So I recently ran into a new challenge using 802.1x wired authentication with Clear Pass. We are connect our laptops to the network through the a Cisco VoIP phone. So the phone goes through MAC Authentication and the computer connected to the PC port on the phone goes through 802.1x authentication.
However when testing using a USB Mini Dock, which connects secondary monitors and Ethernet, I am unable to run 802.1x on my laptop and am also forced to authenticate the Dock.
Profiling is useless with these docks, as they are categorized as Computers or in one case Generic. Also it contains a Virtual Ethernet and the physical Ethernet, both with the same MAC Address. This causes the Virtual Ethernet to be authenticated, but the Physical remains Unidentified. In other words if I use the dock with MAC Authentication, whatever device that connects physically to the dock will be able to connect to the network without authenticating.
Is there a way to enforce this more precisely?
I'm including a screenshot of the ipconfig /all which shows both the Virtual and Physical Ethernet with the same MAC, the Virtual being authenticated and the Physical Unidentified. Also a image of the dock, a J5 Create (JUD380).
The multiple adapters with the same MAC seem to be related to VMware/Hyper-V which appears to be installed on your system. It creates a virtual switch/bridge to connect the physical adapter to your Windows and the VMs that you are running.
Do you see the same for laptops that don't have VMWare and Hyper-V installed?
Then for an 802.1X authenticated device behind an IP-Phone, if the device has been authenticated and you switch another laptop to your dock, it will share the same MAC and stays authenticated. In such a scenario there are two things that I would recommend:
And combining these two is a good idea.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.