Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3000
Views
0
Helpful
2
Replies

any difference in ISE for open and closed mode

getaway51
Level 2
Level 2

‎11-10-2019 06:03 PM

Hi,

 

I am currently activating monitor mode. 

When i checked in Context visibility, some devices have Auth failure reason such as Rejected per authorization profile, subject nt found in identity stores,etc.

When activating closed mode, does this means tht these objects will be blocked? Can i tell from the "Auth failure reason" which devices will be blocked after "closed mode" activation?

Wht is the best practice to see if a device pass/blocked after "closed mode" activation?

 

 

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎11-10-2019 06:49 PM

Perhaps other can point out further subtleties on this, but I would say that if the switch port is in Closed Mode, then any Auth Failure from the RADIUS server would result in the port being closed (client data access denied).

Therefore you can run an ISE Report - "RADIUS Authentications", and filter on RADIUS Status "Failed".

0 Helpful

getaway51
Level 2
Level 2
In response to Arne Bier

‎11-10-2019 08:09 PM

Hi Arne,

 

FYI authentication policy is ALLOW all for all "internal endpoints" which means all endpoints.

RADIUS Status "Failed"  here means authorization failure?

I can see there are only 2 types of situation tht will hv RADIUS Status "Failed"

1)Those non 802.1X devices tht uses MAB but its mac address not added into the customize identity grp:laptop-mab

2)Those 802.1x devices tht has auth failure reason: devices not falls under applicable identity stores-which i still checking out why 

0 Helpful
Customers Also Viewed These Support Documents