Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
213
Views
0
Helpful
1
Replies

ISE - Running VM's on the client

mkoponick
Level 1
Level 1

‎01-20-2016 11:09 AM - edited ‎03-10-2019 11:24 PM

Has anyone run multiple VM's on an end-point? I have mutiple users that run VM's on their laptops and I'm having difficulty getting them to authenticate properly via ISE.

Prior to install the VM's, everything worked perfectly, however now everything authenticates via MAB (I have two Windows machines running on one laptop) The original Windows installation went unchanged as far as I can tell.

Anyone run into  this issue?

Mike

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎01-20-2016 01:27 PM

That is expected behavior as 802.1x sees additional mac addresses that are not authenticated on the port. You have several ways to allow these devices on the network:

1. Utilize MAB with static mac database and/or profiling

2. Configure the the supplicants on the VMs to perform 802.1x based authentication

3. Configure those network ports to authenticate the first mac address on the network and then allow any additional mac addresses. This is accomplished with the following command:

 authentication host-mode multi-host

For more information on that command you can check out the following link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/dot1x.html

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents