This is really nothing to do with CentOS anymore, if it ever was. On Thu, 1 Mar 2018, hw wrote: > If PXE boot is not possible because it would require to allow network access > to unauthorized devices, or if it is not reasonably feasible because > switching the device to a different VLAN after allowing unauthorized access > for booting and then providing credentials to authenticate the device (or > the user) will result in the device freezing and thus being useless, then > that just is so, and I have to deal with it. Why would that *have* to result in the device freezing? You can PXE boot to a kernel and initrd that after it's downloaded runs just fine without any network access at all. There's no requirement for a PXE client to have network access to anything other than a VLAN with a boot server that provides it with a boot image. You can obviously add on frippery that only recognises approved MACs for even this if you feel the need. > Right, but what about keeping track of customers? Apparently RADIUS has > some accounting features, and it might be an advantage to use those. I really don't get why you want WPA2 Enterprise for this setup. There's a reason why almost everyone uses captive portals for providing access to lots of external users. jh