Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
5
Helpful
1
Replies

ISE SGACL not completely pushed to NAD

Go to solution
OrkhanRustamli
Level 1
Level 1

‎11-08-2019 05:17 AM

Hey All,

I have fabric network where ISE is Policy enforcer not DNAC. I have more than 150 SGACL in ISE and pushed. When I check the NAD I do not see all of them. What can be reason for this?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎11-08-2019 08:22 AM

You should only see the SGACL's specific to the traffic/enforcement required by the switch. This is done by design of TrustSec for scalability reasons, you do not wan't to know every SGACL if that NAD won't ever see many of the traffic flows.

A NAD will only know what it needs to know. If you have a new SGT-DGT flow, then the NAD will request the SGACL and install it.

View solution in original post

1 Reply 1

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎11-08-2019 08:22 AM

You should only see the SGACL's specific to the traffic/enforcement required by the switch. This is done by design of TrustSec for scalability reasons, you do not wan't to know every SGACL if that NAD won't ever see many of the traffic flows.

A NAD will only know what it needs to know. If you have a new SGT-DGT flow, then the NAD will request the SGACL and install it.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents