Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1923
Views
10
Helpful
1
Replies

Applying both SGACL and dACL to a device

Go to solution
Dolevha
Level 1
Level 1

‎03-15-2021 06:27 AM - edited ‎03-15-2021 06:28 AM

Hey,
I was wondering if it's possible to apply both SGACL and dACL to the same device through ISE.

 

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-15-2021 11:28 AM

You may apply a VLAN, dACL, and SGT - and more! - in an ISE Authorization Profile for a session.

SGACLs are not applied via an Authorization Profile like the others.

SGACLs are managed using the TrustSec Matrix in ISE and applied to TrustSec/SDA enabled network devices for enforcement based on source SGTs to destination SGTs.

image.png

View solution in original post

1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-15-2021 11:28 AM

You may apply a VLAN, dACL, and SGT - and more! - in an ISE Authorization Profile for a session.

SGACLs are not applied via an Authorization Profile like the others.

SGACLs are managed using the TrustSec Matrix in ISE and applied to TrustSec/SDA enabled network devices for enforcement based on source SGTs to destination SGTs.

image.png

Customers Also Viewed These Support Documents