7-21
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
cts refresh
cts refresh
To refresh the TrustSec peer authorization policy and of all or specific CTS peers, or to refresh the
SGACL policies downloaded to the switch by the authentication server, use the cts refresh command in
privileged EXEC mode.
cts refresh environment-data
cts refresh policy {peer [peer_id] | sgt [sgt_number | default | unknown] }
Syntax Description
Defaults None
Command Modes Privileged EXEC (#)
Supported User Roles Administrator
Command History
Usage Guidelines To refresh the Peer Authorization Policy on all TrustSec peers, enter cts policy refresh without
specifying a peer ID.
The peer authorization policy is initially downloaded from the Cisco ACS at the end of the EAP-FAST
NDAC authentication success. The Cisco ACS is configured to refresh the peer authorization policy, but
the cts policy refresh command can force immediate refresh of the policy before the Cisco ACS timer
expires. This command is relevant only to TrustSec devices that can impose Security Group Tags (SGTs)
and enforce Security Group Access Control Lists (SGACLs).
environment-data Refreshes environment data.
peer Peer-ID (Optional). If a peer-id is specified, only the policies related to the specified
peer connection are refreshed. To refresh all peer policies, press Enter
without specifying an ID.
sgt sgt_number Performs an immediate refresh of the SGACL policies from the
authentication server.
If an SGT number is specified, only the policies related to that SGT are
refreshed. To refresh all security group tag policies, press Enter without
specifying an SGT number.
default Refreshes the default SGACL policy.
unknown Refreshes unknown SGACL policy.
Release Modification
12.2(33) SXI This command was introduced as cts policy refresh on the Catalyst 6500
series switches.
12.2(50) SY This command was changed to cts refresh policy on the Catalyst 6500 series
switches. The sgt, default, and unknown keywords were added.
To Next Page
Loading...
