Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
818
Views
0
Helpful
1
Replies

C2960 dot1x mac-auth-bypass problem

tritium86
Level 1
Level 1

‎07-01-2009 09:16 PM - edited ‎03-06-2019 06:33 AM

I have a setup with a client running vmware connecting to the switch. The client mac addresses are authenticated using the ACS.

The switch is able to authenticate the either the client or vm mac address. Depending on which point of time the machine is plugged into the network.

Example scenario: VM is configured in bridge mode with own unique virtual mac

The vm will not be able to authenticate when the machine is plugged into the network when the machine is booting from fresh as the phyiscal mac will be instead used to authenticate. VM client unable authenticate to access network.

The reverse will be same with the machine plugged into the network after the vm has launched.

My interim solution:

Using NAT on vm client.

Plug machine into network only after vm client is launched.

Solution I am looking for:

for both phyiscal and vm client to be able to authenticate. Allow switch port to learn dynamic mac address when in dot1x mac-auth-bypass mode.

Thanks =)

Labels:
0 Helpful
1 Reply 1

andrewswanson
Level 7
Level 7

‎07-02-2009 03:11 AM

think the default dot1x host-mode is single host (only 1 mac needs to be validated). to validate all macs on the switchport change this to multi-host (all macs are validated). command is:

dot1x host-mode multi-host

cheers

andy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card