802.1X with PXE

Unanswered Question
Mar 4th, 2009
User Badges:


I'm looking for a solution for a 802.1X with PXE boot problem. When computer boots, there is no authentication material to authenticate by RADIUS. So switch keeps the port in "unauthenticated" or "guest" VLAN. I do not want to put the RIS / Imaging server in these VLAN's. Is there a solution for this problem ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jafrazie Wed, 03/04/2009 - 11:49
User Badges:
  • Cisco Employee,

We've had folks find success with this by using MAC-Auth-Bypass. Essentially, since PXE initially boots as a "non-1X" device, MAB can be a way to authenticate the machine with the MAC in the absence of 1X itself.

remco.gussen Thu, 03/05/2009 - 00:02
User Badges:

What will happen when machine shows the Windows Login screen ? It still wants to authenticate with the mac address instead of the computer / user certificate I assume..

jafrazie Thu, 03/05/2009 - 06:20
User Badges:
  • Cisco Employee,

So I assume the image you load via PXE wil either be enabled for 1X already, or not. If enabled, it can 1X just fine. If not, you can continue to use MAB.


This Discussion