Hello all,
I am new to the wired auth side of things (been using Clearpass for wireless auth for a while now) and I am running into a small issue. Here's some insight into our environment and what I am trying to accomplish.
We have two VLANs:
-Untrusted VLAN (any device that is not managed by us or is not receiving a cert to auth. SCCM servers are available for PXE imaging, but otherwise no internal access)
-Trusted VLAN (staff/admin devices, using a cert to auth)
Currently, we get a new device in and we connect it to the network, and the device is place on the untrusted VLAN using MAB as it is out of the box with no config or cert to auth or anything. We PXE boot and kick off the imaging process, which fails at the task in which it tries to join it to the domain (which is expected as we don't have DCs available on that VLAN yet). I really don't want to expose our DCs on this VLAN with the SCCM server, but I see no other option...We have several buildings so using a single spot for imaging is not ideal, neither is importing the MAC addresses of all our devices. Is there a way for Clearpass to identify a device that is PXE booting and I can assign a "PXE Machine" role to allow it onto the Trusted network in order to finish the imaging process and connect to AD?
Or if there is another way that someone is using today, I am all ears.
Thanks!
------------------------------
------------------------------