02-20-2019 12:05 PM - edited 03-08-2019 07:12 PM
We are deploying wired 802.1x and had a conversation on if a computer authenticates to the network, but a user has not logged into the network. Would the helpdesk be able to connect to the computer as a local administrator? Has anybody ran into this while deploying 802.1x. Do we need to have a computer authentication ACL, and a user authentication ACL? What is the best practice?
Thanks in advance!
Solved! Go to Solution.
02-20-2019 02:12 PM
02-20-2019 03:30 PM
02-20-2019 02:12 PM
02-20-2019 03:30 PM
02-21-2019 03:29 AM
Thank you for the EAP chaining examples.
02-21-2019 08:36 AM
Just to add my 2 cents. I usually avoid EAP chaining because it forces you to install NAM and it is proprietary method.
As Damien said you first have to ask what are the goals for authenticating computers/users. Most customers simply want to answer the question "Are the devices connecting corporate device?". If that is the main question then PEAP Computer answers that question and you have no issues with user logins (local or AD).
If the customer requires user based polices I will usually move them to EAP-TLS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide