Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ISE dot1x, guest and pxe

Hi,

I am trying to find a solution for guest and PXE to co-exist. I am setting up authentication so that the devices with a certificate will go to vlan 20. If the device don't have our certificate it will go to vlan 30 (guest vlan with only access to the Internet). The problem comes when we have to do pxe installation of a new computer or reinstallation of an old one. Since those devices don't have a cert they will be moved to the guest vlan.

What options do we have for this? The guest vlan should not have access to AD, pxe servers, ISE...

3 REPLIES
New Member

ISE dot1x, guest and pxe

MAC address bypass. Putting your PXE devices in to a group which allows absolute minimal access for PXE boot.

Bulk upload of MAC addresses for all your PXE devices.

ISE dot1x, guest and pxe

For new computers is it possible to set up a portal where the PC-guys can register the MAC-address of new computers, the MAC is then places in a group called "New computers", and we have a authorization rule that puts all the computers in that group in a deployment/pxe VLAN?

Bronze

ISE dot1x, guest and pxe

Please check the below link this may can be helpful for you:

Link-1

http://www.cisco.com/image/gif/paws/115802/115802-radius-authentication-00.pdf

660
Views
5
Helpful
3
Replies