7-25
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
cts role-based policy trace
cts role-based policy trace
To troubleshoot SGT and SGACL behavior in TrustSec network devices, use the cts role-based policy
trace privileged EXEC command.
cts role-based policy trace {ipv4 | ipv6} {tcp | udp} source_host ip_address eq {protocol name |
wellknown_port_num} dest_host ip_address eq {protocol name | wellknown_port_num}
[interface type slot/port | security-group {sgname sg_name | sgt sgt_num} | vlan vlan_id | vrf
vrf_name]
cts role-based policy trace {ipv4 | ipv6} {ip_port_num | icmp | ip} source_host ip_address
dest_host ip_address [interface type slot/port | security-group {sgname sg_name | sgt
sgt_num} | vlan vlan_id | vrf vrf_name]
Syntax Description ipv4 |
ipv6 Specifies IPv4 or IPv6 IP encapsulation.
ip_port_num | icmp | ip
| tcp | udp
Specifies the Internet Protocol or its number. Supported protocols and their
IP numbers are as follows:
0 to 255—Range of possible Internet Protocol numbers.
icmp—Internet Control Message Protocol
ip—Any Internet Protocol
tcp—Transmission Control Protocol
udp—User Datagram Protocol
source_host ip_address Specifies the IP address of the source host.
To Next Page
Loading...
