6-27
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 6 ASA and Cisco TrustSec
Monitoring Cisco TrustSec
Add an SGT to Local Users and Groups
To configure an SGT attribute on the LOCAL user database and in a group policy, perform the following
steps:
Procedure
Step 1 Enter group-policy configuration mode.
group-policy name
Example:
hostname(config)# group policy Grpolicy1
Step 2 Configure SGT attributes on the named group policy’s or LOCAL username’s attribute set.
security-group-tag value sgt
Example:
hostname(config-group-policy# security-group-tag value 101
The default form of this command is security-group-tag none, which means that there is no security
group tag in this attribute set. Use the no security-group-tag value sgt command to return the
configuration to the default.
Monitoring Cisco TrustSec
See the following commands for monitoring Cisco TrustSec:
• show running-config cts
• show running-config [all] cts role-based [sgt-map]
This command shows the user-defined IP-SGT binding table entries.
• show cts sxp connections
This command shows the SXP connections on the ASA for a particular user context when multiple
context mode is used.
• show conn security-group
Shows data for all SXP connections.
• show cts environment-data
Shows the Cisco TrustSec environment information contained in the security group table on the
ASA.
• show cts sgt-map
Shows the IP address-security group table manager entries in the control path.
• show asp table cts sgt-map
This command shows the IP address-security group table mapping entries from the IP
address-security group table mapping database maintained in the datapath.
To Next Page
Loading...
Need help?
General