1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Sgacl Policy Configuration Process; Enabling Sgacl Policy Enforcement Globally; Configuration Examples For Enabling Sgacl Policy Enforcement Globally - Cisco TrustSec Configuration Manual

Hide thumbs
Table of Contents

Advertisement

SGACL Policy Configuration Process

SGACL Policy Configuration Process
Follow these steps to configure and enable Cisco TrustSec SGACL policies:
Step 1
Configuration of SGACL policies should be done primarily through the Policy Management function of
the Cisco Secure ACS or the Cisco Identity Services Engine (see the
Secure ACS
If you are not using AAA on a Cisco Secure ACS or a Cisco ISE to download the SGACL policy
configuration, you can manually configure the SGACL mapping and policies (see the
Configuring SGACL Policies" section on page 5-4
section on page
Note
Step 2
To enable SGACL policy enforcement on egress traffic on routed ports, enable SGACL policy
enforcement globally as described in the
page
To enable SGACL policy enforcement on switched traffic within a VLAN, or on traffic that is forwarded
Step 3
to an SVI associated with a VLAN, enable SGACL policy enforcement for specific VLANs as described
in the

Enabling SGACL Policy Enforcement Globally

You must enable SGACL policy enforcement globally for Cisco TrustSec-enabled routed interfaces.
To enable SGACL policy enforcement on routed interfaces, perform this task:
Command
Step 1
Router# configure terminal
Step 2
Router(config)# cts role-based
enforcement

Configuration Examples for Enabling SGACL Policy Enforcement Globally

Catalyst 6500, Catalyst 3850:
Switch(config)# cts role-based enforcement
Cisco TrustSec Switch Configuration Guide
5-2
or the
Cisco Identity Services Engine User
5-4).
An SGACL policy downloaded dynamically from the Cisco Secure ACS or a Cisco ISE will
override any conflicting locally-defined policy.
5-2.
"Enabling SGACL Policy Enforcement on VLANs" section on page
Guide).
and the
"Manually Configuring SGACL Policies"
"Enabling SGACL Policy Enforcement Globally" section on
Purpose
Enters global configuration mode.
Enables Cisco TrustSec SGACL policy enforcement
on routed interfaces.
Chapter 5
Configuring SGACL Policies
Configuration Guide for the Cisco
"Manually
5-3.
OL-22192-02
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Content for Cisco TrustSec

Table of Contents