Solved: CISCO ISE Closed Mode - Cisco Community

1659

Views

2

Helpful

4

Replies

Does anyone have the experience to migrate from CISCO ISE Low Impact Mode to Closed Mode? Could you help share the lession learn of technical part from this?

Best regard,

2 Accepted Solutions

Accepted Solutions

1-remove authentication open and pre-auth ACL from SW ports

2-use VLAN instead of dACL in access-accept of ISE

that only the different

MHM

View solution in original post

no authc open <<- this command is not available if you use IBN2.0 I think
you need to use

access-session closed

also for more info check link below

https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe

View solution in original post

4 Replies 4

1-remove authentication open and pre-auth ACL from SW ports

2-use VLAN instead of dACL in access-accept of ISE

that only the different

MHM

Hello,

so overall no need to change configuration on ISE and client right? do change only switch configuration? one more if I using IBN 2.0. which command should apply to sw "no authentication open" or "access-session closed"?

no authc open <<- this command is not available if you use IBN2.0 I think
you need to use

access-session closed

also for more info check link below

https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe

Keep in mind the commands provided to put access ports in closed mode will only all EAP packets. You may want to create and test a Pre-Auth ACL before trying to role out closed mode in production.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community