Solved: Re: Imaging ports in an 802.1x closed mode environment

Walker · ‎11-04-2021

Greetings ISE Community,

I am researching different methods on how to support ports for imaging in a closed mode environment. I am curious how different organizations approach this and their experience in doing so.

Some results that I've found:

1. Dedicated switches meant for the sole purpose of imaging, locked in a room that requires access.

2. Imaging portal, where portal admin must add the MAC addresses when requested.

3. Low-impact mode. Configured for just imaging ports or whole environment?

4. Opening up the ports as needed, and locking them down when imaging is complete.

Happy to learn how you've tackled this issue and the pros/cons that you may have ran into!

Mohammed al Baqari · ‎11-04-2021

Hi,

I have used both 1 and 2. I favor 1 over 2 because in method 2, you need to
clear the identity group after the reimage is done. Otherwise the same
policy will be always matched based on mac address even if dot1x fails.
Method 1 limits the build to specific switch but it be unmanageable when
you need to provision different switches at remote locations for imaging.

**** please remember to rate useful posts

View solution in original post

Mohammed al Baqari · ‎11-04-2021

Hi,

I have used both 1 and 2. I favor 1 over 2 because in method 2, you need to
clear the identity group after the reimage is done. Otherwise the same
policy will be always matched based on mac address even if dot1x fails.
Method 1 limits the build to specific switch but it be unmanageable when
you need to provision different switches at remote locations for imaging.

**** please remember to rate useful posts