Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

C2960 dot1x mac-auth-bypass problem

I have a setup with a client running vmware connecting to the switch. The client mac addresses are authenticated using the ACS.

The switch is able to authenticate the either the client or vm mac address. Depending on which point of time the machine is plugged into the network.

Example scenario: VM is configured in bridge mode with own unique virtual mac

The vm will not be able to authenticate when the machine is plugged into the network when the machine is booting from fresh as the phyiscal mac will be instead used to authenticate. VM client unable authenticate to access network.

The reverse will be same with the machine plugged into the network after the vm has launched.

My interim solution:

Using NAT on vm client.

Plug machine into network only after vm client is launched.

Solution I am looking for:

for both phyiscal and vm client to be able to authenticate. Allow switch port to learn dynamic mac address when in dot1x mac-auth-bypass mode.

Thanks =)


Re: C2960 dot1x mac-auth-bypass problem

think the default dot1x host-mode is single host (only 1 mac needs to be validated). to validate all macs on the switchport change this to multi-host (all macs are validated). command is:

dot1x host-mode multi-host



CreatePlease to create content