This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We are deploying wired 802.1x and had a conversation on if a computer authenticates to the network, but a user has not logged into the network. Would the helpdesk be able to connect to the computer as a local administrator? Has anybody ran into this while deploying 802.1x. Do we need to have a computer authentication ACL, and a user authentication ACL? What is the best practice?
Thanks in advance!
Solved! Go to Solution.
Just to add my 2 cents. I usually avoid EAP chaining because it forces you to install NAM and it is proprietary method.
As Damien said you first have to ask what are the goals for authenticating computers/users. Most customers simply want to answer the question "Are the devices connecting corporate device?". If that is the main question then PEAP Computer answers that question and you have no issues with user logins (local or AD).
If the customer requires user based polices I will usually move them to EAP-TLS.