Table of Contents
Advertisement
match flow cts
match flow cts
To add the Cisco TrustSec flow objects to a Flexible NetFlow flow record, use the match flow cts record
configuration command.
Syntax Description
destination group-tag
source group-tag
Defaults
There are no defaults for this command.
Command Modes
Flexible NetFlow record configuration (config-flow-record)
Supported User Roles
Administrator
Command History
Release
12.2(50) SY
Usage Guidelines
Flexible NetFlow can account for packets dropped by SGACL enforcement when SGT and DGT flow
objects are configured in the flow record with the standard 5-tuple flow objects
Use the flow record and flow exporter global configuration commands to configure a flow record, and
a flow exporter, then use the flow monitor command to add them to a flow monitor. Use the show flow
show commands to verify your configurations..
To collect only SGACL dropped packets, use the [no] cts role-based {ip | ipv6} flow monitor dropped
global configuration command.
For Flexible NetFlow overview and configuration information, see the following documents:
Getting Started with Configuring Cisco IOS Flexible NetFlow
http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/get_start_cfg_fnflow.html
Catalyst 6500 Release 12.2SY Software Configuration Guide
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SY/configuration/guide/netflow_
hw_support.html
Cisco TrustSec Configuration Guide
7-60
[no] match flow cts destination group-tag
[no] match flow cts source group-tag
Matches destination fields for the Cisco TrustSec Security Group Tag (SGT)
Matches source fields for the Cisco TrustSec Security Group Tag (SGT)
Modification
This command was introduced on the Catalyst 6500 Series Switches.
Chapter 7
Cisco TrustSec Command Summary
OL-22192-01
Hide quick links:
Advertisement
Table of Contents
