Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
2
Replies

SGACLs and Security Group Tagging Stateful or Stateless

gtuthill
Level 1
Level 1

‎10-12-2016 10:59 AM - edited ‎03-11-2019 12:08 AM

Could any one please confirm my following assumptions about the processing of SGACLs.

a) SGACLs on a ASA firewall are stateful and processed as normal ACL's on a per interface basis ?

b) SGACLs on IOS are processed  after normal  Ingress ACL'a and before Egress ACL's and are stateless ?

Thanks in advance.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎10-14-2016 03:44 PM

a) Yes, the ASA does not download ACLs from ISE as a swith does, it just uses SGT's in it's regular interface based ACLs, so you can use interface and global acls like normal.

b) Yes, that is also my understanding

0 Helpful

gtuthill
Level 1
Level 1
In response to jan.nielsen

‎10-15-2016 01:00 AM

Hi Ian,

Many thanks for taking the time to reply/

Much appreciated.

Graham.

0 Helpful
Customers Also Viewed These Support Documents