Cisco TrustSec - Page 115

208 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

7-29

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 7 Cisco TrustSec Command Summary

cts role-based

cts role-based

Use the cts role-based global configuration command to manually configure SGT impositions, TrustSec

NetFlow parameters, and SGACL enforcement. Use the no form of the command to remove the

configurations.

[no] cts role-based enforcement [vlan-list {vlan-ids | all}]

[no] cts role-based {ip | ipv6} flow monitor fnf-ubm dropped

[no] cts role-based ipv6-copy

[no] cts role-based l2-vrf instance_name vlan-list vlan-ids [all]

[no] cts role-based permissions default {access-list | ipv4 | ipv6} access-list access-list . . .

[no] cts role-based permissions from {sgt | unknown to {sgt | unknown}} {access-list | ipv4 |

ipv6} access-list , access-list, . . .

[no] cts role-based sgt-caching vlan-list {vlan_ids | all}

[no] cts role-based sgt-caching with-enforcement

[no] cts role-based sgt-map {ipv4_netaddress | ipv6_netaddress} | sgt sgt_number

[no

] cts role-based sgt-map {ipv4_netaddress/prefix | ipv6_netaddress/prefix} | sgt sgt_number

[no] cts role-based sgt-map host {ipv4_hostaddress | ipv6_hostaddress | sgt sgt_number

[no] cts role-based sgt-map vrf instance_name {ip4_netaddress | ipv6_netaddress | host

{ip4_address | ip6_address}}] sgt sgt_number

[no] cts role-based sgt-map interface interface_type slot/port {security-group | sgt} sgt_number

[no] cts role-based sgt-map vlan-list [vlan_ids| all] slot/port sgt sgt_number

[no] cts role-based

Syntax Description l2-vrf instance_name (Optional) Specifies Layer 2 VRF instance name.

enforcement Enables SGACL enforcement on the local device for all

Layer 3 CTS interfaces.

interface interface_type The specified SGT is mapped to traffic from this logical

or physical Layer 3 interface.

vlan-list vlan-ids Specifies VLAN IDs. Individual VLAN IDs are

separated by commas, a range of IDs specified with a

hyphen.

all (Optional) Specifies all VLAN IDs.

with-enforcement Enables SGT caching where SGACL enforcement is

enabled.

sgt-map ipv4_netaddress |

ipv6_netaddress

(Optional) Specifies the network to be associated with an

SGT. Enter IPv4 address in dot decimal notation; IPv6 in

colon hexadecimal notation.

Table of Contents

Related product manuals

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-X6148-GE-TX - Switch

Cisco WS-X6148-GE-TX - Switch

Preview: Cisco 500 Series

Cisco 500 Series

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Preview: Cisco Catalyst 3560

Cisco Catalyst 3560

Preview: Cisco MDS 9000 Series

Cisco MDS 9000 Series

Preview: Cisco Nexus 3000 series

Cisco Nexus 3000 series

Preview: Cisco Nexus 7000 Series

Cisco Nexus 7000 Series

Preview: Cisco Catalyst 2960 Series

Cisco Catalyst 2960 Series

Preview: Cisco Catalyst 4500 Series

Cisco Catalyst 4500 Series

Preview: Cisco Catalyst 4900 Series

Cisco Catalyst 4900 Series

Preview: Cisco Catalyst 8500 Series

Cisco Catalyst 8500 Series