ISE SGT versus custom SGT rule conditions
Certain rules allow you to control traffic based on assigned SGT. The rule type and identity source configuration determine whether ISE-assigned SGTs or custom SGTs are used to match traffic with assigned SGT attributes.
|
Condition Type |
Requires |
SGTs Listed in Rule Editor |
|---|---|---|
|
ISE SGT |
ISE identity source |
SGTs obtained by querying the ISE server, automatically updated metadata |
|
Custom SGT |
No ISE or ISE-PIC identity source |
Static SGT objects you create |
Note | If using ISE SGTs to match traffic, any packet will match an ISE SGT rule if the SGT associated with the packet source IP address is recognized in ISE, even without an assigned SGT attribute. |