What kind of access control lists (ACLs) are used in Cisco SD-Access policies?downloadable access control lists (dACLs)per-user access control listsreflexive access control listssecurity group access control lists (SGACLs)

Cisco SD-Access policies use Security Group Access Control Lists (SGACLs). These are used to enforce policy between different security groups within the network. SGACLs provide the ability to control access to resources based on a user's group membership, rather than their individual identity. This makes it easier to manage access control in large networks, where it would be impractical to maintain individual access control lists for each user.

In addition to SGACLs, Cisco SD-Access can also use Downloadable Access Control Lists (dACLs). These are access control lists that are downloaded from a RADIUS server and applied to a user's session. This allows for more granular control over a user's access rights, as the dACL can be customized for each user.

Per-user access control lists are not typically used in Cisco SD-Access policies. These would require maintaining a separate access control list for each user, which would be impractical in a large network.

Reflexive access control lists are also not typically used in Cisco SD-Access. These are a type of dynamic access control list that is created in response to specific types of traffic. While they can be useful in certain situations, they are not a core part of the access control model used in Cisco SD-Access.