Coping with dhcp fingerprint conflicts
03-22-2019 05:41 AM
In common with lots of other places we use PXE boot to build managed (Windows) devices on our network.When we put a new device on the net, its DHCP fingerprint becomes "Network Boot Agent/PXE/PXE" which is fine and I can drop a device into a "management VLAN" that;ll allow our DPS department to strt building the machine.
At some point it's going to get the appropriate credentials to perform a machine auth dot1x authentication , which puts it into anothe vlan. The problem i'm seeing is that instead of the endpoint fingerprint saying its now a windows machine, I'm seeing a "Profile Confict" where we have entries for "Other Category/OS Family/Name" appearing with the correct windows fingerprint details and a prompt to resolve later , ignore or fix now.
Obviously I'd like to have the device flagged as being a windows machine and rather not manually set the 1k+ devices that are currently shown as being PXE devices.
I would have thought the service endppoint profiler set to Any/ CoA terminate session would have fixed thnigs
Is anyone else "doing stuff" based upon a device fingerprint alternating between PXE and . "something else"
Re: Coping with dhcp fingerprint conflicts
03-22-2019 06:51 AM - edited 03-22-2019 06:56 AM
Maybe it helps to do only set a DHCP helper on your client vlan and *not* at your PXE vlan. Then there is no conflict occuring when you do a PXE boot.
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.