We used three modes of Deployment of ISE
1- Monitor Mode
2- Low-Impact Mode
3- Closed Mode
Monitor Mode -->>
Basically, we used monitor mode to understand the traffic flow of the organization.
we consider below point --
• Will not impact a production network.• Authentication will be attempted, but denied authentication attempts will be allowed on the network anyway.• Audit logs can be used to understand what is on the network and what would have failed if policy was being enforced.• Potential problems can be identified and corrected before transitioning to Low-Impact Mode.
Low-Impact Mode -->>>
Deploys an ACL to every switchport.
• The ACL typically allows basic “Test” services such as DHCP, DNS, AD,
etc…
• The authentication/authorization takes place and the ACL is replaced,
in real-time, with a defined ACL based on the authorization result.
• E.g. If user is in Sales AD Group, then grant Sales-ACL.
• This can be and often is the finished product
Closed Mode --->>>
• Only EAP traffic is allowed before authentication.
• E.g. No DHCP, DNS, Etc…
• Most secure option as no traffic is allowed prior to authentication