Solved: Re: ISE- Low Impact Mode

hadeermohamedfcis1042391 · ‎03-22-2020

Hello,

I'm trying to deploy low impact mode on Cisco ISE but I don't know the requirements should I use on network devices and client-side.

and How can I install a certificate on Linux device to identify Cisco ISE?

Greg Gibbs · ‎03-22-2020

See the ISE Secure Wired Access Prescriptive Deployment Guide for information on ISE Phased Deployments. If you have not deployed Monitor Mode, you should start with that before moving to Low Impact Mode.

Deploying 802.1x on Linux is not very common. There are no built-in mechanisms for wide distribution of supplicant changes, so the configuration is mainly done manually on each Linux system. The configuration may vary between Linux distributions, but here is an example using Red Hat Enterprise Linux. To deploy 802.1x on a large scale, you would likely need to leverage an orchestration solution.

RHEL 7 - Configuring 802.1X Security

View solution in original post

Greg Gibbs · ‎03-22-2020

See the ISE Secure Wired Access Prescriptive Deployment Guide for information on ISE Phased Deployments. If you have not deployed Monitor Mode, you should start with that before moving to Low Impact Mode.

Deploying 802.1x on Linux is not very common. There are no built-in mechanisms for wide distribution of supplicant changes, so the configuration is mainly done manually on each Linux system. The configuration may vary between Linux distributions, but here is an example using Red Hat Enterprise Linux. To deploy 802.1x on a large scale, you would likely need to leverage an orchestration solution.

RHEL 7 - Configuring 802.1X Security

hslai · ‎03-23-2020

This depends on the 802.1X supplicant used. Most of wpa_supplicant does not appear to verify the RADIUS server certificate(s).