5-3
Cisco TrustSec Switch Configuration Guide
OL-22192-02
Chapter 5 Configuring SGACL Policies
Enabling SGACL Policy Enforcement Per Interface
Enabling SGACL Policy Enforcement Per Interface
You must first enable SGACL policy enforcement globally for Cisco TrustSec-enabled routed interfaces.
This feature is not supported on Port Channel interfaces.
To enable SGACL policy enforcement on Layer 3 interfaces, perform this task:
Detailed Steps Catalyst 6500
Configuration Examples for Enabling SGACL Policy Enforcement Per Interface
Catalyst 3850:
Switch# configure terminal
Switch(config)# interface gigabit 1/0/2
Switch(config-if)# cts role-based enforcement
Switch(config-if)# end
Enabling SGACL Policy Enforcement on VLANs
You must enable SGACL policy enforcement on specific VLANs to apply access control to switched
traffic within a VLAN, or to traffic that is forwarded to an SVI associated with a VLAN.
To enable SGACL policy enforcement on a VLAN or a VLAN list, perform this task:
Detailed Steps Catalyst 6500
Configuration Examples for Enabling SGACL Policy Enforcement on VLANs
Catalyst 3850:
Switch# configure terminal
Switch(config)# cts role-based enforcement vlan-list 31-35,41
Switch(config)# exit
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# interface gigabit 6/2
Specifies interface on which to enable or
disable SGACL enforcement.
Step 3
Router(config-if)# cts role-based enforcement
Enables Cisco TrustSec SGACL policy
enforcement on routed interfaces.
Step 4
Router(config-if)# do show cts interface
Verifies that SGACL enforcement is enabled.
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# cts role-based
enforcement vlan-list vlan-list
Enables Cisco TrustSec SGACL policy enforcement
on the VLAN or VLAN list.
To Next Page
Loading...
Need help?
General