10-30-2024 09:31 PM
Does anyone have the experience to migrate from CISCO ISE Low Impact Mode to Closed Mode? Could you help share the lession learn of technical part from this?
Best regard,
Solved! Go to Solution.
10-30-2024 11:39 PM
1-remove authentication open and pre-auth ACL from SW ports
2-use VLAN instead of dACL in access-accept of ISE
that only the different
MHM
10-31-2024 12:09 AM
no authc open <<- this command is not available if you use IBN2.0 I think
you need to use
access-session closed
also for more info check link below
https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe
10-30-2024 11:39 PM
1-remove authentication open and pre-auth ACL from SW ports
2-use VLAN instead of dACL in access-accept of ISE
that only the different
MHM
10-30-2024 11:56 PM
Hello,
so overall no need to change configuration on ISE and client right? do change only switch configuration? one more if I using IBN 2.0. which command should apply to sw "no authentication open" or "access-session closed"?
10-31-2024 12:09 AM
no authc open <<- this command is not available if you use IBN2.0 I think
you need to use
access-session closed
also for more info check link below
https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe
10-31-2024 10:04 AM
Keep in mind the commands provided to put access ports in closed mode will only all EAP packets. You may want to create and test a Pre-Auth ACL before trying to role out closed mode in production.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide