cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

181
Views
5
Helpful
1
Replies
Highlighted
Beginner

ISE SGACL not completely pushed to NAD

Hey All,

I have fabric network where ISE is Policy enforcer not DNAC. I have more than 150 SGACL in ISE and pushed. When I check the NAD I do not see all of them. What can be reason for this?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: ISE SGACL not completely pushed to NAD

You should only see the SGACL's specific to the traffic/enforcement required by the switch. This is done by design of TrustSec for scalability reasons, you do not wan't to know every SGACL if that NAD won't ever see many of the traffic flows.

A NAD will only know what it needs to know. If you have a new SGT-DGT flow, then the NAD will request the SGACL and install it.

View solution in original post

1 REPLY 1
Highlighted
VIP Advisor

Re: ISE SGACL not completely pushed to NAD

You should only see the SGACL's specific to the traffic/enforcement required by the switch. This is done by design of TrustSec for scalability reasons, you do not wan't to know every SGACL if that NAD won't ever see many of the traffic flows.

A NAD will only know what it needs to know. If you have a new SGT-DGT flow, then the NAD will request the SGACL and install it.

View solution in original post