Add An Sgt To Local Users And Groups; Monitoring Cisco Trustsec - Cisco ASA Series Configuration Manual

Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs Also See for ASA Series:
Table of Contents

Advertisement

Chapter 6
ASA and Cisco TrustSec

Add an SGT to Local Users and Groups

To configure an SGT attribute on the LOCAL user database and in a group policy, perform the following
steps:
Procedure
Step 1
Enter group-policy configuration mode.
group-policy name
Example:
hostname(config)# group policy Grpolicy1
Step 2
Configure SGT attributes on the named group policy's or LOCAL username's attribute set.
security-group-tag value sgt
Example:
hostname(config-group-policy# security-group-tag value 101
The default form of this command is security-group-tag none, which means that there is no security
group tag in this attribute set. Use the no security-group-tag value sgt command to return the
configuration to the default.

Monitoring Cisco TrustSec

See the following commands for monitoring Cisco TrustSec:
show running-config cts
show running-config [all] cts role-based [sgt-map]
This command shows the user-defined IP-SGT binding table entries.
show cts sxp connections
This command shows the SXP connections on the ASA for a particular user context when multiple
context mode is used.
show conn security-group
Shows data for all SXP connections.
show cts environment-data
Shows the Cisco TrustSec environment information contained in the security group table on the
ASA.
show cts sgt-map
Shows the IP address-security group table manager entries in the control path.
show asp table cts sgt-map
This command shows the IP address-security group table mapping entries from the IP
address-security group table mapping database maintained in the datapath.
Cisco ASA Series Firewall CLI Configuration Guide
Monitoring Cisco TrustSec
6-27

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents