Extreme Networks

JohanHendrikx · ‎09-03-2019

I have a challenge. Our pc's authenticate with 802.1x to a vlan. This works fine. However when I have to reinstall a pc, the pc must connect to the PXE server after the boot.

How can I let the pc authenticate to NAC and solve this issue ?

Johan Hendrik System Architect Audax

Chad5 · ‎02-25-2020

Hi,

As I was researching, I saw something that might help.

https://www.asquaredozen.com/2018/07/29/configuring-802-1x-authentication-for-windows-deployment/

For step number 5, can we not use XMC APIs to perform the same thing they performed with Cisco ISE External RESTful Service?

I am also wondering if the script mentioned by Matthew is the idea behind the other steps of the guide.

Thanks,

Matthew_Hum · ‎09-08-2019

if you get a good capture of the PXE boot sequence, you might be able to write your own DHCP/bootp signature to distinguish your PXE boot process (not sure until I look at a capture of the process itself). This might not be the same for all vendor's machines (e.g. intel boards/chips may pxe differently than non-intel like MSI).

So without that you can use your unauthenticated VLAN for PXE booting, or create overrides for a MAC (this can be scripted and automated) to be put on a different PXE vlan.
or examine your process of reimaging machines.

JohanHendrikx · ‎09-06-2019

Unfortunately, this does not work. During the boot, this information isn't available for EAC.

Johan Hendrik System Architect Audax

Matthew_Hum · ‎09-05-2019

Yes. you can create a new end system group based on device type and then create a new rule to allow it access to the network or whichever VLAN you like.

Extreme Networks

How can NAC accept PC that send a PXE request?

How can NAC accept PC that send a PXE request?