Solved: Re: Bridge-mode VM

Sylvain_Che · ‎02-02-2023

Hello folks,

The "Bridge-Mode VM" feature is added on DNAC v2.3.3.

I would like to know what this feature is exactly used for? In which use-case we should use it?

What does DNAC apply to switches?

I read on User Guide that this feature has a relation with Wireless. Is it strictly related to Wireless? Or Wired also?

Thanks,

Sylvain.

PabMar · ‎02-03-2023

Hi Sylvain,

Some details from the Release Notes.

Use case:

- Wireless virtual machine clients running in bridge mode need to onboard cisco SD-access fabric.

- Currently, Wireless clients cannot program the host NIC to operate in promiscuous mode – as a result, network sees only the host MAC

Details of the feature:

- We are solving this use case by overriding the host mac with the source mac address of the virtual machine through DHCP (VM mac is visible only in DHCP).

- The Cisco DNA Center GUI lets you create an IP address pool for wireless with the Bridge Mode VM enabled.

Considerations:

- Wireless virtual machine clients should be running same IP Pool as host.

- This is supported only for IPv4.

- Guest web authentication redirect is not supported with bridge mode VM clients.

- Authentication/Enforcement is not supported on wireless virtual machines in bridge mode.

That's as much info as I have at the moment.

Hope it helps.

Regards.

View solution in original post

PabMar · ‎02-03-2023

Hi Sylvain,

Some details from the Release Notes.

Use case:

- Wireless virtual machine clients running in bridge mode need to onboard cisco SD-access fabric.

- Currently, Wireless clients cannot program the host NIC to operate in promiscuous mode – as a result, network sees only the host MAC

Details of the feature:

- We are solving this use case by overriding the host mac with the source mac address of the virtual machine through DHCP (VM mac is visible only in DHCP).

- The Cisco DNA Center GUI lets you create an IP address pool for wireless with the Bridge Mode VM enabled.

Considerations:

- Wireless virtual machine clients should be running same IP Pool as host.

- This is supported only for IPv4.

- Guest web authentication redirect is not supported with bridge mode VM clients.

- Authentication/Enforcement is not supported on wireless virtual machines in bridge mode.

That's as much info as I have at the moment.

Hope it helps.

Regards.

andy!doesnt!like!uucp · ‎02-06-2023

Hi
doesnt purpose of feature sound a bit contradictory to "- Authentication/Enforcement is not supported on wireless virtual machines in bridge mode"?

jedolphi · ‎02-07-2023

Hello Andy, prior to this feature it was not possible to support bridge-network VMs on a wireless endpoint, so the feature has value in it's current form.

Release of the full functionality has been phased. MAB auth and policy (SGT) per wireless Bridge VM comes in DNAC 2.3.5.x + 17.10

andy!doesnt!like!uucp · ‎02-07-2023

Hi
just to be on the same page with feature purpose & cite from pabmar:
"Considerations:
...
- Authentication/Enforcement is not supported on wireless virtual machines in bridge mode."
does feature implement Authentication/Enforcement for wireless virtual machines or doesnt?

jedolphi · ‎02-13-2023

"does feature implement Authentication/Enforcement for wireless virtual machines or doesnt?"

It depends on which release you are asking about. In 2.3.3.x it does not. In 2.3.5.x (ETA APPROX March 2023) it will support MAB and SGT for the wireless bridge-network VMs. All authentication methods will be supported for the wireless VM host.

andy!doesnt!like!uucp · ‎02-13-2023

tnx. more or less clear

Sylvain_Che · ‎02-03-2023

Thank you @PabMar.