7-56
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
debug condition cts
debug condition cts
Use the debug condition cts to set match criteria (conditions) to filter TrustSec debug cts messages on
Peer ID, Security Group Tag (SGT), or Security Group Name (SGN). Use the no form of the command
to remove debug condtions.
[no] debug condition cts {peer-id peer-id | security-group {name sg_name | tag tag_number}}
Syntax Description
Command Modes Privileged EXEC
Supported User Roles Administrator
Command History
Usage Guidelines Enabling any of the debug cts commands returns debugging messages for the specified cts service for
all TrustSec links to the device. The debug condition cts command can filter those debugging messages
by setting match conditions for Peer ID, SGT or Security Group Name.
For SXP messages, debug conditions can be set for source and destination IP addresses, To filter by VRF,
or IP to SGT bindings, use the non-cts condtional debug commands—debug condition ip, and debug
condition vrf.
The debug conditions are not saved in the running-configuration file.
Examples In following example, messages for debug cts ifc events and debug cts authentication details are
filtered by peer-id, SGT, and SGN. Interface Controller (ifc) and Authentication debug messages will be
displayed only if the messages contain the peer-id="Zoombox" or security-group tag = 7 or
security-group name="engineering":
switch# debug condition cts peer-id Zoombox
Condition 1 set
switch# show debug condition
Condition 1: cts peer-id Zoombox (0 flags triggered)
switch# debug condition cts security-group tag 7
Condition 2 set
switch# debug condition cts security-group name engineering
Condition 3 set
switch# show debug condition
peer-id peer-id Specifies the Peer ID to match.
security-group sg_name Specifies the SGN to match.
tag tag_number Specifies the SGT to match.
Release Modifications
15.1(1)SY1 This command was introduced on the Catalyst 6500 switches.
To Next Page
Loading...
