Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
3
Replies

Cisco ISE 2.4 Endpoint running VM

Go to solution
Axsalon
Level 1
Level 1

‎03-01-2019 05:11 AM

Hi,

 

How would you manage corporate laptops (authenticated with EAP-Fast) with Virtual Machines running inside? How would you authenticate this virtual machines?

 

Thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP
In response to Axsalon

‎03-08-2019 03:08 PM

What is an example of a “VM device” ? Do you mean a Client endpoint like a Windows 10 running in a VM? Then of course this is like any other Windows device. Question is HOW is that client’s network adapter connecting to the network? Via a virtual switch that can act as an Authenticator (eg Nexus1000v) or to a real switch? 

A Radius Server like ISE (or any other) only gets involved if there is an Authenticator that specifically makes the request via some security policy, be it 802.1x or MAB. Just plugging a device into a switch port that is not NAC controller is not a AAA event. 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Arne Bier
VIP
VIP

‎03-01-2019 05:41 AM

Interesting question.  Are the VM's network interfaces bridged to the host machine to even allow EAP to function?  

 

Why would you want to do EAP from a VM if the host is already authenticated?  I would think that if the VM is domain joined then the domain authentication to AD is what you're really interested in.  

 

0 Helpful

Go to solution
Axsalon
Level 1
Level 1
In response to Arne Bier

‎03-05-2019 08:31 AM

My question is more related in VMWare-Devices for example, I know that the ISE can identify virtual devices running in the network, but it should be necessary install 802.1X supplicants in these virtual endpoints?

 

If the VM is not compliant, can the ISE deny the access to the physical endpoint where the VM is running?

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to Axsalon

‎03-08-2019 03:08 PM

What is an example of a “VM device” ? Do you mean a Client endpoint like a Windows 10 running in a VM? Then of course this is like any other Windows device. Question is HOW is that client’s network adapter connecting to the network? Via a virtual switch that can act as an Authenticator (eg Nexus1000v) or to a real switch? 

A Radius Server like ISE (or any other) only gets involved if there is an Authenticator that specifically makes the request via some security policy, be it 802.1x or MAB. Just plugging a device into a switch port that is not NAC controller is not a AAA event. 

0 Helpful
Customers Also Viewed These Support Documents