08-21-2014 03:04 AM - edited 03-10-2019 09:57 PM
Can we put the the profiles one by one into closed mode in ISE
for example:
You have three rules
Group A---Switch A---DOT1X-- Low impact mode
Group B--Swicth A--DOT1X---Closed Mode
Group c-- Switch A-- DOT1X-- Monitor Mode.
- Now, after testing Low-impact mode and Monitor mode, one by one can we put them in closed mode?
Can we accomplish this, Rule by rule?
Minakshi
08-22-2014 01:34 AM
Yes you can achieve the above as it depends on switch level configuration.
08-22-2014 02:46 AM
Deploying Monitor Mode first allows to step through all the issues, gaining visibility into successful and failed authentications, with minimal impact to the users and endpoints. Once issues have been addressed through Monitor Mode you can provide secured network access Closed Mode.
note :Closed Mode is recommended only for IT environments that are experienced with 802.1X deployments and have considered all the nuances that go along with it.In closed mode any traffic prior to authentication will be dropped, including DHCP, DNS, and Address Resolution Protocol (ARP) traffic.Make sure evry thing is sorted out
10-24-2014 02:14 AM
you can find additional information on phased deployment in here
http://www.cisco.com/c/en/us/support/security/identity-services-engine/products-implementation-design-guides-list.html
08-25-2014 05:47 AM
Please refer the document :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide