Configuring the Catalyst 3560 to prevent unauthorized access to an enterprise LAN using 802.1x Port-Based Authentication, is there any way to allow a thin client to PXE boot off the network to obtain its OS image (ex. WinXP SP2) and still maintain secure LAN access.
When it comes to Spanning Tree, PortFast can be enabled so that packets sent to the switch are forwarded by the switch first and then Spanning Tree is run to converge the network. This allows thin clients to PXE boot successfully because the initial packets are forwarded to the LAN.
Is there any option similar to PortFast that would allow thin clients or PXE boot clients to boot successfully before 802.1x EAP authentication actually takes place? If so, would someone please describe how this would be accomplished on a Catalyst 3560.