07-12-2018 04:46 AM - edited 02-21-2020 11:00 AM
I am trying to implement the Role-based access control (using security tags) for users connecting to the domain. NDAC, Security groups and SGACLs are configured on ISE.
Switch is successfully communicating with Cisco ISE as radius server as well as CTS policy server. PAC is also visible on switch under “show cts pacs” command output. Environment data is getting downloaded on switch through PAC communication.
But issue occurs while downloading SGACLs (peer policy). Throwing below error on ISE.
5421 TrustSec Peer Policy Download Failed
07-12-2018 11:49 AM
07-12-2018 09:50 PM
Hi, Initially I have kept it simple for testing purpose. I have only 3 ACLs
1. permit ip
2. deny ip
3. permit tcp any host <ip address>
07-14-2018 12:33 AM
07-13-2018 04:46 AM
07-14-2018 12:35 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide