Pete Biggs wrote:
A prerequisite for PXE is DHCP - by the time your device does anything
with PXE it's already accessed the network and got an IP address and so
on. There is absolutely no way to prohibit access to your network
without first allowing the device some access to your network in order
to authenticate. The normal way around this is to use VLANs to
segregate "dirty" unauthenticated machines - once it's authenticated it
is moved onto a different VLAN and a new DHCP request initiated.
Suddenly moving the client to a different VLAN would have the same effect as
unplugging the network cable: it would freeze until the connection is restored.
Otherwise, the server would have to be reachable via several VLANs, which would
make it pointless to use these VLANs.
It depends on at which point you switch VLANs. If you use authenticated
DHCP then the process is to get an IP address on a dirty VLAN,
authenticate, switch VLAN, get a new IP address, boot to PXE. There
are extensions in the DHCP protocol to accommodate this.
Like using MAC addresses?
It's also possible that the PXE environment can deal with the
authentication - PXE runs solely on the local machine, so it doesn't
care about VLANs changing so long as when it wants to do something it
has a valid IP address for the VLAN it is assigned to.
And at this point, I think this is no longer CentOS related. If you
can't find out what you need on the net, you need to hire a network
consultant to deal with it. Asking a zillion random questions on a
mailing list just because you can't find or understand the information
elsewhere and fighting against the answers you are given is not very
productive for anyone.
This hasn´t been Centos related to begin with, and I didn´t ask for a
discussion but only for a pointer to documentation. My questions are
not random, and perhaps the mailing list should better be closed so
noone can ask anything.
CentOS mailing list