I have investigating how to refresh SGACL policy from ISE to Cat3K for instance.
The following URL is related but the document says that it can be refresh on the switch with the command below.
#cts refresh policy
However if the integrated devices are so many I prefer to update form ISE server.
I think currently PUSH button does not function.
[Cisco TrustSec Configuration Guide - Chapter: CTS SGACL Support]
To refresh the downloaded SGACL policies, perform the following task:
I appreciate it there is any related solution.
Thank you very much! Well I have verified your proposal. Yes certainly SGACL can be updated.
If you do not mind, I appreciate to let me know each timer recommendation below.
Download environment data every 1 day by default
Download peer authorization policy every 1 day by default
Reauthentication every 1 day by default
Download SGACL lists every 1 day by default
Refresh time is completely depends on environment,if new sgts/sgacls are added frequently then every 1 day is fine.