Cts Role-Based Enforcement - Cisco Catalyst 3650 series Command Reference Manual

cts role-based enforcement

To enable Cisco TrustSec role-based (security group) access control enforcement, use the cts role-based
enforcement command in global configuration mode. To disable the configuration, use the no form of this
command.
cts role-based enforcement [logging-interval interval | vlan-list {all | vlan-ID [,] [-]}]
no cts role-based enforcement [logging-interval interval | vlan-list {all | vlan-ID [,] [-]}]
Syntax Description
logging-interval interval
vlan-list
all
vlan-ID
,
-
Command Default
Role-based access control is not enforced.
Command Modes
Global configuration (config)
Command History
Release
Cisco IOS XE Denali 16.3.1
Usage Guidelines
RBACL and SGACL are used interchangeably.
Note
Use the cts role-based enforcement command to globally enable or disable SGACL enforcement for Cisco
TrustSec-enabled interfaces in the system.
The default interval after which log for a given flow is printed is 300 seconds. Use the logging-interval
keyword to change the default interval. Logging is only triggered when the Cisco ACE Application Control
Engine has the logging keyword.
(Optional) Configures a logging interval for a security group access control list
(SGACL). Valid values for the interval argument are from 5 to 86400 seconds.
The default is 300 seconds
(Optional) Configures VLANs on which role-based ACLs are enforced.
(Optional) Specifies all VLANs.
(Optional) VLAN ID. Valid values are from 1 to 4094.
(Optional) Specifies another VLAN separated by a comma.
(Optional) Specifies a range of VLANs separated by a hyphen.
Modification
This command was introduced.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
cts role-based enforcement
731