We are in the process of doing an OOB VGW (wired) NAC implementation (4.7(2)) and some users are running virtual machines. The base OS's of the devices are Linux (no agent), Windows 7 and MACs.
How does NAC treat the virtual instance? My concern is that the virtual session, from what I have seen creates a unique mac address so that can have two mac addresses from one physical machine on the same vlan and same port.
Will the creation of the second mac trigger a mac notification trap possibly putting the port back into authentication mode?
Just a bit curious because I want to be prepared.
What the heck do folks normally do with Linux devices in NAC?
You're correct in the sense that if they are using bridged mode for their VMs, it would show up as another MAC address, and if you're doing OOB, it will trigger a MAC-Notification. It's a design limitation I would say and no real easy work around it. You could put either your base OS in the IGNORE filter list, or if you don't care about NAC'ing the VM machines, you could put their MAC addresses in the IGNORE filter list.
As for NAC and linux, the usual suspects that you generally care for and deploy NAC for aren't really that relevant in a Linux environment. You can do Nessus scanning (not recommended, and might even go away in a near-future version) to check for certain Linux holes. I don't know of any work being done on a Linux agent, but this is something your account team can verify for you.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :