Hello, In my understanding, ISE 'downloads' the IP-to-SGT mappings of the endpoints connected to the switch. This allows policy verification and permit/deny decision by the switch. Although rules and policies are configured between SGT's, the permi...