04-11-2017 10:59 PM
I'm studying for the ACMP exam and had a discussion with my fellow classmates. Since the official training is over I can't fallback on the teacher, hence this question.
Which role will be assigned when both user and machine authentication fail. I thought it would fallback to the initial role defined in the AAA profile. However the testexams clearly state that no role will be assigned.
After investigating the assignment further on a production controller (can't change anything here) I found the default AAA profile. When I drill down to Security > Authentication > Profiles and click on AAA profiles and click on Default I see the initial role defined as Logon. MAC and 802.1x are set to Guest.
When I however unfold the Default profile and click on MAC authentication I see the role N/A. The same goes for 802.1x authentication.
Now for the question ;-)
Does the setting N/A mean the role Logon will be assigned unless MAC and user authentication fail and no role will be assigned when authentication fail ?
Solved! Go to Solution.
04-12-2017 01:29 AM
Hey, i'm studying to re-sit my ACMP too as it has expired. If both machine and user authentication fails, then no role will be assigned as the authentication attempt has failed.
This makes sense (or at least to me!) if the machine authentication failed user authentication has failed, why would you even assign a role and allow access to a network? The role would still connect them to a network even when they have failed all authentication attempts?
In regards to the N/A setting, I believe no role will be assigned as these profiles/server groups have not been set in the profile
aaa profile "default" authentication-dot1x "default-psk" !
If my post addresses your query, give kudos:)
04-12-2017 01:32 AM
Thanks for your reply.
Yes, it makes sense but I couldn’t find a definitive answer anywhere. Since I don’t have a controller at my disposal I also cannot ‘just’ check it out ;-)