02-20-2019 12:05 PM - edited 03-08-2019 07:12 PM
We are deploying wired 802.1x and had a conversation on if a computer authenticates to the network, but a user has not logged into the network. Would the helpdesk be able to connect to the computer as a local administrator? Has anybody ran into this while deploying 802.1x. Do we need to have a computer authentication ACL, and a user authentication ACL? What is the best practice?
Thanks in advance!
Solved! Go to Solution.
02-20-2019 02:12 PM
02-20-2019 03:30 PM
02-20-2019 02:12 PM
02-20-2019 03:30 PM
02-21-2019 03:29 AM
Thank you for the EAP chaining examples.
02-21-2019 08:36 AM
Just to add my 2 cents. I usually avoid EAP chaining because it forces you to install NAM and it is proprietary method.
As Damien said you first have to ask what are the goals for authenticating computers/users. Most customers simply want to answer the question "Are the devices connecting corporate device?". If that is the main question then PEAP Computer answers that question and you have no issues with user logins (local or AD).
If the customer requires user based polices I will usually move them to EAP-TLS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: