06-20-2017 05:23 AM
1. Regular network vlan - permit by 802.1x and Machine certificate
2. Remediation vlan - all devices that fails going to this vlan (include macs that not exist on the database)
We created this Remediation vlan in order to drop all devices that can't authenticate with 802.1x or Mac address. It's working great but we have a small issue with out of the box pc's that need to get image with PXE. In order for the pc to get an ip address, i need to change status to known and then i can start the image proccess.
My question is this, Can this proccess be an automated process without human intervention? Can clearpass identify by set of rules that the PC is going to PXE proccess ?
06-20-2017 06:07 AM
06-20-2017 10:23 AM
Our Remediation vlan is limited to some servers in order to let new/old pc to install a new image.
Everything that not authenticate with 802.1x are droping to that vlan (not only computers) so i guessing allowing them to get the network is not an option without approve them.
Maybe out approach is not correct ?