Pete Biggs wrote: > >> >>> A prerequisite for PXE is DHCP - by the time your device does anything >>> with PXE it's already accessed the network and got an IP address and so >>> on. There is absolutely no way to prohibit access to your network >>> without first allowing the device some access to your network in order >>> to authenticate. The normal way around this is to use VLANs to >>> segregate "dirty" unauthenticated machines - once it's authenticated it >>> is moved onto a different VLAN and a new DHCP request initiated. >> >> Suddenly moving the client to a different VLAN would have the same effect as >> unplugging the network cable: it would freeze until the connection is restored. >> Otherwise, the server would have to be reachable via several VLANs, which would >> make it pointless to use these VLANs. > > It depends on at which point you switch VLANs. If you use authenticated > DHCP then the process is to get an IP address on a dirty VLAN, > authenticate, switch VLAN, get a new IP address, boot to PXE. There > are extensions in the DHCP protocol to accommodate this. Like using MAC addresses? > It's also possible that the PXE environment can deal with the > authentication - PXE runs solely on the local machine, so it doesn't > care about VLANs changing so long as when it wants to do something it > has a valid IP address for the VLAN it is assigned to. > > And at this point, I think this is no longer CentOS related. If you > can't find out what you need on the net, you need to hire a network > consultant to deal with it. Asking a zillion random questions on a > mailing list just because you can't find or understand the information > elsewhere and fighting against the answers you are given is not very > productive for anyone. This hasn´t been Centos related to begin with, and I didn´t ask for a discussion but only for a pointer to documentation. My questions are not random, and perhaps the mailing list should better be closed so noone can ask anything.