I have investigating how to refresh SGACL policy from ISE to Cat3K for instance.
The following URL is related but the document says that it can be refresh on the switch with the command below.
#cts refresh policy
However if the integrated devices are so many I prefer to update form ISE server.
I think currently PUSH button does not function.
[Cisco TrustSec Configuration Guide - Chapter: CTS SGACL Support]
To refresh the downloaded SGACL policies, perform the following task:
I appreciate it there is any related solution.
SGT/SGACL data refresh can be changed by modifying below settings under “Administration -> Network Resources -> Network Devices -> Select the device"
Thank you very much! Well I have verified your proposal. Yes certainly SGACL can be updated.
If you do not mind, I appreciate to let me know each timer recommendation below.
Download environment data every 1 day by default
Download peer authorization policy every 1 day by default
Reauthentication every 1 day by default
Download SGACL lists every 1 day by default
Refresh time is completely depends on environment,if new sgts/sgacls are added frequently then every 1 day is fine.
Thank you very much! It must be subject to your precious comment for me.