https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504239#M571110 <P>Hello folks,</P><P>&nbsp;</P><P>We have a project on where we're integrating ISE 3.0 with ACI and it looks as though we can only integrate with a single ACI pod and only 1 tenant within it.</P><P>&nbsp;</P><P>Have other had the same?&nbsp; Is there a workaround or roadmap to allow 1 ISE instance to integrate with multiple ACI's or tenants?</P><P>&nbsp;</P><P>Best, Leigh</P> Wed, 17 Nov 2021 14:06:41 GMT leighharrison 2021-11-17T14:06:41Z https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504239#M571110 <P>Hello folks,</P><P>&nbsp;</P><P>We have a project on where we're integrating ISE 3.0 with ACI and it looks as though we can only integrate with a single ACI pod and only 1 tenant within it.</P><P>&nbsp;</P><P>Have other had the same?&nbsp; Is there a workaround or roadmap to allow 1 ISE instance to integrate with multiple ACI's or tenants?</P><P>&nbsp;</P><P>Best, Leigh</P> Wed, 17 Nov 2021 14:06:41 GMT https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504239#M571110 leighharrison 2021-11-17T14:06:41Z https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504501#M571115 <P>The current solution for <A href="https://community.cisco.com/t5/security-documents/trustsec-aci-policy-plane-integration-configuration-guide-pdf/ta-p/3653367" target="_blank" rel="noopener">TrustSec-ACI Policy Plane Integration</A> has the limitation that it only supports a single L3Out, within a single Tenant, within a single ACI cluster. This applies to current versions of APIC-DC and ISE.</P> <P>We cannot discuss roadmap on this public forum.</P> <P>Another option for this type of multi-domain segmentation would be leveraging Cisco Secure Workload (formerly Tetration). Secure Workload supports integration with ISE via pxGrid to learn IP-SGT bindings and apply policies to the workloads using the providers native firewall based on source/destination SGTs.</P> <P>See <A href="https://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/solution-overview-c22-742897.html" target="_blank" rel="noopener">Cisco Secure Workload (formerly Tetration and Cisco ISE Integration Use Cases and Benefits) Solution Overview</A> for more info and links.</P> Wed, 17 Nov 2021 22:20:47 GMT https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504501#M571115 Greg Gibbs 2021-11-17T22:20:47Z https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504877#M571129 <P>Thanks for the great reply, Greg.</P><P>&nbsp;</P><P>Best, Leigh</P> Thu, 18 Nov 2021 11:52:16 GMT https://community.cisco.com/t5/network-access-control/ise-3-0-integration-with-aci-limitations/m-p/4504877#M571129 leighharrison 2021-11-18T11:52:16Z