Closed Mode is similar to the default behavior of 802.1X. As shown in Figure 20-3, the port does not allow any traffic before the authentication (except for EAP, CDP, and LLDP), and then the port will be assigned to specific authorization results after the authentication.
Closed Mode was once called High-Security Mode, but it was renamed due to the perception that it was more secure than Low-Impact Mode. In truth, both modes are equally secure. The security level of either end state is truly dependent on the configuration of the devices and the policies on ISE, not the mode of operation. In other words, an admin can make Closed Mode very insecure or very secure, depending on the implementation.
As shown previously in Figure ...