Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1124
Views
5
Helpful
3
Replies

ISE dot1x, guest and pxe

Philip Vilhelmsson
Level 1
Level 1

‎09-30-2013 04:22 AM - edited ‎03-10-2019 08:57 PM

Hi,

I am trying to find a solution for guest and PXE to co-exist. I am setting up authentication so that the devices with a certificate will go to vlan 20. If the device don't have our certificate it will go to vlan 30 (guest vlan with only access to the Internet). The problem comes when we have to do pxe installation of a new computer or reinstallation of an old one. Since those devices don't have a cert they will be moved to the guest vlan.

What options do we have for this? The guest vlan should not have access to AD, pxe servers, ISE...

Labels:
0 Helpful
3 Replies 3

bikespace
Level 1
Level 1

‎09-30-2013 03:36 PM

MAC address bypass. Putting your PXE devices in to a group which allows absolute minimal access for PXE boot.

Bulk upload of MAC addresses for all your PXE devices.

Philip Vilhelmsson
Level 1
Level 1
In response to bikespace

‎10-02-2013 07:31 AM

For new computers is it possible to set up a portal where the PC-guys can register the MAC-address of new computers, the MAC is then places in a group called "New computers", and we have a authorization rule that puts all the computers in that group in a deployment/pxe VLAN?

0 Helpful

aqjaved
Level 3
Level 3

‎10-02-2013 03:24 AM

Please check the below link this may can be helpful for you:

Link-1

http://www.cisco.com/image/gif/paws/115802/115802-radius-authentication-00.pdf

0 Helpful
Customers Also Viewed These Support Documents