On Fri, Feb 23, 2018 at 10:33 AM, hw <hw at gc-24.de> wrote: > That would be a problem because clients using PXE-boot require network > access, > and it wouldn´t contribute to security if unauthorized clients were allwed > to > PXE-boot. Two solutions to this: 1. Enable "exception by MAC address": only known MAC addresses get put onto the PXE boot VLAN. Other unauthenticated client goes onto a "no access" VLAN (many places make this the same VLAN as the guest WiFi VLAN with internet access only, sometimes with a captive portal). Authenticated clients go onto the corporate VLAN. 2. (this can be in addition or instead of 1). The PXE server itself will only serve known MAC addresses and/or requires a token/password to initiate the install. Regardless, there's not huge utility to installing your personal machine with a corporate build from a PXE server, which you then can't use because you don;t have corporate credentials, but I suppose it may have some risk with regards to software licensing or builds containing other stuff you don't want strangers to access, so lockdowns can't hurt. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos