DHCPv6 client classification based on DUID.
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Sep 20 21:13:13 UTC 2012
Randall C Grimshaw wrote:
> >That's only likely to change if hardware vendors start providing a
>>specific place to store a device-wide DUID, and software vendors
>>support using it. I don't see that happening soon.
>
>from an operational point of view, wireless 802.1x supplicants with
>their common use of certificates could be used to drive NAC
>processes such as vlan steering. So one generalized solution would
>be to get OS vendors to treat the wired networks in the same way.
I know almost nothing about 802.11x, but I can't help thinking it
just moves the problem. I'm assuming any certificate would be stored
in storage managed by the OS - which for devices capable of PXE
booting is fairly likely to be disk (or a network volume mounted in
much the same way). Thus the network boot client still won't have
access to it without there being system wide and environment agnostic
storage for it.
Ie, when PXE boots, it doesn't (in the general case) have access to
the storage containing the later OS's key - whether DUID or 802.11x
certificate - and so cannot use the later OS's key. Chances are it'll
have little to no storage of it's own, and hence won't be able to
store a key of it's own that the OS could (theoretically) also use.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list