cts role-based permissions
To enable permissions from a source group to a destination group, use the cts role-based permissions command
in global configuration mode. To remove the permissions, use the no form of this command.
cts role-based permissions {default ipv4 | from {sgt | unknown } to {sgt | unknown} {ipv4} {rbacl-name
[rbacl-name....]}}
no cts role-based permissions {default [ipv4] | from {sgt | unknown} to {sgt | unknown} [ipv4]}
Syntax Description
Specifies the default permissions list. Every cell (an SGT pair) for which, security
group access control list (SGACL) permission is not configured statically or
dynamically falls under the default category.
default
Specifies the IPv4 protocol.ipv4
Specifies the source group tag of the filtered traffic.from
Security Group Tag (SGT). Valid values are from 2 to 65519.
sgt
Specifies an unknown source or destination group tag.unknown
Role-based access control list (RBACL) or SGACL name. Up to 16 SGACLs can
be specified in the configuration.
rbacl-name
Command Default
Permissions from a source group to a destination group is not enabled.
Command Modes
Global configuration (config)
Command History
ModificationRelease
This command was introduced.Cisco IOS XE Denali 16.3.1
Usage Guidelines
Use the cts role-based permissions command to define, replace, or delete the list of SGACLs for a given
source group tag (SGT), destination group tag (DGT) pair. This policy is in effect as long as there is no
dynamic policy for the same DGT or SGT.
The cts role-based permissions default command defines, replaces, or deletes the list of SGACLs of the
default policy as long as there is no dynamic policy for the same DGT.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
737
cts role-based permissions
To Next Page
Loading...
Need help?
General
