Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
9
Helpful
5
Replies

Certificate Authentication using computer with HyperV vSwitch

Go to solution
creserva1
Level 1
Level 1

‎06-26-2018 03:08 PM

Does the native supplicant for Windows 10 support it? My test laptop keep failing when HyperV vSwitch manager is turned on.

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-30-2018 09:58 PM

Windows 8.1 with Hyper-V external switch – 802.1x will not work | Ward Vissers says,

If I will change switch mode to Internal/Private it will start working.

From https://social.technet.microsoft.com/forums/windows/en-US/341cbe70-3fa7-4991-a7e4-4f1af63df4d0/windows-8-hyperv-8021x-eapol-request-missing i read that “official” statement from Microsoft is that 802.1x with Hyper-V on Windows 8.1 is not working by design. #Fail Microsoft.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
howon
Cisco Employee
Cisco Employee

‎06-26-2018 04:34 PM

Hi, Chuck. vSwitch interface may have its own supplicant settings that needs to be setup. Go to list of network connections on the Windows PC and make sure the supplicant is enabled and configured like the real interface. Also, make sure the physical switch interface is configured as multi-auth mode to allow multiple MAC addresses.

0 Helpful

Go to solution
ognyan.totev
Level 5
Level 5
In response to howon

‎06-26-2018 09:21 PM

Tested in mine deployment ,not working . Dot1x fail every time. All is configured right, multi-auth ,machine got valid certificate the adaptor is configure to use dot1x,but it fail.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-26-2018 09:51 PM

I think the question here would be does the vSwitch forward/proxy EAPoL from the native suplicant if it is logically placed inbetween.  A quick debug or packet capture might indicate that the network port is not receiving it from the client. 

It's been a bit since I got down in the weeds but I believe the switch if configured to perform dot1x will send an eap request/identity packet, the client will send a response.  With a client native supplicant configured to perform dot1x I would expect to see a eapol start at the switchport.  I think debug radius authentication will show you this exchange. 

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-30-2018 09:58 PM

Windows 8.1 with Hyper-V external switch – 802.1x will not work | Ward Vissers says,

If I will change switch mode to Internal/Private it will start working.

From https://social.technet.microsoft.com/forums/windows/en-US/341cbe70-3fa7-4991-a7e4-4f1af63df4d0/windows-8-hyperv-8021x-eapol-request-missing i read that “official” statement from Microsoft is that 802.1x with Hyper-V on Windows 8.1 is not working by design. #Fail Microsoft.

0 Helpful

Go to solution
creserva1
Level 1
Level 1

‎07-02-2018 07:24 AM

I have tested this and no EAP message when Hyper vSwitch is turned on and 802.1x authentication. I agreed with hslai #Fail Microsoft.

No HyperV vSwitch successful auth 802.1x computer auth.

Capture1.PNG

With HyperV vSwitch failed auth there aren’t any EAP message coming from my laptop.

Capture2.PNG.jpg

Customers Also Viewed These Support Documents