cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2884
Views
0
Helpful
2
Replies

ISE- Low Impact Mode

Hello,

I'm trying to deploy low impact mode on Cisco ISE but I don't know the requirements should I use on network devices and client-side.

and How can I install a certificate on Linux device to identify Cisco ISE?

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

See the ISE Secure Wired Access Prescriptive Deployment Guide for information on ISE Phased Deployments. If you have not deployed Monitor Mode, you should start with that before moving to Low Impact Mode.

 

Deploying 802.1x on Linux is not very common. There are no built-in mechanisms for wide distribution of supplicant changes, so the configuration is mainly done manually on each Linux system. The configuration may vary between Linux distributions, but here is an example using Red Hat Enterprise Linux. To deploy 802.1x on a large scale, you would likely need to leverage an orchestration solution.

RHEL 7 - Configuring 802.1X Security 

View solution in original post

2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

See the ISE Secure Wired Access Prescriptive Deployment Guide for information on ISE Phased Deployments. If you have not deployed Monitor Mode, you should start with that before moving to Low Impact Mode.

 

Deploying 802.1x on Linux is not very common. There are no built-in mechanisms for wide distribution of supplicant changes, so the configuration is mainly done manually on each Linux system. The configuration may vary between Linux distributions, but here is an example using Red Hat Enterprise Linux. To deploy 802.1x on a large scale, you would likely need to leverage an orchestration solution.

RHEL 7 - Configuring 802.1X Security 

hslai
Cisco Employee
Cisco Employee

This depends on the 802.1X supplicant used. Most of wpa_supplicant does not appear to verify the RADIUS server certificate(s).