04-10-2012 10:03 AM - edited 03-10-2019 06:59 PM
Hello,
We trying to utilize the following scenario:
BYOD with users' windows based laptops and Apple Mac Books
Virtual machines within each of the physical machines: For Windows, the VMs will be Windows 7 VMs running within VM Workstation. For Macs, users will be running Windows 7 VMs within Fusion.
802.1x set for multi-host
Using 802.1x, we have a guest network that places the user's physical machine in once it fails authentication. The virtual machine runs the corporate image, and we'd like to have this VM connected to our corporate VLAN.
We have been running into this scenario though:
1. User plugs his BYOD laptop from into the network. His laptop gets attached to the guest network because it fails the 802.1x check.
2. The VM is powered on. It successfully is connected to the corporate network.
3. Now, the user unplugs his network cable from his host machine and waits 10 seconds.
4. He then re-plugs the network cable to his host machine.
5. The VM is the first to authenticate to the 802.1x network and it gains access to the corporate network.
6. Due to the VM being the first to authenticate on 802.1x, the host network connection piggybacks off of the VM, and therefore the host gains access to the corporate network
Obviously this represents a no-go if the user's BYOD computer is able to access the corporate network. Is there is any specific way that 802.1x can be configured to prevent this from happening?
Thanks,
Mooge
04-12-2012 12:46 PM
Multi-Host is not the right option for you. In this Multi-Host only one device has to successfully authenticate to authenticate all device on that port.
You need to set host-mode to "multi-auth"
04-24-2012 01:48 PM
And i believe VLAN change will be a problem for you, if you use multi auth, as your port only can be in one vlan. You could use dACL's instead.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide