Virtual Machines with ISE Issues

fogemarttt · ‎05-18-2015

Hello All,

I have an Environment using Access Switch (Authenticator) with different Vlan for Access Point, Employee, Guest Users, Printers, IP Phone. this switch is connected to a router hosting vlan for Active Directory, WLC, and ISE. ISE is a VM and I also have some VM (employee-PC, Contractor PC) on the same physical server. I am not able to authenticate and authorize VMs and user conected using Virtual Machine.

Because the physical server hosting the VMs carry many VLAN, these port are a trunk port. Every time in Authentication Log, I get a Null error.

I have try to replace the command : Authentication host-mode multi-auth with Authentication host mode multi-host without success.

Please how is it possible to authenticate and authorize Virtual Machine Endpoint on ISE ??

jan.nielsen · ‎05-18-2015

Are you using VMWare ESX or Workstation ?

Are you using the same physical network card in your VMWare server for the ise and the clients ?

fogemarttt · ‎05-19-2015

hello Jan,

No. I am using VMWARE ESXI 5.1 and I have two vSwitch one for the data network(ise, ad, wlc etc..) and one for the access clients (printer, employee-pc, guest-pc etc.). It is working fine. each computer get the right address from the right dhcp pool.

jan.nielsen · ‎05-19-2015

What is the output of "show authentication session interface <port your esx client interface is connected to>" on your switch? Please do it while youre VM's are started and you are trying to authenticate them

renateneike · ‎06-28-2018

Hello,
is there a solution for this?
I have the same problem.

My Port-Configuration:

interface GigabitEthernet1/25
 description N.15
 switchport mode access
 switchport voice vlan 200
 speed 1000
 duplex full
 authentication event fail action next-method
 authentication host-mode multi-domain
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication timer restart 30
 authentication violation restrict
 mab
 dot1x pae authenticator
 spanning-tree portfast edge
end

Best regards,
Renate

renateneike · ‎06-28-2018

Hello,
is there a solution for this?
I have the same problem.

My Port-Configuration:

interface GigabitEthernet1/25
 description N.15
 switchport mode access
 switchport voice vlan 200
 speed 1000
 duplex full
 authentication event fail action next-method
 authentication host-mode multi-domain
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication timer restart 30
 authentication violation restrict
 mab
 dot1x pae authenticator
 spanning-tree portfast edge
end

Best regards,
Renate

Filip Po · ‎06-29-2018

Are you trying authenticate multiple hosts on the same one physical interface with switchport mode trunk configured on that interface?

And you trying to use multiple different dynamically assigned VLAN IDs to every host on that physical interface?

I bet you did not, because it will not work.

Take a look at this thread, it might help:

https://supportforums.cisco.com/discussion/11054926/8021x-multi-domain-multiple-workstation

Filip

renateneike · ‎07-02-2018

it works with

authentication host-mode multi-auth

Thanks :)