Table of Contents
Advertisement
Configuring SGACL Policies
Revised: August 15, 2013, OL-22192-02
This section includes the following topics:
•
•
•
•
•
•
•
•
Cisco TrustSec SGACL Feature Histories
For a list of supported TrustSec features per platform and the minimum required IOS release, see
the Cisco TrustSec Platform Support Matrix at the following URL:
http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
Otherwise, see product release notes for detailed feature introduction information.
OL-22192-02
Cisco TrustSec SGACL Feature Histories, page 5-1
SGACL Policy Configuration Process, page 5-2
Manually Configuring SGACL Policies, page 5-4
Displaying SGACL Policies, page 5-6
Refreshing the Downloaded SGACL Policies, page 5-7
5
C H A P T E R
Cisco TrustSec Switch Configuration Guide
5-1
Advertisement
Table of Contents
Related Manuals for Cisco SGACL
Summary of Contents for Cisco SGACL
-
Page 1: Table Of Contents
Cisco TrustSec SGACL Feature Histories For a list of supported TrustSec features per platform and the minimum required IOS release, see the Cisco TrustSec Platform Support Matrix at the following URL: http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html Otherwise, see product release notes for detailed feature introduction information. -
Page 2: Sgacl Policy Configuration Process
Cisco Identity Services Engine User Guide). If you are not using AAA on a Cisco Secure ACS or a Cisco ISE to download the SGACL policy configuration, you can manually configure the SGACL mapping and policies (see the “Manually Configuring SGACL Policies”... -
Page 3: Enabling Sgacl Policy Enforcement Per Interface
Switch(config-if)# end Enabling SGACL Policy Enforcement on VLANs You must enable SGACL policy enforcement on specific VLANs to apply access control to switched traffic within a VLAN, or to traffic that is forwarded to an SVI associated with a VLAN. -
Page 4: Manually Configuring Sgacl Policies
Manually Configuring SGACL Policies Manually Configuring SGACL Policies A role-based access control list bound to a range of SGTs and DGTs forms an SGACL, a TrustSec policy enforced on egress traffic. Configuration of SGACL policies are best done through the policy management functions of the Cisco ISE or the Cisco Secure ACS. -
Page 5: Configuration Examples For Manually Configuring Sgacl Policies
[no] cts role-based permissions {default |[from {sgt_num | unknown} to {dgt_num | configuration is analogous to populating the unknown}]{rbacls | ipv4 rbacls} permission matrix configured on the Cisco ISE or the Cisco Secure ACS. Default—Default permissions list • sgt_num—0 to 65,519. Source Group Tag •... -
Page 6: Displaying Sgacl Policies
If the from and to keywords are specified, a single cell from the permissions matrix is displayed and • the details keyword is available. When details is entered, the ACEs of the SGACL of the single cell are displayed. This example shows how to display the content of the SGACL policies permissions matrix for traffic... -
Page 7: Refreshing The Downloaded Sgacl Policies
Refreshing the Downloaded SGACL Policies Detailed Steps for Catalyst 6500, Catalyst 3850, Catalyst 3650 Command Purpose Step 1 Performs an immediate refresh of the SGACL policies from cts refresh policy {peer [peer-id] | sgt [sgt_number| the authentication server. default|unknown]} If a peer-id is specified, only the policies related to the •... - Page 8 Chapter 5 Configuring SGACL Policies Refreshing the Downloaded SGACL Policies Cisco TrustSec Switch Configuration Guide OL-22192-02...