I have a setup with a client running vmware connecting to the switch. The client mac addresses are authenticated using the ACS.
The switch is able to authenticate the either the client or vm mac address. Depending on which point of time the machine is plugged into the network.
Example scenario: VM is configured in bridge mode with own unique virtual mac
The vm will not be able to authenticate when the machine is plugged into the network when the machine is booting from fresh as the phyiscal mac will be instead used to authenticate. VM client unable authenticate to access network.
The reverse will be same with the machine plugged into the network after the vm has launched.
My interim solution:
Using NAT on vm client.
Plug machine into network only after vm client is launched.
Solution I am looking for:
for both phyiscal and vm client to be able to authenticate. Allow switch port to learn dynamic mac address when in dot1x mac-auth-bypass mode.