Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Pxe for unknown users

This thread has been viewed 2 times

  • 1.  Pxe for unknown users

    Posted Oct 20, 2018 07:05 PM
    Hi ,

    For pxe boot , if we return a remediation or pxe vlan for unknown Mac addresses, any machine can use it by plugging cable and use network boot.
    We want some restrictions only company owned machines can use pxe vlan.how to avoid external machines. We are large org and static Mac list is not possible


  • 2.  RE: Pxe for unknown users

    EMPLOYEE
    Posted Oct 20, 2018 07:08 PM
    You have to figure out how to determine corporate ownership of the devices. We don’t know your environment.


  • 3.  RE: Pxe for unknown users

    Posted Oct 21, 2018 06:36 AM
    The situation demands that every port in the network can be used for pxe . But how to avoid BYOD devices to use our corporate images . How to block them .


  • 4.  RE: Pxe for unknown users

    Posted Oct 21, 2018 03:02 PM

    Hi,

     

    If you are using SCCM you can do a integration with Clearpass: https://community.arubanetworks.com/t5/Security/SCCM-Integration-with-Clearpass/td-p/302190

    I am not sure how SCCM works but if you somehow can trigger so that SCCM populates a MAC list when the user wants to PXE then you can point that list to a PXE VLAN.

     

    If the user has to call your first line support when they want to PXE then the support engineer can trigger (with a script maby) so that the MAC list gets populated.

     

    And when the PXE is finnished have a script as the last installation task to remove the MAC address from the list.

     

    Regards

    Philip