Security

Dear all,

 

is there any best practise user guide how to implement 802.1X authentication with ClearPass for development computers where virtual machines are installed?

 

Thanks

Michael

The question is will the VM allow you to even configure 802.1x on that adapter. Often your only option is to bridge or nat traffic on that interface.

It depends on the mode how the PC is configured, right? If the setup is able to send the MAC of the virtual machine or if the MAC of the ethernet adapter is the only MAC address seen in the network.

Are you talking about Mac authentication, Or 802.1x?

802.1X

I do not think you can configure 802.1x credentials on the uplink adapter in a VM.

I've got multiple VMs running on my OSX machine ( VmWare Fusion) authenticating via mac auth or dot1x. Your VM needs to have a "bridged" network interface. Whether it works or not depends on the capabilities of the switch port you are plugged into. On an HP procurve switch you can have multiple tagged vlans and a single untagged vlan. This would allow you to, for example have a VOIP phone connected to the wall socket using a tagged vlan and a pc ( windoze/osx/linux etc) plugged into the ethernet socket on the phone. You would be able to have multiple VMs all authenticating using mac-auth or dot1x as long as they ended up on the same untagged vlan.

 

With an HP ComWare switch, you can have as many untagged VLANs as you want on the switch port as the ComWare switch does mac address to vlan mapping. With this switch the default is to have a seriously large number of (untagged) vlans on a switch port. As an example, at one point I had

 

1). VOIP phone mac-authing onto an untagged voice vlan

2).OS X dot1x'ing onto another untagged vlan

3). Windows 7 vlan mac-auth'ing onto another untagged vlan

4). and an Ubuntu VM dot1x'ing onto a 4th untagged vlan ..

 

So it does depend on what sort of switch client device is connected to.

 

A