Machine-Authentication = * Dot1x-Authentication done using machine-credentials
and its done during pre-login (ex: client logs-off,restart and before client login to the system will
trigger machine-authentication " if " configured on the client).
* If Machine-auth is successful, AOS caches the credential of machine (MAC-Address of the client) to
local-userdb & machine-cache. client is placed in machine-role (configured in dot1x profile)
User-Dot1x-Authentication = * Dot1x-Authentication done when user logs in to the system
* While doing user-dot1x-authentication, we check for the previous machine-authentication state by
querying machine-cache, and local-userdb (if machine-cache is expired). If found, we treat client
has passed machine-authentication earlier and honor the role or vlan derivation, else place
the client in machine-auth user-default-role (configured in dot1x profile).
Increasing the machine-cache timeout to larger value prevents the domain-client for doing machine-auth frequently by logoff / restart everytime ; and prevents the non-domain clients getting into reserved user-role / vlan.