On Fri, 23 Feb 2018, hw wrote:

There are devices that are using PXE-boot and require access to the company
LAN.  If I was to allow PXE-boot for unauthenticated devices, the whole
thing would be pointless because it would defeat any security advantage that
could be gained by requiring all devices and users to be authenticated:
Anyone could bring a device capable of PXE-booting and get network access.

I'd hope that you could involve TPM in this game.  PXE to unauthenticated
VLAN, boot an OS that could then use TPM to pull out a credential to
authenticate to the network and switch to another VLAN.

As a customer visting a store, would you go to the lengths of configuring
your cell phone (or other wireless device) to authenticate with a RADIUS
server in order to gain internet access through the wirless network of the

No, I'd never offer wireless network access this way.  Typically, you either
offer it unauthenticated, or you provide it via a captive web portal.

CentOS mailing list

Reply via email to