Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1869
Views
10
Helpful
1
Replies

Applying both SGACL and dACL to a device

Go to solution
Dolevha
Level 1
Level 1

‎03-15-2021 06:27 AM - edited ‎03-15-2021 06:28 AM

Hey,
I was wondering if it's possible to apply both SGACL and dACL to the same device through ISE.

 

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-15-2021 11:28 AM

You may apply a VLAN, dACL, and SGT - and more! - in an ISE Authorization Profile for a session.

SGACLs are not applied via an Authorization Profile like the others.

SGACLs are managed using the TrustSec Matrix in ISE and applied to TrustSec/SDA enabled network devices for enforcement based on source SGTs to destination SGTs.

image.png

View solution in original post

1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-15-2021 11:28 AM

You may apply a VLAN, dACL, and SGT - and more! - in an ISE Authorization Profile for a session.

SGACLs are not applied via an Authorization Profile like the others.

SGACLs are managed using the TrustSec Matrix in ISE and applied to TrustSec/SDA enabled network devices for enforcement based on source SGTs to destination SGTs.

image.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents