cts role-based enforcement
To enable Cisco TrustSec role-based (security group) access control enforcement, use the cts role-based
enforcement command in global configuration mode. To disable the configuration, use the no form of this
command.
cts role-based enforcement [logging-interval interval | vlan-list {all | vlan-ID [,] [-]}]
no cts role-based enforcement [logging-interval interval | vlan-list {all | vlan-ID [,] [-]}]
Syntax Description
(Optional) Configures a logging interval for a security group access control list
(SGACL). Valid values for the interval argument are from 5 to 86400 seconds.
The default is 300 seconds
logging-interval interval
(Optional) Configures VLANs on which role-based ACLs are enforced.vlan-list
(Optional) Specifies all VLANs.all
(Optional) VLAN ID. Valid values are from 1 to 4094.
vlan-ID
(Optional) Specifies another VLAN separated by a comma.,
(Optional) Specifies a range of VLANs separated by a hyphen.-
Command Default
Role-based access control is not enforced.
Command Modes
Global configuration (config)
Command History
ModificationRelease
This command was introduced.Cisco IOS XE Denali 16.3.1
Usage Guidelines
RBACL and SGACL are used interchangeably.Note
Use the cts role-based enforcement command to globally enable or disable SGACL enforcement for Cisco
TrustSec-enabled interfaces in the system.
The default interval after which log for a given flow is printed is 300 seconds. Use the logging-interval
keyword to change the default interval. Logging is only triggered when the Cisco ACE Application Control
Engine has the logging keyword.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
731
cts role-based enforcement
To Next Page
Loading...
Need help?
General