1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Cisco TrustSec Configuration Manual page 115

Hide thumbs
Table of Contents

Advertisement

Chapter 7
Cisco TrustSec Command Summary
cts role-based
Use the cts role-based global configuration command to manually configure SGT impositions, TrustSec
NetFlow parameters, and SGACL enforcement. Use the no form of the command to remove the
configurations.
Syntax Description
l2-vrf instance_name
enforcement
interface interface_type
vlan-list vlan-ids
all
with-enforcement
sgt-map ipv4_netaddress |
ipv6_netaddress
OL-22192-01
[no] cts role-based enforcement [vlan-list {vlan-ids | all}]
[no] cts role-based {ip | ipv6} flow monitor fnf-ubm dropped
[no] cts role-based ipv6-copy
[no] cts role-based l2-vrf instance_name vlan-list vlan-ids [all]
[no] cts role-based permissions default {access-list | ipv4 | ipv6} access-list access-list . . .
[no] cts role-based permissions from {sgt | unknown to {sgt | unknown}} {access-list | ipv4 |
ipv6} access-list , access-list, . . .
[no] cts role-based sgt-caching vlan-list {vlan_ids | all}
[no] cts role-based sgt-caching with-enforcement
[no] cts role-based sgt-map {ipv4_netaddress | ipv6_netaddress} | sgt sgt_number
[no] cts role-based sgt-map {ipv4_netaddress/prefix | ipv6_netaddress/prefix} | sgt sgt_number
[no] cts role-based sgt-map host {ipv4_hostaddress | ipv6_hostaddress | sgt sgt_number
[no] cts role-based sgt-map vrf instance_name {ip4_netaddress | ipv6_netaddress | host
{ip4_address | ip6_address}}] sgt sgt_number
[no] cts role-based sgt-map interface interface_type slot/port {security-group | sgt} sgt_number
[no] cts role-based sgt-map vlan-list [vlan_ids| all] slot/port sgt sgt_number
[no] cts role-based
(Optional) Specifies Layer 2 VRF instance name.
Enables SGACL enforcement on the local device for all
Layer 3 CTS interfaces.
The specified SGT is mapped to traffic from this logical
or physical Layer 3 interface.
Specifies VLAN IDs. Individual VLAN IDs are
separated by commas, a range of IDs specified with a
hyphen.
(Optional) Specifies all VLAN IDs.
Enables SGT caching where SGACL enforcement is
enabled.
(Optional) Specifies the network to be associated with an
SGT. Enter IPv4 address in dot decimal notation; IPv6 in
colon hexadecimal notation.
Cisco TrustSec Configuration Guide
cts role-based
7-29
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Products for Cisco TrustSec

Table of Contents