I'm studying for ACMP, and reviewing the Advanced Security module.
I understand what machine authentication is, and how it works compared to user authentication.
But I don't get exactly what the option "Enforce Machine Authentication" is doing.
EAP Chaining is doing machine + user authentication in the same EAP session, which requires that the supplicant can support EAP Chaining.
I would think that this option is different from EAP Chaining, in the sense that Windows machine would authenticate at bootup, and user will authenticate at logon.
Someone can clarify on this option?
No supplicant required.
Thanks for quick reply.
I understand better now, this is all down to the role assigned, which will depend on the machine + user authentication status, as described here:
Machine Auth Status
User Auth Status
Both machine authentication and user authentication failed. L2 authentication failed.
No role assigned. No access to the network allowed.
Machine authentication failed (for example, the machine information is not present on the server) and user authentication succeeded. Server-derived roles do not apply.
Machine authentication default user role configured in the 802.1X authentication profile.
Machine authentication succeeded and user authentication has not been initiated. Server-derived roles do not apply.
Machine authentication default machine role configured in the 802.1X authentication profile.
Both machine and user are successfully authenticated. If there are server-derived roles, the role assigned via the derivation take precedence. This is the only case where server-derived roles are applied.
A role derived from the authentication server takes precedence. Otherwise, the 802.1X authentication default role configured in the AAA profile is assigned.
I'm more familiar with Cisco, and this is really different from how they handle authentication.
The use of roles in Aruba architecture allows to much more flexibility !
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.