> Source: https://docs.nometa.az/device-panels/ise

# Cisco ISE

Cisco ISE surfaces TrustSec: security groups (SGTs), SGACLs, the policy matrix, SXP mappings, endpoints and network access devices.

> Open a device from the **Devices** page or the sidebar to reach these tabs.

## Overview

A summary of TrustSec posture for this ISE deployment.

![Overview](/img/05-device-panels/ise/ise-01-overview.png)

## Security Groups

Security Group Tags (SGTs); orphaned SGTs not referenced by any policy are highlighted.

![Security Groups](/img/05-device-panels/ise/ise-02-security-groups-10-orphaned.png)

## SGACLs

Security Group ACLs that enforce SGT-to-SGT policy.

![SGACLs](/img/05-device-panels/ise/ise-03-sgacls.png)

## Policy Matrix

The TrustSec policy matrix: source SGT by destination SGT, resolving to an SGACL.

![Policy Matrix](/img/05-device-panels/ise/ise-04-policy-matrix.png)

## SXP

SXP peer connections propagating IP-to-SGT bindings.

![SXP](/img/05-device-panels/ise/ise-05-sxp.png)

## Endpoints

Hosts learned on this device (by MAC, ARP, DHCP snooping, CDP/LLDP and 802.1X) enriched with vendor (OUI) and identity.

![Endpoints](/img/05-device-panels/ise/ise-06-endpoints.png)

## NADs

Network Access Devices registered to ISE.

![NADs](/img/05-device-panels/ise/ise-07-nads.png)

## Changes

Configuration changes over time, correlated to the responsible admin where audit data is available. Cards expand to a field-level diff.

![Changes](/img/05-device-panels/ise/ise-09-changes.png)