Cisco Community
English
Register
ANNOUNCEMENT - Upcoming Changes in the email address of Community email notifications - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

181
Views
5
Helpful
1
Replies
Highlighted
OrkhanRustamli
Beginner
Beginner
‎11-08-2019 05:17 AM
‎11-08-2019 05:17 AM

ISE SGACL not completely pushed to NAD

Hey All,

I have fabric network where ISE is Policy enforcer not DNAC. I have more than 150 SGACL in ISE and pushed. When I check the NAD I do not see all of them. What can be reason for this?

Everyone's tags (4)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
‎11-08-2019 08:22 AM
‎11-08-2019 08:22 AM

Re: ISE SGACL not completely pushed to NAD

You should only see the SGACL's specific to the traffic/enforcement required by the switch. This is done by design of TrustSec for scalability reasons, you do not wan't to know every SGACL if that NAD won't ever see many of the traffic flows.

A NAD will only know what it needs to know. If you have a new SGT-DGT flow, then the NAD will request the SGACL and install it.

View solution in original post

Reply
1 REPLY 1
Highlighted
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
‎11-08-2019 08:22 AM
‎11-08-2019 08:22 AM

Re: ISE SGACL not completely pushed to NAD

You should only see the SGACL's specific to the traffic/enforcement required by the switch. This is done by design of TrustSec for scalability reasons, you do not wan't to know every SGACL if that NAD won't ever see many of the traffic flows.

A NAD will only know what it needs to know. If you have a new SGT-DGT flow, then the NAD will request the SGACL and install it.

View solution in original post

Reply
Latest Contents
AnyConnect 4.9 requires more stringent cryptography settings...
Created by Peter Davis on 07-08-2020 12:18 PM
0
10
0
10
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin... view more
Companion Guide for TETRA Update Server Deployment
Created by dkrull on 07-08-2020 07:25 AM
0
0
0
0
  Overview In this guide will we be taking a look at how to configure the web.config file using the URL Rewrite tool when deploying the TETRA update server. This guide is meant as a companion to the existing guides and to help fill in some in... view more
AMP for Endpoints Bandwidth Consumption and Considerations
Created by dkrull on 07-07-2020 09:49 PM
0
0
0
0
    Note: This guide is provided as a best effort to better help users understand the potential impact running multiple clients with TETRA, SPERO, ETHOS, DFC and SHA256 Lookups enabled and their bandwidth usage. The sizes in these guides are s... view more
Why am I suddenly being prompted to create a new organizatio...
Created by diddly on 07-07-2020 01:23 PM
0
0
0
0
Question When I log into my application, I'm suddenly asked to create a new organization. Did something change or migrate? I already had an organization. Short Answer You may be starting from security.cisco.com and mistakenly clicking "SecureX sign-on... view more
I setup SecureX sign-on, why do I have to sign into AMP agai...
Created by diddly on 07-07-2020 10:28 AM
0
0
0
0
Question I followed these instructions and setup all my accounts to use SecureX sign-on, including my AMP account (my Cisco Security Account - CSA). When I use SecureX, and I click on the AMP "launch" button, I have to login again. Why?  --->&nbs... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community May 2020 Spotlight Award Winners

Follow our Social Media Channels