topic TrustSec Notifications and Updates in Network Access Control https://community.cisco.com/t5/network-access-control/trustsec-notifications-and-updates/m-p/4320055#M566642 <P>Hi,</P><P>We have 4 ISE (2 PAN/MNT) and 2 PSN and a DNA Center.</P><P>SGT are created on DNA center, which informs ISE and then ISE pushes them to the Switches.</P><P>All looks fine as we can see SGT on switches, but can't figure out the magic ....</P><P>&nbsp;</P><P>I created a SGT on DNAC, and on ISE I use the Push option (top right of the Webui)</P><P>&nbsp;</P><P>If I run a TCPDUMP on the PSN I see that the SGT list is learnt by the NAD</P><P>If I run a TCPDUMP on the PAN, I see a CoA from the PAN to the NAD with something like "update-cts-environment-data" (but no SGT list).=&gt; what i the need for this?</P><P>&nbsp;</P><P>Is there a dcumentation that explain the role of each component PSN/PAN in the SGT Notifications and updates.</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 07 Apr 2021 17:03:05 GMT REJR77 2021-04-07T17:03:05Z TrustSec Notifications and Updates https://community.cisco.com/t5/network-access-control/trustsec-notifications-and-updates/m-p/4320055#M566642 <P>Hi,</P><P>We have 4 ISE (2 PAN/MNT) and 2 PSN and a DNA Center.</P><P>SGT are created on DNA center, which informs ISE and then ISE pushes them to the Switches.</P><P>All looks fine as we can see SGT on switches, but can't figure out the magic ....</P><P>&nbsp;</P><P>I created a SGT on DNAC, and on ISE I use the Push option (top right of the Webui)</P><P>&nbsp;</P><P>If I run a TCPDUMP on the PSN I see that the SGT list is learnt by the NAD</P><P>If I run a TCPDUMP on the PAN, I see a CoA from the PAN to the NAD with something like "update-cts-environment-data" (but no SGT list).=&gt; what i the need for this?</P><P>&nbsp;</P><P>Is there a dcumentation that explain the role of each component PSN/PAN in the SGT Notifications and updates.</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 07 Apr 2021 17:03:05 GMT https://community.cisco.com/t5/network-access-control/trustsec-notifications-and-updates/m-p/4320055#M566642 REJR77 2021-04-07T17:03:05Z Re: TrustSec Notifications and Updates https://community.cisco.com/t5/network-access-control/trustsec-notifications-and-updates/m-p/4320063#M566643 <P>There are quite a few commands with CTS; three of the most useful are; in terms of the inner workings though - I haven't found a singe document that covers everything though.</P><P>&nbsp;</P><P><EM>show authentication sessions interface</EM><BR /><EM>show cts environmental-data</EM><BR /><EM>sh cts role-based sgt-map all</EM><BR /><EM>sh cts role-based permission</EM></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 07 Apr 2021 17:11:16 GMT https://community.cisco.com/t5/network-access-control/trustsec-notifications-and-updates/m-p/4320063#M566643 Xividar 2021-04-07T17:11:16Z