[c-nsp] PXE traffic down a different VLAN
Anton Kapela
tkapela at gmail.com
Thu May 20 10:10:24 EDT 2010
On May 20, 2010, at 8:25 AM, Drew Weaver wrote:
> is there any technology present in IOS that allows you to send PXE traffic through a different VLAN than the normal VLAN that is assigned to the switchport or do you just have to use IP HELPER?
if you were sufficiently crazy, you could do ACL-based separation/isolation of this traffic, and bind it to a VRF using policy-based multi-VRF selection. More info here:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html#wp1076422
afaik, cisco "switches" cannot support ACL-based VLAN membership/selection, only VRF.
if your PXE 'bootrom' could support using a 'custom' mac address (which the host OS would not see/use later...), you could consider something like MAC-address based vlan membership, with or without a radius-based backend.
http://en.wikipedia.org/wiki/VLAN_Management_Policy_Server
this now appears quite deprecated. in looking at other switches (dell, hp, other broadcom generics), i cannot see a vendor out there that can control vlan membership based on l3/l4 acls. This would break arp, or minimally require 'funky' work-arounds to glue-together l3/l4-based (and potentially disjoint) subnets/prefixes.
Out of morbid curiosity, why do you wish to achieve this?
-Tk
More information about the cisco-nsp
mailing list