Thu Mar 1 11:18:08 UTC 2018
John Hodrien <J.H.Hodrien at leeds.ac.uk>

This is really nothing to do with CentOS anymore, if it ever was.

On Thu, 1 Mar 2018, hw wrote:

> If PXE boot is not possible because it would require to allow network access
> to unauthorized devices, or if it is not reasonably feasible because
> switching the device to a different VLAN after allowing unauthorized access
> for booting and then providing credentials to authenticate the device (or
> the user) will result in the device freezing and thus being useless, then
> that just is so, and I have to deal with it.

Why would that *have* to result in the device freezing?  You can PXE boot to a
kernel and initrd that after it's downloaded runs just fine without any
network access at all.

There's no requirement for a PXE client to have network access to anything
other than a VLAN with a boot server that provides it with a boot image.  You
can obviously add on frippery that only recognises approved MACs for even this
if you feel the need.

> Right, but what about keeping track of customers?  Apparently RADIUS has
> some accounting features, and it might be an advantage to use those.

I really don't get why you want WPA2 Enterprise for this setup.  There's a
reason why almost everyone uses captive portals for providing access to lots
of external users.