It is increasingly common for enterprises to use centralised desktop deployment e.g. Ghost, Altiris etc and also want to implement more stringent security. How can you implement 802.1x port authentication in an environment where PXE booting is required?
I'm guess that you can't, first of all if you set port control to auto, the switch starts in unauthorized state and initiates authentication, if it fails, it stays unauthorized, since with pxe booting, there is no way to have the dot1x client loaded, the there is no way it can authenticate, another issue would be for the machine to authenticate, there needs to be a certificate loaded on local machine store, don't know how that could be done without user intervention. Perhaps someone at cisco may know something I don't. Also up till this week, the dot1x client for microsoft didn't really work, there is a hotfix available to fix the client
If the client can't do 802.1x then you can configure a 'Guest VLAN' that the port will be put it. If you put a server that the device can boot off in this VLAN you should be able to achieve what you want - i.e. the device to start the operating system and then re-initialise the network driver etc to start 802.1x and then get the correct VLAN assignment etc.
You would need to make the Guest VLAN non-routable or firewall it off some way so users can't get off this VLAN without initialising 802.1x.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...