Cisco TrustSec - Page 105

208 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

7-19

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 7 Cisco TrustSec Command Summary

cts policy layer3

cts policy layer3

To specify traffic and exception policies for CTS Layer 3 Transport on a system when a

Cisco Secure ACS is not available, use the cts policy layer3 global configuration command.

[no] cts policy layer3 ipv4 {[exception access_list] | [traffic access_list ]}

[no] cts policy layer3 ipv6 {[exception access_list] | [traffic access_list]}

Syntax Description

Defaults No policy is the default.

Command Modes Global configuration (config)

Supported User Roles Administrator

Command History

Usage Guidelines The CTS Layer 3 Transport feature permits Layer 2 SGT-tagged traffic from TrustSec-enabled network

segments to be transported over non-TrustSec network segments by the application and removal of a

Layer 3 encapsulation at specified CTS Layer 3 gateways. A traffic policy is an access list that lists all

the TrustSec-enabled subnets and their corresponding gateway addresses. An exception policy is an

access list that lists the traffic on which not to apply the CTS Layer 3 Transport encapsulation. For

example, the RADIUS packets used to acquire the policy should be sent in the clear.

Specify the traffic and exception policies with the cts policy layer3 {ipv4 | ipv6} traffic access_list and

the cts policy layer3 {ipv4 | ipv6} exception access_list global configuration commands. Apply the

traffic and exception policies on the CTS L3 gateway interface with the cts layer3 {ipv4 | ipv6} policy

interface configuration command. Enable the CTS L3 gateway interface with the

cts layer3 {ipv4 | ipv6} trustsec forwarding interface configuration command.

ipv4 exception access_list (Optional). Specifies an already defined ACL defining exceptions to the

IPv4 L3 traffic policy.

ipv4 traffic access_list Specifies an already defined ACL listing the IPv4 Trustsec-enabled

subnets and gateways.

ipv6 exception access_list (Optional). Specifies an already defined ACL defining exceptions to the

IPv6 L3 traffic policy.

ipv6 traffic access_list Specifies an already defined ACL listing the IPv6 Trustsec-enabled

subnets and gateways

Release Modification

12.2(50) SY This command was introduced on the Catalyst 6500 Series Switches.

Table of Contents

Related product manuals

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-X6148-GE-TX - Switch

Cisco WS-X6148-GE-TX - Switch

Preview: Cisco 500 Series

Cisco 500 Series

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Preview: Cisco Catalyst 3560

Cisco Catalyst 3560

Preview: Cisco MDS 9000 Series

Cisco MDS 9000 Series

Preview: Cisco Nexus 3000 series

Cisco Nexus 3000 series

Preview: Cisco Nexus 7000 Series

Cisco Nexus 7000 Series

Preview: Cisco Catalyst 2960 Series

Cisco Catalyst 2960 Series

Preview: Cisco Catalyst 4500 Series

Cisco Catalyst 4500 Series

Preview: Cisco Catalyst 4900 Series

Cisco Catalyst 4900 Series

Preview: Cisco Catalyst 8500 Series

Cisco Catalyst 8500 Series