1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Cisco TrustSec Configuration Manual page 149

Hide thumbs
Table of Contents

Advertisement

Chapter 7
Cisco TrustSec Command Summary
policy (cts manual interface configuration submode)
To apply a policy to a manually configured TrustSec link, use the policy interface manual submode
command. Use the no form of the command to remove a policy.
Syntax Description
dynamic
identity peer_deviceID The peer device name or symbolic name in the authentication server's policy
static
sgt sgt_number
trusted
Defaults
No policy is the default.
Command Modes
CTS interface manual submode (config-if-cts-manual)
Supported User Roles
Administrator
Command History
Release
12.2(50) SY
Usage Guidelines
Use the policy command to apply policy when manually configuring a TrustSec link. The default is
no policy which passes all traffic through without applying an SGT. The sap cts manual mode
subcommand must also be configured to bring up a TrustSec link.
If the selected SAP mode allows SGT insertion and an incoming packet carries no SGT, the tagging
policy is as follows:
If the selected SAP mode allows SGT insertion and an incoming packet carries an SGT, the tagging
policy is as follows:
OL-22192-01
[no] policy dynamic identity peer_deviceID
[no] policy static sgt sgt_number [trusted]
Obtains policy from the authorization server.
database associated with the policy to be applied to the peer.
Specifies an SGT policy to incoming traffic on the link.
Security Group Tag number to apply to incoming traffic from peer.
Indicates that ingress traffic on the interface with the SGT specified in the
command, should not have its SGT overwritten. Untrusted is the default.
Modification
This command was introduced on the Catalyst 6500 Series Switches.
If the policy static command is configured, the packet is tagged with the SGT configured in the
policy static command.
If the policy dynamic command is configured, the packet is not tagged.
If the policy static command is configured without the trusted keyword, the SGT is replaced with
the SGT configured in the policy static command.
If the policy static command is configured with the trusted keyword, no change is made to the SGT.
policy (cts manual interface configuration submode)
Cisco TrustSec Configuration Guide
7-63
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Products for Cisco TrustSec

Table of Contents