPNAK from the server.

    Regards

    merkhabha
Add a Comment

Hello,

Thank you for your suggestion, but i thought i could find here a developper that could explain the behaviour based on the actual production code, the Support Community won't be of any help.

Regards

Posted by
merkhabha
Up vote reply of merkhabha Down vote reply of merkhabha
Add a Comment

https://datatracker.ietf.org/doc/html/rfc2131

" If the client receives a DHCPNAK message, it cannot reuse its remembered network address. It must instead request a new address by restarting the configuration process "

This is not what iOS is doing, it keeps on asking for the previous obtained ip address event after receiving multiple DHCPNAK from the dhcp server.

Posted by
merkhabha
Up vote reply of merkhabha Down vote reply of merkhabha
Add a Comment