Custom SGT rule conditions

A custom SGT rule condition is a traffic filtering mechanism that

Use manually created SGT objects to filter traffic. Do not rely on ISE SGTs from a server.
Correspond to the SGT attributes on the traffic to be controlled.
Exclude user control considerations when using custom SGT traffic.

SGT traffic control without ISE configuration

If you do not configure ISE or ISE-PIC as an identity source, you can control traffic using Security Group Tags (SGTs) that were not assigned by ISE. SGTs specify traffic source privileges in a trusted network.