Security

Reply
Occasional Contributor I
Posts: 7
Registered: ‎06-07-2017

Remediation Vlan - Out of the box PC

Hi All,

Facts : 

1. Regular network vlan - permit by 802.1x and Machine certificate

2. Remediation vlan - all devices that fails going to this vlan (include macs that not exist on the database)

 

We created this Remediation vlan in order to drop all devices that can't authenticate with 802.1x or Mac address. It's working great but we have a small issue with out of the box pc's that need to get image with PXE. In order for the pc to get an ip address, i need to change status to known and then i can start the image proccess. 

 

My question is this, Can this proccess be an automated process without human intervention? Can clearpass identify by set of rules that the PC is going to PXE proccess ?

 

Thank you

Shmulik Mazor

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Remediation Vlan - Out of the box PC

Just use Allow All MAC Auth to drop any machine that doesn’t use 802.1X into the remediation VLAN.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 7
Registered: ‎06-07-2017

Re: Remediation Vlan - Out of the box PC

Our Remediation vlan is limited to some servers in order to let new/old pc to install a new image. 

 

Everything that not authenticate with 802.1x are droping to that vlan (not only computers) so i guessing allowing them to get the network is not an option without approve them.

 

Maybe out approach is not correct ? 

 

Thank you

Search Airheads
Showing results for 
Search instead for 
Did you mean: