7-30
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
cts role-based
Defaults None
Command Modes Global configuration (config)
Supported User Roles Administrator
Command History
Usage Guidelines If you do not have a Cisco Identity Services Engine, Cisco Secure ACS, dynamic ARP inspection, DHCP
snooping, or Host Tracking available to your switch to automatically map SGTs to source IP addresses,
you can manually map an SGT to the following with the cts role-based sgt-map command:
• A single host IPv4 or IPv6 address
• All hosts of an IPv4 or IPv6 network or subnetwork
sgt-map ipv4_netaddress/prefix |
ipv6_netaddress/prefix
(Optional) Specifies that the SGT will be mapped to all
hosts of the specified subnet address (IPv4 or IPv6). IPv4
is specified in dot decimal CIDR notation, IPv6 in colon
hexadecimal notation. (0-128)
sgt-map host ipv4_hostaddress |
ipv6_hostaddress
Binds the specified host IP address with the specified
SGT. Enter the IPv4 address in dot decimal notation;
IPv6 in colon hexadecimal notation.
sgt sgt_number (0–65,535). Specifies the Security Group Tag (SGT)
number.
vrf instance_name Specifies a VRF instance, previously created on the
device.
Release Modification
12.2 (33) SXI3 This command was introduced on the Catalyst 6500 series switches.
12.2 (50) SG7 This command was introduced on the Catalyst 4000 series switches.
12.2 (53) SE2 This command was introduced on the Catalyst 3750(E), 3560(E), and
3750(X) series switches (without vrf or IPv6 support).
12.2(50) SY The following keywords were added for the Catalyst 6500 series switches:
• [no] cts role-based enforcement
• [no] cts role-based ip flow monitor user-defined-monitor dropped
• [no] cts role-based ipv6 flow monitor user-defined-monitor dropped
• [no] cts role-based ipv6 copy
• [no] cts role-based permissions
15.0(0) SY The following keywords were added for the Catalyst 6500 series switches:
• [no] cts role-based sgt-map interface
• [no] cts role-based sgt-map vlan-list
To Next Page
Loading...
