User Guide
Configuring 802.1x Security 127
Chapter 11
Enabling machine authentication gives rise to the following scenarios.
Before configuring 802.1x on the switch for machine authentication, you
need to configure:
Machin
e Auth
Status
User
Auth
Status
Description Role
Ty p i c a l
Access Policy
Failed Failed Both machine
authentication and user
authentication failed. User
remain in the logon role
Logon No access to
network
Failed Passed If the machine
authentication fails, due
to reasons like
information not present
on server and user
authentication succeeds,
the user will get the User
Authentication Default
Role. The derivation roles
if present will not apply.
User
Authenticatio
n Default
Role
Limited access
depending on
users like
guest.
Passed Failed If machine authentication
succeeds and user
authentication has not
been initiated, the role
assigned would be the
Machine Authentication
Default Role. The
derivation rules if present
will not apply
Machine
Authenticatio
n Default
Role
Access
depending on
how secure the
machine is as
far as who
access is
concerned.
Passed Passed In case both machine and
user are successfully
authenticated, the
resultant role is the
802.1x Default role. In
case of derivation rules,
the rules assigned to the
user via derivation rules
will take precedence over
the default role. This is
the only case where
derivation rules would get
applied.
Default role
or role
assigned by
derivation
rules.
Most secure
since both
authentication
succeeded.
Permissions
could not
depend purely
on the user
classification
like guest,
employee,
admin etc.