topic Re: any difference in ISE for open and closed mode in Network Access Control

any difference in ISE for open and closed mode

getaway51 — Mon, 11 Nov 2019 02:03:34 GMT

Hi,

I am currently activating monitor mode.

When i checked in Context visibility, some devices have Auth failure reason such as Rejected per authorization profile, subject nt found in identity stores,etc.

When activating closed mode, does this means tht these objects will be blocked? Can i tell from the "Auth failure reason" which devices will be blocked after "closed mode" activation?

Wht is the best practice to see if a device pass/blocked after "closed mode" activation?

Re: any difference in ISE for open and closed mode

Arne Bier — Mon, 11 Nov 2019 02:49:28 GMT

Perhaps other can point out further subtleties on this, but I would say that if the switch port is in Closed Mode, then any Auth Failure from the RADIUS server would result in the port being closed (client data access denied).

Therefore you can run an ISE Report - "RADIUS Authentications", and filter on RADIUS Status "Failed".

Re: any difference in ISE for open and closed mode

getaway51 — Mon, 11 Nov 2019 04:09:53 GMT

Hi Arne,

FYI authentication policy is ALLOW all for all "internal endpoints" which means all endpoints.

RADIUS Status "Failed" here means authorization failure?

I can see there are only 2 types of situation tht will hv RADIUS Status "Failed"

1)Those non 802.1X devices tht uses MAB but its mac address not added into the customize identity grp:laptop-mab

2)Those 802.1x devices tht has auth failure reason: devices not falls under applicable identity stores-which i still checking out why