Solved: Re: ISE Monitor Mode

latenaite2011 · ‎06-06-2018

I was trying to follow this guide to configure monitor mode and it seems like the example provided, on page 10 Step 6 has the options for authentication failed to Reject, user not found to Reject and Process failed drop. Should we're in monitor mode, should these be continue on all options?

https://communities.cisco.com/docs/DOC-68150

Is there a better guide and updated for 2.4?

thanks in advance,

Marvin Rhoads · ‎06-07-2018

@latenaite2011

You're welcome.

Please mark the reply as a solution if it answered your question.

View solution in original post

Marvin Rhoads · ‎06-06-2018

It remains correct even for the latest ISE release.

The AuthC action in ISE is to reject or drop but since the switchports have "authentication open" in monitor mode, the switch continues to allow access. The ISE live logs will show the failure (as they should in monitor mode) but endpoint access is not affected.

See https://communities.cisco.com/docs/DOC-68171 (page 14 step 5).

latenaite2011 · ‎06-06-2018

Hi Marvin,

Thank you for the quick reply.

Just tested this and it worked!

Thank you!

Marvin Rhoads · ‎06-07-2018

@latenaite2011

You're welcome.

Please mark the reply as a solution if it answered your question.

joeharb · ‎12-11-2019

I am interested in the contents of the link https://communities.cisco.com/docs/DOC-68171 but it does not appear to accessible...can someone provide an alternate or give me more insight to what was on page 14 and 15?

Thanks,

Joe