https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680591#M495709 <P>Hi,</P> <P>if you have N number of SGT's added into ISE then the matrix will have N rows and N columns. So, the matrix will be N x N.</P> <P>So, in ISE 2.4 there is now a limit of a 10k x 10k matrix BUT that would be for a very very special use-case.</P> <P>&nbsp;</P> <DIV style="text-align: start;"><SPAN style="font-family: Calibri, sans-serif;">Most customers are using less than 250 SGTs, almost all are using less than 500.</SPAN> Some customers are using 2000 SGTs but we know exactly what platforms they are using and have worked through it carefully. You can have large no.s if the specific infrastructure and use cases are carefully understood.</DIV> <DIV style="text-align: start;">We do support multiple matrices in ISE so you could maybe have a matrix per use case and we do have custom matrix views plus a tree view to make management easier.</DIV> <DIV style="text-align: start;">Normally keeping it simple to meet the customer needs is the way to go.</DIV> <P>Regards, Jonothan.</P> Fri, 03 Aug 2018 07:09:15 GMT jeaves@cisco.com 2018-08-03T07:09:15Z https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3679892#M495675 <DIV class="jive-rendered-content"> <P>Hi team,</P> <P style="min-height: 8pt; padding: 0px;">&nbsp;</P> <P>In this document <A class="jive-link-external-small" href="https://communities.cisco.com/docs/DOC-68347" rel="nofollow" target="_blank">ISE Performance &amp; Scale | Cisco Communities</A>&nbsp; it's mentioned that the maximum number of SGACLs supported in ISE 2.2 was 2500, and it seems it's decreased to 1000 in ISE 2.4, is that correct or a doc typo? On the other hand, do we have any limits in terms of maximum Source / Destination SGTs supported when creating the TrustSec Policy Matrix?</P> <P style="min-height: 8pt; padding: 0px;">&nbsp;</P> <P>Thanks,</P> <P>Oriol</P> </DIV> Thu, 02 Aug 2018 10:42:59 GMT https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3679892#M495675 omadrile 2018-08-02T10:42:59Z https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680166#M495676 I'm checking with the author of the doc to be sure but it does seem we have rolled back the amount of SGACLs. I'll update once I hear back. As for the second part of your question, I'm not sure I understand. Could you elaborate?<BR /><BR />Regards,<BR />Tim Thu, 02 Aug 2018 15:30:09 GMT https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680166#M495676 Timothy Abbott 2018-08-02T15:30:09Z https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680241#M495707 <P>Performance and Scale page updated.&nbsp;</P> Thu, 02 Aug 2018 17:01:17 GMT https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680241#M495707 Craig Hyps 2018-08-02T17:01:17Z https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680296#M495708 <P>Thanks for your reply Tim. What I meant in the second question is whether there's a max NxN dimension limit for the TrustSec Policy Matrix in ISE. Given that the max number of SGTs in ISE 2.4 is 10000, does that mean that the max dimension for such matrix is 100 x 100 ?</P> Thu, 02 Aug 2018 18:10:11 GMT https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680296#M495708 omadrile 2018-08-02T18:10:11Z https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680591#M495709 <P>Hi,</P> <P>if you have N number of SGT's added into ISE then the matrix will have N rows and N columns. So, the matrix will be N x N.</P> <P>So, in ISE 2.4 there is now a limit of a 10k x 10k matrix BUT that would be for a very very special use-case.</P> <P>&nbsp;</P> <DIV style="text-align: start;"><SPAN style="font-family: Calibri, sans-serif;">Most customers are using less than 250 SGTs, almost all are using less than 500.</SPAN> Some customers are using 2000 SGTs but we know exactly what platforms they are using and have worked through it carefully. You can have large no.s if the specific infrastructure and use cases are carefully understood.</DIV> <DIV style="text-align: start;">We do support multiple matrices in ISE so you could maybe have a matrix per use case and we do have custom matrix views plus a tree view to make management easier.</DIV> <DIV style="text-align: start;">Normally keeping it simple to meet the customer needs is the way to go.</DIV> <P>Regards, Jonothan.</P> Fri, 03 Aug 2018 07:09:15 GMT https://community.cisco.com/t5/network-access-control/maximum-sgacls/m-p/3680591#M495709 jeaves@cisco.com 2018-08-03T07:09:15Z