C2960 dot1x mac-auth-bypass problem

Unanswered Question
Jul 1st, 2009

I have a setup with a client running vmware connecting to the switch. The client mac addresses are authenticated using the ACS.

The switch is able to authenticate the either the client or vm mac address. Depending on which point of time the machine is plugged into the network.

Example scenario: VM is configured in bridge mode with own unique virtual mac

The vm will not be able to authenticate when the machine is plugged into the network when the machine is booting from fresh as the phyiscal mac will be instead used to authenticate. VM client unable authenticate to access network.

The reverse will be same with the machine plugged into the network after the vm has launched.

My interim solution:

Using NAT on vm client.

Plug machine into network only after vm client is launched.

Solution I am looking for:

for both phyiscal and vm client to be able to authenticate. Allow switch port to learn dynamic mac address when in dot1x mac-auth-bypass mode.

Thanks =)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrewswanson Thu, 07/02/2009 - 03:11

think the default dot1x host-mode is single host (only 1 mac needs to be validated). to validate all macs on the switchport change this to multi-host (all macs are validated). command is:

dot1x host-mode multi-host




This Discussion