7-28
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
cts role-based policy trace
Protocol : UDP
Source IP Address : 10.2.2.1
Source Port : 177
Destination IP Address : 10.1.1.2
Destination Port : 80
Result:
==========
Source SGT mapped to Int Gi 1/1 : 6
Destination IP: 10.1.1.2 SGT: 5 Source:CLI
For <SGT, DGT> pair <6, 5> :
Applicable RBACL : deny_v4_udp-10
10 deny udp
The following example traces an HTTP over UDP packet from an IPv6 host:
switch# cts role-based policy trace ipv6 udp host 2001::3 eq 80 host 2003::4 eq 90
Input Qualifiers:
====================
Packet Parameters:
=====================
Protocol : UDP
Source IP Address : 2001::3
Source Port : 80
Destination IP Address : 2003::4
Destination Port : 90
Result:
==========
Source IP: 5111::3 SGT: 16 Source:CLI
Destination IP: 13::4 SGT: 17 Source:CLI
For <SGT, DGT> pair <16, 17> :
Applicable RBACL : deny_v6_tcp_udp-10
deny udp sequence 20
Related Commands Command Description
show cts role-based counters Displays Security Group ACL enforcement statistics.
To Next Page
Loading...
