top of page

OUR PRECONDITIONS

  • The old network infrastructure, referred to as OldNet:
    Doesn’t support 802.1x.
    Two domains on different VLAN’s with a one way trust, referred to as Enterprise and Educational.
    The two domains have their own network infrastructure, different IP Helpers, DNS, DHCP and so on.

  • The new infrastructure, referred to as NewNet:
    802.1x is required using CISCO ISE and Layer 3 switches.
    Only one fallback net with its own IP range, common for both domains, which also supports WebAuth guest access.
    The two domains still have their own IP range, DHCP, DNS etc. but will use the same PXE-server since PXE boot is taking place on the fallback network.

  • Both the old and the new network infrastructure will be used to deploy Windows 10 x64 and Windows 7 x86.

  • MAB will not be used during OSD, the network team don’t want to spread a special OSD VLAN so clients will get an IP address according to its current location and only certificate-based authentication is allowed.

  • The task sequence needs to support both the new computer and refresh scenario as well as BIOS to UEFI conversion regardless of the currently installed operating system.
    The scripts used for managing 802.1x needs to support Windows 7 and its PowerShell version.

Search
Writer's picturesomeguy100
Oct 14, 20182 min read

The background and the 'Why'


Hi!

First of all. I will never say that what I did is the only nor the best way. The circumstances and the configuration of the environment will affect what you can and can’t do and how you need to do it. When I started to look in to this, there wasn’t much info at all to be found on the web. The ADK didn’t even support 802.1x due to an almost 1.5 year old bug. I would have been glad for any information at all and that is what encouraged me to write this blog. I actually got 802.1x to work with the 1607 ADK but that’s a whole other story.

That being said, the script I made was for that solution and might look overcomplicated as things stand today.

But it does what it is supposed to and if any bug is reintroduced in the ADK there’s a good chance that we won’t be affected by it. As harshly at least. =P


This is how out environment looks like

· The old network infrastructure, referred to as OldNet: Doesn’t support 802.1x. Two domains on different VLAN’s with a one way trust, referred to as Enterprise and Educational. The two domains have their own network infrastructure, different IP Helpers, DNS, DHCP and so on.

· The new infrastructure, referred to as NewNet: 802.1x is required using CISCO ISE and Layer 3 switches. Only one fallback net with its own IP range, common for both domains, which also supports WebAuth guest access. The two domains still have their own IP range, DHCP, DNS etc. but will use the same PXE-server since PXE boot is taking place on the fallback network.

· Both the old and the new network infrastructure will be used to deploy Windows 10 x64 and Windows 7 x86.

· MAB will not be used during OSD, the network team don’t want to spread a special OSD VLAN so clients will get an IP address according to its current location and only certificate-based authentication is allowed.

· The task sequence needs to support both the new computer and refresh scenario as well as BIOS to UEFI conversion regardless of the currently installed operating system. The scripts used for managing 802.1x needs to support Windows 7 and its PowerShell version.

114 views0 comments

Коментарі

bottom of page