Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE low impact mode/Closed/Monitor

Can we put the the profiles one by one into closed mode in ISE

 

for example:

 

 You have three rules

 

Group A---Switch A---DOT1X-- Low impact mode

Group B--Swicth A--DOT1X---Closed Mode

Group c-- Switch A-- DOT1X-- Monitor Mode.

 

-  Now, after testing Low-impact mode and Monitor mode, one by one can we put them in closed mode? 

Can we accomplish this, Rule by rule?

 

Minakshi

4 REPLIES

Yes you can achieve the above

Yes you can achieve the above as it depends on switch level configuration.

Cisco Employee

Deploying Monitor Mode first

Deploying Monitor Mode first allows to step through all the issues, gaining visibility into successful and failed authentications, with minimal impact to the users and endpoints. Once issues have been addressed through Monitor Mode you can provide secured network access  Closed Mode.
 note :Closed Mode is recommended only for IT environments that are experienced with 802.1X deployments and have considered all the nuances that go along with it.In closed mode  any traffic prior to authentication will be dropped, including DHCP, DNS, and Address Resolution Protocol (ARP) traffic.Make sure evry thing is sorted out

 

Cisco Employee

you can find additional

you can find additional information on phased deployment in here

 

http://www.cisco.com/c/en/us/support/security/identity-services-engine/products-implementation-design-guides-list.html

Gold

Please refer the document

835
Views
0
Helpful
4
Replies