7

We are using PXE boot to image computers from Win XP to Windows 7.

The powers that be have created an imaging vlan dedicated specifically for this purpose, presumably for load balancing?

The problem is that once that image is finished, we have to switch the vlan back to the user vlan, creating extra work for us. Is there any way around this? We are trying to automate this process as much as possible and this extra bit of work does not lend itself to efficiency.

Or can a script be created that carries out this process automatically upon X?

As in, IF X, change PC_1 TO Vlan40 (after image is finished)

The trigger could be doing an OS lookup. IF WIN_7 ...

Thoughts?

Keven Culp
  • 131
  • 2
  • 1
    a few questions... a) do you have CLI / enable access to the switch? b) what model of Cisco switch? c) what nms tools do you have available (i.e. things like [netdisco](http://www.netdisco.org/features.html))? – Mike Pennington Jul 31 '13 at 16:24
  • Cisco 3750x. We're a corporate environment, so I'm sure any tool you recommend I could get or I could ask. I'm not the network engineer. CLI is enabled.. I don't have access but could be granted it, someone on my team is. – Keven Culp Jul 31 '13 at 16:26
  • You need to have access to the switch via CLI or SNMP to make a VLAN change. – Mike Pennington Jul 31 '13 at 16:29
  • Let's assume that I do. – Keven Culp Jul 31 '13 at 16:46
  • Is the switch back to the user VLAN necessary for testing or am I not getting the complete picture? – generalnetworkerror Aug 02 '13 at 07:01
  • @kevinculp, is there a reason you don't want to have two different cables next to the PCs? Use one cable for PXE, and the other for corporate connectivity – Mike Pennington Aug 02 '13 at 15:21
  • Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could post and accept your own answer. – Ron Maupin Jan 04 '21 at 01:35

4 Answers4

3

A few options come to mind.

  1. If you have 802.1X in your environment, you could push the VLAN assignement to the port based on a username used to authenticate after the imaging is done. One username per vlan for imaging to make the VLAN assignments automatic.
  2. If the imaging is done in a central location, get a L2 switch and trunk that back to the production network, and then simply have different ports tied to different VLANs. The automatic part comes from you physically using different cables from a different ports or swapping your one cable out from one port to another.
  3. Script the VLAN switchport change via SNMP or CLI.
generalnetworkerror
  • 7,094
  • 6
  • 32
  • 65
2

You probably do not want to add any automated configuration capability to your imaging script/PE environment. That wouldn't really jive with most change control systems or frameworks.

If they do not want to allow PXE booting or imaging in general on the production network then you will either want to prep new computers on a dedicated port in your office and rely on USMT to backup and restore customer data from a file server. This is what we did at my office.

The above is easy to do when you are on-site, but quickly becomes cumbersome when you are working remotely. We had to "set customer expectations" and ship newly imaged machines with their data restored to the customer. A "technical contact" would assist in its installation and they would ship the old unit to us for disposal or redeployment.

In short, without any sort of assistance from your network team I don't believe that there is a good automated solution.

JDGray
  • 311
  • 3
  • 4
  • 11
  • Our network team is very willing to work with me, I am just not sure what to ask. I'm trying to find a useful solution. We do what we call "hot swaps" for PC's in many cases, and they are allowing PXE booting - just on this seperate vLAN. – Keven Culp Jul 31 '13 at 19:57
  • 1
    Well, here are the options that I am aware of: 1) Have your network team create a group in AD/TACACS for technicians and grant you the ability to view the configuration, make the vlan assignment for the port and save the changes and nothing else. 2) Each time a VLAN assignment needs to be changed engage your network team to make the change for you and then change it back when you are done. Outside of that, you can try to do some creative scripting or as Mike Pennington said above you can have your network team grant you access to use SNMP to make the change in Nagios, Orion NPM, etc. – JDGray Jul 31 '13 at 22:16
0

Most products require you to configure MAC addresses in DHCP for imaging to, so a normal PC will not use DHCP addresses from the imaging server, this begs the question why have a PXE VLAN? I use one for servers but all production networks are tagged so we can rebuild the server without needing to change the switch, but I would suggest this setup is needlessly complex. Use 2 DHCP servers 1 to build and one for normal operations and have a small scope in the build DHCP server.

fredpbaker
  • 1,357
  • 1
  • 8
  • 8
0

Split your 3750x and assign some ports for the imaging VLAN and some ports for your regular user traffic VLAN. When your imaging is complete simply swap your patch cable to the correct port. Or you can simply allow your image VLAN to access necessary network resources to complete your imaging process, this can be done through ACLs.

HansB
  • 1