cts role-based monitor
To enable role-based (security-group) access list monitoring, use the cts role-based monitor command in
global configuration mode. To remove role-based access list monitoring, use the no form of this command.
cts role-based monitor {all | permissions | {default | from {sgt | unknown}} to {sgt | unknown} [ipv4]}
no cts role-based monitor {all | permissions | {default | from {sgt | unknown}} to {sgt | unknown} [ipv4]}
Syntax Description
Monitors permissions for all source tags to all destination tags.all
Monitors permissions from a source tags to a destination tags.permissions
Monitors the default permission list.default
Specifies the source group tag for filtered traffic.from
Security Group Tag (SGT). Valid values are from 2 to 65519.
sgt
Specifies an unknown source or destination group tag (DST).unknown
(Optional) Specifies the IPv4 protocol.ipv4
Command Default
Role-based access control monitoring is not enabled.
Command Modes
Global configuration (config)
Command History
ModificationRelease
This command was introduced.Cisco IOS XE Denali 16.3.1
Usage Guidelines
Use the cts role-based monitor all command to enable the global monitor mode. If the cts role-based monitor
all command is configured, the output of the show cts role-based permissions command displays monitor
mode for all configured policies as true.
Examples
The following examples shows how to configure SGACL monitor from a source tag to a destination tag:
Switch(config)# cts role-based monitor permissions from 10 to 11
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
735
cts role-based monitor
To Next Page
Loading...
