hit counter script

Enabling Sgacl Policy Enforcement Per Interface; Configuration Examples For Enabling Sgacl Policy Enforcement Per Interface; Enabling Sgacl Policy Enforcement On Vlans; Configuration Examples For Enabling Sgacl Policy Enforcement On Vlans - Cisco TrustSec Configuration Manual

Table of Contents

Advertisement

Chapter 5
Configuring SGACL Policies

Enabling SGACL Policy Enforcement Per Interface

You must first enable SGACL policy enforcement globally for Cisco TrustSec-enabled routed interfaces.
This feature is not supported on Port Channel interfaces.
To enable SGACL policy enforcement on Layer 3 interfaces, perform this task:
Detailed Steps Catalyst 6500
Command
Step 1
Router# configure terminal
Step 2
Router(config)# interface gigabit 6/2
Step 3
Router(config-if)# cts role-based enforcement
Step 4
Router(config-if)# do show cts interface

Configuration Examples for Enabling SGACL Policy Enforcement Per Interface

Catalyst 3850:
Switch# configure terminal
Switch(config)# interface gigabit 1/0/2
Switch(config-if)# cts role-based enforcement
Switch(config-if)# end

Enabling SGACL Policy Enforcement on VLANs

You must enable SGACL policy enforcement on specific VLANs to apply access control to switched
traffic within a VLAN, or to traffic that is forwarded to an SVI associated with a VLAN.
To enable SGACL policy enforcement on a VLAN or a VLAN list, perform this task:
Detailed Steps Catalyst 6500
Command
Step 1
Router# configure terminal
Step 2
Router(config)# cts role-based
enforcement vlan-list vlan-list

Configuration Examples for Enabling SGACL Policy Enforcement on VLANs

Catalyst 3850:
Switch# configure terminal
Switch(config)# cts role-based enforcement vlan-list 31-35,41
Switch(config)# exit
OL-22192-02
Enabling SGACL Policy Enforcement Per Interface
Purpose
Enters global configuration mode.
Specifies interface on which to enable or
disable SGACL enforcement.
Enables Cisco TrustSec SGACL policy
enforcement on routed interfaces.
Verifies that SGACL enforcement is enabled.
Purpose
Enters global configuration mode.
Enables Cisco TrustSec SGACL policy enforcement
on the VLAN or VLAN list.
Cisco TrustSec Switch Configuration Guide
5-3

Advertisement

Table of Contents
loading

Table of Contents