We are considering the use of a SGT to port map on every access switchport to enforce the traffic of the non-authenticated devices. Once the device is authenticated it will get a dynamic SGT that will override the static mapping. The question is, how can we allow the traffic in the worst scenario when the PSNs are down. Before Trustsec we have the the concept of critical VLAN. Is there a similar "critical SGT" in TrustSec?