Solved: CISCO ISE Closed Mode

B!G•M0US€ · ‎10-30-2024

Does anyone have the experience to migrate from CISCO ISE Low Impact Mode to Closed Mode? Could you help share the lession learn of technical part from this?

Best regard,

MHM Cisco World · ‎10-30-2024

1-remove authentication open and pre-auth ACL from SW ports

2-use VLAN instead of dACL in access-accept of ISE

that only the different

MHM

View solution in original post

MHM Cisco World · ‎10-31-2024

no authc open <<- this command is not available if you use IBN2.0 I think
you need to use

access-session closed

also for more info check link below

https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe

View solution in original post

MHM Cisco World · ‎10-30-2024

1-remove authentication open and pre-auth ACL from SW ports

2-use VLAN instead of dACL in access-accept of ISE

that only the different

MHM

B!G•M0US€ · ‎10-30-2024

Hello,

so overall no need to change configuration on ISE and client right? do change only switch configuration? one more if I using IBN 2.0. which command should apply to sw "no authentication open" or "access-session closed"?

MHM Cisco World · ‎10-31-2024

no authc open <<- this command is not available if you use IBN2.0 I think
you need to use

access-session closed

also for more info check link below

https://www.wiresandwi.fi/blog/solid-config-cisco-ibns-2-0-802-1x-mab-switch-configuration-ios-xe

wsteele@conres.com · ‎10-31-2024

Keep in mind the commands provided to put access ports in closed mode will only all EAP packets. You may want to create and test a Pre-Auth ACL before trying to role out closed mode in production.

CISCO ISE Closed Mode

Doc - Implementación y Configuración de Cisco ISE

Doc-Cisco ISE Posture p/ VPN de Acceso Remoto con Cisco Secure Client

Troubleshoot Cisco ISE

Cisco ISE

ISE: "Baltimore CyberTrust Root"の証明書期限切れについて