Re: DNA integration With ISE

waleedmatter · ‎09-17-2021

When integration DNA with ISE , It will need certification from third party or i can use the ISE self certification or i can not use the certification for the integration

Second question

Once the DNA integrated with the ISE , The creation of the SGT's as well as the segmentation and micro segmentation will be from the DNA interface and then it will push to the ISE correct ?

jalejand · ‎09-17-2021

1. You can integrate DNAC with ISE with self-signed certificates if needed, you can also use 3rd certificates too.

2. You can select the administrative role of DNAC of SGTs and GBAC policies under Network Design / Group Based Access Policies
After integrating ISE, start the migration to allow DNAC to control the policy UI instead of ISE:

waleedmatter · ‎09-18-2021

For Q1

Thanks for your answer so i can skip the certification matching between the DNA & ISE correct ?

For Q2:

As your answer , I have options to make the SGT's and the policies and the segmentation and micro segmentation through the ISE as usual as a traditional or through the DNA so which one is better option ?

rasmus.elmholt · ‎09-27-2021

Hi Waleed

A1: yes

A2: Normally when you create the integration, the DNAC asks to disable SGT configuration on the ISE and make it Read-Only. And if you accept it will do it for you.