cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
201
Views
2
Helpful
4
Replies

CISCO ISE Closed Mode

Bigmouse
Level 1
Level 1

Does anyone have the experience to migrate from CISCO ISE Low Impact Mode to Closed Mode? Could you help share the lession learn of technical part from this?

Best regard,

2 Accepted Solutions

Accepted Solutions

1-remove authentication open and pre-auth ACL from SW ports 

2-use VLAN instead of dACL in access-accept of ISE 

that only the different 

MHM

 

View solution in original post

no authc open <<- this command is not available if you use IBN2.0 I think 
you need to use 

access-session closed 

also for more info check link below 

https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe

View solution in original post

4 Replies 4

1-remove authentication open and pre-auth ACL from SW ports 

2-use VLAN instead of dACL in access-accept of ISE 

that only the different 

MHM

 

Hello,

so overall no need to change configuration on ISE and client right? do change only switch configuration? one more if I using IBN 2.0. which command should apply to sw "no authentication open" or "access-session closed"?

no authc open <<- this command is not available if you use IBN2.0 I think 
you need to use 

access-session closed 

also for more info check link below 

https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe

Keep in mind the commands provided to put access ports in closed mode will only all EAP packets.  You may want to create and test a Pre-Auth ACL before trying to role out closed mode in production.