09-30-2013 04:22 AM - edited 03-10-2019 08:57 PM
Hi,
I am trying to find a solution for guest and PXE to co-exist. I am setting up authentication so that the devices with a certificate will go to vlan 20. If the device don't have our certificate it will go to vlan 30 (guest vlan with only access to the Internet). The problem comes when we have to do pxe installation of a new computer or reinstallation of an old one. Since those devices don't have a cert they will be moved to the guest vlan.
What options do we have for this? The guest vlan should not have access to AD, pxe servers, ISE...
09-30-2013 03:36 PM
MAC address bypass. Putting your PXE devices in to a group which allows absolute minimal access for PXE boot.
Bulk upload of MAC addresses for all your PXE devices.
10-02-2013 07:31 AM
For new computers is it possible to set up a portal where the PC-guys can register the MAC-address of new computers, the MAC is then places in a group called "New computers", and we have a authorization rule that puts all the computers in that group in a deployment/pxe VLAN?
10-02-2013 03:24 AM
Please check the below link this may can be helpful for you:
Link-1
http://www.cisco.com/image/gif/paws/115802/115802-radius-authentication-00.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide