Chapter 23. Closed Mode

As previously described in Chapter 20, “Deployment Phases,” Low-Impact Mode and Closed Mode are the end-state choices for your deployment. There is no specific best practice for which mode is better to deploy; it entirely depends on your organization and its specific needs.

One of the benefits of deploying in Closed Mode is the ability to easily assign VLANs to any authorization. Unlike Monitor and Low-Impact Modes, where devices are provided network access before the authentication request is sent to ISE, Closed Mode provides zero access before receiving a response from ISE or a timeout occurs. (See Chapter 18, “Setting Up a Distributed ISE Deployment,” for more on timeouts and High Availability.) Because no access was ...

Get Cisco ISE for BYOD and Secure Unified Access now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.