1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Cisco TrustSec Configuration Manual page 105

Hide thumbs
Table of Contents

Advertisement

Chapter 7
Cisco TrustSec Command Summary
cts policy layer3
To specify traffic and exception policies for CTS Layer 3 Transport on a system when a
Cisco Secure ACS is not available, use the cts policy layer3 global configuration command.
Syntax Description
ipv4 exception access_list
ipv4 traffic access_list
ipv6 exception access_list
ipv6 traffic access_list
Defaults
No policy is the default.
Command Modes
Global configuration (config)
Supported User Roles
Administrator
Command History
Release
12.2(50) SY
Usage Guidelines
The CTS Layer 3 Transport feature permits Layer 2 SGT-tagged traffic from TrustSec-enabled network
segments to be transported over non-TrustSec network segments by the application and removal of a
Layer 3 encapsulation at specified CTS Layer 3 gateways. A traffic policy is an access list that lists all
the TrustSec-enabled subnets and their corresponding gateway addresses. An exception policy is an
access list that lists the traffic on which not to apply the CTS Layer 3 Transport encapsulation. For
example, the RADIUS packets used to acquire the policy should be sent in the clear.
Specify the traffic and exception policies with the cts policy layer3 {ipv4 | ipv6} traffic access_list and
the cts policy layer3 {ipv4 | ipv6} exception access_list global configuration commands. Apply the
traffic and exception policies on the CTS L3 gateway interface with the cts layer3 {ipv4 | ipv6} policy
interface configuration command. Enable the CTS L3 gateway interface with the
cts layer3 {ipv4 | ipv6} trustsec forwarding interface configuration command.
OL-22192-01
[no] cts policy layer3 ipv4 {[exception access_list] | [traffic access_list ]}
[no] cts policy layer3 ipv6 {[exception access_list] | [traffic access_list]}
Modification
This command was introduced on the Catalyst 6500 Series Switches.
(Optional). Specifies an already defined ACL defining exceptions to the
IPv4 L3 traffic policy.
Specifies an already defined ACL listing the IPv4 Trustsec-enabled
subnets and gateways.
(Optional). Specifies an already defined ACL defining exceptions to the
IPv6 L3 traffic policy.
Specifies an already defined ACL listing the IPv6 Trustsec-enabled
subnets and gateways
cts policy layer3
Cisco TrustSec Configuration Guide
7-19
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Products for Cisco TrustSec

Table of Contents