EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 268

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
268| 802.1X Authentication AOS-W 6.5.3.x| User Guide
9. Click Apply.
In the CLI
(host)(config) #aaa authentication dot1x <profile>
termination enable
server-cert <certificate>
ca-cert <certificate>
Configuring User and Machine Authentication
When a Windows device boots, it logs onto the network domain using a machine account. Within the domain,
the device is authenticated before computer group policies and software settings can be executed; this process
is known as machine authentication. Machine authentication ensures that only authorized devices are allowed
on the network.
You can configure 802.1X for both user and machine authentication (select the Enforce Machine
Authentication option described in Table 72). This tightens the authentication process further, since both the
device and user need to be authenticated.
Working with Role Assignment with Machine Authentication Enabled
When you enable machine authentication, there are two additional roles you can define in the 802.1X
authentication profile:
n Machine authentication default machine role
n Machine authentication default user role
While you can select the same role for both options, you should define the roles as per the polices that need to
be enforced. Also, these roles can be different from the 802.1X authentication default role configured in the
AAA profile.
With machine authentication enabled, the assigned role depends upon the success or failure of the machine
and user authentications. In certain cases, the role that is ultimately assigned to a client can also depend upon
attributes returned by the authentication server or server derivation rules configured on the switch.
Table 73 describes role assignment based on the results of the machine and user authentications.
Machine
Auth
Status
User
Auth
Status
Description Role Assigned
Failed Failed Both machine authentication and user
authentication failed. L2 authentication
failed.
No role assigned. No access to the
network allowed.
Failed Passed Machine authentication failed (for
example, the machine information is
not present on the server) and user
authentication succeeded. Server-
derived roles do not apply.
Machine authentication default user
role configured in the 802.1X
authentication profile.
Passed Failed Machine authentication succeeded
and user authentication has not been
initiated. Server-derived roles do not
apply.
Machine authentication default
machine role configured in the 802.1X
authentication profile.
Table 73: Role Assignment for User and Machine Authentication

Table of Contents