top of page

OUR PRECONDITIONS

  • The old network infrastructure, referred to as OldNet:
    Doesn’t support 802.1x.
    Two domains on different VLAN’s with a one way trust, referred to as Enterprise and Educational.
    The two domains have their own network infrastructure, different IP Helpers, DNS, DHCP and so on.

  • The new infrastructure, referred to as NewNet:
    802.1x is required using CISCO ISE and Layer 3 switches.
    Only one fallback net with its own IP range, common for both domains, which also supports WebAuth guest access.
    The two domains still have their own IP range, DHCP, DNS etc. but will use the same PXE-server since PXE boot is taking place on the fallback network.

  • Both the old and the new network infrastructure will be used to deploy Windows 10 x64 and Windows 7 x86.

  • MAB will not be used during OSD, the network team don’t want to spread a special OSD VLAN so clients will get an IP address according to its current location and only certificate-based authentication is allowed.

  • The task sequence needs to support both the new computer and refresh scenario as well as BIOS to UEFI conversion regardless of the currently installed operating system.
    The scripts used for managing 802.1x needs to support Windows 7 and its PowerShell version.

Search
Writer's picturesomeguy100
Oct 17, 20181 min read

Detect if 802.1x is supported by the network in WinPE

As I've said, we have Oldnet and Newnet. One of the things the 802.1x-script evaluates is if the client has got an expected IP address or not. Since the script evaluates things like that and I don't want it to fail, I need to exit the script if 802.1x isn't necessary .

Simply because no matter how many certificates the client has, none will get the client to switch VLAN if it's on Oldnet.


So does the network support 802.1x?

In Windows this is easy to spot:


In WinPE all you have is netsh and it will look like this even though one network support 802.1x and other one doesn't...


That is unless you import a network profile, the dot3svc service needs to be started but nothing else.

Then you have something to parse with your scripts.


305 views0 comments

Kommentare

bottom of page