5-6
Cisco TrustSec Switch Configuration Guide
OL-22192-02
Chapter 5 Configuring SGACL Policies
Displaying SGACL Policies
Displaying SGACL Policies
After configuring the Cisco TrustSec device credentials and AAA, you can verify the Cisco TrustSec
SGACL policies downloaded from the authentication server or configured manually. Cisco TrustSec
downloads the SGACL policies when it learns of a new SGT through authentication and authorization
on an interface, from SXP, or from manual IP address to SGT mapping.
To display the contents of the SGACL policies permissions matrix, perform this task:
Detailed Steps for Catalyst 6500
Using the keywords, you can display all or part of the permissions matrix:
• If the from keyword is omitted, a column from the permissions matrix is displayed.
• If the to keyword is omitted, a row from the permissions matrix is displayed.
• If the from and to keywords are omitted, the entire permissions matrix is displayed.
• If the from and to keywords are specified, a single cell from the permissions matrix is displayed and
the details keyword is available. When details is entered, the ACEs of the SGACL of the single cell
are displayed.
This example shows how to display the content of the SGACL policies permissions matrix for traffic
sourced from security group 3:
Router# show cts role-based permissions from 3
Role-based permissions from group 3 to group 5:
SRB3
SRB5
Role-based permissions from group 3 to group 7:
SRB4
Command Purpose
Step 1
Router# show cts role-based permissions
default [ipv4 | ipv6 | details]
Displays the list of SGACL of the default policy.
Router# show cts role-based permissions
[from {source-sgt | unknown}] [to {dest-sg
| unknown}] [ipv4 | ipv6] [details]
Displays the contents of the permissions matrix,
including SGACLs downloaded from the
authentication server and manually configured on
the switch.
To Next Page
Loading...
Need help?
General