DHCPv6 client classification based on DUID.

[Simon Hobson]

Randall C Grimshaw wrote:
>  >That's only likely to change if hardware vendors start providing a
>>specific place to store a device-wide DUID, and software vendors
>>support using it. I don't see that happening soon.
>
>from an operational point of view, wireless 802.1x supplicants with 
>their common use of certificates could be used to drive NAC 
>processes such as vlan steering. So one generalized solution would 
>be to get OS vendors to treat the wired networks in the same way.

I know almost nothing about 802.11x, but I can't help thinking it 
just moves the problem. I'm assuming any certificate would be stored 
in storage managed by the OS - which for devices capable of PXE 
booting is fairly likely to be disk (or a network volume mounted in 
much the same way). Thus the network boot client still won't have 
access to it without there being system wide and environment agnostic 
storage for it.

Ie, when PXE boots, it doesn't (in the general case) have access to 
the storage containing the later OS's key - whether DUID or 802.11x 
certificate - and so cannot use the later OS's key. Chances are it'll 
have little to no storage of it's own, and hence won't be able to 
store a key of it's own that the OS could (theoretically) also use.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.