Solved: Re: 802.1X Deployment for VM configured on Esxi -

RAMAN AZIZIAN · ‎04-21-2025

Good day,

I have a task to research, design, and implement NAC (802.1X) for wired network, and I wanted to find out if the servers in the data center also need to be configured for NAC authentication. We have a large compute/storage/virtualization datacenter and i can't seem to find info regarding best practice for the datacenter side.

I am planning on implementing PEAP for our client/user access, and possibly EAP-TLS.

Network topology consist of cisco switches (IOS, NxOS), ISE, Active Directory, and CA.

Any info or suggestions as always will be greatly appreciated.

All the best and thank you!

Rob Ingram · ‎04-21-2025

@RAMAN AZIZIAN no, typically you would not use NAC (802.1X/MAB) on servers in the DC. NAC is for authenticating endpoints connected to access layer switches.

I would recommend using EAP-TLS (maybe TEAP with EAP-TLS) for authentication.

View solution in original post

Rob Ingram · ‎04-21-2025

@RAMAN AZIZIAN no, typically you would not use NAC (802.1X/MAB) on servers in the DC. NAC is for authenticating endpoints connected to access layer switches.

I would recommend using EAP-TLS (maybe TEAP with EAP-TLS) for authentication.

RAMAN AZIZIAN · ‎04-21-2025

Thank you Rob for the quick reply. We are also being tasked with deploying of Zero-Trust infrastrcuture, and I was curious if that needed to be applied on the VMs as well. I have long ways to go to fully understand all the components.

Have a great day.

raman