Security

Reply
MVP Expert

Coping with dhcp fingerprint conflicts

In common with lots of other places we use PXE boot to build managed (Windows) devices on our network.When we put a new device on the net, its DHCP fingerprint becomes "Network Boot Agent/PXE/PXE" which is fine and I can drop a device into a "management VLAN" that;ll allow our DPS department to strt building the machine.

 

At some point it's going to get the appropriate credentials to perform a machine auth dot1x authentication , which puts it into anothe vlan. The problem i'm seeing is that instead of the endpoint fingerprint saying its now a windows machine, I'm seeing a "Profile Confict"  where we have entries for "Other Category/OS Family/Name" appearing with the correct windows fingerprint details and a prompt to resolve later , ignore or fix now.

Obviously I'd like to have the device flagged as being a windows machine  and rather not manually set the 1k+ devices that are currently shown as being PXE devices.

I would have thought the service endppoint profiler set to Any/ CoA terminate session would have fixed thnigs 

 

Is anyone else "doing stuff" based upon a device fingerprint alternating between PXE and . "something else" 

 

 

Rgds

Alex

 

 

MVP
MVP

Re: Coping with dhcp fingerprint conflicts

Maybe it helps to do only set a DHCP helper on your client vlan and *not* at your PXE vlan. Then there is no conflict occuring when you do a PXE boot.

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP - Was this post usefull, Kudos are welcome.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: