09-17-2021 03:51 PM
When integration DNA with ISE , It will need certification from third party or i can use the ISE self certification or i can not use the certification for the integration
Second question
Once the DNA integrated with the ISE , The creation of the SGT's as well as the segmentation and micro segmentation will be from the DNA interface and then it will push to the ISE correct ?
09-17-2021 04:59 PM - edited 09-17-2021 04:59 PM
1. You can integrate DNAC with ISE with self-signed certificates if needed, you can also use 3rd certificates too.
2. You can select the administrative role of DNAC of SGTs and GBAC policies under Network Design / Group Based Access Policies
After integrating ISE, start the migration to allow DNAC to control the policy UI instead of ISE:
09-18-2021 02:12 AM
For Q1
Thanks for your answer so i can skip the certification matching between the DNA & ISE correct ?
For Q2:
As your answer , I have options to make the SGT's and the policies and the segmentation and micro segmentation through the ISE as usual as a traditional or through the DNA so which one is better option ?
09-27-2021 04:59 AM
Hi Waleed
A1: yes
A2: Normally when you create the integration, the DNAC asks to disable SGT configuration on the ISE and make it Read-Only. And if you accept it will do it for you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: