Cisco TrustSec - Page 149

208 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

7-63

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 7 Cisco TrustSec Command Summary

policy (cts manual interface configuration submode)

policy (cts manual interface configuration submode)

To apply a policy to a manually configured TrustSec link, use the policy interface manual submode

command. Use the no form of the command to remove a policy.

[no] policy dynamic identity peer_deviceID

[no] policy static sgt sgt_number [trusted]

Syntax Description

Defaults No policy is the default.

Command Modes CTS interface manual submode (config-if-cts-manual)

Supported User Roles Administrator

Command History

Usage Guidelines Use the policy command to apply policy when manually configuring a TrustSec link. The default is

no policy which passes all traffic through without applying an SGT. The sap cts manual mode

subcommand must also be configured to bring up a TrustSec link.

If the selected SAP mode allows SGT insertion and an incoming packet carries no SGT, the tagging

policy is as follows:

• If the policy static command is configured, the packet is tagged with the SGT configured in the

policy static command.

• If the policy dynamic command is configured, the packet is not tagged.

If the selected SAP mode allows SGT insertion and an incoming packet carries an SGT, the tagging

policy is as follows:

• If the policy static command is configured without the trusted keyword, the SGT is replaced with

the SGT configured in the policy static command.

• If the policy static command is configured with the trusted keyword, no change is made to the SGT.

dynamic Obtains policy from the authorization server.

identity peer_deviceID The peer device name or symbolic name in the authentication server’s policy

database associated with the policy to be applied to the peer.

static Specifies an SGT policy to incoming traffic on the link.

sgt sgt_number Security Group Tag number to apply to incoming traffic from peer.

trusted Indicates that ingress traffic on the interface with the SGT specified in the

command, should not have its SGT overwritten. Untrusted is the default.

Release Modification

12.2(50) SY This command was introduced on the Catalyst 6500 Series Switches.

Table of Contents

Related product manuals

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-X6148-GE-TX - Switch

Cisco WS-X6148-GE-TX - Switch

Preview: Cisco 500 Series

Cisco 500 Series

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Preview: Cisco Catalyst 3560

Cisco Catalyst 3560

Preview: Cisco MDS 9000 Series

Cisco MDS 9000 Series

Preview: Cisco Nexus 3000 series

Cisco Nexus 3000 series

Preview: Cisco Nexus 7000 Series

Cisco Nexus 7000 Series

Preview: Cisco Catalyst 2960 Series

Cisco Catalyst 2960 Series

Preview: Cisco Catalyst 4500 Series

Cisco Catalyst 4500 Series

Preview: Cisco Catalyst 4900 Series

Cisco Catalyst 4900 Series

Preview: Cisco Catalyst 8500 Series

Cisco Catalyst 8500 Series