Hi All,

I'm currently lab testing a small SD-Access PoC for a customer and built up the basic fabric which includes DNA Center, 2 x Borders, 2 x Edges and 2 x ISE nodes.

Everything is working ok and I have started to delve deeper into TrustSec/Group Based Access Control Polices. The Group Based Access Control Policy is using default permit so I can selectively deny communication between SGTs within a VN (such as IP phones talking to printers etc). As the customer is new to SDA and TrustSec we want to use the default permit model as its less risky and complicated.

During the testing I denied communication between SGTs TrustSec_Devices and Unknown which broke all fabric connectivity which was not expected. After doing some research it appears that ISE assigns all fabric devices an SGT of TrustSec_Devices and the SGT policy blocks broadcast traffic which explains why all the ISIS adjacencies between switches dropped. As the fabric edge devices were offline, they wouldn't update their polices when I removed the TrustSec_Devices deny rule in DNAC so I had to reboot all of the switches to get everything back online. 

As the customer operates a critical environment we need to prevent the above from happening. Other than ensuring that only the correct users have access to DNAC/ISE etc to make changes, is there any recommendations to ensure that the underlay stays in tact and does not break in the event of a TrustSec policy configuration error?