Dot 1 X

Lee HLee H Member Posts: 1,135

For Uber security reasons we have certain ports at the switch enabled with Dot 1 X, this means that when the PC is re-imaged and its off the domain it doesn't even have sight of a DHCP scope so gets a 169.. so task then is to take the PC to a different port that has NO Dot 1 X applied - join domain and allow it to download Dot 1 X GP,


Does anyone else out there in the big world apply Dot 1 X to their switch port and how are you then re-imaging said PC in situ

Any info would be much appreciated



  • albinorhino187albinorhino187 Member Posts: 117 ■■■□□□□□□□
    I don't have config specifics, but I believe you can have a default VLAN that the port enters if dot1x authentication fails. If that VLAN had access to join the domain, then you're good to go.

    Or, you do your imaging/domain joining on a switch that's more physically secure than the rest of your ports so you can be safer in not putting dot1x on those.
    CCIE RS - Written (Goal: July 2019) [ ] Lab [ ]
  • pujan96pujan96 Member Posts: 121 ■■■□□□□□□□
    Hey Mate,

    What you would want to do is set up a vlan for imaging PCs, and have the same vlan configured on dot1x as the vlan that switchports go to when dot1x fails, that way, say you go onto the onboard nic to image a PC, dot1x would fail, and the switchport would be put onto the vlan that has access to the imaging server.

    Hope that helps :)
    [X] CCNA R&S

    [X] CCNP Route 300-101
    [  ] CCNP Switch 300-115
    [  ] CCNP T-Shoot 300-135

    [  ]  NPDESI 300-550

    [  ] CCIE R&S Written
    [  ] CCIE R&S LAB
Sign In or Register to comment.