Security

Reply
Occasional Contributor II

Clearpass PXE boot and conflict equals true

Hello,

 

I get all the time on the endpoint the Conflict value of true for my corporate devices on the wired site.

 

The reason is that PXE boot is used. So the DHCP finger print is different between the OS (windows 10 or 7) and the PXE discovery.

 

If the device start it kan login by MAC-auth because of a special PXE attribute. If this is not used is uses 802.1x for normal authentication.


How can i resolve this?

Occasional Contributor II

Re: Clearpass PXE boot and conflict equals true

Is it possible to disable profling (dhcp relay) from the PXE-boot vlan?

------------------------------------------------------------------------
Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE
Occasional Contributor II

Re: Clearpass PXE boot and conflict equals true

No, this is not a option.

 

The clients are in some cases placed in the same vlan.

Inside clearpass the administrator must set a atribute by hand and than the PC kan doe a 1 time Pix boot inside the same valn als it will be put inside after a 802.1x authentication

Guru Elite

Re: Clearpass PXE boot and conflict equals true

They should only be profiled as PXE when they actually PXE boot. How often are they doing this?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass PXE boot and conflict equals true

I have two customurs with this issue (both are using PXE). 

 

Customer A only one a month.

Customer B daily. Every time the machine boot up. They didn't want to do anything manually so the PXE attribute is active all the time. 

 

Normaly for my mac-auth service i hava a if conflict equals true "deny profile" at the top. This is not possible now because of the conflict. I can filter on the attribute but i would like a nice solution and not the issue on the endpoints.

 

Also a ignore or accept of the conflict don't works very nice. They keep coming back.

 

------------------------------------------------------------------------
HPE Master ASE | Aruba ACSA, ACCP, ACMP, ACEAP

 

Guru Elite

Re: Clearpass PXE boot and conflict equals true

I'm not sure there's a solution for this. ClearPass is doing exactly what it's supposed to do.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: