Before you can create and use access control policies, you need to configure DNA Center and Cisco ISE to integrate with one another. The process involves installing and configuring Cisco ISE with specific services and configuring Cisco ISE settings in DNA Center.
After Cisco ISE has successfully registered and its trust established with DNA Center, DNA Center shares information with Cisco ISE. DNA Center device inventory is propagated to Cisco ISE, and whenever you update device credentials in DNA Center, DNA Center updates Cisco ISE with the changes. Similarly, if you change the Radius shared secret for Cisco ISE, DNA Center updates Cisco ISE with the changes. However, Cisco ISE does not share existing device information with DNA Center. The only way for DNA Center to know about the devices in Cisco ISE is if the devices have the same name in DNA Center; DNA Center and Cisco ISE uniquely identify devices for this integration through the device's hostname variable.
DNA Center integrates with the primary Administration ISE node. When you launch Cisco ISE from DNA Center, you connect with this node.
DNA Center polls Cisco ISE every 15 minutes. If the ISE server is down, the 360 Dashboard page shows the Cisco ISE server as red, which means the Cisco ISE server is unreachable.
When the Cisco ISE server is unreachable, DNA Center increases polling to 15 seconds, then doubles the polling time to 30 seconds, 1 minute, 2 minutes, 4 minutes, and so on, until it reaches the maximum polling time of 15 minutes. DNA Center continues to poll every 15 minutes for 3 days. If DNA Center has not regained connectivity, it stops polling, and updates the Cisco ISE server status to Untrusted. If this happens, you will need to reestablish trust between DNA Center and the Cisco ISE server.