Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9238
Views
0
Helpful
2
Replies

802.1x in Windows 10 with Hypver-v

Go to solution
steven austin
Level 1
Level 1

‎03-12-2016 11:39 AM - edited ‎03-10-2019 11:34 PM

Hello,

I'm trying to get Windows 10 with Hypver-v enabled to successfully complete 802.1x negotiations and posture assessment with Cisco ISE.  When Hypver-V is enabled on Windows 10 with an External type vSwitch, the 802.1x service is moved from the physical NIC to the vSwitch nic.  The issue I have noticed is that the vSwitch nic does not respond to any EAPOL messages.  As a workaround, I have tried to leverage the Cisco NAM module to negotiate 802.1x which does work, but the issue is that the Cisco Anyconnect Network Access Manager Filter Driver does not recognize the existence of the vSwitch nic.  

In the below pic, 802.1x auth completed successfully but anyconnect can't determine the status because the Filter Driver is not functioning on the vSwitch nic.

vSwitch nic (Filter Driver is there but non functional.  If I click the checkbox and then click Ok Windows prompts to disable the driver which is odd.  It is as if Windows believes the driver is falsely enabled.)

The physical nic has the Filter Driver enabled but because Windows 10 has moved all the network functionality to the vSwitch nic, Cisco NAM is looking in the wrong place.

Thank you for your help.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎10-16-2019 05:27 PM

It is supported with Windows Server 2019 & Windows 10 version 1809 and above. 802.1x through the Hyper-V vSwitch is supported by making following registry edit:

Run the following from an elevated command prompt.

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmsmp\parameters” /v 8021xEnabled /t REG_DWORD /d 1 /f 
shutdown /r /t 0

Source: https://windowsserver.uservoice.com/forums/295050-virtualization/suggestions/8619418-let-hyper-v-virtual-switch-forward-802-1x-authenti

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎03-29-2016 12:32 AM

Hi Steven-

The issues that you are facing are not with the supplicant/client but the network access device (NAD) which in your case is the vSwitch which does not understand/support 802.1x/EAPoL. 

To provide secure access in your scenario you will also need the Nexus 1000v and SGT/SGA/TrustSec. 

Have a look at the following link:

http://blogs.cisco.com/enterprise/using-trustsec-to-simplify-virtual-desktop-infrastructure-vdi-deployment?_ga=1.71414867.1971257750.1450676310

Thank you for rating helpful posts!

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee

‎10-16-2019 05:27 PM

It is supported with Windows Server 2019 & Windows 10 version 1809 and above. 802.1x through the Hyper-V vSwitch is supported by making following registry edit:

Run the following from an elevated command prompt.

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmsmp\parameters” /v 8021xEnabled /t REG_DWORD /d 1 /f 
shutdown /r /t 0

Source: https://windowsserver.uservoice.com/forums/295050-virtualization/suggestions/8619418-let-hyper-v-virtual-switch-forward-802-1x-authenti

 

0 Helpful
Customers Also Viewed These Support Documents