802.1X with PXE

Unanswered Question
Mar 4th, 2009


I'm looking for a solution for a 802.1X with PXE boot problem. When computer boots, there is no authentication material to authenticate by RADIUS. So switch keeps the port in "unauthenticated" or "guest" VLAN. I do not want to put the RIS / Imaging server in these VLAN's. Is there a solution for this problem ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jafrazie Wed, 03/04/2009 - 11:49

We've had folks find success with this by using MAC-Auth-Bypass. Essentially, since PXE initially boots as a "non-1X" device, MAB can be a way to authenticate the machine with the MAC in the absence of 1X itself.

remco.gussen Thu, 03/05/2009 - 00:02

What will happen when machine shows the Windows Login screen ? It still wants to authenticate with the mac address instead of the computer / user certificate I assume..

jafrazie Thu, 03/05/2009 - 06:20

So I assume the image you load via PXE wil either be enabled for 1X already, or not. If enabled, it can 1X just fine. If not, you can continue to use MAB.


This Discussion