This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a customer that has windows machines. When they activate KVM Hyper-V VM, it is like the network card/adapter of the machine deactivates (something like virtual switch comes in). So it is impossible to have Posture on that machine....
Do we have any kind of solution for this kind of scenarios?
My customer's scenario is like this:
There are some users who use virtual machines with Hyper-V (not KVM sorry for that mistake). They cant authenticate using 802.1x because there is more than one MAC address trying to register in the same port.
is there any way we can solve that scenario?
As long as the network interface of each Hyper-V VM has one and only one IPv4 MAC address and the Cisco switch interface configured in multi-auth mode, then we should be able to see each VM as its own endpoint and posture accordingly. I think you might need to check with the switch platform teams and see any scale limits.
We also faced the same issue few days back although kept it aside for now.
We are hosting a virtual mobile emulator in Hyper-V in some machines. The issue we faced was that even the host machine lost connectivity when these machines were moved to multi-auth environment.
How is your scenario? to what switch are you connecting your host machine? are the VM's in the host machine in L2 each one with its own IP address? Are you making posture on that environment?
I believe the issue is not with Posture but with dot1x support in Hyper-V.
It is most likely that the Hyper-V is dropping EAP packets which are layer 2 frames sent to a multicast MAC address from the host machine.
This is a known issue and Microsoft seems to have acknowledged it.
I have not seen this issue for hosts behind a vSwitch though.
Check below links